Australia: Parliament passes anti-encryption bill

Get a copy of the upcoming book "Secure Operations Technology"

The Parliament of Australia has passed the Assistance and Access Bill 2018, which allows Australian authorities to pressure communication providers and tech companies into giving them access to encrypted electronic communications, all in the name of fighting crime and terrorism.

Australia encryption legislation

Interception capabilities

The companies will be forced to use interception capabilities they already have or to build new ones – although the government claims that the authorities can’t use these powers “to introduce so-called ‘backdoors’ or require a provider to disclose communications content or data.”

The legislation has been introduced into Parliament in September 2018 and the Australian Labor Party coalition was set on introducing a number of amendments that would limit some of the powers before letting it pass.

In the end, though, they decided to let the bill through without them, but with a stipulation that the government will agree to add them next year. The government later said they made no such promise – they only said they would consider them. (For those who are interested, Chris Duckett has a good rundown of the debate just prior to the voting.)

All that remains now for the bill to be turned into law is for it to be signed by Sir Peter Cosgrove, Australia’s Governor-General.

Not a good idea

Almost no one except the government considers the bill a good idea.

Chris Culnane, a lecturer in Electronic Voting, Privacy, and Cyber Security at the University of Melbourne, has analyzed the draft of the bill in August and has pointed out many objectionable things about it.

Private citizens, software engineers, and a variety of digital rights, human rights, software organizations and tech companies have formally voiced their opposition to it being passed, but their opinions have apparently been discounted.

“The bill is a cousin to the United Kingdom’s Investigatory Powers Act, passed in 2016. The two laws vary in their details, but both now deliver a panoptic new power to their nation’s governments,” EFF’s International Director Danny O’Brien has noted.

“Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.”

He also went on to describe a possible and likely future if this bill is signed into law.

How it will ultimately end up affecting international and Australian companies and the nation’s citizens remains to be seen (or not, if the authorities efforts are kept under wraps with the justification of national security).