Australian encryption bill passes despite major criticism

6 Dec 2018

Parliament House in Canberra, Australia. Image: © Leonid Andronov/Stock.adobe.com

Australian law enforcement agencies now have a wide range of encryption-cracking powers after bill passed into law.

Cybersecurity experts and tech firms have heavily criticised the passing of a bill on the final sitting day of the year for Australia’s parliament.

The bill, known as the Assistance and Access Bill, passed into law by 44 votes to 12 in the senate, having already passed the parliament’s lower house.

What is the idea behind the Australian encryption bill?

The bill set out with the aim to provide law enforcement with the power to ask technology firms to create and seed a vulnerability or backdoor on “one or more target technologies that are connected with a particular person”. The idea is to enable authorities to monitor the communication of criminals and terrorists within encrypted apps such as Signal, Telegram and WhatsApp.

The Labor Party had planned to amend the legislation, repeatedly describing it as flawed, but leader Bill Shorten announced the laws would be passed. He said that the coalition would need to make certain changes in the new year. The group then pulled its amendments and the bill was passed. 

The government later said that it would consider the Labor Party’s amendments “if any genuinely reflect the recommendations of the parliamentary joint committee on intelligence and security”.

Opening the backdoor

Companies will not have to introduce backdoor access features if they are considered to be “systemic weaknesses” that could jeopardise other people’s communications. Earlier drafts of this bill failed to define what a systemic weakness constituted, but the current definition is still contested.

Cryptography expert at the University of Melbourne, Dr Vanessa Teague, told ABC News: “The whole question all along has been, whether by targeting an individual user, they are accidentally jeopardising everybody else’s security”. The main concern is that encryption with exceptions is no longer encryption and if it is broken in one place, it will be broken everywhere. 

Cybersecurity expert and managing director of CISO Lens, James Turner, told the Australian Financial Review that he did not find many people in business or the public sector who believed the legislation was a good idea. “Civil liberties, privacy, security and encryption specialists don’t like the bill, global vendors don’t like it, and local vendors don’t like it – in fact, I haven’t seen any governance specialists giving it the thumbs-up either.

“The party line seems to be ‘trust us’, and that’s not good enough in the face of opposition from experts across so many domains.”

Could it damage tech in Australia?

Many also noted that forcing companies to provide encrypted data to Australian authorities could hurt its technology industry. The country has blocked Chinese companies such as Huawei from its 5G development plans, citing security concerns, but some people believe the bill could leave Australian vendors on similar blacklists.

Turner said: “That’s not great for our export market, and I suspect the impact of that will be quite costly. There will be deals we don’t win where our legislation may be raised as the block.”

Australian Green Party senator Jordon Steele-John described the bill as one of the “most dangerous and least thought-through pieces of legislation” to be presented to the Australian parliament. 

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects

editorial@siliconrepublic.com