Warring against Encryption: Australian proposals for the Tech Giants
What is it with Australia’s law enforcement authorities? Their uncontrollable appetite for encrypted data – primarily
the data of private users – is so voracious it has become a parody of itself. There seems to be little that will
restrain such politicians as Cybersecurity minister Angus Taylor, who insists that the technology giants cough up data
with ease and cooperative generosity.
“We need legislation in place,” claims Taylor in justification, “whereby companies can work with government to ensure that we can get access to the data we
need to prosecute and investigate serious crimes.” And there you have it: the cooperative model between government and
technology providers that surrenders individual privacy at a moment’s notice, the civic duty to do what’s good for the
country, however unnecessarily intrusive.
The Australian government’s attitudes to the private data of citizens tends to be schizophrenic. They acknowledge the
value of encrypted services, but do not like them. As the Department of Home Affairs explains, “Encryption and other forms of electronic protection are vital security measures that protect private, commercial and
Government data and make communications and devices of all people more secure.”
Then comes the grim qualifier, setting the ground for exceptions. “However, these security measures are also being
employed by terrorists, child sex offenders and criminal organisations to mask illegal conduct.” Encryption becomes the
barring and stalling enemy of the state; confidentiality becomes the frustrating measure hindering “lawful access of
communications by Australia’s law enforcement and national security agencies.”
The usual straw men arguments are trotted out: as the domestic spy agency has to deal with encrypted communications
(stunningly relevant, is ASIO) in nine out of ten cases, lives would be made easier if they could simply have access to
data in what it terms “priority cases”. The same reasoning is used by the federal police. In both instances, proportion
would simply vanish; agencies would be effectively discouraged from labouring for plausible reward.
The result of such doomsdaying apologias is the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a draft document with such innocuous labelling you would assume its authors were dull but friendly. It replicates, in
form and poor spirit, the United Kingdom’s Investigatory Powers Act, another seedy bit of state overstretch filled with mandatory decrypting obligations.
A spirit of workable solidarity, even collusion, comes through the wording: Australia’s intelligence agencies “may give
a technical assistance request to a designated communications provider” in the name of enforcing criminal laws,
protecting public revenue and safeguarding national security. The term “voluntary basis” is used to cover that
assistance, but the drafters are clear to ensure that the intelligence community chiefs may require compliance via what
is termed a “technicality capability notice”.
The Director-General of Security or the chief officer of the relevant interception agency is also given vast scope to
compel the provider to engage in a range of unspecified acts or things. To have such powers of compulsion would be
tantamount to permitting the security services to break down the door in the front, let alone any back door preference.
In an unconvincing move designed to allay suspicions, the Home Affairs department’s explanatory note suggests that either forms of “assistance” sought – the technical assistance notice or technical capability notice – are not
meant as directions to telecommunications providers “to implement or build a systemic weakness, or a systematic
vulnerability, into a form of electronic protection.” No “backdoors” to products and services are required. This point
is a moot one, given that technology providers could still be required to reveal a good deal about the technical
characteristics of their product, thereby giving agencies a more than helping hand.
The proposed laws are the product of a sneering attitude, and do everything to encourage the actions of the over-zealous
in the policing communities. Police, it is proposed, should receive commanding powers to force a person being searched
to unlock a mobile phone with fingerprint or password. Predictably, “reasonable” suspicions must be held that the phone
has details of a crime on it. (The reasonable person is ever the alibi of aggressive law enforcement.) In what can only
be deemed a sledgehammer approach, the person in defiance of such a command might face five years in choky.
This is not to say that the technology giants are to be praised. The cyber-intelligence complex sprawls and burgeons
with menace, and the muddied relationship between Silicon Valley and the intelligence community was well exposed by
Edward Snowden in 2013. Allied to the fact that Australia’s police forces already have extensive powers to covertly target devices at endpoints where information remains unencrypted, such a bill comes across as smugly
disproportionate and verging on the paranoid. To give governments ease of access in the manner suggested by the
Australian example would be to ignore various tenets of liberty: keep government and the state nail bitingly worried;
encourage citizens to be contrarian; and make prying authorities work when breaching the liberties of others.
Dr. Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge. He lectures at RMIT University, Melbourne.
Email: bkampmark@gmail.com