Australia passes the 'Telecommunications Assistance and Access Bill 2018'

The Australian government has passed the most contended anti-encryption bill - "The Telecommunications Assistance and Access Bill 2018".  It gives authorities the right to demand access to encrypted forms of communication and to slap companies that refuse to cooperate with fines up to $7.3 million. It is criticized by Apple as well as other technology companies and academics who argue that the legislation will weaken the data security of all Australians, with a reach that could jeopardize the data of companies, citizens, and societies around the world.

At its core, the legislation allows law enforcement agencies to force companies to hand over user information, even if it’s protected by end-to-end encryption. If companies do not have the ability to intercept encrypted information, they can be forced to build tools to do so.

The new law will give the Australian government the power to issue the following three kinds of notices -

Technical Assistance Notices: These can require communication providers to use an interception technology they already have.

Technical Capability Notices: These can require communication providers to build new interception capabilities that can meet the requirements needed to be able to comply with Assistance Notices. Tech giants consider this the most contentious, since it could force them to build tools such as encryption backdoors.

Technical Assistance Requests: These are apparently voluntary requests, which companies can comply with or turn down without the risk of being punishable.

The problem, as human rights lawyer Lizzie O’Shea points out, is that creating tools to weaken encryption for one purpose weakens it for all purposes. Tools created to intercept encrypted messages between suspected terrorists undermine the digital security of anyone who relies on that encryption for their security, whether they are buying things online, managing their bank account, or communicating with personal or professional contacts.

“The truth is that there is simply no way to create tools to undermine encryption without exposing to risk digital security and eroding individual rights and freedom. Hackers with bad intentions will do their utmost to take advantage of any such tools that companies are forced to provide the government,” she said.

O’Shea suggests that once these tools exist, then it would be easy for Australian authorities to share them with their counterparts in allied nations. Australia is part of the Five Eyes intelligence sharing agreement, which also includes Britain, Canada, New Zealand, and the United States.

Apple has argued against the legislation, saying that encryption is actually a defence against cyberattacks and terrorism. It says that more of it is needed to make citizens safe, not less.

Once these encryption-breaking technologies exist for a service, they are then a potential avenue for hackers to use across the world, and we have already seen attacks emerge as a result of government breaches. Last year’s WannaCry ransomware attack that caused chaos for the UK’s National Health Service, was made possible after the Windows exploit was stolen from the NSA.

Fines of up to $7.2 Million USD are payable if companies don’t comply

The Law Council of Australia has criticized the government for rushing the legislation through Parliament. A draft version of the bill was only presented back in August, while lawmakers had just a day to review the results of a parliamentary committee’s investigation before voting on the bill. The opposition Labor Party agreed to drop all 173 of the amendments it initially proposed for the bill in order for it to be passed on the final day of Parliament this year. The amendments are now due to be raised for debate in 2019.