• Skip to primary navigation
  • Skip to main content
  • Skip to footer
Logo of Agilient Security Consultants, Australia

Agilient Security Consultants Australia

Cybersecurity & Risk Management Specialists

Menu
  • Home
  • Industries
      • Aviation
      • Defence & Defence Industry
      • Government
      • Health & Hospitals
      • Corrections and Detention
      • Maritime
      • Aged Care Facilities
      • Mining, Oil & Gas
      • Public Venues & Events
      • Rail
      • Research and Education Industry
      • Telecommunications
      • Utilities
    • advice-colleagues-communication-newIndustries
  • Services
      • Cybersecurity
      • Protective Security
      • Business Resilience
      • Building Security Consultants
      • Security Audits
      • Pandemic Planning
      • Electronic Security
      • IT Disaster Recovery Plan
      • Security Consultants
      • CCTV and Security Cameras
      • Duress Alarms
      • Security Risk Assessment Consultants
      • Managed Security Service Provider
      • Protection against Vehicles as a Weapon
    • training-1Services
  • Solutions
    • banner-menuUnisys Solutions
    • CTO-Blog-110619-Header-GraphicLookingGlass Solutions
    • menu-bg-2Dell Technologies (RSA) Solutions
    • Sightline-Visualization-menuSightline Solutions
  • Resources
    • menumanagers-dealing-customer-agreTraining
    • working-together-newJoin The Tribe
    • Webinars_3-1.jpgUpcoming and Past Events
    • hacking-detected-shutterstock_newResources
  • Articles
  • About
    • About Us
      We are an Australian owned and operated security company specialising in risk, cybersecurity, protective security, crisis and business continuity management services.
    • frequently-asked-questions-smallFAQ’s
    • bg-menu-government-institutionsConsultant Registration
  • Contact Us
Contact Us

Australia’s Encryption Laws: What You Need to Know

You are here: Home / Security News / Australia’s Encryption Laws: What You Need to Know

In the last day of Parliament for 2018, the Australian Government attempted to introduce world-first encryption laws that would force technology companies into altering their systems and giving law enforcement agencies access to their customer’s encrypted messages. Their encryption is a major selling point for most technology companies, and these laws have serious and extensive implications for everyone. encryption

Breakdown of the Legislation

A multitude of new powers are introduced under the proposed Assistance and Access Bill 2018. Criticism is focussed mainly on Schedule One, which proposes three key powers for law enforcement:

  • A technical assistance request (TAR): Police ask a company to “voluntarily” help, such as giving technical details about the development of a new online service.
  • A technical assistance notice (TAN): A company is required to give assistance. For example, if they can decrypt a specific communication they must do so or face fines.
  • A technical capability notice (TCN): The company must build a new function to help police get at a suspect’s data, or face fines.

The enforcement agencies being granted this power are:

  • Australian Security Intelligence Organisation;
  • Australian Secret Intelligence Service;
  • Australian Signals Directorate;
  • Australian Federal Police;
  • Australian Commission for Law Enforcement Integrity;
  • Australian Crime Commission; and
  • In many cases, State Police.

What Does This Mean?

Encrypted messaging provides customers with the security that messages can only be ready by the sender and intended recipient, with the ‘key’ to unlocking the encrypted message remaining only with them. The idea is that not even the service provider can unlock the messages.

With these encryption laws, however, enforcement agencies will be handed the key. Indeed, the things these companies could be forced to do are extensive. They may have to install software and modify their services or provide technical details such as source codes. What is more, the Bill contains extensive secrecy provisions, meaning companies are not allowed to tell anyone that their messages have been read or that new software has been installed.

This legislation is capable of forcing technology companies to install backdoors for accessing their customer’s encrypted data. While the Government has specifically denied that the legislation allows for ‘back doors’ in software, IT consultant and Electronic Frontiers Australia board member Justin Warren disagrees. Warren states, “if you break encryption in one place, it’s broken everywhere”. Dr Suelette Dreyfus, a University of Melbourne cybersecurity and privacy researcher also asserts that “there will be smart criminals who will find and use these backdoors in all sorts of dangerous ways”.

