The Parliament of Australia has passed the Assistance and Access Bill 2018, which allows Australian authorities to pressure communication providers and tech companies into giving them access to encrypted electronic communications, all in the name of fighting crime and terrorism.
The companies will be forced to use interception capabilities they already have or to build new ones – although the government claims that the authorities can’t use these powers “to introduce so-called ‘backdoors’ or require a provider to disclose communications content or data.”
The legislation has been introduced into Parliament in September 2018 and the Australian Labor Party coalition was set on introducing a number of amendments that would limit some of the powers before letting it pass.
In the end, though, they decided to let the bill through without them, but with a stipulation that the government will agree to add them next year. The government later said they made no such promise – they only said they would consider them. (For those who are interested, Chris Duckett has a good rundown of the debate just prior to the voting.)
All that remains now for the bill to be turned into law is for it to be signed by Sir Peter Cosgrove, Australia’s Governor-General.
Not a good idea
Almost no one except the government considers the bill a good idea.
Chris Culnane, a lecturer in Electronic Voting, Privacy, and Cyber Security at the University of Melbourne, has analyzed the draft of the bill in August and has pointed out many objectionable things about it.
Whatever you feel about the #AABill in Australia, I agree with the @thelawcouncil that rushing such complex legislation through in days is reckless. At the least, these unprecedented laws need far more expert scrutiny & debate. https://t.co/mhSWiC2FP8 #auspol
— Mike Cannon-Brookes 👨🏼💻🧢 (@mcannonbrookes) December 5, 2018
I've spent >20 years building cryptography and security software. Now the Australian govt is considering laws that could coerce me to add backdoors. This is akin to requiring a doctor to infect a patient or an engineer to weaken a bridge. @AustralianLabor must oppose this #aabill
— Damien Miller (@damienmiller) December 5, 2018
What about Australian tech start ups under #aaBill? Their products will be fucking worthless under #aaBill, completely unable to be exported or used in the E.U. Backdoored software isn't compatible with the GDPR
— Asher Wolf (@Asher_Wolf) December 5, 2018
#AAbill just passed the house as amended (yes, all 173) despite the disagreement 🤷♂️🙄
— Senator Jordon Steele-John (@Jordonsteele) December 6, 2018
Private citizens, software engineers, and a variety of digital rights, human rights, software organizations and tech companies have formally voiced their opposition to it being passed, but their opinions have apparently been discounted.
“The bill is a cousin to the United Kingdom’s Investigatory Powers Act, passed in 2016. The two laws vary in their details, but both now deliver a panoptic new power to their nation’s governments,” EFF’s International Director Danny O’Brien has noted.
“Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.”
He also went on to describe a possible and likely future if this bill is signed into law.
How it will ultimately end up affecting international and Australian companies and the nation’s citizens remains to be seen (or not, if the authorities efforts are kept under wraps with the justification of national security).