The Australian government is proposing new laws that would require international tech giants like Facebook, Google and Apple to provide access to encrypted communications to law enforcement for policing crime.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 is still in draft stages, but would allow heads of Australian law enforcement to issue tech companies with notices requiring them to decrypt communications.
The government is proposing three levels of “assistance” notices: a request for voluntary assistance, a notice requiring tech companies to decrypt communications where they have the capability to do so, and a third level requiring companies to build the capability to decrypt if they don’t have the technical means already established.
Importantly, the laws wouldn’t stop at Australia’s borders and the country’s telecommunications providers. The government is casting a wide net, defining “designated communications provider” under the laws as any “foreign and domestic communications providers, device manufacturers, component manufacturers, application providers, and traditional carriers and carriage service providers.”
That means everything from encrypted messaging apps, email accounts and even physical device storage is on the table for decryption.
The laws’ three levels of “assistance”, which Australia’s security and law enforcement agencies would be able to request of tech companies, are:
- Technical assistance request: A notice to provide “voluntary assistance” to law enforcement for “safeguarding of national security and the enforcement of the law.”
- Technical assistance notice: A notice requiring tech companies to offer decryption “they are already capable of providing that is reasonable, proportionate, practicable and technically feasible” where the company already has the “existing means” to decrypt communications (e.g. where messages aren’t end-to-end encrypted).
- Technical capability notice: A notice issued by the attorney general, requiring tech companies to “build a new capability” to decrypt communications for law enforcement. The bill stipulates this cannot include capabilities that “remove electronic protection, such as encryption.”
Each level of notice requires a higher level of oversight and clearance, and the government has reiterated that law enforcement agencies would “still need an underlying warrant or authorisation.”
Australia’s Minister for Law Enforcement and Cyber Security, Angus Taylor, said the new laws were necessary to give law enforcement tools for the modern digital era.
“We must ensure our laws reflect the rapid take-up of secure online communications by those who seek to do us harm,” he said.
“These reforms will allow law enforcement and interception agencies to access specific communications without compromising the security of a network. The measures expressly prevent the weakening of encryption or the introduction of so-called backdoors.”
While Taylor was keen to avoid talk of backdoors to encryption, the laws allow the country’s top law officer to require companies
to build decryption capabilities into their systems where they don’t already exist in order to provide access for law enforcement.
Speaking on the Australian Broadcasting Corporation (ABC) on Tuesday morning, Taylor reiterated that tech companies would be able to provide access to law enforcement without weakening their security.
“[We are] ensuring we don’t break the encryption systems of the company,” he said. “So we are only asking them to do what they are capable of doing. We are not asking them to create vulnerabilities in their systems that will reduce the security because we know we need high levels of security in our communications… The [law enforcement] agencies are convinced we can get the balance right here without breaking the encryption systems of the technology companies.”
Apple did not immediately respond when asked for comment. Facebook and Google pointed to a statement from industry body, Digital Industry Group:
“As an industry, we work every day to help protect the privacy of people who use our services and strongly support the economic and social benefits of encryption technology,” it said in a statement. “At the same time, we appreciate the hard work governments do to keep us safe, which is why we work with law enforcement to respond to requests for data in accordance with applicable law and respective terms of service.
“The industry has also developed a set of global principles that call on governments around the world — including Australia — to adopt surveillance laws and practices that are consistent with established norms of privacy, free expression, and the rule of law. We hope that there is a constructive and public dialogue with the Government around these principles as the Bill continues its progress through Parliament.”
This is a developing story, stay tuned to CNET for more updates.
Fight the Power: Take a look at who’s transforming the way we think about energy.
‘Hello, humans’: Google’s Duplex could make Assistant the most lifelike AI yet.