A number of international tech companies, organisations and experts have joined in the fight against the Australian government’s decryption push, saying this would create “severe risks”.
A coalition of 76 organisations, companies and individuals have signed an open letter calling on the federal government to back away from legislating to force tech companies to decrypt secure communications for law enforcement.
The letter said that such a move would undermine all encrypted communications and have a serious impact on privacy, security and human rights.
The open letter said that such a move would “undermine tools, policies and technologies critical to protecting individual rights, safeguarding the economy, and providing security both in Australia and around the world”, having a “deleterious impact on internet security”.
“All known methods of bypassing, altering or watering down security tools or technologies to provide law enforcement access have been shown to carry severe risk,” the letter said.
“Impacts would also be felt across important sectors, from banking to infrastructure, including Australia’s continued investments in developed and smart cities, with potential consequences seen in increases in online criminal activity and unauthorised access to personal and proprietary data,” it said.
Signatories on the open letter include Malcolm Turnbull’s favourite app Wickr, Twilio, the World Privacy Forum, New America’s Open Technology Institute and the International Civil Liberties Monitoring.
Wickr chief executive officer Joel Wallenstrom said the Australian government’s push for forced decryption will vastly increase cyber risks.
“We must keep the dialogue open on how we protect our personal, business and government data against hacking threats which are growing more sophisticated, scalable and cheap,” Mr Wallenstrom said.
“It is no time to limit Australia’s options in securing its economy, critical infrastructure and business communications. It is unrealistic to expect effective law enforcement when our digital systems become porous and vulnerable due to weakened encryption.”
Local signatories of the letter include Internet Australia, the Australian Privacy Foundation, Digital Rights Watch and Future Wise.
The federal government is expected to unveil legislation that would force tech companies to decrypt communications for law enforcement in the coming weeks.
The government has maintained the bill would not require the creation of a backdoor or golden key, which would undermine the entire encryption infrastructure.
The upcoming legislation is expected to include three main reforms: updating search warrant and device surveillance powers for encrypted devices and content, powers to force telcos and tech companies to work with agencies to access encrypted data, and new penalties for companies that do not comply with the rules.
Cybersecurity Minister Angus Taylor has insisted the bill won’t undermine encryption.
“We need to update our powers and we need to make sure we do that without weakening the security and privacy of our devices. I’m the minister for cyber security – I care deeply about keeping devices secure,” Mr Taylor said earlier this year.
“We worked very hard at getting the balance right here where we don’t create any new weaknesses in the systems that keep your data secure. It’s crucial we maintain the ability for companies to encrypt and keep their data secure, but give access where that’s possible without creating the new weaknesses. And that is possible.
“There are all sorts of ways that law enforcement agencies can access data if they have the powers.”
But the proposed legislation move would also have a number of indirect consequences, the coalition of tech companies said, leaving them unable to provide proper security to users.
“Companies rely on user trust to ensure that they are able to retain customers and keep users engaged in updating and patching products. If users lose trust in the companies with which they interact online, both users and systems would face even greater cyber threats,” the letter said.
“It is essential sitting members of Parliament heed calls from a range of stakeholders that are collectively concerned about maintaining cybersecurity, public safety and human rights for a nuanced solution that will not unnecessarily undermine strong security in digital communications.”
Instead, the group argues that the federal government should be advocating for, and supporting, stronger methods of encryption.
“We strongly urge the government to commit to not only supporting, but investing in the development and use of encryption and other security tools and technologies that protect users and systems,” the letter said.
“We also urge you to advance other structures that will help secure Australia’s digital future, such as the establishment of a vulnerabilities disclosure process and protection for security research.
“In order to fully realise the benefits of the digital space, Australia must fully and unequivocally commit to a stronger foundation for digital security.”
Earlier this year the Senate did support a motion calling on the government to support strong encryption, backed by the Greens and Opposition.
The primary justification for the government’s legislation is to support law enforcement in fighting crime and terrorism, with claims that not having access to encrypted communications hampered investigations.
But the open letter said that the government’s potential bill is likely to actually lead to more cybercrime, and that the tech companies are willing to work with lawmakers in a different way.
“We recognise this may impact the ability of law enforcement to readily obtain access to some types of evidence and cause them to face friction in seeking such access.
“To mitigate these impacts in a manner that respects human rights and the rule of law, we would welcome the opportunity to engage in a dialogue on education and resources for law and policy-makers, as well as law enforcement officials, to help determine what courses of action are available to gain access to evidence in a timely manner,” the letter said.
Do you know more? Contact James Riley via Email.