Australia's privacy leaders slam decryption Bill
Australia’s top privacy experts and advocates have urged the government to pull legislation that they say would grant law enforcement the power to effectively break encryption and damage the key technological infrastructure of the internet.
The Information Technology Professionals Association (ITPA) has been vocally opposed to the proposed legislation. This week, the association published a template letter for concerned members of the public to send to their local MP to urge them to oppose and vote against the bill.
The ITPA's President, Robert Hudson, said that the proposed legislation will fail to meet its stated aim, as criminals will merely switch to other encryption products not covered in the Bill. It will also “result in a significant reduction of individual privacy for law-abiding citizens”.
In addition, the ITPA has argued that the powers enabled by the legislation will almost certainly be misused by individuals in positions of power within law-enforcement agencies, and that the tools to circumvent encryption will certainly be used by people outside of legitimate law enforcement agencies as a weapon against law-abiding citizens.
Digital Rights Watch, Australian Privacy Foundation, Electronic Frontiers Australia, Future Wise, Queensland Council for Civil Liberties, New South Wales Council for Civil Liberties, Access Now and Blueprint for Free Speech have all filed a joint submission outlining deep concerns with the draft legislation.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 would allow law enforcement agencies to compel technology companies to assist in providing access to encrypted data, including by building the capability to allow access to this data if required.
The Bill does stipulate that the powers do not extend to requiring a service provider to implement or build a systemic weakness or vulnerability into a form of electronic protection of data.
But in their joint submission, the privacy groups have warned that the Bill “effectively enacts insecurity by design, which will almost certainly create additional obstacles and exclusions for Australian companies seeking to operate in EU markets”.
The submission also states that the Bill “creates extremely broad powers with almost no oversight without any substantive justification” and urges parliament to reject the Bill wholesale.
Digital Rights Watch Chair Tim Singleton Norton said the Bill has been widely and systematically rejected by technical experts.
“Despite the ridiculously short time frame that the government allowed for this consultation, the volume of criticism has been overwhelming — from privacy experts, technology companies, civil liberties advocates and telecommunications providers,” he said.
“We’ve also seen a staggering response from the Australian public, with over 14,000 people writing directly to the government in defence of their right to use encryption. It is easy to assume the public is too disengaged or uninterested to have a view on these kinds of issues, but the strong and sophisticated response makes it clear the opposite is true. The government would do well to heed this warning.”
Electronic Frontiers Australia Chair Lyndsey Jackson also noted that the Bill would allow law enforcement to force telecoms and technology companies to provide information about how networks are built and how information is stored.
“With no warrant or oversight process proposed other than that these orders must be ‘reasonable and proportionate’, what assurances does anyone have that these powers will not be abused?” she said.
Access Now Senior Legislative Manager Nathan White added that the Bill could have wider implications beyond just Australia, and threatens to impact the entire world.
“What occurs in Australia will have far-reaching consequences for the rest of the world. As witnessed just recently in a joint statement by the security agencies of the Five Eyes Governments, a jurisdictional precedent could be set here that will impact the global community,” he said.
“The Australian Government should be wary of becoming a testing ground for policies that undermine privacy and security in the digital era.”
Meanwhile, industry body the Communications Alliance is today hosting a meeting of stakeholders from across the Australian digital and social ecosystem to discus their objections to the Bill.
On the industry side, these concerns include objections that Australian tech companies will be placed in the position of breaking the laws of foreign companies in which they operate, and that applying the Bill to overseas organisations could result in them withdrawing their services from the Australian market.
Separately, Minister for Home Affairs Peter Dutton has announced that new obligations on telecoms service providers have come into force with the activation of the new Telecommunications Sector Security Reforms (TSSR).
These obligations, aimed at better protecting Australia’s telecoms network, include a requirement for telecoms operators to notify the department of proposed changes to their telecommunications networks and services that may have national security implications.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
The AI regulation debate in Australia: navigating risks and rewards
To remain competitive in the world economy, Australia needs to find a way to safely use AI systems.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.