An extremely controversial and complex bill passed the Australian parliament earlier this month.
The legislation, termed the Assistance and Access Bill, was passed with the support of Australia’s Labor Party, which had previously opposed it.
The law has made international headlines for many reasons, as it involves digital rights, privacy, technology and encryption.
Essentially, the Australian government wants access to encrypted messages. However, the actual legislation is quite complex and has been widely criticized as invasive.
Regardless of the controversy, the Labor Party was able to push the bill through in a rush before the holiday season.
Of course, it’s understandable why law enforcement agencies do want more access to encrypted messages.
Your TOR usage is being watched
With the rise of encrypted technology and platforms such as WhatsApp, Signal and Wickr, users can encrypt their messages with relative ease and essentially prevent law enforcement from access.
There is no doubt that for law enforcement agencies who actually obtain warrants, this can prove to be a real obstacle during ongoing investigations.
The new law now essentially allows Australian law enforcement to not only monitor communications, but to obtain technological assistance from service providers with regards to these communications.
Privacy Rights Compromised?
This quickly caught the attention of human rights organizations. In a detailed statement, the Australian Human Rights Commission (AHRC) pointed out that that the bill basically eradicates the privilege of self-incrimination.
For example, imagine that you are a suspect in an investigation. Let’s assume that you are communicating with others through encrypted messages.
Law enforcement has obtained a warrant to monitor your communications, but they aren’t getting anywhere because of the tools that you are using.
This new law could allow law enforcement to send you a software upgrade that could actually serve as a tool for them to decrypt the messages and bypass the steps you have taken.
In essence, you would be “tricked” into incriminating yourself—and many believe that this is a major violation to a very basic human right.
Specifically, argues the AHRC, an update of the downloaded software or app from which the user is communicating may allow law enforcement agencies to access the individual’s messages, unbeknownst to them.
Digital Rights Watch, together with the Australian Privacy Foundation, Electronic Frontiers Australia, Access Now and other advocacy groups, also announced their opposition to the law and released a joint submission of concerns and recommendations to the Australian Department of Home Affairs.
Ambiguity and Amendments
The bill does compromise, to an extent, in the sense that companies cannot be asked to build a “vulnerability” into their systems to allow for this kind of monitoring—which could potentially cause an uproar from those who believe in privacy rights.
However, it turns out that even this aspect is ambiguous in the bill, as the phrases are somewhat left open to interpretation.
The phrases used are “systemic weakness” and “systemic vulnerability,” and the AHRC pointed out that the bill could be used to enable the development of certain systemic weaknesses.
Currently, the existing law regarding warrants and metadata is the Telecommunications Interception and Access Act (TIA), which allows law enforcement agencies to access stored communications with a warrant.
These communications are not limited to text messages or voice messages, but also include email messages, as well.
In addition, agencies can compel telecommunications companies to provide law enforcement with data.
These kinds of laws exist all around the world, for the benefit of law enforcement agencies attempting to solve crimes of all kinds.
However, this also comes during a time where the Australian Security Intelligence Organization (ASIO) appears to be aggressively expanding its powers.
The TIA has recently been amended, so that ASIO can actually invade an entire network.
A 2015 amendment also required telecommunications companies to retain metadata for two years, as well, which many consider excessive.
There is also still the question whether it is effective to even retain the metadata at all.
In fact, over a year after the amendment of TIA came into affect, it was revealed that the law has already been subject to abuse by state agencies that are sending large volumes of requests to telecommunications companies for customers’ metadata.
Law Enforcement Alternatives
It’s also important to note that just because a law enforcement agency cannot decrypt certain messages, that doesn’t mean that they can’t still use their creativity in order to utilize the warrant.
For example, keylogging involves recording every keystroke, so even if a message is encrypted, an agency could “know” what a user is typing because the keystrokes are recorded.
There is also the argument of why enforcement agencies cannot simply work with companies and ask them for more data.
There is also the option of monitoring a smart home device, such as a Google Home or Amazon Alexa.
Many consumers already believe smart home devices such as these already invade privacy, especially with the case of the Amazon Echo, which recently made headlines for recording a conversation and sending it to a random person on the owners’ contact list.
Amazon was also forced to get involved with a particular murder case, as prosecutors argued that an Echo speaker had captured evidence of the event.
However, the murder charge in this case was later dismissed.
Who Are the Targets?
There are many who have wondered who exactly are the targets involved with the law. Of course, there should be different approaches when it comes to a high-level terrorist suspect and a low-level drug dealer, for example.
The Australian prime minister, Scott Morrison, and the home affairs minister, Peter Dutton, have referenced terrorists, child abusers and organized criminals when referencing the law.
However, it is clear that the law can be used for other criminals, as well. In an agreement reached with the Labor Party, the powers are limited to offenses punishable by a term of three years or more in prison.
However, it is clear that this includes a wide range of crimes. For example, it includes “improper use of an emergency call service,” which hardly is the kind of serious crime that should be compared to terrorism.
The AHRC has made clear that one of their concerns is that these powers will be used for incidents other than the “most serious” crimes.
As such, according to a statement by AHRC Commissioner Edward Santow, the law will need independent judicial oversight to prevent misuse.
Those at human rights organizations and privacy enthusiasts are not the only ones that question whether the bill is necessary, or whether amendments are necessary.
One notable figure that disagrees is Bret Walker, the former National Security Legislation Monitor of Australia.
Walker pointed out that the legislation should be considered carefully considering its impact.
Specifically, he stated to the media that national security legislation was not the kind of legislation that can simply be reversed, adding that they permanently “alter security settings for everyone in the community.”
It is probably not that surprising that the technology industry was not excited about the fact that law enforcement agencies want more access to encrypted data, given that Facebook’s recent Cambridge Analytica scandal has significantly damaged the company’s reputation and was a major factor in the company losing over $100 billion in market capitalization.
The Communications Alliance, a telecommunications industry organization that includes some of the most influential tech companies in Australia, called for the laws to be revamped.
John Stanton, CEO of Communications Alliance, expressed concern regarding the range of activities that law enforcement could ask for, or require, with regards to tech companies.
The Digital Industry Group, another industry organization that represents tech giants such as Google, Facebook, Twitter, and Amazon, also criticized the laws.
Opposition from the Larger Tech Community
The tech community was not pleased at all that the bill passed. In fact, in an open letter signed by various members of the tech community, the Assistance and Access Bill, the Labor Party and its leader Bill Shorten were intensely criticized.
The letter described the law as “destructive and shortsighted,” and also pointed out that the law is ineffective when applied to companies based outside the U.S.
The letter elaborated that the co-signers could no longer support the Labor Party.
The letter was written by TechGeek founder Terence Huynh and included signatures of over 200 individuals from Australia’s tech community.