Australia passes tough anti-encryption bill
Image credit: Dreamstime
The Australian parliament has passed a bill which will allow the government to force technology companies to share encrypted user data when criminal activity is suspected.
The bill was passed with the last-minute support of the Australian Labor Party in the Senate; the party had previously stated that it would suggest new amendments to the bill and return it to the lower house. Instead, the party supported the bill, allowing it to pass through the Senate before Christmas.
“We will pass the legislation, inadequate as it is, so we can give our security agencies some of the tools they say they need,” said Bill Shorten, Labor Party leader, speaking to reporters outside parliament. “Let’s just make Australians safe over Christmas.”
The party reportedly passed the bill on the condition that the government would agree to its amendments after its introduction, including a requirement that the powers will be limited to instances where “serious crimes” are suspected.
The bill is likely to become enshrined into law by the end of the year.
Under the new rules, organisations and individuals refusing to hand over encrypted data relating to suspected criminal activity could suffer fines of up to A$10m (£5.6m) and prison sentences. Organisations will need to seek “computer access warrants” to seize this data, and then issue a “technical assistance notice” to demand assistance in decrypting communications.
The new rules are tougher than those yet introduced by any western nations, and will make Australia one of the first countries to impose such requirements on technology companies.
The policy has been supported by intelligence and law enforcement organisations, particularly those aligned with the Anglophone ‘Five Eyes’: the UK, US, New Zealand, Australia and Canada. These organisations have previously complained that end-to-end encryption – as offered by services such as WhatsApp and Telegram – make it effectively impossible to monitor some communications of suspected criminals, including terrorists and gangsters. According to the Australian government, the policy will help law enforcement fight militant attacks and organised crime.
The policy has been strongly opposed by technology companies – including Facebook, Google, Twitter and Amazon – and digital rights groups, which have argued that it weakens data security by failing to protect against “systematic weaknesses” and is excessive. The Australian Human Rights Commission warned that the bill could compromise protections against self-incrimination by forcing suspects to provide access to encrypted messages, such as by accessing smartphone app software upgrades which surreptitiously give authorities access to their data.
The debate over how to achieve a balance between privacy and security with regards to encrypted data rose in prominence after Apple frustrated authorities by refusing to unlock an iPhone used by a shooting suspect in 2015.
In the UK, former Home Secretary Amber Rudd commented that “real people” do not require end-to-end encryption in their communications, and expressed an interest in forming relationships with technology companies to allow authorities to access information when there is “particular need”.