Australia using new decryption powers even before review
AUSTRALIAN security agencies have begun using sweeping new powers to access encrypted communications even before a promised review meant to address concerns from the likes of Google, Apple and Facebook.
The powers were granted under a new decryption law which was rushed through parliament in December amid fierce debate, and seen as the latest salvo between governments worldwide and tech firms over national security and privacy.
Two months later, the Australian Federal Police have revealed that agents have already used it while investigating drug trafficking and child exploitation.
Australia is widely seen as a global test case for such laws, with possible applications by other governments seeking to counter the growing use of encrypted messaging, notably Australia’s partners in the so-called “Five Eyes” intelligence alliance -- the United States,
Britain, Canada and New Zealand.
Under the new laws, refusal to grant authorities access to devices is punishable with up to 10 years in prison, and police told a parliamentary inquiry they had used that threat to compel two suspects to hand over their passwords.
Citing secrecy provisions in the law, police declined to say if they had used it to force device makers or telecommunications firms -- including global giants such as Apple -- to break or bypass encrypted communications.
The same provisions bar companies from disclosing whether they have received such police demands, known as “compulsory notices”.
The government has argued the law was urgently needed to foil terrorist plots and intercept communications among other serious criminals.
But opponents allege it punches a hole in global efforts to keep governments from eavesdropping on secure communications, such as WhatsApp.
They also argue it could undermine legitimate uses of encryption for commerce and banking, saying you cannot create vulnerabilities in encryption technologies without opening the door for them to be used by malicious actors.
“That is a needle that cannot be threaded -- you cannot break encryption without introducing a vulnerability
into the whole system,” an alliance of tech giants, including Amazon, Google and Facebook, said in a submission about the legislation before it was adopted in December.
The legislation was passed only after the conservative government agreed to reopen debate in the new year on amendments that would address widespread concerns among civil liberties advocates and tech industry experts that it was ill-conceived and too broad.
The Department of Home Affairs says the law is being progressively implemented and that in January it wrote to tech industry members for assistance in drawing up guidelines on how to use the new powers.