Connect with us

Internet

Australia vs encryption – the fuse has been lit

The fuse has been lit for what seems to be one of the many liberty-infringement bombs that have been delivered at our doors.

architectural photography of building in australia
Image: Unsplash

By now, the news is well known – Australia recently passed a law that forces all tech companies to make their user-base and once encrypted messages available to the legal authorities. Justification? Counter-terrorism and peace-keeping measures.

The real issue, however, goes beyond the blatant infringement on people’s privacy – it could actually allow cybercrime to flourish.

The Australian government says that this law is the first of its type worldwide, but it’s hard not to draw parallels to other similar initiatives like the Chinese Social Credit System. They both preach increasing the general well-being with one hand while eroding privacy with the other.

These sets of directives were adopted in the spur of the moment on the final day of 2018 when all the administrative instances of the government voted for it.

The name of this controversial decision is “The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill”. According to the Australian government, the proportion of encrypted communications that the ASIO (the Australian Security Intelligence Organization) had received in 2017 was 55%, a rise of 52% since 2013.

How are encrypted messages dangerous?

They weren’t, until only recently when the end-to-end encryption was implemented. It ensures that only the sender and the receiver of a message will be able to see its contents.

No other third-parties are able to access such messages, regardless of their platform. This system is used by many apps such as WhatsApp and Signal. The added layer of security negates the previous Australian laws which required providers to hand over a suspect’s communication.

However, with the end-to-end encryption, not even the provider itself has access to a user’s messages. So they’d have no way to help the authorities. Now the Australian government has rules against it, saying that it helps criminals avoid detection.

Whether or not privacy-focused companies such as VPN providers will voluntarily comply with the new laws or risk being issues with fines remains unclear.

How does Australia want to change things?

Officially, they just want tech companies to work with government agencies, to give them free rein over the private communications of their users. But this can only be done by installing vulnerabilities into the very security system of the provider itself.

But who’s to say that these security gaps can’t be discovered by third-parties?

Granted, Australia doesn’t go so far as to ban end-to-end encryption altogether, as China, Russia or Turkey did, but all companies are forced to disclose the user’s confidential data.

The vast majority of cyber-security experts say that there’s absolutely no way of creating a backdoor that’s aimed at one single individual. Rather, it would affect all users, putting them at risk of cyber attacks at all times. In an attempt to address this possible issue, Australia’s government said that this wouldn’t be the case if they were to create a “systemic weakness”. This would act as a safeguard against possible invasive attacks from the outside.

However, critics and security specialists have argued that the definition of “systemic weakness” isn’t clear. For now, no one has a definitive answer to how this will be accomplished whilst retaining user security.

To put things into perspective, the biggest cyber-attack made in the UK on its healthcare system only happened because of a Windows exploit that the NSA found.

These kinds of exploits and security chinks are inviting danger to our doors, giving hackers a new avenue of attack, making their work easier. Australia is doing just that, and they’re saying it’s for the fight against cyber-crime. The irony is almost palpable here, as it could lead to an actual rise in digital attacks.

What happens to tech firms who refuse to comply? Best-case-scenario, the refusal to comply with the directives will result in heavy fines.

This has led some people to say that the tech firms who have already shown a negative attitude towards the initiative could withdraw from the Australian market. This could very well lead to a dwindling economic situation.

However, while some companies might choose to take a step back, the vast majority will comply with the anti-encryption laws because of one particular reason. Namely, that the users will have no idea when and even if their communications are being accessed.

No one will tell us anything, that much was already known when the law was first formulated. The whole idea behind it was to gain control over the information exchange, presumably to be a step ahead of cyber-criminals.

This initiative isn’t good at all, not even on paper. Are people to live with the constant fear that their communications are being monitored, not knowing when someone’s watching? It sounds awfully similar to Orwell’s 1984, as this the gloom of a powerful Thought Police.

In an interview, Digital Rights Watch chair Tim Singleton Norton has said that the legislation is “antithetical to human rights and core democratic principles”, that it would lead to the crippling of Australia’s overall cybersecurity.

The future implications remain to be seen only after government agencies start using these newfound powers. Whether tech firms will choose to leave Australia or argue that they don’t subject themselves to the Australian law remains to be seen. In any case, the ripples of this decision will linger on for quite some time in the future, hopefully without serious repercussions.

Amendments will be raised and debates will be had with regard to this anti-encryption law, but one thing is sure – the general idea is that one way or another, the Australian Government will gain anonymous access to citizens’ private communication.

The fuse has been lit for what seems to be one of the many liberty-infringement bombs that have been delivered at our doors.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Internet