Home > Networking > Cybersecurity > Aus Gov Unveil Encryption Legislation

Aus Gov Unveil Encryption Legislation

The Australian federal government plans to take on tech companies with new legislation that will compel them to break into the encrypted messages of users and hand the contents over to government agencies if requested.

Prime Minister Malcolm Turnbull argued that law enforcement authorities needed the new powers in order to target terrorists, paedophiles and organised crime gangs online.

“We cannot allow the internet to be used as a place where terrorists and child molesters and people who peddle child pornography and drug traffickers to hide in the dark,” Mr Turnbull said.

Though Turnbull insists the government is not giving intelligence agencies “back doors or anything underhand”, it’s unclear how the tech giants could maintain a balance between complying with the new laws whilst not creating additional security vulnerabilities within their own networks.

A 2015 paper, ‘Keys Under Doormats’, written by veterans security researchers observed that “designing exceptional access into today’s information services and applications will give rise to a range of critical security risks.”

“First, major efforts that the industry is making to improve security will be undermined and reversed. Providing access over any period of time to thousands of law enforcement agencies will necessarily increase the risk that intruders will hijack the exceptional access mechanisms. If law enforcement needs to look backwards at encrypted data for one year, then one year’s worth of data will be put at risk. If law enforcement wants to assure itself real time access to communications streams, then intruders will have an easier time getting access in real time, too. This is a trade-off space in which law enforcement cannot be guaranteed access without creating serious risk that criminal intruders will gain the same access.”

“The challenge of guaranteeing access to multiple law enforcement agencies in multiple countries is enormously complex. It is likely to be prohibitively expensive and also an intractable foreign affairs problem,” they argue.

According to the paper, “a proposal to regulate encryption and guarantee law enforcement access centrally feels rather like a proposal to require that all airplanes can be controlled from the ground. While this might be desirable in the case of a hijacking or a suicidal pilot, a clear-eyed assessment of how one could design such a capability reveals enormous technical and operational complexity, international scope, large costs, and massive risks — so much so that such proposals, though occasionally made, are not really taken seriously.”

When questioned by journalists, Turnbull stated that “the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”

The legislation will be modelled on similar legislation in the UK, and allow authorities to obtain a warrant to compel companies to help them in their investigation.

The package will also grant the AFP the authority to “remotely monitor computer networks and devices” to the same degree that ASIO does.

Attorney-General George Brandis says was informed by the UK’s GCHQ intelligence agency that the government’s plan is feasible on a technical level.

“This will be a universal phenomenon in a very short time,” Brandis told Sky News.

Brandis says that if the companies affected disagree, then he will see them in court.

“What this merely does is contemporise for the modern era what is a well-established legal principle — that is, persons including companies can be subject to an obligation to assist law enforcement in resolving crimes, and that principle shouldn’t depend upon the nature of the technology; it applies to all communications,” he said.

Given the US government’s inability to compel Apple to break their end-to-end encryption for the FBI and other law-enforcement authorities, it’s unclear how the Australian government’s legislation will fare when rubber hits the road.

“I think if [companies] do try and fight the government trying to protect Australians, they’ll be on the wrong side of the argument,” Cabinet Minister Christopher Pyne told Nine Network.