An encryption bill with holes in it
Peter Dutton: Encryption an obstacle for criminal investigations
The Federal government’s assertions that its new encryption-cracking legislation won’t create a backdoor in encrypted communications is “ludicrous” according to digital rights experts.
The Coalition is expected to finally unveil legislation in the coming weeks that would force tech companies to allow law enforcement to access the encrypted data of suspected criminals with a warrant.
The legislation has been in the works for more than a year, with the government pursuing a method to combat the use of encryption technologies by criminals to evade detection.
But encrypted technologies are also used by countless law-abiding Australians, and experts argue that any such legislation would require the creation of a backdoor or golden key, undermining the entire infrastructure of encrypted communications.
Cyber security minister Angus Taylor confirmed on Tuesday that the legislation would be presented for public comment within weeks, maintaining that it would not necessitate backdoor access to data without explaining how this would be done.
“We need to update our powers, and we need to make sure we do that without weakening the security and privacy of our devices. I’m the minister for cyber security - I care deeply about keeping devices secure,” Mr Taylor told Radio National on Tuesday morning.
"We worked very hard at getting the balance right here where we don’t create any new weaknesses in the systems that keep your data secure."
“It’s crucial we maintain the ability for companies to encrypt and keep their data secure, but give access where that’s possible without creating the new weaknesses. And that is possible.
"There are all sorts of ways that law enforcement agencies can access data if they have the powers.”
But Digital Rights Watch chair Tim Singleton Norton said the government’s continual insistence that it can force tech companies to provide access to encrypted data without leading to the creation of backdoor access to all encrypted data is a “ludicrous argument”.
“The government wants to be able to access encrypted messages, without breaking the underlying platform that makes them encrypted in the first place.
As evidence from the Apple – FBI case in the US, it can’t be done without compromising the encryption and therefore creating weaknesses for the rest of us,” Mr Singleton Norton told InnovationAus.com.
“If they’re so confident that it can be done without impacting on the rights of ordinary innocent civilians to utilise encryption, then why can’t they reveal the legislation now? The argument that law enforcement techniques must be kept secret is always incredibly worrying.
“Police certainly deserve to have the appropriate tools available to do their job, but we always have to ensure adequate protections and oversights exist as well.”
According to The Australian, the legislation will include three main reforms. It will update search warrant and device surveillance powers for encrypted devices and content, include powers to force telcos and tech companies to work with agencies to access encrypted data, and impose new penalties for individuals or companies that do not comply with the rules.
The government is yet to reveal how it plans to access the encrypted data. During Tuesday morning’s interview, Mr Taylor repeatedly declined to rule out the use of “surveillance code”.
This would involve tech companies being forced to insert code onto devices without the owner’s knowledge, allowing law enforcement to access its data unencrypted.
“Whatever technique is appropriate within those powers, law enforcement should be able to do it. If law enforcement needs access to data in order to investigate what we believe on reasonable grounds is a crime, they should be able to access it in a way that doesn’t weaken the encryption. It includes whatever techniques are appropriate,” Mr Taylor said.
Greens digital rights spokesperson Jordon Steele-John has called on the government to properly detail its plans.
“This is extremely problematic whichever way you look at it because if end-to-end encryption is working properly, then you are legislating companies to do the impossible. There is no method of accessing data if it has been properly encrypted,” Senator Steele-John said.
“Companies will be forced to undermine their own encryption in order to comply with Australian law, therefore undermining the privacy and security of user’s data.
"Quite simply this will necessitate surveillance codes, key escrow or some other backdoor methodology of decrypting data to allow it to be handed over if the Australian government produces a warrant.
“It also allows this Liberal government to continue to lie through their teeth to the Australian people by saying that they won’t legislate companies to undermine their own encryption.
"Minister Taylor needs to detail how he proposes to access encrypted data or else come clean to the Australian people that their online information will be compromised.”
Home affairs minister Peter Dutton said earlier this year that while encryption is a “vital tool” for banking and communications, it has become a “significant obstacle” for criminal investigations, claiming that more than 90 percent of counter-terrorism targets are using it.
A similar debate is currently raging in the US. Earlier this year it was revealed that the FBI had been inflating the number of cases where it had been unable to access encrypted devices. It had previously claimed that this had happened 7,775 times, but the figure was revealed to be closer to 1,200.
“The FBI has been pressuring Congress and tech companies to undermine everyone’s cybersecurity based on faulty facts and bad math. The report shows that law enforcement claims of ‘going dark’ should be met with a healthy dose of scepticism,” Human Rights Watch senior internet researcher Cynthia Wong said.