Here’s Why The Government’s Proposed Anti-Encryption Laws Are Really, Really Dangerous
And it's not just criminals who would be affected.
Update: since we wrote this story, there have been a few updates. We have a new explainer on the government’s proposed anti-encryption laws up here — check it out if you want the latest.
The government has finally released a draft of its long-awaited anti-encryption legislation, and there’s some pretty scary stuff in there — including proposed jail sentences of up to ten years for people who refuse to unlock their phone or computer for law enforcement agencies.
The draft legislation is aimed at solving a problem law enforcement agencies have been having for a while now. While they’re often able to legally intercept subjects’ communications in the course of an investigation, they can’t actually read them, because the messages are encrypted.
The new legislation tries to solve this problem by giving law enforcement agencies the power to force tech companies to help them bypass that encryption. Specifically, the legislation would require tech companies to do things like install software on a device, share design specs for devices, and otherwise help law enforcement agencies access devices, including by building new systems for law enforcement agencies to use for that purpose.
Why Is This So Concerning?
This is the first detailed look we’ve had at the government’s plans to combat encryption — in the past, they’ve provided mostly garbled messages that demonstrated a stunningly bad understanding of the technology involved. See for example the memorable 2017 press conference where Malcolm Turnbull said that the laws of mathematics were “very commendable” but do not apply in Australia.
That questionable understanding of the tech led to concerns that the government was planning on forcing tech companies to add backdoors to their encryption systems. These “backdoors” would be little flaws that would damage security and privacy for everyone using that tech, not just the people actually under investigation. After all, the point of end to end encryption is that no one but the intended recipient can decrypt the message — the moment you introduce a backdoor, that security is totally undermined.
Announcing the new draft laws today, the Department of Home Affairs stressed that it does not introduce backdoors of that kind, and technically that may be right. The department is, however, giving law enforcement agencies hugely expanded powers to bypass encryption with a warrant, for example by forcing a tech service to install software on someone’s device that can intercept messages before they’re encrypted. To many, that’s basically still a backdoor, or as the ABC put it, at the very least a side gate.
Not only do the proposed laws expand the list of things law enforcement can compel tech companies to do for them, they also expand the kind of cases where they can use these powers. The government claims it needs the new powers to take down “terrorists, child sex offenders and criminal organisations”, but the proposed legislation also mentions “protecting the public revenue”, which seems to suggest the new powers could also be used in cases involving tax evasion.
The government's new anti-encryption bill can be applied to "protect the public revenue". pic.twitter.com/uYS6Cu5nj1
— Denham Sadler (@denhamsadler) August 14, 2018
In addition, the proposed legislation introduces penalties of up 10 years in jail for refusing an order from a law enforcement agency to unlock a phone or computer or provide data. That’s a pretty serious penalty for standing up for privacy.
“Massive Over-Reach By This Government”
Naturally, fans of encryption and privacy are pretty worried by the proposed legislation. Greens senator Jordon Steele-John has slammed the draft released today as “massive over-reach by this government”, pointing out that “installing software or legislating some other means to capture data as it is unencrypted on the receiving device undermines the very principle of end-to-end-encryption.”
“Frankly, this government has proven time and again they are not capable of keeping our data secure so why on earth would I trust them to build – let’s call it for what it is, a backdoor – into the one mechanism that Australians trust to keep them safe online?” he said.
“What we’re talking about here is a serious pre-crime measure that will ultimately diminish the presumption of innocence and the privacy of all Australians online, and the Australian Greens will be referring the matter to committee for rigorous scrutiny when it comes to Parliament.”
If you’d similarly like to offer feedback on the legislation, there’s information on how to get in touch here. Better get in quick, though — the government is accepting input only until September 10.