Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Proposed Australian law forces tech companies to decrypt customer messages

Last updated

The Australian government on Friday proposed a set of new cybersecurity measures that would compel technology companies like Apple to provide law enforcement agencies access to encrypted customer messages.

Looking to combat a global rise in terror attacks, which in some cases were planned and carried out with the help of encrypted messaging apps and services, Australia will in November propose a law that grants courts power to compel tech companies to decrypt communications, the Associated Press reports.

Currently, Australian law requires telephone companies aid in law enforcement operations by providing access to communications when obliged to do so via court order. According to Prime Minister Malcolm Turnbull, the new law places the same requirements on tech companies like Apple, Facebook and Google, which market messaging services with end-to-end encryption.

"We've got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile rings are up to because of the very high levels of encryption," Turnbull said in a statement to reporters. "Where we can compel it, we will, but we will need the cooperation from the tech companies."

Similar laws are enforced across the Western world, but Australia's proposal seems more aggressive than U.S. legislation. The Australian government agrees, saying the new law would be modeled after the UK's Investigatory Powers Act recently passed by the British Parliament in November.

Dubbed the "Snooper's Charter," the act furnishes government agencies wide latitude with which to eavesdrop on suspected criminals. Provisions of the act allow UK agencies to carry out targeted and bulk data collection operations, equipment hacking, data and communications interception, decryption and more.

Unlike the Australian law, however, the UK Investigatory Powers Act does not require foreign companies to decrypt communications or participate in data collection procedures.

Expecting resistance from tech companies based in the U.S., Turnbull in his statement said the firms "know morally they should" cooperate with government agencies.

"There is a culture, particularly in the United States, a very libertarian culture, which is quite anti-government in the tech sector," he said. "We need to say with one voice to Silicon Valley and its emulators: All right, you've devised these great platforms, now you've got to help us to ensure that the rule of law prevails.'"

Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms, a technique widely panned by service providers who the technique inherently weakens security. Apple, for instance, has long declined to build in backdoors to iMessage, iCloud and its other network offerings, citing consumer privacy concerns.

Last year, Apple found itself embroiled in an intense debate over strong device encryption when it refused to comply with a federal court order mandating it help the U.S. Federal Bureau of Investigation unlock an iPhone connected to the San Bernardino terror attack. At the time, Apple argued that bypassing iPhone's security protocols, even for a single device, was dangerous and would put millions of iOS users at risk.



67 Comments

irnchriz 17 Years · 1595 comments

That’s fine, Apple can just say, “ok, we will try to crack the encryption of these messages, should get back to you in about 6 billion years once it’s finished”

sennen 18 Years · 1469 comments

Trumble's definition of a back door is inventive.

This is a good read as well: https://www.theregister.co.uk/2017/07/07/oz_governments_definition_of_backdoor/

planetary paul 10 Years · 143 comments

"We've got a real problem in that...." we can no longer see what our population is up to, due to this encryption thingy and that scares us shitless. So we flash the crime-, pedo- and terrorists cards as leverage to get it mitigated.

CelTan 8 Years · 46 comments

When will people understand that less privacy does not mean more safety?
I had this discussion this week twice and each time the terrorist card was played:
"If the government reading my iMessage just stops 1 terror attack then I am happy to give up my privacy!" 
Great in theory and if the magic would exist to keep it "good governments" only and if I would believe it would stop a single incident, then I may even be persuaded.

Herein lies the tri-fold issue:
1. This magic does not exist - it will get out and will get exploited. It's either total encryption or none
2. There are not so good governments, and you can't really say: Australia is nice, but I don't give it to North Korea (anybody having issues with North Korea reading their communications? 
3. Once all the big messaging providers comply, the 'bad guys' will just make their own little encryption up and load it on their android cheap phones. - IE: They can still communicate 'securely' while the rest of the 'good people' are exposed.

Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.