Greens Digital Rights spokesperson Senator Jordon Steele-John said in the three months that the law had been in place — it was passed on 6 December 2018 — there had already been hundreds of assistance and access requests.
"[This means] vulnerabilities may have already been built into the technology we use every day," he said in a statement on Wednesday.
Under the law — officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 — there are three ways by which the authorities can get industry to aid in gaining access to encrypted material:
- A technical assistance request (TAR) allows for voluntary help by a company; in this case, its staff would be given civil immunity from prosecution.
- An interception agency can issue a technical assistance notice (TAN) to make a communications provider offer assistance.
- Finally, a technical capability notice (TCN) can be issued by the attorney-general at the request of an interception agency; the communications minister of the day would also need to agree. This will force a company to help law enforcement, by building functionality.
"Worst of all, if you ask your tech provider whether they've built a vulnerability or backdoor into technology that you use, they are obligated, under this law, not to tell you!" he added.
After the law was passed, the Parliamentary Joint Committee on Intelligence and Security opened another review of the legislation; the panel is due to report back on 3 April. As of this writing, 66 submissions have been received, many from the same organisations and individuals who made submissions before the legislation took effect.
Senator Steele-John said the latest analysis had shown "the very people this legislation was designed to target were probably no longer using encrypted messaging services, like WhatsApp, because of perceived weaknesses - so what's the point?"
"This legislation was sold as a way to assist government agencies in doing their jobs, yet analysis is already showing it's likely to be effective at achieving this intended outcome anyway," he said.
"I've lost count of the number of data breaches - Centrelink, MyGov, Parliament House - that have occurred under this government; I simply don't trust them anymore with my online privacy, safety or security.
"We must repeal the Assistance and Access bill and start taking the online privacy, safety and security of all Australians more seriously. The Greens want to see the introduction of laws in line with the European Union's General Data Protection Regulation to ensure that Australia can move forward into a digital future."
None of the amendments to the law, proposed last year, have yet been passed. Given that the House of Representatives has just seven sitting days listed for April and the Senate nine days, this means the amendments may well have to be passed by the next government as the current government has indicated it will call a federal election in May.