New Australian Decryption Laws: How Will They Affect Privacy And The Fight Against Terrorism And Organised Crime?

On December 6, new decryption laws were passed in the Australian parliament granting unprecedented power to law enforcement and intelligence agencies and their investigative capabilities. Previously held back by proposed Labor amendments, the opposition was dropped with the bill passing the Senate by 44 votes to 12 late on Thursday, reports itnews. The laws chiefly seek to eliminate encryption on software platforms as a reliable means for criminals and terrorists to communicate securely, making industry assistance mandatory should a warrant be issued. Large tech firms and service providers such as Apple, Google and Facebook are now subject to this new legislation as of its implementation on December 8th. In the shadow of these developments, conversations on the legality and appropriation of state decryption have sparked, drawing in criticism from the opposition and privacy advocates.

In response to the critics, the Director-General of the Australian Signals Directorate (ASD), Mike Burgess, claimed that the act was “highly targeted,” contending, “Agencies can get a warrant to listen to the phone calls of criminals. Why shouldn’t these same agencies be able to get assistance to read the encrypted messages of criminals when Australian lives and livelihoods are at stake?”

In September, when the bill was first introduced, The Information Technology Professionals Association (ITPA)  created a template letter for concerned citizens to send to their local MP in reaction to initial proposals reports tech blog technology decisions. The group has also expressed concern that the vast powers granted in the new legislation is reflective of “a significant reduction of individual privacy for law-abiding citizens,” joining other privacy groups in attesting that the bill is extremely broad and ambiguous and lacks substantial oversight.

Meanwhile, Prime Minister Scott Morrison, in the run up to the last sitting week in parliament, urged, “Our police, our agencies need these powers now. I would insist on seeing them passed before the end of the next sitting fortnight.” The Prime Minister also joined his party in accusing opposition leader Bill Shorten and Labor of compromising national security through their insistence of working their amendments into the bill, delaying its introduction. These amendments were later dropped altogether.

Certainly, this is a controversial topic amongst the cyber security community, with the laws effectively denying the right to the anonymity afforded by encryption if a warrant were to be issued by an authorised agency. Though ambiguous and appearing to have been rushed through parliament in its final week, the laws are targeted towards crime fighting and counter-terrorism, and are limited by warrant which is ultimately signed off by the Attorney General. ASD Director-General Mike Burgess likened it to the analogy of a hotel room, where if suspects were in a room of a hotel, authorities would ask the hotel for access to the specific room as opposed to a master key for all rooms.

Being in their infancy, the laws are yet to be evaluated for effectiveness, though their introduction could set a precedence internationally for states similarly seeking legal decryption of otherwise protected information. A notorious case where a potential need for this was identified occurred during the scandal following the 2016 San Bernardino shootings, where the FBI pressed Apple to create software that would unlock a work-issued iPhone of one of the suspects. The request was denied by Apple, with the FBI eventually unlocking the phone of their own accord, but the situation brought to light potential situations where such legislation may be warranted in the pursuit of justice.

The balance between privacy and security once again seems to be teetering to the side of security, and with such immense power embodied in a warrant, one may question if these measures are really necessary, as well as how big the potential is for these decryption methods to be exploited or leaked.

Sam Raleigh