Australia passes cyber snooping laws with global implications

December 6, 2018 by Glenda Kwek
Under the legislation, Canberra can compel local and international providers to remove electronic protections, conceal covert operations by government agencies, and help with access to devices or services

Australia Thursday passed controversial laws allowing spies and police to snoop on the encrypted communications of suspected terrorists and criminals, as experts warned the "unprecedented powers" had far-reaching implications for global cybersecurity.

There has been extensive debate about the laws and their reach beyond Australia's shores in what is seen as the latest salvo between global governments and over and privacy.

Under the legislation, Canberra can compel local and international providers—including overseas communication giants such as Facebook and WhatsApp—to remove electronic protections, conceal covert operations by , and help with access to devices or services.

Australian authorities can also require that those demands be kept secret.

The conservative government had pushed for the bill to be passed before parliament rises for the year this week, saying the new powers were needed to thwart terror attacks during the festive period.

A last-minute deal was struck with the opposition Labor Party over its demands for more oversight and safeguards when the laws are used, with a review of the legislation to take place in 18 months.

The government also agreed to consider further amendments to the bill early next year.

National cyber security adviser Alastair MacGibbon said police have been "going blind or going deaf because of encryption" used by suspects.

Brushing off warnings from tech giants that the laws would undermine internet security, MacGibbon said they would be similar to traditional telecommunications intercepts, just updated to take in modern technologies.

Digital giants led by Google, Facebook and Amazon have said the legislation would undermine rather than enhance security
'Serious problems'

Global communications firms, including Google and Twitter, have repeatedly said the legislation would force them to create vulnerabilities in their products, such as by decrypting messages on apps, which could then by exploited by bad actors.

A central protection in the laws to block authorities from forcing companies to build a "systemic weakness" into their product remains poorly defined, critics say.

The Law Council of Australia, the peak body for the legal profession, said it had "serious concerns" about the changes.

"We now have a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist," it said in a statement.

Experts such as the UN special rapporteur on the right to privacy Joseph Cannataci have described the bill as "poorly conceived" and "equally as likely to endanger security as not".

"Encryption underpins the foundations of a secure internet and the internet pervades everything that we do in a modern society," Tim de Sousa, a principal at privacy and cybersecurity consultancy elevenM, told AFP.

"If you require encryption to be undermined to help law enforcement investigations, then you are ultimately undermining that encryption in all circumstances. Those backdoors will be found and exploited by others, making everyone less secure," he said.

The new laws also include secrecy provisions, which could raise doubts over whether Australian and foreign vendors have already been compelled to act—undermining their business models where privacy is a key selling point.

The most high-profile clash over security and privacy was between Apple and the US' FBI, when agents sought access to the data of the San Bernardino attackers in California in 2015.

Meanwhile, the Australian legislation could allow for policy laundering by its "Five Eyes" intelligence-sharing partners—Canada, Britain, New Zealand, and the United States—who cannot enact similar powers because of constitutional or human rights protections.

"There is an extraterritorial dimension to it, where for example the US would be able to make... a request directly to Australia to get information from Facebook or a tech company," said Queensland University of Technology's technology regulation researcher Monique Mann.

Explore further: Australia set to pass sweeping cyber laws despite tech giant fears

Related Stories

Tech giants warn Australia against law to break encryption

November 29, 2018

Digital giants led by Google, Facebook and Amazon have warned Australia against passing a "fundamentally flawed" law allowing security services to spy on encrypted communications among suspected criminals and terrorists.

'Five Eyes' agencies demand reignites encryption debate

September 4, 2018

Privacy and human rights organizations expressed concern Tuesday after a coalition of intelligence agencies renewed a call for technology companies to allow so-called "backdoor" access to encrypted content and devices.

Recommended for you

Uber filed paperwork for IPO: report

December 8, 2018

Ride-share company Uber quietly filed paperwork this week for its initial public offering, the Wall Street Journal reported late Friday.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.