What is it with Australia’s law enforcement authorities? Their uncontrollable appetite for encrypted data – primarily the data of private users – is so voracious it has become a parody of itself. There seems to be little that will restrain such politicians as Cybersecurity minister Angus Taylor, who insists that the technology giants cough up data with ease and cooperative generosity.
“We need legislation in place,” claims Taylor in justification, “whereby companies can work with government to ensure that we can get access to the data we need to prosecute and investigate serious crimes.” And there you have it: the cooperative model between government and technology providers that surrenders individual privacy at a moment’s notice, the civic duty to do what’s good for the country, however unnecessarily intrusive.
The Australian government’s attitudes to the private data of citizens tends to be schizophrenic. They acknowledge the value of encrypted services, but do not like them. As the Department of Home Affairs explains, “Encryption and other forms of electronic protection are vital security measures that protect private, commercial and Government data and make communications and devices of all people more secure.”
Then comes the grim qualifier, setting the ground for exceptions. “However, these security measures are also being employed by terrorists, child sex offenders and criminal organisations to mask illegal conduct.” Encryption becomes the barring and stalling enemy of the state; confidentiality becomes the frustrating measure hindering “lawful access of communications by Australia’s law enforcement and national security agencies.”
The usual straw men arguments are trotted out: as the domestic spy agency has to deal with encrypted communications (stunningly relevant, is ASIO) in nine out of ten cases, lives would be made easier if they could simply have access to data in what it terms “priority cases”. The same reasoning is used by the federal police. In both instances, proportion would simply vanish; agencies would be effectively discouraged from labouring for plausible reward.
The result of such doomsdaying apologias is the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a draft document with such innocuous labelling you would assume its authors were dull but friendly. It replicates, in form and poor spirit, the United Kingdom’s Investigatory Powers Act, another seedy bit of state overstretch filled with mandatory decrypting obligations.
A spirit of workable solidarity, even collusion, comes through the wording: Australia’s intelligence agencies “may give a technical assistance request to a designated communications provider” in the name of enforcing criminal laws, protecting public revenue and safeguarding national security. The term “voluntary basis” is used to cover that assistance, but the drafters are clear to ensure that the intelligence community chiefs may require compliance via what is termed a “technicality capability notice”.
The Director-General of Security or the chief officer of the relevant interception agency is also given vast scope to compel the provider to engage in a range of unspecified acts or things. To have such powers of compulsion would be tantamount to permitting the security services to break down the door in the front, let alone any back door preference.
In an unconvincing move designed to allay suspicions, the Home Affairs department’s explanatory note suggests that either forms of “assistance” sought – the technical assistance notice or technical capability notice – are not meant as directions to telecommunications providers “to implement or build a systemic weakness, or a systematic vulnerability, into a form of electronic protection.” No “backdoors” to products and services are required. This point is a moot one, given that technology providers could still be required to reveal a good deal about the technical characteristics of their product, thereby giving agencies a more than helping hand.
The proposed laws are the product of a sneering attitude, and do everything to encourage the actions of the over-zealous in the policing communities. Police, it is proposed, should receive commanding powers to force a person being searched to unlock a mobile phone with fingerprint or password. Predictably, “reasonable” suspicions must be held that the phone has details of a crime on it. (The reasonable person is ever the alibi of aggressive law enforcement.) In what can only be deemed a sledgehammer approach, the person in defiance of such a command might face five years in choky.
This is not to say that the technology giants are to be praised. The cyber-intelligence complex sprawls and burgeons with menace, and the muddied relationship between Silicon Valley and the intelligence community was well exposed by Edward Snowden in 2013. Allied to the fact that Australia’s police forces already have extensive powers to covertly target devices at endpoints where information remains unencrypted, such a bill comes across as smugly disproportionate and verging on the paranoid. To give governments ease of access in the manner suggested by the Australian example would be to ignore various tenets of liberty: keep government and the state nail bitingly worried; encourage citizens to be contrarian; and make prying authorities work when breaching the liberties of others.