The boss of Prime Minister Malcolm Turnbull’s favourite secure messaging app has “grave concerns” about the government’s recently revealed anti-encryption bill, which he says “largely neglects” its impact on digital security around the world.
The CEO of Wickr, which Mr Turnbull has previously been a vocal proponent of, has spoken out against the federal government’s draft legislation, saying it will undermine encryption and make Australians less safe.
“We appreciate the challenges facing law enforcement in utilising digital evidence. The proposed legislation, although well-intended, largely neglects the inevitable fallout of mandating access to encrypted user data – whether business or personal,” Wickr chief executive Joel Wallenstrom told InnovationAus.com.
“While we are cognisant of the purposes behind Australia’s bill to provide law enforcement and security agencies with the authority to respond to the challenges posed by encryption, we have grave concerns about the weakening of strong encryption to mandate that technology providers comply in as-yet undetermined manners to open up access to user information.”
Draft legislation was finally unveiled by the government earlier this week, more than a year after Mr Turnbull first confirmed plans to give more powers to law enforcement and agencies to force tech companies to provide access to encrypted communications.
The new laws will directly impact Wickr and any other global company provide communications software or devices in Australia, with these companies facing fines of up to $10 million if they don’t comply.
Wickr is an American tech company providing an end-to-end encrypted communications platform with context-expiring messages.
Mr Turnbull has been a high-profile user of the service, saying it is more secure that traditional text messages.
“Probably the least secure form of messaging is SMS or text messaging because the messages are not encrypted in transit and they’re not encrypted on the telco’s server,” Mr Turnbull said in 2015.
“I use Wickr as an application. I use a number of others…because they’re superior over-the-top messaging platforms.”
But Wickr has since been a vocal critic of Mr Turnbull’s plans to force tech companies to work with law enforcement to access encrypted communications, with the company signing an open letter to government last month calling for the legislation to be dropped.
Under the new powers, the Attorney-General will be able to issue notices for agencies, forcing tech companies to build a new capability or insert malware to provide access to communications, if a warrant has been obtained.
If a notice is issued, a tech company will be forced to do a number of things, including removing a form of electronic protection, providing technical information or installing, maintaining, testing or using software or equipment.
The federal government has continually maintained that this does not amount to requiring the creation of “backdoors” to encrypted communications, and will not create “systemic weaknesses” in the technologies.
But privacy and civil rights advocates have labelled the bill a “huge overreach” that will undermine encrypted communications for all Australians.
Mr Wallenstrom said the proposed legislation may actually make things harder for law enforcement.
“It is unrealistic to expect effective law enforcement if Australia’s digital systems become porous and vulnerable due to watered down encryption,” he said.
“It is no time to limit our options in securing its digital economy, critical infrastructure and business communications,” he said.
“Interestingly, the latest research points out that rather than focusing on weakening encryption, a more urgent need is to bring law enforcement into the digital age to enable agencies to effectively leverage a vast amount of unencrypted data already available with a lawful request.”
Any changes or alterations to the way Wickr’s software operates would make it less secure, he said.
“In the case of Wickr and similar end-to-end secure platforms, the fact that government and business communications are protected device-to-device from any third party, including providers, ensures the strongest data security against attacker,” Wallenstrom said.
“We hope that the bill progresses through Parliament in a rational and constructive manner, with renewed focus on rule of law, checks and balances and the neglected reality of what porous encryption will mean to our collective security.”