Labor support all but ensures the passage of a coalition bill which will compromise the security and privacy of millions of Australians by allowing governments and law enforcement agencies to access communications protected by data encryption. The bill will potentially put our most sensitive information at risk of hacking or exploitation.
Robust encryption is necessary for protecting our day-to-day activities- from sending private WhatsApp messages, betting online, making online purchases confidently with our credit card details, to protecting against cybercrime and identity theft. Strong encryption protections through passcodes have caused a sharp decline in phone thefts. Building vulnerabilities to data encryption, will also put domestic violence and stalking victims at risk by weakening their ability to make anonymous or secure communications to confidants or the police. Recent major data breaches, including an attack which left three million European Facebook users’ information open to hackers, highlight the need to encourage more data protection in Australia – not less.
Data encryption normally protects these activities through a process of scrambling transmitted info through complex mathematical models designed to protect the privacy of users. The potential bill sees certain agencies being granted powers to investigate ‘serious offences’ such as serious police crimes, terrorism, sex offences and other offences with an imprisonment term of three or more years. Enforcement agencies are able to issue technical capability notices for companies to create ‘systematic weaknesses’ in encryption, with the approval of the Attorney-General and Communications Minister. A major concern is that the bill does not define what a “systemic weakness” includes. Members of government agencies have presented differing definitions of the term because it is often dependent on the business structure of a company.
The proposed law will affect Australians who have done nothing wrong, particularly because businesses that produce the software could feel compelled to build vulnerabilities in their applications pre-emptively to ensure that they are able to comply with the enforcement agency’s orders in the future. For example, telecommunication providers could be forced to modify the services they provide to customers to create a weakness the enforcement agencies could exploit. Unfortunately, this also leaves the data security of unsuspecting customers compromised. Members of the Australian Technological industry have also warned that the Encryption Bill could devastate a business’ reputation, triggering job losses, a reduction in exports ad breeding serious mistrust between businesses.
Australian Home Affairs Minister, Peter Dutton, earlier noted that rapid access to encrypted content was vital for enforcement agencies to tackle terrorism and human trafficking. However, the Bill does not contain anything to prevent its application for a range of other purposes. Apple has suggested the Bill could expand by implementing surveillance equipment in smart home speakers, requiring a provider to monitor the health data of its customers for suspected drug use, or requiring the development of tools to unlock a user’s device.
The bill also poses numerous problems for businesses who are now compelled to pay consultants or data protection officers to ensure compliance, further raising costs and creating difficulties due to a shortage of applicants. This will particularly impact newer, less-resourced players who are not adequately equipped to navigate regulatory uncertainties.
Compliance costs also endanger the capacity for consumers to choose. When Australia enacted its world-first requirements for online marketplace platforms like eBay and Amazon to collect sales tax on imports on its behalf, it was the Australian people who suffered the most as the main Amazon site then refused to ship to Australia due to compliance difficulties, a move that was only recently reversed.
Businesses with international dealings are also at risk. Dr Paul Brooks of Internet Australia noted that the Bill attacks Australian information technology and telecommunications exports, which generated $2.28 billion in 2016-17.
The Australian government’s obsession with surveillance will threaten the security of Australians to their privacy, blow up compliance costs and hurt Australian businesses in the market. The consequences of technological transformation on this law have not been properly anticipated. The anti-data encryption law will pave the way for a less secure Australia and sends a concerning message to the rest of the world, particularly our region, that the right to privacy and freedom of expression means so little in the digital age. This at the time when totalitarian regimes like the People’s Republic of China are using technology to enhance their own surveillance states, including through their infamous ‘social credit’ system.
Although further amendments are set to be made to the bill in 2019 with the intention of clarifying its many vague and problematic terms such as ‘systematic weakness’ and ‘whole class of technology’, Australia must ask itself whether this is the same direction we want to move in.
Anjali Nadaradjane is a Research Associate with the Australian Taxpayers’ Alliance.
Got something to add? Join the discussion and comment below.