southburnetttimes.com.au
How ‘deeply concerning’ law affects you
Community
8-10 minutes
Australia has passed a bill designed to give intelligence agencies more power to access your encrypted conversations.
Labor has agreed to pass the Morrison Government’s legislation without amendments, meaning they will be locked-in before Christmas.
But what do these laws actually mean, and why are they so controversial?
WHAT ARE THE LAWS?
The Australian government has passed new security laws giving authorities the power to intercept encrypted communications.
Known as the Access and Assistance Bill, this effectively gives intelligence officials the power to force you to open your smartphone in front of them.
It’s the old “right to privacy versus national security” debate - the government says these additional powers will protect you from potential terror attacks.
Attorney-General Christian Porter and other proponents of the law say it will “keep Australians safe” by helping to thwart terrorists, organised crime and child predators.
WhatsApp messages.
Signal, WhatsApp and Wickr are examples of encrypted apps - their encryption prevents law enforcement agencies from reading messages intercepted under warrant while looking into crimes.
Until now.
This law will allow law enforcement agencies to obtain evidently directly from a device, with the appropriate approval.
Where a warrant has been issued to intercept telecommunications, the head of an interception agency can issue a “technical assistance notice” for a company to help decrypt said device.
WHAT ARE THE MAIN CONCERNS?
Tech groups, experts and Australian senators have expressed concerns over the new law, including giants like Apple, Google and Facebook.
Opponents of the new law argue it will weaken Australians’ privacy and online security, potentially leaving them vulnerable to cyberhacking, and is a step on the way to a Big Brother-style police state.
Australian Greens’ party Senator Jordon Steele-John has been vocal in his opposition of the Bill, condemning the Opposition for helping the Morrison government pass it and describing it as “an affront to privacy and democracy”.
“Far from being a ‘national security measure’ this bill will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian,” Senator Steele-John wrote earlier this week.
He likened it to “President Donald Trump reading your mail over your shoulder as you opened it”, and said the blow to encryption will make us “the laughing stock of the tech world”.
A spokesperson for Digital Industry Group Inc similarly said the legislation was out of touch compared to similar laws around the world.
“This legislation is out of step with surveillance and privacy legislation in Europe and other countries that have strong national security concerns,” they said. "Several critical issues remain unaddressed in this legislation, most significantly the prospect of introducing systemic weaknesses that could put Australians’ data security at risk.
“It is also deeply concerning that the minimum safeguards Australians should expect under such unprecedented new powers - judicial oversight and a warrant-based system - are absent in relation to the new Technical Capability Notice.”
The Law Council of Australia says serious concerns remain about the laws, which it believes have been rushed and politicised.
“We now have a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist,” president Morry Bailes said.
Several tech groups have serious privacy concerns about the laws, saying they will leave us more vulnerable to hackers.
Laura Tyrell, a spokesperson for NordVPN, told news.com.au there were concerns the encryption bill was a rushed job, saying the rise in Australians using VPNs was proof the nation’s concerns about online privacy are increasing.
“Concerns over the rushed Bill are high. Today’s amendments have done little to clarify specifics around the potential power that the Bill could give government and law enforcement over digital privacy and security,” she said.
"Despite the pro-encryption passions in the government, Australians are showing their concerns about losing their online privacy by turning to VPNs.
“Even though the government is trying to make it sound that decryption will help police and government agencies, in fact, it will just open the door to new crime,” said Ruby Gonzalez, Communications Director at NordVPN. “The biggest concern is backdoor access into private messages. That could create real potential problems, such as hacking, data misuse, and leaks.”
Human Rights Commissioner Edward Santow has called for independent oversight and better safeguards.
“This new law will dramatically increase the access of intelligence and law enforcement agencies to the private communications of ordinary Australians, with implications for our right to privacy and freedom of expression,” he said.
“The commission, and the public, have not been given a sufficient opportunity to review and comment on yesterday’s amendments prior to them becoming law.”
Even Labor leader Bill Shorten, who helped vote the controversial laws in, has admitted he still has concerns.
Tech giants have also slammed the new law. In a letter to the Australian government last month, Apple argued the measure would “allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device”.
Even Labor leader Bill Shorten, who helped vote the controversial laws in, has admitted he still has concerns.
Mr Shorten concedes the Bill was rushed, but is confident the amendments will go through when parliament resumes in February.
“There are legitimate concerns about the encryption legislation,” the opposition leader told reporters on Friday.
“But I wasn’t prepared to walk away from my job and leave matters in a stand-off and expose Australians to increased risk in terms of national security.”
QUESTIONS STILL REMAIN OVER HOW BILL WORKS
Nigel Phair, director of the NSW Canberra Cyber, stressed that - while a lot of questions remain unanswered about the law in its current state - “encryption” in itself is a good thing.
“What the bill needs is a lot more definition around what it is that they’re creating,” Mr Phair told news.com.au. “What is the vulnerability? What is the weakening encryption? What they haven’t done is brought us into their confidence of how we’re going to get access (to encrypted data) - are they going to build a vulnerability in at the front door? Are they going to put a keystroke on the device? If there’s a channel between two people, are they going to mysteriously put a third person in?”
The government will have three levels of requests. The first stage is voluntary while the second stage is compulsory and includes fines up to $10 million and $50,000 for an individual. The third stage is also compulsory and demands companies proactively work to build mechanisms to help authorities collect information.
“How well this plays out in terms of the three stages of compliance will be another factor altogether,” Mr Phair said. He believed demanding co-operation was easier said than done and expected the government would encounter “jurisdictional and procedural” problems with the implementation of the laws.
Mr Phair also said we “can’t get caught up in the romance of the legislation” - it’s not like ASIO will be intercepting encrypted data and thwarting terror plots the day after it’s enacted.
"I really think it shouldn’t have gotten rushed through. Bad legislation doesn’t help anyone, particularly the agencies, and I think they rushed it through. A lot of the fearmongering still hasn’t been explained. This is quite novel yet far-reaching legislation. When we talk about how ‘What ifs’ about how criminals hide their tracks, we still need to remember that encryption is a good thing.
“There are lots of people, businesses and governments that haven’t been susceptible to cybercrime because of encryption. It is a good thing.”
- with Nick Whigham