The idea of encrypted messages is that other people can’t read them. Now, Australia is considering a law that would circumvent that privacy and give law enforcement direct access to those messages — without the consent of the sender.
This legislation comes after the Five Eyes intelligence alliance, including Australia, Canada, New Zealand, the U.S., and the U.K., released a statement calling for government access to encrypted files on the basis of national security and crime prevention. That document includes such reassuring lines as “privacy is not absolute” and an open threat for enforcement of getting access to encrypted data if companies don’t comply.
Now, it seems that Australia will be the first country to actually follow through on that threat. Although Canberra is on the other side of the world from Washington, that law could have serious implications for the United States, as a model for similar legislation. Additionally, companies marketing to consumers in both countries may begin to include such access to be in compliance with Australian law.
Although backers say the bill has safeguards to prevent abuse written into it, serious questions about privacy, government accountability and security remain.
For starters, the bill could be read in such a way that might allow the government to demand companies incorporate government surveillance abilities into their products without alerting consumers. That’s a red flag for both consumer privacy and transparency.
Moreover, such a “back door” needlessly makes encrypted communications more vulnerable to malicious actors. As I’ve explained before, ensuring that one group — in this case the government — has access to these communications makes it easier for another party to also gain access cutting down on security. There is also the added threat to all consumers if the government's “back door” access was itself hacked or otherwise obtained by malicious actors.
Finally, such legislation would likely pave the way for further, more invasive practices including storing and assessing large amounts of citizens' data without the knowledge or consent of users and shielded from the public scrutiny of open court.
At the core of such regulation is building the surveillance state into new technology or forcing companies to offer updates for existing services that play into the needs of such as state.
As legislation winds through the Australian government, these are key questions that that country’s officials and citizens must consider. In the U.S. companies are taking notice and lobbying against the bill, but citizens should pay attention too. After all, Washington wants your data too.