In the United States, the same crime is being used to try and push through a bill that will restrict the freedom of Americans to use encryption for their data and communications.
Australia's intentions were made clear on 19 February when Australian Federal Police commissioner Reece Kershaw, Australian Criminal Intelligence Commission chief executive Michael Phelan and Australian Transaction Reports and Analysis Centre chief executive Nicole Rose made presentations at the National Press Club, claiming that current laws had been overtaken by technology and needed to be changed.
None of them mentioned that Australia already has a law in place to force companies to break encryption, this legislation having been passed in December 2018. Like Oliver Twist, they all asked for more. The mainstream media, and indeed even smaller publications, have kept mum about the possibility that the ASD would be allowed a role in domestic cases.
As American cryptography fellow Dr Riana Pfefferkorn, who works with the Stanford Centre for Internet and Society, put it, the US is trying to ban encryption without actually banning it.
The tussle between Apple and the FBI in 2016, over the latter's demand that the company provide a means for it to gain access to data on a terrorist's iPhone, showed that tech outlets would not accede to demands that they felt would impact on any selling point of their products. That case ended with the FBI using the services of a third party to gain access to the data in question.
But after that, following the 2016 US presidential election, and the allegations of Russian interference, public suspicion of companies like Facebook has grown. Increasing data leaks have not helped either and the government now feels the public mood is right to act.
The US assistant attorney-general for national security John Demers went on the record late last month saying that the Department of Justice had given up hopes that tech companies would voluntarily backdoor their own encryption.
Instead, said Demers, the DoJ was focused on passing legislation that forces companies to co-operate – "and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States".
The law that is sought to be passed is called the EARN IT Act. Currently, section 230 of the Communications Decency Act allows online platforms to escape liability for things their users say and do; for example, you can sue the person who defamed you on a platform like Twitter, but not the platform itself. An amendment to this section in 2018 has made platforms liable for publishing information “designed to facilitate sex trafficking”.
The other law that is relevant to this discussion is the Communications Assistance for Law Enforcement Act of 1994 which mandates that telecommunications carriers must open their networks to tapping by law enforcement when served with a warrant. Information services are not covered, though. Additionally, CALEA places no restrictions on encryption.
US politicians are not happy with this, but have shown no appetite for amending CALEA. Enter the EARN IT Act which aims to force online platforms to adhere to any practices laid down by a federal commission to combat child sexual abuse material online. The stick is that any platform that does not adhere to the mandated practices will lose the immunity to lawsuits that is guaranteed by Section 230.
There is another US federal law that governs the behaviour of online platforms with regard to child sexual abuse material; when they find any such material, they have to report it to the authorities. But they are not required to monitor or filter content on their sites to look for such material. If platforms report abuse material when they find it, they cannot be penalised either by federal or state courts. However, criminal cases can still be brought against platforms for intentional misconduct.
The new bill makes it necessary for platforms to earn the immunity that Section 230 has afforded so far. And one of the conditions for earning that immunity could well be the ditching of end-to-end encryption. That would, incidentally, also achieve the task of modifying the cover that CALEA affords to information services as it makes no requirement from them on encryption.
That the bill is being put forward at a time when there is a hue and cry about the privacy of individuals — which can be ensured only through strong encryption — has not gone unnoticed. Senator Lindsay Graham, one of the Republican senators putting forward the bill, has admitted that this does not make much sense.
But like all government initiatives, when the spectre of child sexual abuse is raised, people hesitate to say anything, and stand idly by while more and more draconian legislation is shoved onto the law books.