The Australian Government has released the ‘Assistance and Access Bill 2018’ for feedback. This draft legislation seeks to update the abilities of Government security agencies to access modern telecommunication protocols.
This will include force companies doing business with Australians to work with security agencies to provide access to data like chat communications on online gaming platforms, Facebook, Google, really anything digital they are currently blind to.
The need for these changes is being explained as a necessary step towards stopping the bad guys, which we all can agree is a good thing, however the consequences of doing so are incredibly serious.
Below is a detail of the goals and aims of the new legislation. It is important to preface this with the fact requests of tech companies will require a warrant, much like searching your home does.
The Bill provides national security and law enforcement agencies with powers to respond to the challenges posed by the increasing use of encrypted communications and devices.
The proposed changes are designed to help agencies access intelligible communications through a range of measures, including improved computer access warrants and enhanced obligations for industry to assist agencies in prescribed circumstances.
This includes accessing communications at points where it is not encrypted. The safeguards and limitations in the Bill will ensure that communications providers cannot be compelled to build systemic weaknesses or vulnerabilities into their products that undermine the security of communications. Providers cannot be required to hand over telecommunications content and data.https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf
When it comes to encrypted communications, the Government lists under their Limitations and safeguards section, that they won’t force companies to create backdoors for them.
Notices cannot require a provider to implement or build systemic weaknesses into electronic protection. The Australian Government has no interest in undermining systems that protect the fundamental security of communications. This includes a prohibition on building a decryption capability. So-called ‘backdoors’ weaken the digital security of Australians and others.
Notices cannot prevent a provider from fixing a security flaw in their products. Providers can, and should, continue to update their products to ensure customers enjoy the most secure services available.https://www.homeaffairs.gov.au/consultations/Documents/limitations-safeguards-factsheet.pdf
During an interview on the Today show this morning, Minister for Law Enforcement and Cybersecurity, Angus Taylor said, they won’t be asking for access to encrypted data as that would weaken the security we use to do tasks like online banking etc. Ok that’s great, he understand the implication of breaking SSL. However, when pushed on how they would tackle encrypted data, he said, there are ways and means to get at encrypted data if that’s what we get.
This means one of two things. Either they ask the company to work with them in using their encryption keys to decode the data (i.e. a front door), or they may attempt to brute force the encryption using some of the Government’s enormous compute capacity.
This is also inferred by the amendments which seeks to extend the timeframes allowed for the examination of electronic devices (physical and remote) under a warrant from 14 days to 30 days in order to account for the complexity of analysing data in modern electronic communications systems.
Either way, if you’re communicating online expecting that it can never be accessed, I’d think again if this legislation passes, which I suspect it will.
What can you do about it ?
So far this is just a proposed bill that the Government is asking for feedback on, so head over to https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018 and read it.
To submit feedback, send your thoughts to firstname.lastname@example.org by 10 September 2018.