The Australian government has proposed a new cybersecurity law to force global technology companies to help police by unscrambling encrypted messages sent by suspected extremists and other criminals. But some experts, such as Facebook, warned that weakening end-to-end encryption services so that police could eavesdrop would leave communications vulnerable to hackers.
The new law would be modelled on Britain’s Investigatory Powers Act, which was passed by the British Parliament in November and gave intelligence agencies some of the most extensive surveillance powers in the Western world, the government said.
The Australian bill that would allow courts to order tech companies to quickly unlock communications will be introduced to Parliament by November, officials said. Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications.
“We’ve got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and paedophile rings are up to because of the very high levels of encryption,” Mr Turnbull told reporters. “Where we can compel it, we will, but we will need the cooperation from the tech companies,” he added.
The government expected resistance from some tech companies, many of them based in the United States. But the companies “know morally they should” cooperate,” Mr Turnbull said. “There is a culture, particularly in the United States, a very libertarian culture, which is quite anti-government in the tech sector,” Mr Turnbull said. “We need to say with one voice to Silicon Valley and its emulators: ‘All right, you’ve devised these great platforms, now you’ve got to help us to ensure that the rule of law prevails,'” he added.
Attorney-general George Brandis described the growth of encrypted communication applications such as WhatsApp, Signal, Facebook Messenger and iMessage as “potentially the greatest degradation of intelligence and law enforcement capability that we have seen in our lifetime”. Mr Brandis said he met the British government’s chief cryptographer last week and believed it was technically possible to decode encrypted messages in a time frame that police needed to act.
This could be achieved without so-called back doors – built-in weaknesses that allowed a tech company access to a communication but could also leave it vulnerable to hackers, Mr Brandis said. Facebook said it had a protocol to respond to requests for police help. But the social media giant said it could not read individual encrypted messages.
“Weakening encrypted systems for them (police) would mean weakening it for everyone,” a Facebook statement said on Friday. Australia was a major driver of a statement agreed at the G20 summit in Germany last week that called on the tech industry to provide “lawful and non-arbitrary access to available information” needed to protect against terrorist threats.
The Australian Federal Police say the proportion of communication traffic they monitor that was encrypted had grown from 3% to more than 55% in only a few years. Police say 65% of organised crime investigations including terrorism and paedophile rings involved some kind of encryption.