The Australian government has finally released legislation aimed at getting past all that pesky encryption.
People who refuse to open their phones or computers to law enforcement agencies such as Australian Border Force (ABF) could spend up to 10 years in jail, under legislation proposed by the Turnbull government.
The long-awaited draft law aimed at forcing tech companies to assist law enforcement agencies to access encrypted communication was released on Tuesday by cyber security minister Angus Taylor.
The legislation introduces new “computer access warrants” that allow law enforcement agencies, including the ABF, to access devices such as computers and phones; add, copy and delete data from those devices; and intercept communications from those devices.
Under current legislation, the agencies can compel people to unlock their phones or computers and provide access to the data held within, with threats of up to two years in jail for failing to comply.
But under the proposed changes, the maximum penalty is extended to five years for “simple offences” and 10 years when the crime is deemed to be serious.
Encryption crackdown is “not a backdoor”
Under the legislation, tech companies would have to: remove protections on devices; give law enforcement agencies the design specs of their devices; install software on a device when asked; provide access to devices; and help agencies build their own systems.
The government says the new proposed powers will help investigate terrorism and child abuse, but the legislation also includes crimes such as tax evasion.
Under the system, government agencies would still need a warrant to obtain access to communications, and companies would not be required to build vulnerabilities, such as a backdoor, into their encrypted communications technology.
Instead, they would be required to install software on a target phone or computer that would be able to intercept messages before they are encrypted.
Companies would only have to comply with “technical assistance notices” if it didn’t breach the security of all customers to do so. They would be compensated for their help, the government has said, but failure to comply would mean fines of up to $10 million for companies and $50,000 for individuals.
Each year, the government will have to release information on the number of notices issued under the scheme, and only the attorney-general can approve the notices.
Cyber security minister Angus Taylor said in a statement that in the last 12 months 200 serious criminal and terrorism-related investigations were hampered by the use of encryption.
“We must ensure our laws reflect the rapid take-up of secure online communications by those who seek to do us harm,” he said. “These reforms will allow law enforcement and interception agencies to access specific communications without compromising the security of a network.
“The measures expressly prevent the weakening of encryption or the introduction of so-called backdoors. I am committed to maintaining the integrity of Australians’ personal information, devices and communications.”
But Greens senator Jordon Steele-John said the legislation would still undermine end-to-end encryption.
“Installing malware on people’s devices to read encrypted data is not a solution to catching criminals, but it is weakening the defences of every single device that receives encrypted messages, therefore making it easier for criminals who want to steal data,” he said in a statement.
“I call upon those tech companies who are likely to be affected to immediately condemn this legislation, which presents a very serious threat to the privacy of their users.”
Labor’s shadow attorney-general Mark Dreyfus said that the opposition would consider the legislation.
“Labor takes a bipartisan approach to matters of national security, and always seeks a balance with issues of privacy and personal freedom,” he said in a statement. “Given the complex nature of this proposed law, we urge the government to take sufficient time to consult with both civil society groups and industry.
“There are highly technical considerations which will take some time to work through.”
Most tech companies are still combing over the legislation and haven’t had much to say yet, but Digital Industry Group — which represents tech companies like Google, Facebook and Twitter in Australia — said the companies hoped for a “constructive and public dialogue with government”.
The exposure draft is open for submissions until September 10. The government is aiming to introduce the legislation into parliament before the end of the year, but it would likely be referred to a committee for review, meaning it is unlikely to pass before the end of 2018.