TECH & SCIENCE
THE Federal Government is seeking to accelerate the passing of laws which will enable police and intelligence agencies to compel tech companies to aid them in the covert retrieval of end to end encrypted messages of suspected criminals. While such power would require a warrant, tech giants such as Google, Facebook, Amazon and Twitter have raised concerns that such measures would necessitate the undermining of the security features hard baked into their respective platforms, opening up the potential for hackers to access the private information of any user, not just criminals. In other words, they are concerned that in attempting to prevent physical domestic terror threats, the Australian government may inadvertently open the floodgates for digital terrorists and criminals internationally. But the government insists that what they seek isn’t a back door that will break the encryption of a messaging platform or app, but rather a ‘front door’ means of accessing that information. And Prime Minister Scott Morrison insists that agencies such as ASIO need such laws passed urgently before Christmas.
Breaking the code
So what are encrypted messages and services, precisely, and who uses them? Encryption is the technology that scrambles messages using complex algorithms into unreadable codes as they travel from sender to receiver, so anyone who intercepts the message can’t read it. These days, just about everyone uses encrypted messaging and services online - from banking and online shopping, to simple chatting between friends. The main reason why so many people feel comfortable using services and storing data online is because of the large scale, overall success of platforms like Facebook, Google and Apple in building encryption into those services. If your account was hacked into every second day, and you had money stolen, those tech giants would have crumbled to dust years ago as no one would have used them. When these companies are hacked into or their security is breached in some fashion, it’s an international scandal. Given this, it’s not terribly surprising that the big tech companies would fight such laws, as forcing them to build weaknesses into their platforms will undermine their security for all users, not simply the criminals misusing them.
Knocking on the front door
But as previously stated, the government insists that it doesn’t want to weaken the encryption of services, rather, it wants a ‘front door’ means of accessing a suspect’s data and messages. But what does a front door approach entail, exactly? Former Australian Federal Police investigator Nigel Phair knows the laws could enable agencies to compel tech companies to assist them with investigations. “Going through the device would be the easiest thing,” he told SBS News. “That would be either through a key-stroke logger, maybe an additional secretive app downloaded on to [the device], maybe through an update of the other apps that are on the device.” Put simply, even if a suspect was using an encrypted messaging service, a tech company could install an app or update on the device that monitors keystrokes or takes a screenshot and sends it to investigators.
But what if such power falls into the wrong hands?
Combating terrorism and criminal activity is obviously an important and ongoing task, but many have raised concerns about the new ‘capabilities’ of law enforcement agencies, built by tech companies, falling to the very hands of those they are trying to stop. “The problem is that when you break encryption for one, you break it for everyone,” said Tim Singleton Norton, chair of Digital Rights Watch. And in a joint submission to the Home Affairs department, a group representing Amazon, Facebook, Google, Oath and Twitter raised serious concerns with the scope of the bill and a lack of oversight. “While [we] appreciate the challenges facing law enforcement, we have concerns with the bill, which, contrary to its stated objective, may serve to actually undermine public safety by making it easier for bad actors to commit crimes against individuals, organisations or communities,” the submission reads. Adding that the proposed laws would effectively “require the provider to identify a weakness in the security of data in their systems or technology and to make that weakness known to those agencies”.
KEYS TO THE FRONT DOOR: The Australian Government is seeking to pass laws that will give law enforcement agenices radfical new powers to access suspected criminals’ encrypted messages.