The Government Is Whining About Encryption - Again

Image: iStock

The Minister for Home Affairs, Petter Dutton, has flagged that he plans to introduce legislation to the parliament that will compel companies that provide end-to-end encryption on products and services to decrypt communications and data when requested. But there seems to be a fundamental difference in understanding in how encryption works and how they think it works.

Much of the previous debate on this topic has been on "backdoors" - hidden vulnerabilities that are available to law enforcement and no-one else. But the government has changed tack slightly, suggesting that the providers of services should have a way to access encrypted messages.

It's hard to say what they actually mean as no actual draft legislation has been produced (nor has a timeline been provided for when we might see a draft) but it suggests the current practice where service providers do not ever hold decryption keys is at risk.

Australian Greens Digital Rights spokesperson Senator Jordon Steele-John said, "“Obligating Australian companies providing telecommunications services and devices to assist government agencies with decryption will fundamentally mean that the data of everyday Australians will no longer be secure".

Another issue the government and law enforcement has raised is the shifting nature of network technologies. With the security protocols baked into 5G and the use of IPv6, it will become increasingly difficult for law enforcement to access communications. For example, the Home Affairs department has said the allocation of IPv6 addresses is not managed by a legal process and it would be possible for one person to use multiple addresses.

All of this is strangely suggestive, to me at least, that the government needs to hire some people who know how networks work and how international standards like IPv6 are managed.

Interestingly, since the introduction of mandatory metadata retention laws, NordVPN has said their sales in Australia have increased by 200% - and I suspect that kind of sales bump is being seen by many other providers as citizens seek to obfuscate their online activity.


    When the govt first talked about the mandatory metadata retention laws the first question was asked 'who would have access to the data?' The reply was law enforcement only. Later on the term 'law enforcement' ended up being govt employees, councils, movie production companies, and so on (thanks Brandis.) So no, I'll stick with encryption as the govt of the day (both Lib and Lab) can't find that balance between protecting their citizens, and allowing them to be exploited.

    But if you've got nothing to hide, you've got nothing to fear!


    The Gatekeepers are not infalliable, the AFP have reported themselves to the Ombudsman for at least 6 breaches in less than 2 years (that has been publicly declared), and you want to give them back door access...

    Also AFP has more serious concerns, like being over budget and understaffed, and I am betting this "bill" does nothing to address those but give them more work and more legal ways to hang themselves with the recent mandatory data breach laws.

    I propose a law be introduced that bans politicians from making laws that effect technology without having basic understanding of how these things work.
    The metadata law's poor wording combined with an almost unanimous acceptance by Parliament suggests these lawmakers have no clue at all.

      >The metadata law's poor wording combined with an almost unanimous acceptance by Parliament suggests these lawmakers have no clue at all.

      Only if you think they have your best interests at heart.

      The other option is that they want everything so ill defined that they can request data about any person, at any time, for any reason and then have the court challenge mired in years of wrangling (until they are out of office) debating the legal meaning of words.

    There are two possibilities:

    1) They think we are stupid
    2) They are stupid and do not understand the danger they put as all in.

    I do not like either of these options, so I am one of the people who increased NordVPN sales by 200% and I will continue to use VPN services until better laws are passed, or I stop using computers in general because I will be too senile.

    how long they gonna believe we are the stupid one, I started to use nordvpn after I kept receiving ads related to my location, I chose this vpn because if they manage to bypass first encryption nordvpn has the second one. While using this code GET3Y I've got big discount use it until it is not too late.

Join the discussion!

Trending Stories Right Now