Australia Wants to Take Government Surveillance to the Next Level
September 4th, 2018Via: New York Times:
A state’s capacity to spy on its citizens has grown exponentially in recent years as new technology has meant more aspects of our lives can be observed, recorded and analyzed than ever before. At the same time, much to the frustration of intelligence agencies around the world, so has the ability to keep digital information secret, thanks to encryption.
That’s why the main intelligence agencies of the Anglophone world are now hoping that Australia will lead the charge in developing ways to get decrypt information at will, and to tap into data that was previously kept secret. A proposed law, the draft of which was released last month by the cybersecurity minister, is an aggressive step in that direction.
We should all be worried, because it’s not just criminals or terrorists who use encryption, but every one of us. We use encryption to buy things online, manage our finances, and communicate personally and professionally. Hospitals, transportation systems and government agencies use encrypted data. Creating tools to weaken encrypted systems for one purpose weakens it for all purposes. If Australia succeeds in doing so, it could be your bank account or your medical records that are compromised in the end.
This particular bill has been more than a year in the making. At the June 2017 meeting in Ottawa of the Five Eyes — the intelligence alliance made up of the United States, Britain, Australia, Canada and New Zealand — Australia made a point of the need for states to find ways to overcome encryption. A joint communiqué that came out of the meeting noted that encryption can “severely undermine public safety efforts” and committed Five Eyes members to working with technology companies to “explore shared solutions.”
The Australian government set about translating this objective into law. The release of the bill, which came just before the latest meeting of the Five Eyes in Australia last month, which confirmed the strategy. No doubt Australia’s intelligence and law enforcement establishment were thrilled with this proposal.
Australia, which has no bill of rights, is a logical place to test new strategies for collecting intelligence that can later be adopted elsewhere. Among other things, the proposed law would create a process for “designated communications providers” — defined so expansively that it covers any business hosting a website — to assist intelligence and law enforcement agencies to do almost anything to give them access to encrypted communications. For example, providers may have to build tools, install software or keep agencies up-to-date with developments. In essence, state agencies will be able to circumvent encryption, either with the cooperation of tech companies or by compulsion.
The government has been quick to claim that this is not a back door, and the bill prohibits requests to companies to create “systemic” weaknesses. But this prohibition is ambiguous, and the reporting and accountability safeguards are minimal.
The truth is that there is simply no way to create tools to undermine encryption without jeopardizing digital security and eroding individual rights and freedoms. Hackers with bad intentions will do their utmost to take advantage of any such tools that companies are forced to provide the government.
