By Thursday 6 December 2018, the festive season was in full swing in Australia. People were starting to wind down, enjoying the annual office Christmas lunch, doing a spot of Christmas shopping and taking clients out for end-of-year celebrations. Chances are most people did not know the government was sneaking through one of the most invasive bills of recent time on the last parliament sitting day in 2018.
The Access and Assistance Bill enables law enforcement agencies to access encrypted communications on platforms such as WhatsApp or Facebook if they suspect the content contains plans for illegal or terrorist activity. This is a bill that is detrimental to consumer privacy, a hindrance and risk to business and devastating to the flourishing community of Australian tech entrepreneurs heavily invested in fighting cybercrime.
As of late, the new bill has been met with deep criticism, sending shockwaves through the global tech community. It’s widely considered the first global threat to encryption, with Apple calling the bill out for being “dangerously ambiguous” and “alarming to every Australian”. Not only will authorities have easy access to monitor Apple’s iMessage platform but, in the most extreme enforcement of the bill, it could mean that makers of smart home speakers may need to install eavesdropping capabilities. Ingsoc, anyone?
And this is a bill that doesn’t just apply to communication giants like Apple, Facebook and Google. Indeed, the definition of communication providers is very loose and states that a designated communications provider is “any business that provides an electronic service that has one or more end-users in Australia”. And, if the definition of electronic service is “a facility which allows end-users to access material over the internet”, this means anyone who runs a website, develops software or provides any kind of service to users could be captured by the definition and be required to surrender to three categories of demands or notices issued by the Australian government.
The first is a technical assistance notice requiring communication providers to use an interception technology they already have to decrypt messages. The second is a technical capability notice requiring communication providers to build new interception capabilities that can meet the requirements and be able to comply with assistance notices. Finally, they may also make a technical assistance request which is, a supposedly voluntary request that companies can comply with or turn down without the risk of being penalised.
For tech developers, this represents a massive step backwards. The second request, a technical capability notice, is the single most contentious aspect of the bill as this could force tech companies to build tools such as encryption backdoors. This means that security must be weakened by building a backdoor to allow decryption to take place. This compromises privacy and security for everyone, not just criminals. We are already seeing the tech giants sounding alarm bells and, perhaps ironically, we may see local businesses starting to store data overseas with companies that have no presence in Australia as they look for more secure ways of storing information.
Most worryingly, this has the potential to devastate the tech community and destabilise our talented tech start-up sector. One must question why start-ups would want to base themselves in Australia where the government is undermining the very nature of their business?
However, there is one glimmer of hope.
The bill will only be passed under the condition that the federal opposition conducts further reviews and is subject to additional requests for amendment. The Parliamentary Committee of Inquiry will commence a review of the new legislation and hold public hearings, with legislative review due to be completed by 3 April 2019, perhaps just in time to be swept away in the lead up to the federal election.
If this new bill is to stop terrorist activity, then shouldn’t we all be feeling safer with its passing?
Unfortunately, our government dictates the definition of ‘terrorist’ and our law enforcers who only need to ‘suspect’ someone of unlawful terrorist behaviour. We’ve seen the word ‘terrorist’ used loosely on a number of occasions and the government abusing its rights repeatedly.
There is no feeling of security for Australians when privacy is under threat. The encryption start-up sector is in jeopardy and the global business community is watching with disbelief.
And with 3 April 2019 fast approaching, we’re all far from safe with the passing of this bill.
Benjamin Chong is partner at Right Click Capital
