The Australian Encryption Act was passed last year in response to the government’s concern about misuse of encrypted social media platforms to advance terrorist activities. The Act extended ASIO, Federal, and State law enforcement powers to enable them to issue notices to request access to otherwise encrypted messages from ‘designated communication providers’. This was construed broadly to include social media giants such as Whatsapp, device manufacturers, and free WIFI providers. Authorities were also permitted to detain people without a warrant or allowing them to contact a lawyer.
Since then, the Act has been received with significant caution from the industry. The new Technical Capability Notices (TCN) enabled authorities to require communications providers to establish ‘back doors’ to allow for interceptions and decryptions of otherwise encrypted messages on specific devices without the customer’s knowledge. Agencies can also circumvent encryption by installing key logging software or by taking repeated screenshots of a customer’s screen and messages. Concerns have been raised about individuals’ privacy and systemic vulnerabilities caused by techniques to obtain and compromise encrypted data. Managing these concerns is important in a world increasingly concerned about misuse, control and regulation of civilian data, media and digital platforms.
In response to bipartisan recommendations from the inquiry by the Parliamentary Committee on Intelligence and Security (PJCIS), the Labor opposition has proposed amendments to the Act. The first reading of the Telecommunications Amendment (Repairing Assistance and Access) Bill 2019 noted that the legislation has been “holding the [Australian] tech sector back from achieving [its] potential”. It expressed concerns that the Act “undermines our relationships with key international strategic partners” including by slowing discussions with the United States for a bilateral agreement under the US ‘CLOUD’ Act (Clarifying Lawful Overseas Use of Data).
The Explanatory Memorandum for the Bill describes the following effects of the amendments, if passed:
- Authorities will require a warrant to access communications;
- Notices such as the TCN will require judicial oversight and approval before issuance;
- Ambiguous terms such as “electronic protection”, “systemic vulnerability” and “target technology” will be replaced by clearer terms;
- Non-exhaustive provisions will be repealed by removing the phrase “but are not limited to” to restrict the kind of requests available to authorities;
- The Minister for Home Affairs will no longer have the ability to edit and delete information in relevant reports prepared by the Commonwealth Ombudsman; and
- New bars to certain requests will be introduced such as requests that would create “systemic vulnerabilities” or may compromise secure information in the future.
Regulation plays a vital, but complex role in a society increasingly reliant on technology. The Bill’s objectives shed light on the government’s increasing focus on the role of effective encryption on national security, the important of strong security regulatory frameworks and the impact these have on foreign trust in Australia’s technology sector.
Read our previous articles on the Encryption Act:
Authors: Tim Gole, Clare Beardall and Simran Dhaliwal