The penalties for failure to cooperate includes $10 million fines or ten years in jail. Experts are saying these laws could see employees punished for simply doing their job or installing vulnerabilities and essentially hacking into their own company. Essentially, any platform that uses encryption technology – from Tinder to Whatsapp, online banking to mobile gaming – will be exposed and targeted by these laws.

Extensive Reach

The Government emphasizes these laws are focussed on preventing terrorism and tackling organised crime. What they don’t emphasize, however, is that other parts of the Bill could be extended to investigate smaller federal crimes with three-year penalties.

Other concerns are the attempted extraterritorial reach of the legislation. In their submission, the Communications Alliance said this global reach is “unprecedented” and could mean companies simply stop offering their products in Australia. Various major technology companies are based overseas, so questions have been raised as to how Australian police could make them do anything under national law. Indeed, many companies such as Apple have slammed the laws and experts fear that these companies could remove themselves from Australia entirely rather than cooperate with these laws.

The Implications

Experts and technology companies alike continue to warn that tinkering with the security of online systems may have serious consequences. Encryption provider Senetas explained that changing just one part of a telecommunication network could have unforeseen systemic effects, which will be exacerbated by the Bill’s demand for secrecy.

There are also fears that these laws will cripple Australia’s local tech industry by making overseas customers suspicious of Australian products, as they fear government-mandated backdoors. Similarly, Digital rights activist Asher Wolf warned of a “brain drain” as Australia’s technology minds move overseas rather than working under this system. Whilst under duress, “people can’t do their jobs as engineers, developers or testers” Wolf said.

While some of these fears may be over-dramatic, the message is clear: this legislation could have chilling effects on the Australian tech industry and on the privacy of individuals and businesses. If it is to be passed, it must be re-drafted dramatically.

The Way Forward

Unfortunately for us, most of these implications are likely to play out behind closed doors, while the public is fed success stories of foiled terrorist attacks using the encryption laws.

However, we could also see tech companies simply refusing to work with the Australian authorities. For example, after the 2015 San Bernardino terrorist attack, Apple refused to comply with FBI requests to unlock the suspect’s iPhone.

In the meantime, the push to ram this legislation through Parliament in the last day of sitting ultimately failed. Therefore, the laws will be delayed until 2019 at least. In that time, it is hoped that the legislation is re-drafted if not reconsidered altogether. In their announcement, the Law Society stressed that “serious concerns remain” and in the future, “the intelligence and security committee needs to be brought back into the frame to get these laws right”.

Follow our LinkedIn page for all the latest security updates, and Contact Us to see how we can assist your business.

Tweet
Share

General,  Security News Assistance and Access Bill,  Australian Federal Police,  Australian government,  Australian politics,  cybersecurity,  encryption,  encryption laws,  government

Looking for a security partner? Get in touch with Agilient.

Looking for practical and cost-effective security and risk solutions for your government department, agency or company? Speak with Australia’s leading senior security, risk and resilience experts.


Looking for a pandemic planning partner? Get in touch with Agilient.

Looking for practical and cost-effective risk management solutions for your government department, agency or company? Speak with Australia’s leading senior risk and emergency management experts.



Footer

Agilient is a proud member of

Ai Group Defence Council
Australian Industry & Defence Network
Australian Security Industry Association
Sydney Aerospace & Defence Interest Group

Company and Licensing Details:

ABN: 37 157 911 441
NSW Security Master Licence # 410783087
ACT Security Master Licence # 17502184
Vic Security Registration # 878-460-40S
Qld Security Firm Licence # 3834422

Join The Tribe

Sign up to receive our regular Agilient newsletter including the latest security, risk and resilience updates

Sign up now

Copyright © 2022 Agilient – Level 14, 275 Alfred St, North Sydney NSW 2060 Australia – 1300 341 692