Despite the serious concerns of industry associations, civil society groups and academic experts, Australian intelligence and law enforcement agencies have already issued notices under the controversial new encryption legislation.
The so-called Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 was passed with the support of the Opposition amid chaotic scenes on the final sitting day of the Parliament on December 6 last year.
The legislation’s aim is to allow intelligence agencies and some law enforcement to pry open encrypted messages in particular cases, especially where it concerned national security. Government has consistently argued the legislation makes Australians safer.
But a coalition of industry groups, academics and civil liberties campaigners say the AA legislation makes Australians less safe, strips away foundational concepts of privacy, and would have a significantly detrimental impact on Australian tech companies.
Regardless, now the legislation has now been enacted, a government spokesman has confirmed to InnovationAus.com that enforcement and intelligence agencies are actively using its provisions, and that notices have been issued under the new law.
“The legislation is being actively used by law enforcement and security agencies in a number of investigations to keep Australia safe,” the spokesperson assured.
“The legislation in no way compromises the security of any Australians’ digital communications.”
It is not known how many notices have been issued or who they have been issued to because under the legislation it is an offence for companies to disclose information about government agency activities without authorisation. The penalty for disclosing the activity can mean jail terms.
The Parliamentary Joint Committee on Intelligence and Security (PJCIS) is currently reviewing the provisions of the legislation. The PJCIS report expected to be released April would effectively put consideration of amendments into the next Parliament.
A collective of academics and industry groups, including the Communications Alliance, the Australian Information Industry Association (AIIA), and the Information Technology Professionals Association (ITPA), have recently made a joint submission to the PJCIS recommending a raft of changes.
They have each criticised how the powers under the Act are unnecessarily broad and vague and have called for the need to introduce greater judicial oversight, particularly around the issuing of notices by agencies.
Vanessa Teague, an associate professor in cryptography at the University of Melbourne, said that while the government was not trying to deliberately destroy Australia’s capacity to secure data, its lack of understanding about the technology meant that this was the policy outcome, regardless.
“The technical details really matter for both effectiveness and the unintentional damage of any particular technical capabilities,” Dr Teague said during a panel discussion about the Assistance and Access Act convened on Wednesday.
“Yet from the Australian government we haven’t seen a single specific technical proposal for any particular way of accessing data encrypted with a key that the service provider doesn’t have,” she said.
“Without that specific [technical] proposal, we just can’t have a rational and grounded discussion about what those unintended consequences is going to be because they depend on what the proposal is.
“When we ask what they’re planning, we get these flexy little stories how it’s like asking a hotel to give access to a terrorist’s hotel room. But that’s totally irrelevant, because that’s a capability the hotel already has,” she said.
“[The government] doesn’t have us an accurate analogy to the [AA bill] situation because we’re asking the providers to re-engineer access to data that they would not otherwise have.”
During the same panel discussion, Suelette Dreyfus, executive director of Blueprint for Free Speech described the introduction of the Act as a “zero-sum game between the privacy of individuals and the powers of the state”.
“This act is a big step forward in the power of the state at the expensive of the privacy of the individual,” she said. “As such, there needs to be a plethora of corrective mechanisms on the misuse of that,” she said.
Dr Dreyfus highlighted, despite the grim situation the Act has created, it has brought about some unexpected uniformity.
“I haven’t seen in this country before such a strong alliance of ground work being built from civil society groups of technical nature, of freedom nature, of legal nature, and industry and the academic expert community,” she said. “This is fantastic. It’s a great by-product of a bad situation and bad law.”
“This coalition has been built and is being fortified and strengthened. It’s not only civil society within Australia or technical experts in Australia, it’s internationally as well with international academic experts and leading NGOs in the technical and legal space in places like Washington and London,” Dr Dreyfus said.
“[These people are] are liaising with us and working with us because they are very concerned that what happens in Australia will spread like a bad case of the measles to the digital privacy rights overseas.”