The Australian government has passed the controversial and mind-bogglingly complex Access and Assistance Bill 2018 into law. The opposition Labor party shelved its plans to improve the scheme and waved it through in response to overwhelming pressure from the Liberal-National Coalition government, desperate to see it made law before Christmas.
Since it gives authorities the right to demand access to encrypted forms of communication and to slap companies that refuse to cooperate with fines up to $7.3 million, it prompted tech giants like Apple to voice their opposition. Cupertino criticized the vague wording of its current version, pointing out that it gives the government “overly broad powers that could weaken cybersecurity and encryption.”
ZDNet explains that the new law will give the Australian government the power to issue three kinds of notices:
- Technical Assistance Notices: These can require communication providers to use an interception technology they already have.
- Technical Capability Notices: These can require communication providers to build new interception capabilities that can meet the requirements needed to be able to comply with Assistance Notices. Tech giants consider this the most contentious, since it could force them to build tools such as encryption backdoors.
- Technical Assistance Requests: These are, apparently, voluntary requests, which companies can comply with or turn down without the risk of being penalized.
Australia has made itself a global guinea pig in testing a regime to crack encrypted communication
End-to-end encryption is a code so strong that only the communicating users can read the messages.
As a result, law enforcement agencies the world over are struggling with a wicked problem: what can they do when the suspect or target of investigation “goes dark”?
In Australia, the government claims to have found the solution to that problem in the form of a new law not necessarily to break encryption itself – as the equivalent United Kingdom legislation allows – but to co-opt technology companies, device manufacturers and service providers into building the functionality needed for police to do their spying.
But with digital rights and technology experts warning that government amendments are confusing or counterproductive, it’s questionable whether Australia has finally unscrambled the encryption omelette or set its law enforcement agencies and IT industry up to fail.
One crack is all it takes
While a law enforcement agency may only be targeting one criminal suspect, that does not mean a technological trap will not harm others.
The result was, as the Law Council of Australia’s president, Morry Bailes, described it “a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist”.