Australia’s New Anti-Encryption Law May Be the Strongest Yet
On December 6, Australia’s parliament passed some of the toughest anti-encryption legislation in the world aimed at forcing tech companies to reveal messages exchanged by terrorist and organized crime groups. The bill will require tech companies like Facebook, WhatsApp and Signal to cooperate with law enforcement to decrypt messages and even implement code to track suspicious groups.
This isn’t the first legislation seeking to force tech companies to reveal information about their users: the Australian law represents an ongoing global struggle between law enforcement and tech companies. The United Kingdom passed legislation in 2016 allowing authorities to hack and intercept communications of all British citizens. The same year China enacted the Cyber Security Law requiring Internet operators to cooperate with investigators.
RMIT University professor Mark Gregory says that Australia’s legislation goes much farther than the UK’s or China’s. In Australia, tech companies would be required to not only decrypt messages, but to build backdoors that allow law enforcement to easily access anything being said on these messaging applications. A network engineering and Internet security specialist, Gregory says that the law’s language has implications beyond national security and could be used for private-sector investigations.
Australian Prime Minister Scott Morrison argued in support of the legislation that virtually all suspects being monitored by law enforcement agencies use encrypted messages to communicate. Supporters maintain that criminal groups are able to continue their work protected by tech companies who until this legislation were not required to work with government agencies.
Tech giants like Facebook and Google weren’t the only opponents to the new legislation. Amnesty International and Melbourne-based Human Rights Law Center also opposed the broad government surveillance contained in the bill. Opponents say that the law could undermine other aspects of cyber security, such as e-commerce and data storage.
Critics also say the bill’s language is too vague to achieve the goal supporters claim they want. The bill could be used to go beyond tracking terrorist and organized crime groups and can be used for tracking other kinds of activity like corporation law cases.
The new legislation is subject to parliamentary review for twelve months, during which time it will be used only for monitoring the most serious crimes. There will be strict oversight of how law enforcement notifies tech companies and enforces the law to make information available.
Cyber security is changing quickly as governments and tech companies scramble to address issues related to national security and data privacy. Companies working internationally need to be aware of the different rules and regulations enacted in each country.