With the danger of private information becoming publicly available, most electronic communication services now use some form of encryption to protect the safety of their users.
However, Australia is currently attempting to impose coercive legal obligations on telecommunications and device-making companies to assist police by decrypting messages. We consider how these new laws would operate and any resulting ramifications.
What Is encryption?
Encryption is a form of electronic protection that converts ordinary data, such as text messages, into a form that cannot be identified or read by another person or program. End-to-end encryption has become commonplace in everyday applications such as Facebook and WhatsApp. This will usually be done by an algorithm that ensures messages are authentic and secure against everybody but the intended receiver, who is able to convert messages back into readable text. Therefore, for any party to read the message, the “cryptographic key” to the algorithm must be used to view messages in their original decrypted form.
Why are new laws necessary?
Although law enforcement agencies are easily able to intercept messages, they are unable to read or interpret their meaning without access to the cryptographic key. Currently, there are provisions within the Cybercrime Act 2001 that allow for court orders to be made compelling individuals to provide information or assistance in accessing computer data evidence. While this may include decryption, it has not shown to be effective or efficient in assisting police investigations with accessing encrypted messages.
In their 14 July 2017 press conference, the Prime Minister, Attorney-General and Acting Commissioner of the Australian Federal Police repeatedly emphasised the inability of police to monitor communications suspected to be related to terrorism, organised crime, paedophile networks and drug rings. The Australian government has also emphasised that a social obligation exists already on companies to assist law enforcement agencies in gaining access to suspected criminal communication.
What will they do?
The proposed new laws would allow law enforcement agencies to compel telecommunications and device-making companies to grant access to their cryptographic keys. This is known as key disclosure law. Although wilful assistance and collaboration will be sought first, police would be able to seek court orders and warrants to enforce these legal obligations. Furthermore, companies may be compelled to decrypt messages sent on their services and applications themselves, known as mandatory decryption laws. These would cover not only instant text messaging services but also voice messaging software.
How does Australia’s approach compare internationally?
The proposed laws are modelled after the United Kingdom’s Investigatory Powers Act 2016 and New Zealand’s Telecommunications (Interception Capability and Security) Act 2013, both which require warrants to enforce cooperation. Australia has currently garnered the international support of the G20 in the development of these new laws, aiming to find cooperation amongst companies within its members. Furthermore, the Five Eyes alliance (Australia, Canada, New Zealand, United Kingdom, United States) have lent their support to the new “Global Internet Forum To Counter Terrorism” comprised of Google, Facebook, Microsoft and Twitter. Continued international collaboration is essential for the proposed laws to be successful in combating the risks of encryption.
What are the ramifications?
Both the government and opposition have lent their support to the development of new laws against encryption, arguing that they are reasonable and proportional to their purpose of governing the internet. Furthermore, as police already have the power to view unencrypted messages for national security purposes, the laws have been characterised as an application of a well-established legal principle in a contemporary setting. There has been great emphasis placed on their nature as legally, morally and ethically appropriate, claiming that is not a form of mass surveillance.
However, the proposals also face wide opposition from those who believe that the laws will compromise the security and integrity of encryption, perhaps stopping the development of stronger encryption altogether. Groups such as “securetheinternet.org” describe the laws as a form of “backdoor” – a method that would open up and weaken security systems, exposing the majority of innocent people to needless online risk. Furthermore, it has been argued that the new laws infringe on the right to silence, privacy and right against self-incrimination, easily creating the opportunity and means for mass governmental surveillance.
While the new laws are currently in development, it is yet to be seen whether they will be effective in assisting law enforcement agencies access data they could not before. The international sphere is currently waiting to see the effectiveness of Australia’s policy, which is estimated to materialise as law by the end of the year.
Nyman Gibson Miralis provides expert advice and representation in complex cases involving encryption law.
Contact us if you require assistance.