Australia’s spy agency chief Mike Burgess has blasted technology platform providers for refusing to let law enforcement and national security agencies gain access to their end-to-end encrypted products.
The director-general of security at the Australian Security Intelligence Organisation, who stepped into the role last September after 18 months at the Australian Signals Directorate, warned that the country is less safe in the wake of COVID-19.
In an Institute of Public Administration Australia podcast, Burgess said that while private communication, such as in closed WhatsApp groups, was a “good thing” for normative society, providers should be more willing to work with law enforcement.
“The real challenge comes when you have a lawful need - so the police are investigating something or ASIO is investigating something and they’ve got a warrant and they want to get access and those providers actually refuse to actually cooperate with governments,” he said.
“That’s a problem for me because as societies, especially democratic societies, we understand, we operate within the rule of law.”
Burgess' comments follows an attempt by Australia, the United States and the United Kingdom to get Facebook to delay plans to implement end-to-end encryption across its messaging services.
Reiterating comments earlier this year, Burgess said there was a need for the balance between privacy and security to be reweighted in the favour of law enforcement and national security agencies.
“Yes, privacy is paramount, but privacy is not total because there’s a balance between privacy and security, and under the rule of law when appropriate warrants are in place law enforcement or ASIO should be able to get access to something,” he said.
“And to be very clear here, it's one of those interesting dilemmas of this intangible nature of the internet.
“As a society, whether we know it or not, we’ve accepted the fact that the police or ASIO can get a warrant to bug someone's car or someone’s house. Why should cyberspace be any different?
“Yet every time we have these conversations with the private sector companies they kind of push back and say, ‘Uh, no, we’re not so sure about that’.”
Burgess used the example of the US Federal Bureau of Investigations wanting to gain access to data held on iPhones, which Apple has previously rejected on privacy grounds but is now facing a new test case for.
“Of course Apple’s view is that privacy is paramount and they want to design a phone that actually no one can access because if they give some countries access they have to give it to all countries,” he said.
“At one level, I accept that.
“But in our country under the rule of law, if we have a warrant - so we’ve met the legal threshold and the appropriate person has said, 'Yes, you can have this access' - we would expect companies to cooperate and actually ensure that there is lawful access.
“With the appropriate oversight and the appropriate laws, I don't support private sector companies who want to fight governments to say, 'No, we can’t give you all' or 'We can't cooperate with you'.”
The comments come despite the passage of controversial laws in December 2018, which gave Australian law enforcement and national security agencies access to a suite of encryption-busting powers.
That could suggest one of the key mechanisms of the law - a technical assistance request, which allows agencies to seek voluntary assistance from service providers to provide data or assistance - is not working as well as ASIO would like.
The only figures on the use of the laws released to date indicates that 25 TARs were issued between December 2018 and November 2019.
Earlier this year, Burgess revealed that ASIO used the government’s encryption busting legislation almost immediately after it was passed to protect the country from “serious harm”.
In the lead up to passage, the government had argued that the laws needed to be in place before the end of 2018 in order to best avoid the risk of a terrorist attack over the Christmas period.
Burgess also used the podcast to point out that Australia was no safer following the coronavirus pandemic, with ASIO forced to take on both the “threats that we worried about before” as well as COVID related threats.
“In threat terms, obviously we’ve seen more people at home, and as they’re at home they’re online, and we’ve seen increased chatter in the online world when it comes to the spread of extremist ideology attempting to radicalise people,” he said.
“So we’ve seen more of that, just as we’ve seen more criminal behaviour online - cybercrime, which is well reported by other agencies.
“Espionage is the second profession on the planet, perhaps the first, and it hasn’t gone away. More activity online as spy’s are constrained on the streets.
“So the problem hasn’t gone away. In some cases we’ve got busier, especially in the online space.”