The Australian government has passed a controversial anti-encryption bill that allows law authorities to forcefully access sensitive consumer data encrypted by popularly-used technology companies and social applications, reported The Hacker News on December 10, 2018.
Data Down Under
Formally known as the “Telecommunications Assistance and Access Bill 2018,” the act means law enforcers can ask companies like Google, Facebook, WhatsApp, Signal, and several others to provide decrypted customer data and other encrypted means of communication. Ironically, while all affected firms rely on their ability to protect personal information in the public eye, the move could cause a shift in the crowds’ perception of how technology giants handle one’s personal information.
Australia’s House of Representatives, the body responsible for passing the new rule, believes the enforcement can augment national security and cut down malpractices and fraud related to data misuse, including serious offenses such as child exploitation, terrorism, drug trafficking, smuggling, and general crime.
Both major parties of the country, which form the upper house and include the Coalition and the Labour parties, were in support of the bill and are pushing to bring it into effect before the next parliament session in March 2019.
Three “Assistance” Levels
While the bill’s legal extent remains unknown at the time of writing, the authorities stand to gain widespread power over the privacy and personal rights of Australians. As of now, companies are expected to receive specifics of three “assistance” levels to help the government execute the move.
First, a Technical Assistance Request (TAR) calls for providing “voluntary” action to law authorities. Under the terms of this subsection, technology firms are obliged to remove “electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services.”
Next, a Technical Assistance Notice (TAN) mandates technology companies to provide assistance beyond what is “reasonable, proportionate, practical and technically feasible,” giving Australian agencies “the flexibility to seek decryption of encrypted communications” in circumstances which are determined on a case-to-case basis.
Lastly, the Technical Capability Notice (TCN) requires firms to necessarily build a “new capability” for companies to provide decrypted access to communications between the product’s clientele. The rule can be dictated only by the Australian Attorney-General.
Blockchain’s “Killer” Chance?
Companies found in violation of the three subsections or declining to provide relevant customer information stand to face hefty penalties and court charges under Australian law. However, it must be pointed out that forced backdoor access, or introducing a “systemic weakness” is against government demands. Instead, enforcers seek “lawful access” to communication at two points: decryption of encrypted data and accessing unencrypted data.
Apple was quick to clear its position on the dictum, stating in a release in November 2018:
“Encryption is simply math. Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone. It would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat.”
It remains to be seen how technology companies deal with the new judgment in the land down under, but increased awareness of protecting one’s personal data and practicing safe online behavior, blockchain technology, and decentralized applications (dApps) may well find their “killer” use case on the back of Australia’s anti-encryption law.