Earlier this week Attorney General Brandis and Minister for Immigration and Border Protection Dutton visited Ottawa for meetings with their Five Eyes counterparts. One of the topics on the table was access to encrypted messaging data from services such as Signal, WhatsApp and iMessage. So, how did that all go?
During an interview earlier this week, following the meeting in Ottawa, Brandis was asked, on RN Breakfast, what the government was planning to do and, specifically, whether they were going to ask service providers to plant back doors into systems.
Well we’re not specifically asking them to do that and it’s not as simple as that. What we need is to develop, and what we’ll be asking the device makers and the ISPs to agree to, is a series of protocols as to the circumstances in which they will be able to provide voluntary assistance to law enforcement.
We already know tech companies comply with warrants, subpoenas and other legal instruments when they can hand data across but we are dealing with an entirely different matter here.
Citing laws in the UK, Brandis said those provisions “impose an obligation, subject to reasonableness of proportionality, upon providers to do whatever they reasonably can be expected to do to enable law enforcement to inspect messages that are the subject of encryption, or inspect devices.”.
The “inspect devices” phrase in light of his earlier comment about device makers is the interesting one. When systems that employ strong encryption are attacked, the hackers usually work around the encryption. If the government is able to push a law that forces device makers to provide access to locked devices, thereby giving law enforcement access to the messages, then they could find a way around the message encryption.
What it sounds like is the government is not interested in using the encrypted messages during surveillance – perhaps they’ve given up that goal for now – but for use after a crime is committed as part of the discovery process for evidence.
Brandis didn’t provide any specific guidance on what the government is planning but his words seemed quite careful and that he sees end-points as the gateway to encrypted data rather than “wire tapping” encrypted traffic.