New Australian anti-encryption bill ripe for abuse

Posted on Dec 7, 2018 by Caleb Chen
anti encryption

Since 2017, Australian lawmakers have sought to read your encrypted messages on services such as WhatsApp – and now their wish has been granted. As of Thursday the 6th of December, the Australian government gave itself the power to request decrypted messages from companies and websites, much to the chagrin of security-minded people all over. The new anti-encryption bill allows Australia to go to companies such as Facebook and Apple and use “technical notices” to demand that software compromises be made so that law enforcement can access the encrypted messages. These compromises could be in the form of implanted malware or even straight up backdoors. The lawmakers have promised that this law will only be used to target the most heinous of criminals facing at least three years of imprisonment, but we’ve seen that promise broken before.

Chances are this anti-encryption power will be abused

There’s just no way that these draconian investigatory powers would be abused by the Australian government right? If history has anything to say, Australia has a long track record of abusing these types of powers once they are enacted – in direct contradiction with their prior promises. Logged metadata that were ostensibly only to be used for criminal cases started being used for civil cases; in another case, police used logged metadata to track a journalist without a warrant. These are examples of the Australian government misusing and abusing their access to metadata – just imagine what they’ll do with the actual unencrypted contents of encrypted data.

Then there’s the consideration that Australia’s government can’t pass laws that change the laws of mathematics. That is still a fact even in spite of Australian Prime Minister Turnbull’s passionate exclamation that “the laws of mathematics don’t apply in Australia.” If a backdoor is made, it will eventually be accessible and usable by hackers or other malicious third parties. The only way to avoid these problems is to let math work without breaking its core functionality. Even if Australian law enforcement can get their hands on targeted WhatsApp and iMessage communications, there are open source, end-to-end encrypted messaging services out there that do not have a company to which to serve a “technical notice.” The anti-encryption bill falls flat on its face from the get go.

Over the last several months, dozens of organizations have come together to plead the Australian government to reject the plans to undermine encryption. Even some Australian politicians are aware of what the government has just done to its people. Senator Jordan Steele-John, a Greens’ senator, took to Twitter to post his thoughts.

When this law goes up for review in 18 months, more reasonable voices need to prevail. You can view the full details of the anti-encryption bill here.