News Centre

Australia Passes Anti-Encryption Bill (Everything You Need to Know)

Article by diogo@techpatrol.com.au
December 10, 2018

SHARE THIS POST:

Tech Patrol

On Thursday last week, Australia finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications. The more has come out of this and through this article, we will go through the details of the Bill and what it impacts.

To pass this bill the Australian government argues that the new legislation is important for national security and claimed to be an essential tool to help law enforcement and security agencies fight serious offences such as crime, terrorist attacks and drug trafficking.

Since the bill was supported by both the Liberal and Labor parties, the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019.

The issue with this is that the Bill does not properly clarify specifics around the potential power that the Assistance and Access Bill could give Australian government and law enforcement agencies over citizen’s digital privacy, it contains new provisions for companies to provide three levels of “assistance” in accessing encrypted data, as explained below:

  • Technical Assistance Request (TAR): A notice to request tech companies for providing “voluntary assistance” to law enforcement, which includes “removing electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services.”
  • Technical Assistance Notice (TAN): This notice requires, rather than request, tech companies to give assistance they are already capable of providing that is reasonable, proportionate, practical and technically feasible, giving Australian agencies the flexibility to seek decryption of encryption of encrypted communications in circumstances where companies have existing means to do it (like at points where messages are not end-to-end encrypted).
  • Technical Capability Notice (TCN): This notice is issued by the Attorney-General requiring companies to “build a new capability” to decrypt communications for Australian law enforcement.

What does this mean?

These notices would compel tech companies to modify their software and service infrastructure to backdoor encrypted communications and data that could otherwise not be obtained.

It is also worth noting that companies could face a very large financial penalty for not complying with the new law.

 

 

 

 

The Bill

The Bill clearly says that the tech companies can’t be compelled to introduce a “Systemic weakness” or “systemic backdoors” into their legit software or hardware, or “remove electronic protection,” like encryption to satisfy government demands.

Instead, the new legislation contains measures aimed at facilitating lawful access to information through two avenues – “decryption of encrypted technologies and access to communications and data at points where they are not encrypted.”

“We encourage the government to stand by their stated intention not to eaken encryption or compel providers to build systemic weaknesses into their products,” – The bill stipulated.

It’s clear that this bill is for access of information requires assistance from tech companies, meaning that Australian law enforcement is looking for ways to snoop on your messages before they are encrypted, or at least to try and read them once they’re decrypted on the users’ end.

Please go and read the Assitance and Access Bill [PDF] word-by-word, here’s a further snippet:

“The Bill could allow the government to order the makers of smart home speakers to intall persistent eavesdropping capabilities into a person’s home, require a provider to monitor health data of its customers for indications of drug use, or require the development of tool that can unlock a particular user’s device regardless of whether such [a] tool coulod be used to unlock every other user’s device as well…”

“While we share the goal of protecting the public and communities, we believe more work needs to be done on the Bill to iron out the ambiguities on encryption and security to ensure that Australian are protected to the greatest extent possible in the digital world.”

“FEN” (Five Eyes Nations):

Australia is a member of the intelligence alliance known as the “Five Eye Nations”, a group of countries including the United States, United Kingdom, Canada, and New Zealand, which last month declared that “Privacy is not an absolute” and the use of end-to-end encryption “Should be rare,” the new bill could be a stepping stone towards new encryption laws in other nations as well.

This Bill also claims that without the new legislation, law enforcement agencies face the problem of “going dark: – a term used by the FBI and U.S. Department of Justice (DoJ) to describe the situation when they failed to intercept encrypted data and communications.

Just last year the previous Australian Prime minister, who we supported (see article here), stated just last year that “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”

 

 

 

 

Apple Responded

A month ago Apple responded to the bill (tech companies were contacted months before the bill was approved) making a submission to the Australian government, saying;

“Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will be extension weaken the protections for everyone.”

“It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat,” the tech giants added.

Essentially Apple argues that encryption is simply math and that any effort to change that math will affect the privacy and security of everyone that uses their devices. Moreover, the new way to intercept into devices could possibly open a backdoor for hackers, making it easier for them to spy on encrypted communications or steal sensitive encrypted information.

If you have any questions regarding this article you can speak with us on Twitter, Facebook or LinkedIN, otherwise, email us at info@techpatrol.com.au

 

 

Other Articles You May Enjoy:

Share your thoughts in the Comments section:

Subscribe For The Latest In Technology

Other Posts You May Like

TECH NEWS & UPDATES

Please enter your name.
Please enter a valid email address.
Something went wrong. Please check your entries and try again.

RECENT POSTS

Small Business Tips - Tech Patrol

8 Biggest Mistake IT Management Make

Google-Microsoft logo - Tech Patrol

Google and Microsoft Disclose New Spectre Type CPU Flaw and The Only Resolution Can Slow Down Your Machine

telstra - Tech Patrol

Telstra Claims Providers May Be Cutting Security Corners When It Comes To Cheap SIMs

Google-Security-Google-Chrome

Google Chrome Ready To Remove “Secure” Indicator From HTTPS Pages By September

White Paper

Enjoy this free eBook

Tech Patrol - Microsoft Office 365

White Paper (Why businesses Are Migrating to Cloud)

  • This field is for validation purposes and should be left unchanged.
australia-passes-anti-encryption-bill-everything-you-need-to-know-tech-success
Scroll to Top