Internet industry wary of draft decryption bill
Internet industry representatives have expressed major concerns over the federal government’s proposed new law that would force technology companies to decrypt data when requested by law enforcement.
The draft Assistance and Access Bill, which was released for public comment yesterday, would grant law enforcement and intelligence agencies expanded powers to intercept specific communications even while encrypted.
It would impose penalties for non-compliance of up to $10 million for companies and up to 10 years’ jail time for individuals.
Announcing the proposed legislation, Minister for Law Enforcement and Cyber Security Angus Taylor said encryption and similar technologies are increasingly being used by paedophiles, terrorists and organised criminals to conceal their illicit activities.
“We know that more than 90% of data lawfully intercepted by the Australian Federal Police now uses some form of encryption. This has directly impacted around 200 serious criminal and terrorism-related investigations in the last 12 months alone,” he said.
Taylor insisted that the proposed reforms would allow law enforcement and intelligence agencies to access specific communications without weakening encryption or introducing backdoors into a network.
But Internet Australia Chair Dr Paul Brooks effectively accused Taylor of playing semantics with his claims.
“We recognise that law enforcement has a legitimate desire to access and view information transmitted across telecommunications networks by serious criminals, and that often these messages are encrypted in some form, as internet application developers enhance the security and confidentiality of their services,” he said.
“However, the government needs to recognise the clear potential dangers to the security and privacy of ordinary Australians which this legislation, in its current form, poses. This draft legislation clearly needs further work before it can be seriously considered to be fit for purpose. A backdoor into devices is still a backdoor, whatever label the government wants to use.”
The draft legislation would allow law enforcement to compel manufacturers and distributors of all communications devices — from mobile and landline phones, to modems, printers and smart TVs — to comply with their demands, Brooks said.
“Further, these powers appear to permit the government to instruct the device manufacturer to actively change how the device functions, to add or subtract functionality. These new powers go far beyond merely gaining access to messages.”
Internet Australia has also raised objections to the short four-week public consultation window.
Meanwhile, in a contributed article for Fairfax Media, Firefox web browser developer Mozilla’s COO, Denelle Dixon, insisted that the draft Act threatens to weaken security for all Australians.
“The reason is simple: if you create a weakness in encryption for one person, there is no way to stop hackers, malicious actors or even foreign agents from exploiting that same weakness for other ends,” Dixon said.
“Just as 2+2 still equals 4, in Australia as everywhere else, all security experts agree that these kinds of mandated vulnerabilities are a bad idea.”
NordVPN CMO Marty Kamden likewise said the significance of internet and privacy is only increasing as businesses move online, and that in this environment Australians should be allowed to use encryption.
“Opening a backdoor for the government means opening it for other entities capable of exploiting the access as well. It could lead to a flood of hacks, stolen information and other forms of abuse. This could jeopardise the privacy of all players involved — individuals, companies and their clients,” Kamden claimed.
Telecoms industry body the Communications Alliance, however, is playing its cards close to its chest for now. In a measured statement, the body’s CEO John Stanton said that the industry is “working through the details of what is a very complex piece of legislation, looking for ways in which it might be improved and understanding the implications of the new rules for our industry”.
He said that the industry body intends to submit a response during the public consultation period.
Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.
Strategies for navigating Java vulnerabilities
Java remains a robust and widely adopted platform for enterprise applications, but staying ahead...
Not all cyber risk is created equal
The key to mitigating cyber exposure lies in preventing breaches before they happen.
How AI can help businesses manage their cyber risks
Artificial intelligence can be a powerful ally in the fight against cyberthreats.