There has been much speculation over the last year about what Canberra would do with regard to encryption. The draft law issued on Tuesday indicates that no foolhardy attempt will be made to insert generic backdoors.
But there is some ambiguous language in the legislation when it comes to encryption:
"A technical assistance notice or technical capability notice must not have the effect of:
|
|
"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)
There it is – that word "systemic". It does not rule out the possibility of a one-off crack in a specific case. Or even a few cases.
It will be interesting to see what the government intends to do in the case of an app like Signal. Open Whisper Systems, which produces the app, has designed it to generate the minimum logs possible.
In fact, when a subpoena was issued in October 2015 asking for email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, OWS owner Moxie Marlinspike could not provide anything. He had nothing to give: Signal does not store such details.
As per the draft law, the government will use the stick of big fines — up to $10 million — and the carrot of reimbursing any costs for co-operation to get data from companies when needed.
Access to data will be gained before it is encrypted — which could mean that a device maker will be asked to target specific devices with updates to make that device accessible to law enforcement — or read during transmission.
Agencies will have access to GPS data in order to conduct surveillance of suspects, or even delete material from a device if needed.
As usual, the government statements — mostly from Cyber Security Minister Angus Taylor — have been heavy on terrorism and child pornography.
From the wording of the bill, much of which has to be read side by side with the existing legislation in order to make sense, it appears that the increased financial penalties and jail terms will be the main means of scaring people and companies into submission.
The law also guards against having evidence presented in court that is not obtained by kosher methods. There have been two cases in the US where that government has dropped cases due to the methods by which information is obtained.
In March last year, government investigators in Washington state dropped all charges against a man charged with child pornography offences as they did not want to reveal the technological means they had used to locate him.
And in April 2017, the US Government dropped two child pornography cases against a man rather than reveal material available on WikiLeaks — which is still classified by the US Department of Justice — in court.
The law is bound to get through parliament with a few modifications. Labor will back it, because the party is afraid to be seen as weak on national security. That is the stick which the Liberals and Nationals will yield. And no Labor leader has ever shown the guts to stand up to such tactics.
The government has invited feedback on the draft bill which can be sent to [email protected] by 10 September.
