The use of encryption services is a hot topic in numerous countries in discussions about the adequacy and enforcement of criminal law. Recently, the Department of Home Affairs sought public consultations on new proposed legislation that would radically shift the Australian legal landscape surrounding the use, and provision, of encryption services: the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (‘Bill’). As a leading Australian criminal defence law firm with specialisation in this area, Nyman Gibson Miralis made a submission to the Department.
What changes does the Bill propose?
The Bill proposes the introduction of a raft of extensive and intricate measures, covering over ten existing Commonwealth Acts. These stretch from the Crimes Act 1914, to the Mutual Assistance in Criminal Matters Act 1987, to the Telecommunication Act 1997.
One aspect of the Bill is its proposed new legal framework relating to the encryption industry. Under this framework, selected government officials would be empowered to issue communications providers (e.g. WhatsApp) with technical assistance notices and technical capability notices, legally requiring those providers to aid the Government’s law enforcement efforts.
In this context, an assistance notice would require a provider use its existing technical mechanisms to enable access to information or data – e.g. through decryption.
Alternatively, the issuance of a capability notice would mandate a provider to build a new technical capability in order to assist the Government’s efforts. Normally, this would require prior consultation with the provider itself, and this could not be used to require that encryption be removed altogether.
What does the Government claim to be the safeguards / limits on these powers?
Naturally, the Government posits (in an explanatory document) that the Bill strikes the right balance between powers and protections and is not aimed at the creation of ‘backdoors’ into people’s communications.
Specifically, the Government points to various considerations, including that law enforcement agencies are still required to act pursuant to a broader warrant for the access of communications and data, requirements of providers must always be reasonable, and providers cannot be required to build systematic weaknesses into their products.
Nyman Gibson Miralis’ submission to the Department
In certain circumstances, access to encrypted communications may be a legitimate means for law enforcement to disrupt or investigate serious crime. However, Nyman Gibson Miralis took the view that the Bill does not offer a reasonable approach to this issue and ‘would have profound implications for privacy within Australian society.’
The Government may be correct in its claim that the Bill is not aimed at the creation of ‘backdoors’ into private communications, but this is merely because, ‘as it stands, the Bill empowers the Government to demand the key to the front door’.
Human rights considerations
In our submission, Nyman Gibson Miralis emphasised the importance of human rights to this issue. In particular, there has been a great deal of discussion by international bodies and experts on the proper limits that should be placed on government actions in the field of communications access in order to ensure respect for citizens’ right to privacy.
Independent oversight of powers
Nyman Gibson Miralis took issue with the Bill’s proposal for government officials to compel encryption providers to assist in accessing personal communications. In the firm’s submission, it was contended that any such authority should only be granted to judicial authorities (in a similar manner that already exists under section 3LA of the Crimes Act 1914). This would ensure independent oversight of such actions and provide consistency with established procedures for analogous situations.
Transparency and accountability
Although the Government has asserted that such notices would be the subject of reporting requirements and be challengeable through judicial review, Nyman Gibson Miralis took the view that the proposed mechanism is inadequate.
Specifically, reports on the issuance of the notices contemplated in the Bill should be required to include more than bare numbers (as proposed). Rather, details of the nature of the alleged offences connected with the exercise of such powers in the case and information about the basis upon which access to the communications was sought should also be publicised.
Further, by focussing only on the agency providing carriage of communications, persons subject to government monitoring are essentially cut out of the process. This would effectively render their right to challenge the government’s action as being of little value. Consequently, any legislation should provide for affected individuals to be properly notified when such action is taken.
Review our full Submission to the Telecommunications and Other Legislation Amendment (Assistance and Access Bill) 2018