Australian Government Reviews Its Encryption-Breaking Law, Says It's Cool And Good

from the it's-a-good-power-grab-bront dept

The Australian government gave itself encryption-breaking powers at the end of 2018. The law went into effect January 2019. The beneficiaries of the law immediately swept in to reap the rewards. Demands for “exceptional access” required tech companies to break encryption upon request to hand over communications and data sought by law enforcement and security agencies.

These efforts began well ahead of any determination as to whether demands for access were lawful or even feasible. In some sense, the requests were lawful simply because a new law had been hurried through to make them lawful. But there were concerns being belatedly raised that some government activity fell outside the broad scope of TOLA, a law whose own name (Telecommunications and Other Legislations Amendment) suggests the government that passed it has no idea what it might encompass.

The Australian Federal Police utilized the new powers to partner with the FBI to run a backdoored encrypted chat service marketed exclusively to suspected criminals. Somehow, customers failed to sniff out the ruse, leading to thousands of arrests stemming from millions of intercepted messages. Whether or not this was entirely lawful (even under TOLA) remains to be seen. The thousands of prosecutions should lead to dozens, if not hundreds, of evidence suppression attempts, which will put TOLA’s assumed powers to the legal test.

Three years after implementation, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) has completed its review of the law. Perhaps unsurprisingly, the Committee has found that the law is lawful. However, it may be a little under-supervised.

In the PJCIS’ review [PDF] of the legislation, it supported the powers enacted in the laws but recommended additional safeguards and oversight mechanisms aimed at providing the public with confidence the legislation would be used proportionally and for its intended purpose.

The PJCIS also notes that because critics’ fears have yet to materialize, it must be a good law.

“Agencies have made the case that these powers remain necessary to combat serious national security threats, and some of the worst fears held by industry at the time of passage have not been realised,” committee chair and Liberal Senator James Paterson said.

The report [PDF] also says super weird stuff about the necessity of undermining encryption, like this:

The AFP Commissioner said that end-to-end encryption will impact the ability to investigate and prosecute child sex exploitation:

Between July 2019 to May 2020 – just 10 months – the AFP has laid 1078 Commonwealth Child Exploitation charges against 144 people.

It compares to 74 summons and arrests; and 372 charges laid in the previous financial year.

So… the head of the Federal Police says encryption will make it tougher to prosecute child sex crimes, while quoting stats that show the AFP has doubled the number of arrests and tripled the number of charges it has brought in a shorter amount of time than the previous reporting period. If encryption was really getting in the way of the AFP doing its job, the numbers should be decreasing, rather than doubling or tripling.

It also includes other statements from government officials who have concluded the ends justify the means, even if there aren’t a whole lot of ends to speak of outside of the AFP’s collaboration with the FBI. It also has dour things to say about partnering with the United States government, which has clearly stated it will not be forcing companies to break encryption and any investigation engaged in by the Australian government that reaches US shores will have to play by the US’s rules.

Some submitters to the inquiry raised concerns about the compatibility of Australian law with the provisions of the CLOUD Act. The Law Council of Australia said that Australia’s laws will be insufficient to allow for an executive agreement to be made under the CLOUD Act:

The Law Council considers that the current law in Australia as it relates to storing and accessing telecommunications data will be insufficient to allow Australia to qualify for entry into an ‘executive agreement’ with the US. This means that law enforcement agencies in Australia will be restricted to seeking access to data held by a service provider in the US through the existing and time consuming MLAT (Mutual Legal Assistance Treaty) process.

On to the better news. The Committee says the government needs to take steps to assess the impact compelled assistance demands have on local tech companies, which now may find themselves with fewer foreign customers willing to purchase compromised goods and services.

The Committee recommends that the Government implement a periodic survey, starting in three years from the presentation of this report, to ascertain ongoing economic impacts of the TOLA Act legislation on Australia’s ICT industry and the results should be made publicly available.

Of course, this means three years of leaking customers before the government is even willing to start assessing the damage it has done. It’s better than nothing, but a three-year delay may be fatal when applied to the much faster moving tech world.

This is a slightly better recommendation:

The Committee recommends that s317C of the Telecommunications Act 1997 be amended to clarify that a designated communications provider does not include a natural person, where that natural person is an employee of a designated communications provider, but will only apply to natural persons insofar as required to include sole traders.

This means employees of tech companies won’t be held directly responsible (financially or criminally) for the actions of their companies. The only actions that bother the Australian government (in terms of this report) are refusals to backdoor or break encryption when ordered to. Given that imbalance of power, it makes little sense for the full weight of the government to come crashing down on the person tasked with fulfilling a government request for data or communications.

But overall, the Committee seems happy with the law and expresses few concerns about the complications it causes for local tech providers or the impact weakened encryption will have on the security of the nation’s people, much less the nation itself. The usual suspects — child exploitation and terrorism — are hat-tipped as needed to stress the importance of destroying personal security in the name of national security. And the Committee recommends TOLA continue unaltered, save for a few reviews of economic impact and definitions of “serious offenses” covered by the expansive new investigative powers.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Australian Government Reviews Its Encryption-Breaking Law, Says It's Cool And Good”

Subscribe: RSS Leave a comment
ECA (profile) says:

Ok, allot of stupid People?

I wish a requirement that all politicians HAVE this chat program.
There is a problem with this idea, I wont say.
But there is another one. How many people have this program? That would invalidate its Use. Lets have 1 million people using it, NOT just those they Think are bad people.

How about a way to bypass all the rest of the chat progs? Integrate This program with all the rest.

But after you pick up all the bad people around the world, installing International LAWS based on OUR/CHRISTIAN/ DOT DOT groups. Whose left? Only the politicians, and they will change the laws so they can STAY bad people.

That One Guy (profile) says:

'We investigated ourselves and found nothing wrong.'

The usual excuses — child exploitation and terrorism — are hat-tipped as needed to stress the importance of destroying personal security in the name of national security.

Fixed for accuracy. While they might go after some that fall into those categories for the most part I’ve no doubt that they’re just the excuses used to enable them to cripple that pesky ‘privacy’ and go after anyone else they feel like peeking in on.

Anonymous Coward says:

How many startups or company’s will never appear or operate in Australia cos of this law no one will know , many apps and financial services rely on encryption to protect customers privacy and process financial transactions it’s really stupid to take away Every ones privacy in order to catch a few terrorists that may not even exist but then Australia is showing great zeal in making laws that break the Web and hinder innovation
Not a good look when the Web has proved vital to keeping people safe and secure working from home

But then fosta is a really bad american law that was passed to supposedly stop sex trafficking and instead just made life for sex workers more dangerous
I’m sure the nsa or the fbi would love to pass a similar law but they know there would be massive opposition to it from
tech company’s and the banking sector in America

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...