Australia's encryption revamp won't include 'backdoor' access to devices, minister says

17 August 2018 5:05pm

14 August 2018. By James Panichi.

Australian law enforcers will be able to make both local and international communications companies hand over users’ encrypted information and grant investigators access to devices under a proposed revamp of the country’s telecommunications laws released today.

The legislation would grant government agencies the right to have tech companies remove forms of electronic protections, format users’ encrypted information and conceal the fact that investigations are under way.

But in announcing the draft policy, Australian Attorney General Angus Taylor said the bill didn't amount to building a “back door” into devices — the requirement that companies such as Apple and Google build permanent points of entry for authorities to bypass data encryption on devices.

“The measures expressly prevent the weakening of encryption or the introduction of so-called back doors,” Taylor said in a statement announcing the proposed policy.

“These reforms will allow law enforcement and interception agencies to access specific communications without compromising the security of a network,” Taylor said. “I am committed to maintaining the integrity of Australians’ personal information, devices and communications.”

According to information released by the federal government, the purpose of the revamp is to allow agencies to seek help from service providers without facing a legal challenge by affected users. The bill also provides agencies with the power to gain direct access to devices under warrants.  

However, the bill “explicitly provides that the new industry assistance power cannot be used to compel communications providers to build weaknesses into their products,” according to a background document published by the government.

Canberra is now seeking feedback from both industry and the public on the draft legislation. The review is expected to draw submissions from international software companies that own encrypted communications services — for example, Facebook’s WhatsApp messaging service.

The Australian government has previously expressed confidence that major industry players would welcome the fact that the revamp didn't include the demand for back doors, and that any request for access to encrypted information would come with legal safeguards.

However, behind the scenes US-based tech companies appear to be concerned with the planned changes, arguing that any attempt to regulate encrypted communications would build weaknesses into privacy safeguards that could be exploited by non-state actors and criminals.

— Oversight concerns —

One part of the proposed revamp likely to attract some industry pushback is oversight of the warrant-based process. The government wants to keep oversight in the hands of senior intelligence officials or the attorney general — who in Australia is an elected politician and a member of the executive.

Tech companies are expected to argue that they would prefer oversight to reside with a judge or an independent commissioner — although the tech giants concede that the robustness of a country’s democratic institutions would also factor into their preparedness to cooperate with a request.

Under the proposed laws, mediation for disputes arising from demands for information could be carried out by an arbitrator appointed by the Australian Communications and Media Authority, an independent statutory authority, or directly by the attorney general.

The proposed revamp is named the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill. The planned legislation also includes changes to Australia’s Crimes Act to boost law enforcement agencies’ ability to collect evidence from electronic devices under warrant.

The changes include a new definition of “account-based data” that provides government agencies with the ability to gain access to evidence associated with devices affected by a warrant. For example, the search of a computer could include a demand for access to an online account.

If adopted in its current form, the legislation would also provide legal protection to a communications company providing assistance to Australia’s top intelligence-gathering agency, the Australian Security Intelligence Organization.