Turnbull govt wants to force companies to break encryption

By on
Turnbull govt wants to force companies to break encryption

Will discuss plan with Five Eyes partners.

The Australian government wants to introduce laws that would force technology companies to ensure their systems are capable of decrypting communications.

The plan is a response to the use of encrypted communications channels by terrorists, and follows in the footsteps of the United Kingdom's moves to force communications operators to make sure they can hand over encrypted messages to law enforcement agencies.

The UK's new 'technology capability notices' were proposed following the Westminster terrorist attack. They impose obligations on operators of communications services to ensure they are technically able to hand over decrypted data in "near real time" to the government.

The Australian government over the weekend revealed its intention to pursue a similar path, but is yet to work out much of the detail of its plans.

Attorney-General George Brandis specifically called out the UK's technical capability notices when revealing the government's plan to "lift the legal obligations on device makers and social media companies to co-operate with authorities in decrypting communications".

He said current Commonwealth legislation 'doesn't go far enough' to impose obligations of "co-operation" on technology companies.

"Now I should also say of course, that in the first instance the best way to approach this is to solicit the cooperation of companies like Apple and Facebook and Google, and so on, and I think there has been a change of the culture in the last year or more," Brandis said.

"There is a much greater conscious proactive willingness on the part of the companies to be cooperative but we need the legal sanction as well."

He insisted the government had no intention of forcing technology companies to introduce backdoors in their products.

"A technical capability notice ... subject to tests of reasonableness and proportionality, imposes upon them a greater obligation to work with authorities where a notice is given to them to assist in breaking a communication," Brandis told Sky News.

"So that’s not backdooring."

But it is unclear how the government expects technology companies to break encryption.

The UK's new laws have been fiercely criticised as being vague and giving communications providers no option but to build backdoors into their systems.

End-to-end encryption prevents the operators of Signal, WhatsApp, Telegram and Apple's iMessage, among others, from being able to simply hand over messages: the keys to decrypt the information are held by those involved in the communication.

Because of this some have taken the UK law as an attempt by the government to outlaw end-to-end encryption. The UK government has avoided answering questions on the matter.

Brandis suggested to the Sydney Morning Herald that one option would be to "improve warrant-based access ... at the sender or receiver ends". However, this can largely only be achieved through compromise of an end user device, or the application.

"At one point or more of that process, access to the encrypted communication is essential for intelligence and law enforcement," Brandis told the SMH.

"If there are encryption keys then those encryption keys have to be put at the disposal of the authorities."

Brandis said the details of the plan would be nutted out at the Five Eyes conference in Canada in two weeks' time.

He indicated the government had not yet decided whether warrants would be needed to access decrypted information, but again referenced the UK technical capability notice model.

A notice works as a first step to "prepare the ground" in case an operator receives an interception warrant, ensuring they have the technical ability to comply. It does not, of itself, require an operator to conduct an interception.

"That’s a discussion that we need to have," Brandis said.

"The point at which a power is only exercised under warrant as opposed to a power that resides without the requirement for a warrant in law enforcement and intelligence will always be a part of this discussion and that’s one of the issues that will be on the table at Five Eyes in Ottawa in a fortnight’s time."

He claimed Australians would not be concerned at the privacy implications involved in the government's plan because the "Facebook generation ... put more and more of their own personal data out there".

"I think that there is an entirely different attitude of privacy among young people than there was perhaps a generation or two ago. And I think the social media companies are regardful of that as well. So let the civil liberties point of view be heard, let legitimate privacy considerations always be had regard to," Brandis said.

"But I think where the community is at at the moment is to prioritise their concern about giving law enforcement and intelligence agencies the tools they need to thwart terrorism, and everyone knows that the internet and cyberspace are important vectors for terrorists."

Privacy and civil liberties advocates have warned that moves to decrypt communications would simply push terrorists onto other technology platforms whilst having negative consequences for financial transactions, online commerce, and security of personal data.

A UK public bills parliamentary committee highlighted several technical issues with the legislation and said it should include a specific threshold that recognises it is unreasonable to hand over decrypted content from end-to-end encrypted channels.

"The damage to security may be done as soon as a company finds itself having to comply with such a notice and install a back door, whether or not it subsequently has to provide data under warrant," the committee said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?