Australia’s House of Representatives has recently passed a bill which allows law enforcement agencies to compel tech companies to hand over encrypted messaging data.
The “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, now allows law enforcement to compel private tech companies with granting them access to encrypted communications, and create new interception methods so no communications data is completely inaccessible to the government. The new legislation facilitates lawful access to information through two possibilities such as “decryption of encrypted technologies and access to communications and data at points where they are not encrypted.”
Although Australian law enforcement authorities still require a judicial warrant to sneak into devices and intercept encrypted messages, companies could face massive financial penalties in the event of failing to comply with the new law. The bill contains new provisions for companies to provide three levels of “assistance” in accessing encrypted data, as explained below:
- Technical Assistance Request (TAR): A notice to request tech companies for providing “voluntary assistance” to law enforcement, which includes “removing electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services.”
- Technical Assistance Notice (TAN): This notice requires, rather than request, tech companies to give assistance they are already capable of providing that is reasonable, proportionate, practical and technically feasible, giving Australian agencies the flexibility to seek decryption of encrypted communications in circumstances where companies have existing means to do it (like at points where messages are not end-to-end encrypted).
- Technical Capability Notice (TCN): This notice is issued by the Attorney-General requiring companies to “build a new capability” to decrypt communications for Australian law enforcement.
The security vulnerability to this legislation must further be deployed in secret without public knowledge, leading to a disapproving response from privacy groups, technology companies, and the public, suggesting the controversial bill could not only harm the Australian tech industry, but undermine encryption security worldwide.
Privacy experts have voiced that the new methods of intercepting into devices could possibly open a backdoor for hackers, making it easier for them to spy on encrypted communications or steal sensitive encrypted information.
Tech giants and privacy advocates have argued that any efforts to weaken encryption and removing protection even for one device could potentially affect privacy and security of everyone.