In Australia, a new draft bill proposing ways for tech firms, software developers and others to assist security agencies and police has been given the thumbs-down by a major industry group over its ambiguity, and the potential security risks it could create.
The new “Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018” is a Bill for an Act to amend the law relating to telecommunications, computer access warrants and search warrants, and for ‘other purposes’.
The bill proposes that a ‘technical assistance request’ may be given to a tech company e.g. a social media or chat app company asking that provider to offer ‘voluntary’ help in the form of ‘technical assistance’ to the Australian Secret Intelligence Service or an ‘interception agency’ with a view to enforcing / helping to enforce the criminal law, protecting the public revenue, and / or acting in the interests of Australia’s national security, foreign relations, or economic well being.
What Kind of Technical Assistance?
In essence, those who have interpreted and reacted publicly to the contents of the bill have taken it to mean that as part of the Australian government’s fight against the criminal use of encrypted communications (end-to-end encryption), tech firms will be asked to build weaknesses / ‘back doors’ into their products/ services that will enable government monitoring.
For example, the UK government (under the Home Secretary Amber Rudd) were seeking ‘back door’ access to encrypted apps such as Facebook’s WhatsApp on the grounds that terror suspects were known to have used it for communication prior to the Westminster attack. At the time, WhatsApp refused to co-operate on the grounds that end-to-end encryption prevented even its own technicians from reading people’s messages.
WhatsApp has also been blocked three times in Brazil for failing to hand over information relating to criminal investigations.
Worked In Germany
Presumably and ideally, the kind of thing that the new bill would be used for in Australia would be in the same way that German encrypted communications App ‘Telegram” had a back-door built into it which allowed law enforcement agencies to access messages, enabling them to foil a planned suicide attack on a Christmas market in 2016.
The loudest critic of the new Bill in Australia has been the Digital Industry Group (known as ‘Digi’) whose members include Facebook, Google and Twitter. Their main arguments against the bill are that it is ambiguous and lacks judicial oversight, and building any back-doors for government agencies into encrypted services will also be creating access for criminals to exploit. Big social media tech firms say, for example, that building such potential vulnerabilities into their services could not only leave the majority of their customers vulnerable to attack for the sake of catching a minority, but could also undermine the essential trust in their services.
What Does This Mean For Your Business?
Privacy, security, and freedom from unnecessary surveillance are valued concerns by individuals and businesses, but national security is also an issue, and is something that affects the wider economy. The bill from the Australian government is the latest in a long line of similar requests that the big tech companies are facing from governments around the world. The conundrum, however, is the same. Tech companies are private businesses whose services allow users to share personal data, and they need the trust of their users that privacy and security will be preserved, and yet governments would like access to the private conversations, hopefully just for national security purposes. Also, once a back-door is built-in to an encrypted service (e.g. end-to-end encrypted services), it is no longer really secure, and all users could potentially be at risk. Bills suggesting that help by tech firms would be ‘voluntary’ are also likely to mean that failure to comply voluntarily would undoubtedly have negative consequences for tech firms (e.g. fines).
As freedom and privacy groups would point out, there is also some mistrust over government motives for accessing more of our private conversations and details, and in the wake of the Facebook / Cambridge Analytica scandal for example, there are questions about just who else our details and private conversations and opinions could be shared with and how that could be used. It is also a fact that governments tend not to like communications tools and currencies (e.g. Bitcoin) that they can’t access, control, or regulate.
The ‘big brother’ element to bills like these worries citizens in all countries, and some tech companies, which are certainly not blameless (e.g. on user tracking and data sharing activities) are likely to try and hold out as long as possible from publicly being seen to be co-operating with any wide-scale government surveillance.