The privacy of your communications – whether via email or message – is only as good as the encryption of the technology you're using. But in Australia, even that may not be enough. On Thursday, the government passed a law to gain access to encrypted communications.
The benignly named Assistance and Access Bill of 2018 amends various existing legislation to "establish frameworks for voluntary and mandatory industry assistance [italics own] to law enforcement and intelligence agencies in relation to encryption technologies…" In other words, the government can compel a private tech company to spill the contents of private citizens' messages.
The law was first proposed in 2017 by then-Prime Minister Malcolm Turnbull of the center-right Liberal Party of Australia, but was only introduced in the House of Representatives on September 20 of this year. The House, it should be noted, is controlled by a coalition government of 58 Liberals and 15 National Party members, though the opposition Labor Party has a plurality with 69 members.
On the same day it passed in the House of Representatives, the bill was introduced and passed in the Senate as it came to the end of this year's session. The Senate is also controlled by a Liberal-National coalition despite the Labor Party having a plurality. Critics of the bill – and there are many, among them human rights groups, law groups, and cryptographers – say that it was rushed through Parliament despite vague language that leaves citizens vulnerable to having their data abused.
The case made by the Prime Minister's government boiled down to one thing: terrorism. Attorney General Christian Porter declared after the vote:
"This ensures that our national security and law enforcement agencies have the modern tools they need, with appropriate authority and oversight, to access the encrypted conversations of those who seek to do us harm."
But the passage of the bill through Parliament was far from preordained. The Labor Party, which had made noise about being uncomfortable with the bill in its current form, at the last moment decided to support it, even though it appeared in a position to cobble together enough votes in the Senate to stall legislation. Labor leader Bill Shorten, in a press conference before the vote, said, "We offer to let it go forward, without the amendments which are needed … provided the government agrees on the very first sitting day [in February], to pass the amendments we say are needed."
But there's no guarantee such amendments will be made now that the bill is already law. (It's considered best practice to negotiate before passing a bill.) According to Porter: "To ensure the passage of the bill through the Senate tonight, the government has agreed to consider Labor's proposed amendments in the new year if any genuinely reflect the recommendations of the parliamentary joint committee on intelligence and security."
Australia's ABC News notes that, before this, the Australian government already had the power to "obtain remote access to computer networks and their data" and "in some circumstances, law enforcement can also compel people under threat of jail time to disclose their computer or smartphone passwords."
But whereas the existing laws have allowed the government to request access, the new law gives it the power to compel companies to decrypt certain communications or pay a financial penalty. Companies may even be required to build backdoors into existing products to allow police access.
As Morry Bailes, the president of the Law Council of Australia, stated:
"We now have a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist."
Importantly, this has repercussions beyond Australia, as other countries are looking for similar ways to thwart terror networks drawn to encrypted communication tools like WhatsApp and Signal.
We know this because they've said as much. A June 2017 Joint Communiqué released by the attorneys general of the so-called "Five Eyes" – Australia, Canada, New Zealand, the UK, and the US – stated:
"Ministers and Attorneys General also noted that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism. To address these issues, we committed to develop our engagement with communications and technology companies to explore shared solutions while upholding cybersecurity and individual rights and freedoms."
While balancing anti-terrorism considerations with individual rights is a difficult proposition, forcing companies to give up individuals' data seems to cut against the concept of exploring "shared solutions."
And because the Five Eyes share intelligence, the law potentially provides US, Canadian, British, and New Zealand authorities with a trove of data on any communications accessed by Australia – all while maintaining their respect for "individual rights and freedoms."