With the government’s anti-encryption laws now beyond public scrutiny, here’s what is on the table, and what we can expect.
On July 14 last year, former prime minister Malcolm Turnbull announced that the government wanted the power to access people’s encrypted messages. Last month, Dutton’s Home Affairs super-ministry delivered draft legislation that will allow authorities to do just that. And while the Home Affairs Department states that the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 doesn’t require backdoor access into encrypted messaging systems, it certainly grants them access through the front door.
The bill enhances the obligation for domestic “designated communications providers” to give reasonable assistance to law enforcement and security agencies with their investigations. It extends these obligations to offshore providers as well.
The legislation also creates new computer access warrants enabling authorities to covertly obtain evidence from devices. And it strengthens the ability law enforcement agencies have in overtly accessing data to include smartphones.
The pitch is that the authorities need these powers in order to combat terrorist groups and organised criminals, as well as to catch paedophiles. The Home Affairs Department states that 95% of ASIO’s “most dangerous counter-terrorism targets” use encryption.
However, these proposed laws can also be invoked to “protect the public revenue,” to enforce the criminal law of not only this country, but foreign countries as well, and they can be used in “the interests of Australia’s national economic well-being.”
Domestic and international ramifications
Civil Liberties Australia CEO Bill Rowlings has explained that the government already has extensive “powers to intercept communications,” and “unlike in other countries, many of these powers can be exercised without a warrant,” while failure to comply with them can land a person in prison.
“The government keeps stripping us bare of our privacy protections,” Rowlings told Sydney Criminal Lawyers. “We are running out of safe spaces to be ourselves in the new surveillance society in Australia.” And he also warned that these laws could also affect Australian business interests.
The civil liberties advocate questioned what sort of foreign company would want to invest in a market where the “government could force it to weaken its encryption or destroy its reputation with customers by developing state-sanctioned malware to allow wiretapping and interception.”
“Google doesn’t trade in China because it refused to compromise its tools for the Communist Party,” Rowlings continued. And he added that if the Internet giant was happy to forgo conducting business in a marketplace of 1.4 billion people, why wouldn’t it do the same here.
Unlocking the doors of privacy
Section 313 of the Telecommunications Act 1997 currently requires companies that provide communications services to give authorities assistance with their investigations. But, the Assistance and Access Bill broadens the types of providers this applies to.
Under the newly-inserted part 15 of the Telecommunications Act, designated communications providers include foreign and domestic communications providers, device manufacturers, component manufacturers, application providers, and traditional carriers and carriage service providers.
The draft legislation sets up a three-tiered system that will allow ASIO, the Australian Secret Intelligence Service, the Australian Signals Directorate and interception agencies to issue designated communications providers with requests for assistance.
The Telecommunications (Interception and Access) Act 1979 outlines that interception agencies are the Australian Federal Police, the Australian Commission for Law Enforcement Integrity, the Australian Criminal Intelligence Commission, state and territory police agencies and anticorruption commissions.
Three avenues of access
Under a technical assistance notice providers can give “voluntary assistance” to authorities, such as removing electronic protections, providing the design specifications of a device, installing software provided by an agency and facilitating access to a device or service.
Then there’s a technical assistance notice. This is a compulsory request made by the director general of security, which requires a provider to give assistance they are already capable of providing, such as decrypting any information that they have the ability to decrypt.
And in the third instance, the attorney general can issue a technical capability notice that requires a provider to build a new capability that will provide authorities with access to data information. This measure sounds very much like backdoor access.
Failure to comply with either a technical assistance notice or a technical capability notice can result in a company being fined $10 million, while an individual can be fined $50,000. And a person can be imprisoned for up to five years for disclosing information about these notices.
Secretly surveilling computers
The Assistance and Access Bill also amends the Surveillance Devices Act 2004 so as to establish a new system of computer access warrants. This will allow authorities to covertly access information at its end point, when it’s no longer encrypted.
These warrants, which must be approved by a judge, will allow authorities to quietly access devices, and add, copy and alter data. And an law enforcement officer can only request such a warrant if they have a reasonable suspicion that a person has committed an offence punishable by at least three years gaol time.
“Secret surveillance is always dangerous,” Mr Rowlings warned. “And there’s copious evidence that police and spooks have their favourite judge or judges who virtually never say no to a request for a warrant.”
Mr Rowlings further added that these provisions will inevitably lead police to go fishing for information “without justifiable suspicion to see what they can find out about someone.”
Amendments will also be made to the Crimes Act 1914. Currently, under section 3LA of the act, law enforcement agencies are able to compel a person to provide access to a computer on premise if they have a warrant.
These powers will be enhanced so an individual can be forced to provide access to any electronic device in any location. This will mean that a person can be compelled to unlock a smartphone that has been found as a result of a search where a warrant applies.
The new legislation increases the penalties that apply for refusing to comply with such a request from two years imprisonment to a maximum penalty of five years for a simple offence and ten years when the order relates to a serious crime.
New section 3CAA will be inserted into the Crimes Act as well. This will enable an officer searching a device to access account-based data, meaning they can look through Facebook, Instagram and WhatsApp accounts, as well as being able to read through citizens’ emails.
“The authorities are writing laws that allow them to steal our personal privacy, bit by bit,” Mr Rowlings pointed out. “About once a year, they bring in a new, even more intrusive law that pries into our lives and into who our friends and family are, and into their private information.”
Other government schemes that privacy advocates have been raising concerns about lately are the roll-out of the My Health Record national database and a proposed national facial recognition system that will allow CCTV footage images to be matched with all citizens’ ID photos.
“With so much secret surveillance, you would think the number of police and spooks could be reduced by about 50%,” Rowlings concluded, “because our own private devices are being permitted to investigate us 24/7.”