The Government Says No Backdoors (Except For Them)

Image: Getty Images

With all the brouhaha going on in Canberra recently, the draft of a piece of very important legislation was introduced along with an explanatory note. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 might sound all soft and fluffy but it's anything but that. This is a piece of legislation that will compel IT companies that create encrypted systems to "assist" the government with access to encrypted communications.

The government's explanatory note is all about the "challenges" law enforcement faces when it comes to accessing encrypted messages. The paper notes "95 per cent of the Australian Security Intelligence Organisation's (ASIO) most dangerous counter-terrorism targets actively use encrypted messages to conceal their communications".

The purpose of the Bill is to allow agencies to seek help from providers, both domestic and offshore, in the execution of their functions. The Bill also provides agencies with alternative-collection powers, allowing them, under warrant, to access devices.

The new laws, as they are drafted, provide for agencies to make three different types of requests.

  1. Voluntary assistance can be requested to assist ASIO, the Australian Secret Intelligence Service (ASIS) and the Australian Signals Directorate (ASD) and interception agencies in the performance of their functions.
  2. The Director-General of Security, or the head of an interception agency, can issue a technical assistance notice requiring a designated communications provider to give assistance they are already capable of providing that is reasonable, proportionate, practicable and technically feasible.
  3. The Attorney-General can issue a technical capability notice, requiring a designated communications provider to build a new capability that will enable them to give assistance as specified in the legislation to ASIO and interception agencies. A technical capability notice cannot require a provider to build or implement a capability to remove electronic protection, such as encryption.

It says something about the complexity of this matter when the 166 page legislation comes with a 115 pages of explanatory notes.

While the term backdoor is never used, we are looking at laws that place a lot of power in the hands of one person, the Attorney-General or could circumvent open and transparent processes if a software company voluntarily provides assistance.

A large part of the new laws seems to be about getting access to end-point devices and then asking software companies to assist with accessing data. That may mean asking for a weakness to be built so that data could be accessed.

Which sounds like a backdoor by another name.


Comments

    Whilst I'm not ever really going to be a person of interest to these guys (at least I hope not) I am seriously considering making my VPN work directly through my router, if I can figure out how to do it that is! This is something everyone should do on principle whether you have something to hide or not. I really hate this foul taste of totalitarianism that is slowly starting to permeate its way through our government.

      A lot of modern routers make it easy in their Admin menu. If you have an old one there should be a tutorial online.

    If I buy a phone [or a router] from overseas, and/or use encryption software from outside Australian jurisdiction, should I expect minimal disruption by this new law?

    The "designated communications provider" would be Australia Post if I started sending coded messages via snail mail, and I doubt they have many encryption specialists on the payroll.

Join the discussion!

Trending Stories Right Now