Australia Passes Controversial Encryption Law

data encryption

The day online privacy died, as Australia passes law to give police, security services access to encrypted messages

Australia has made a significant change to online privacy after it passed a law that will require technology giants to give police access to encrypted data, in cases where it could be linked to criminal or militant activity.

Australia had proposed the law in August this year, and it has now been passed by the country’s federal parliament after lawmakers voted in favour of the Telecommunications Access and Assistance Bill late Thursday.

This makes Australia the first Western nation to breach the last bastion of online privacy, namely encryption.

Australia flag parliament government © Neale Cousland Shutterstock

Privacy invasion?

Essentially the new law requires police or intelligence services to obtain a warrant to access the encrypted data and sets fines of up to A$10 million (£6m) for institutions who don’t comply, or A$50,000 and jail time for individuals.

However, it isn’t clear how such measures could be put into practice, since services that provide end-to-end encryption, such as WhatsApp, can in theory only be read by those sending and receiving the message, with the service provider itself locked out.

Governments and law enforcement agencies have long called for measures that would enable them to decode encrypted communications when needed.

And Australia has been considering how to make this a reality for a while now, and now that the law has been passed, the implications could soon be felt in the UK and other countries, which are also considering similar moves.

It should be remembered for example that Australia is part of the ‘Five Eyes’ intelligence-sharing network that consists of the USA, UK, Canada, Australia and New Zealand, so any information decrypted there, would likely be shared among its allies.

The Australian encryption rule could also deter top tech firms from operating in Australia going forward.

Tech opposition

And it is fair to say that the tech industry has long fought against government attempts to access encryption.

Indeed, the issue was highlighted in a high-profile 2016 case in which the FBI attempted to force Apple to assist it in unlocking an iPhone connected to a mass shooting in California.

Apple refused, and ultimately the FBI paid a third-party security group to hack into the handset.

The tech industry and privacy campaigners have reacted with dismay to the Australian decision.

It will have “far-reaching consequences” for the privacy and security of encrypted platforms like WhatsApp and Google, and device manufacturers like Apple, Microsoft and Samsung, Ben McConaghy, a Facebook spokesman, told CNN ahead of Thursday’s vote.

Apple CEO Tim Cook has long been a supporter of privacy and he recently called for a federal privacy law in the United States.

And experts were also concerned at the move.

“This could have a devastating knock-on effect around the world,” said Jake Moore, cyber security expert at ESET UK. “Creating a back door for law enforcement will never assure that no one else will be able to access the database or files, and criminals will learn to exploit these vulnerabilities.”

“If you break the fundamental way that encryption works, you risk breaking the internet and eradicating any trust and security,” he added. “The www would stand for the ‘Wild Wild West’ not ‘World Wide Web.”

Do you know all about security? Try our quiz!