Australia wields vast decryption powers before planned review

Author: 
Max Blenkin | AFP
ID: 
1549592202736612200
Fri, 2019-02-08 05:01

CANBERRA: Australian security agencies have begun using sweeping
new powers to access encrypted communications, even before a
promised review to address concerns from the likes of Google, Apple
and Facebook.
The powers were granted under a new decryption law which was rushed
through parliament in December amid fierce debate, and was seen as
the latest salvo between governments and tech firms over national
security and privacy.
Two months later, the Australian Federal Police have revealed that
agents have already used it while investigating drug trafficking
and child exploitation.
Under the fresh rules, refusal to grant authorities access to
devices is punishable with up to 10 years in prison, and police
told a parliamentary inquiry they had used that threat to compel
two suspects to hand over their passwords.
Citing secrecy provisions in the law, police declined to say if
they had used the new law to force device makers or
telecommunications firms — including global giants like Apple —
to break or bypass encrypted communications.
The same provisions bar industry from disclosing whether they have
received such police demands, known as “compulsory
notices.”
The government has argued the law was urgently needed to foil
ongoing terrorist plots and intercept communications among other
serious criminals.
But opponents allege it punches a hole in global efforts to keep
governments from eavesdropping on secure communications, like
WhatsApp chats.
They also argue it could undermine security by creating
vulnerabilities in encryption technologies, which could then be
exploited by malicious actors.

‘Enormous threat’
The legislation was adopted only after the conservative government
agreed to reopen debate in the new year on amendments that would
address widespread concerns among civil liberties advocates and
tech industry experts that it was ill-conceived and too broad.
The Department of Home Affairs says the law is being progressively
implemented and that in January it wrote to tech industry members
for assistance in drawing up guidelines on how to use the new
powers.
“The Department is also engaging with industry to dispel common
misconception, build confidence and to reiterate the intended
purpose and operation of the Act,” it said in a submission to the
parliamentary inquiry.
But the tech industry appears far from reassured.
“There is no doubt there is an extremely broad coalition of
stakeholders that are very concerned about the impact of this
bill,” said John Stanton, chief executive of the Communications
Alliance, which represents the Australian communications
industry.
“It is not just industry, it is civil society and digital rights
activists (too).”
Stanton warned the new law posed “an enormous threat” to export
opportunities for Australian tech firms “because they can no
longer provide any assurance that their gear hasn’t been tampered
with by Australian security.”
“Even to say, ‘no, it hasn’t’, is an offense” under the
law,” he added.
Industry groups have combined forces to present a joint submission
to the latest inquiry proposing a series of amendments.
These include a higher threshold for using the law, which can
currently be applied in any investigation of an offense carrying a
maximum three-year jail term — a bar critics say is too low.
The industry also wants more precision about an element of the law
barring authorities from forcing companies to introduce a “system
vulnerability” into their products — a term they say is
ambiguous.
Australia is widely seen as a global test case for such laws, with
possible applications by other governments seeking to counter the
growing use of encrypted messaging, notably Australia’s partners
in the so-called “Five Eyes” intelligence alliance — the
United States, Britain, Canada and New Zealand.
The ongoing review of these powers by parliament’s Joint
Committee on Intelligence and Security may have set an Australian
political record.
It was launched just nine days after the encryption legislation
became law and reflects the haste with which it was rammed
through.
The committee must complete its review by April 3, but any moves to
then amend the legislation risk running up against the Australian
electoral cycle, with a federal election due by mid-May.

Main category: 

Source: *FS – All – Science News Net
Australia wields vast decryption powers before planned review