We're not giving up the fight on encryption
A few weeks ago, the federal government’s Department of Home Affairs requested comments from the public on a draft of ‘The Assistance and Access Bill 2018’ — a bill designed to allow law enforcement agencies to gain access to communications and information previously not available to them due to encryption technology. You can read the draft here.
As we noted, we intended to make a submission to the government on this bill. You can read the details of our submission below. In summary though, the bill, in its current form, will have a dire impact on internet privacy and potentially even e-commerce, all without actually achieving its stated goals — because criminals will simply move to using software not subject to this law.
The public comment period has closed, and it seems that the government is already getting on with the business of pushing the bill forward, with reports that the proposed bill has already been approved by the Liberal party room, with an intent to introduce it to parliament shortly.
However, it is absolutely not too late to reach out to your local federal politician and express your concerns with this proposed bill. Please feel free to use our official response (below) as the basis of any communication you send to your local politician or senators — even if your politician is in opposition, they will have a vote on the floor of parliament or the senate when the bill is presented for debate and voting.
**************************************************
To whom it may concern,
On behalf of the Information Technology Professionals Association (ITPA) and its members, I am writing today to express a lack of support for “The Access and Assistance Bill, 2018” as it currently stands. This bill should not be introduced to Parliament in its current form, and certainly should not be voted into law.
ITPA and its members recognise the fact that encrypted communication is one tool used by criminals to make it harder for law enforcement agencies to discover and track their whereabouts, plans, and other details of crimes they may have or be able to commit. We appreciate the fact that the government is seeking ways to increase its ability to better prevent and prosecute crime. But it is ITPA’s position that the only real-life outcome of “The Access and Assistance Bill 2018” will be a negative impact to the individual privacy of Australian citizens, and that the proposed benefits (allowing law-enforcement to prevent or prosecute crimes) will not be realised.
“The Access and Assistance Bill 2018” will not only fail to achieve its stated aim (criminals will simply move to using encryption products not covered by this bill — most of the tools currently used in this area are not written by companies which are bound by this bill, and those which are will simply be traded for tools produced outside of Australia’s jurisdiction), but it will result in a significant reduction of individual privacy for law-abiding citizens.
In addition to failing to achieve the desired goals, tools created under this legislation to break or bypass the encryption created by commonly used applications will almost certainly be misused by individuals in positions of power within law-enforcement agencies, as we have already seen happen in other areas of surveillance legislation such as the mandatory metadata retention scheme.
Further, it is certain that these tools will also become available to people outside of legitimate law-enforcement agencies, and will be used as a weapon against law-abiding citizens — the leaking of the list of “blocked” sites under Internet filtering regimes of the past (https://www.smh.com.au/national/dentists-website-on-leaked-blacklist-20090319-93cl.html) shows that secrets and artefacts (such as lists of websites, or access to tools) can and do get leaked beyond the approved area of usage).
“The Access and Assistance Bill 2018” also has issues of governance and oversight which require adjustment before it could be supported. Although there is still a requirement for warrants to be issued and a level of judicial oversight, a political appointment (The Attorney General) holds significant (and ultimate for short-term activities with post-activity oversight) power within this legislation. It would be preferable to have a politically independent body (an individual or organisation) to provide the level of oversight and authority carried by the Attorney General in this legislation to ensure that decisions are not made under the authority of this bill for political purposes.
If the government really wants to achieve better levels of policing and crime prevention in areas of technology, we implore the government to consult with the technology industry during the drafting phases of legislation, rather than after the draft has been put together in such a fashion as to be technically infeasible. ITPA would be more than willing to be part of a consultation process to resolve issues with the currently proposed legislation, or for any other legislation which requires technical expertise to achieve success.
**************************************************
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Measuring inefficiency
With a view to improving my 'leanness' and stop myself working so many extra hours, I...
Cybersecurity advice in the wake of Ukraine
In light of the current situation in Ukraine, the ACSC is urging all Australian organisations to...
Why major IT changes can wait
Attempting major IT changes late in the day — or week — can be a recipe for disaster.