Debate Magazine

Analysis: Examining Australian Law Enforcement’s New Encryption Powers

Posted on the 01 March 2019 by Darkwebnews @darkwebnews

It appears that several Australian agencies are already making use of the contentious encryption laws parliament hurriedly passed in December 2018.

A single court order is all it will take for the government to compel communication companies to decrypt their systems to allow access to communications, otherwise inaccessible to them.

The newly passed Telecommunications and Other Legislation Amendment (Assistance and Access) Bill as passed stipulates that law enforcement entities in the country will have the privilege of administering three types of notices: Technical Assistance Notices (TAN), Technical Assistance Requests (TAR) and Technical Capability Notices (TCN).

Authorities will use TAN to direct communication companies to implement their own pre-existing interception capability.

TAR is similar to TAN save for the fact that it is voluntary rather than mandatory and that it seeks the implementation of existing capabilities that experts have previously diagnosed as being dangerous.

TCN directs a communication provider to create a fresh interception capability in anticipation of more notices in the future.

The Rush to Implementation

Using terms such as "systemic vulnerability" and "systemic weakness" rather than "backdoor," the Department of Home Affairs in Australia reported to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) that requisite training regarding application of the laws was administered to law enforcement agencies of Victoria as well as South Wales.

The training, mainly conducted on-site, specifies the directions that agencies must follow, strict thresholds and safeguards, and the procedural approvals that are necessary.

Even though Home Affairs is portraying a successful rollout of the laws, citing cooperation with other government agencies and private entities, there are still serious legislative concerns.

Notably also, the department is facing the challenge of appointing a qualified independent assessor. Opposition further continues to surface several human rights concerns.

Critical Concerns by Tech Companies

It is not easy to strike a balance between respecting the citizen's privacy and maintaining the integrity of devices and networks.

Politicians with the help of their lawyers, come up with laws that are elusive of the technicalities.

Often, they enact laws that they intend to operate independently of technology. While most of their resolutions may be appealing in theory, critical details must always be considered.

Intercepting messages from potential criminals is desirable from a mainstream societal perspective.

However, it is highly detrimental to the privacy and security of users who will fall prey to non-legitimate purposes.

These encryption laws will do very little to catch online criminals, but will instead avail an opportunity to them when the tools are leaked.

In an attempt to improve the nation's internet security, the Australian government is ironically introducing systemic weaknesses that will pose risks to the entire country.

Apart from the citizens, manufacturers and developers would also lose their reputation in international markets.

Senetas, an Australian online security company, postulated that enacting the encryption laws would jeopardize Australia's cybersecurity R&D and products.

In a submission to the PJCIS, Senetas Chairperson Francis Galbally hinted that nobody will want to work with Australian companies if they wouldn't back a capability established for interception agencies.

The mere establishment of the legislation will warrant accusations from other countries that Australian cybersecurity products are vulnerable to encryption backdoors.

It would therefore be worthless for tech companies to guarantee safety of user information.

Senetas CEO Andrew Wilson further suggested that the requirement by the bill not to disclose or document the existence of a capability would only help in creating loopholes.

The Australian internet giant is not totally against the new laws as passed by parliament.

It however suggests amendments that will be essential to the rights of citizens as well as the health of tech companies in international markets.

Tech-savvy criminals will inevitably devise new tools to circumvent the provisions of the law.

Wouldn't it then be useless and counterproductive to ask communication providers to intercept their users' interactions?

Necessity for Amendments (Writer's Opinion)

On paper, the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 appears to improve the preexisting telecommunications Act of 1997.

Theoretically, it is in good spirit to avail additional powers to Australian government agencies in matters concerning communication devices and data access powers and warrants, penalties for non-compliance, as well as crackdown on whistleblowers.

However just like the climate change discussion, Australian politicians and other supporters of the encryption bill did not want to admit that the bill could be disastrous.

Cybercrime should not be an excuse to compromise privacy concerns or to assume the detrimental impacts on tech companies.

Without a doubt, more countries will follow suit after Australia. The less privacy-concerned regimes will be first in queue, adopting harmful communication interception capabilities that are not representative of Australia's security interests.

Politicians are often charismatic, dwelling on the sensations of issues rather than basic liberties.

They pass laws without understanding the critical technicalities involved. Instead of consulting their lawyers only, they should involve tech experts in their legislative processes.

Many argue that opposition to the encryption bill is somewhat in tandem with lobbying for terrorists to be able to communicate without detection.

They accuse critics of siding with criminals from the likes of sex offenders and drug smugglers.

What they and other proposers of the bill seem to be ignorant of is the fact that any attempt to break encryption sets ground for many kinds of tumultuous activities.

Overall internet security is ultimately threatened rather than monitored.

While the provisions of the encryption laws are plausible to a certain degree, they are deeply flawed.

The bill exhibits inadequate judicial oversight, severely poor transparency account, and absent

Disclaimer:


Back to Featured Articles on Logo Paperblog