news


Aussies determined to undermine security with anti-encryption law

data spy security hack

Ten of the world’s largest tech brands have banded together to denounce a recent law passed by the Australian government which could be viewed as the first step towards a Big Brother government.

With the world turning against China and Chinese companies due to the threat of espionage, you have to question whether the Australian’s have a leg to stand on anymore, as personal privacy takes a heavy blow with this legislation.

The signs have certainly been worrying over the last 18 months. Australia might well be one of the first to pass such controversial legislation, but it is certainly not alone. France, Germany, the UK and the US have all made it clear they all have ambitions to make our world less secure and less private with their own attempts. The privacy damn was set to burst, and the Aussies caved. Privacy has taken a backwards step down-under.

The statement below, signed by Apple, Evernote, Dropbox, Facebook, Google, LinkedIn, Microsoft, Oath, Snap and Twitter, signals the opposition from the technology industry.

“One of the core principles of the Reform Government Surveillance coalition (RGS) is that strong encryption of devices and services protects the privacy and data security of our users, while also promoting free expression and the free flow of information around the world,” a joint statement declares.

“RGS has consistently opposed any government action that would undermine the cybersecurity, human rights, or the right to privacy of our users – unfortunately, the Assistance and Access Bill that was just passed through the Australian Parliament will do just that. The new Australian law is deeply flawed, overly broad, and lacking in adequate independent oversight over the new authorities. RGS urges the Australian Parliament to promptly address these flaws when it reconvenes.”

The law itself will allow the Australian police to issue technical notices, compelling technology companies to assist the government to hack, implant malware, undermine encryption and even insert backdoors into security software. Those who resist would face financial penalties. The justified concerns with the legislation are two-fold.

Firstly, the idea of a backdoor or writing algorithms which allow encryption software to be undermined completely defeats the purpose. The presence of such features should be seen as nothing more than a weakness in the software, a weak link in the chain. Whenever there is a vulnerability, nefarious individuals always expose it. It is just a matter of time before cyber criminals identify these vulnerabilities and it doesn’t matter how well they are hidden. It might happen after months of searching, or it might happen by accident.

Secondly, the law is flawed in that it is full of loop-holes and contradictions which leave it open to abuse and mission creep.

The initial remit of the technical notices will be for serious crimes, such as sex offenders, terrorists, homicide and drug offenses, though critics have pointed towards weak and vague language which opens the door for mission creep. And when there is an opportunity to push the boundaries of acceptable, there are people who will do this.

Another example of the problematic rules is the difference between Technical Capability Notices (TCNs) and Technical Assistance Notices (TANs). Both are used to compel technology companies into assistance for pretty much the same exercises and violations of privacy, though TCNs require approval by the Attorney-General, a consultation period and can only be used by the agency which submitted the request. TANs do not but can wield almost exactly the same amount of power.

“As Government and Labor MPs work today to craft amendments to the Assistance and Access Bill, it appears that one of the biggest flaws in the proposed legislation will not be addressed,” said Communications Alliance CEO, John Stanton on the differences between TCNs and TANs.

These are only a couple of examples of the criticism which the bill has faced over the last couple of weeks, though even after public consultation (which attracted 15,000 comments) few amendments were made to the original draft before being passed into law.

“The Australian government has ignored the expertise of researchers, developers, major tech companies, and civil liberties organizations by charging forward with a disastrous proposal to undermine trust and security for technology users around the world,” the Electronic Frontier Foundation said it a statement.

“The issue isn’t whether the Australian government read the 15,000 comments and ignored them or refused to read them altogether. The issue is that the Australian government couldn’t have read the 15,000 comments in such a short time period. Indeed, the bill’s few revisions reflect this—no security recommendations are included.”

In the pursuit of making life easier for the Australian police force, the government has betrayed the consumer and made the digital landscape a haven for hackers. We are unable to think of any examples of genuine encryption software being hacked or compromised to date, but the Australian government has just made life a lot easier for nefarious actors by voluntarily introducing vulnerabilities.

And this is without addressing the opportunity for abuse and violation of individuals human right to privacy.

There have been countless examples from around the world of individuals, either in private organizations or government agencies, being able to respect privacy rights when given the opportunity. Uber employees used the location tracking features of the app to stalk ex’s and celebrities, while Edward Snowden exposed how the CIA illegally undermined the privacy of thousands of its own citizens.

The Australian government has not done anywhere near enough to ensure the rights of citizens will be maintained, or that actions will be entirely justified. This is a very worrying sign for the world, especially with the likes of the US and UK watching very carefully.

Australia is part of the Five Eyes intelligence fraternity, which traces its origins back to the 50s. This intelligence alliance, comprising of Australia, Canada, New Zealand, the UK and the US, generally work hand-in-hand when it comes to intelligence and security, and tend to implement very similar legislation. With Australia setting the pace of making the world a less safe place, it would not be a surprise to see other nations follow suit.

International politics is generally like a dominoes set. All ‘Western’ governments have similar laws, and when one breaks rank usually it back-tracks or the rest get in line. In this case with governments around the world all showing Big Brother ambitions, we suspect it might not be too long before more of these bills are being discussed elsewhere.

  • Telco Automation Everywhere

  • BIG 5G Event


Leave a comment

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Polls

Should privacy be treated as a right to protect stringently, or a commodity for users to trade for benefits?

Loading ... Loading ...