In spite of the strong opposition and widespread criticism from the tech industry and civil liberty groups, Australia has passed the Assistance and Access Bill 2018. The law was passed by both houses of Parliament.
According to the new law, tech companies are required to provide user data if requested or compelled by law enforcement and intelligence agencies, even if that means creating a backdoor into encrypted systems. This implies that end-to-end encryption will no longer offer the same level of privacy for user data.
The law has been in the making for over a year. It all started in June 2017 when the Five Eyes met in Ottawa, Canada. The Five Eyes is an intelligence alliance consisting of the US, UK, Australia, Canada and New Zealand. The meeting’s joint communique mentioned that:
“…encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism. To address these issues, we committed to develop our engagement with communications and technology companies to explore shared solutions while upholding cybersecurity and individual rights and freedoms.”
As a result of the meeting, Australia committed to translating the meeting’s objectives into a law. And so it did. The Assistance and Access bill was released just in time for the latest Five Eyes meeting, in early September.
In defense of the legislation, Mr Alastair MacGibbon, Australia’s national security coordinator stated and former federal police officer said that up to 80% of interceptions nowadays are encrypted, making it very difficult for investigators to deal with criminals. He added:
“The vast bulk of the law is actually codifying our conversation between industry, law enforcement, and security agencies to go after a very, very small part of the community who would do us harm.”
“It’s not anti-encryption, it’s anti-criminals using encryption.”
One of the strongest oppositions against this law came from Apple, who send a letter to the Australian Government:
“The devices you carry not only contain personal emails, health information and photos but are also conduits to corporations, infrastructure and other critical services. Vital infrastructure — like power grids and transportation hubs — become more vulnerable when individual devices get hacked. Criminals and terrorists who want to infiltrate systems and disrupt sensitive networks may start their attacks by accessing just one person’s smartphone. In the face of these threats, this is no time to weaken encryption. There is profound risk of making criminals’ jobs easier, not harder. Increasingly stronger — not weaker — encryption is the best way to protect against these threats.“
The idea of forcing tech companies to grant access to user data when requested by the authorities is not new. The so-called Crypto-Wars started in the 1990’s as a response to the fear of losing access to communications due to new technologies. However, because it was strongly opposed by the public, the idea was ultimately abandoned. Not for long, though. In 2016, UK’s Investigatory Powers Act 2016 gave authorities the power to intercept, store and hack the communications of all its citizens, while China’s Cyber Security Law compels Internet operators to cooperate with authorities on national security and criminal investigations.