No Backdoor But 'Side Door' For Encrypted Messaging In Government Crackdown
"The legislation is very specifically saying it's not a back door, while simultaneously ensuring they install multiple side doors and windows."
The government has promised no backdoor access to encrypted messaging services like Whatsapp or Wickr in a law enforcement crackdown on the technology, but security experts fear other 'side doors' will be inserted to let government monitor private communications.
The federal government has finally unveiled long-flagged laws around encrypted messaging, which law enforcement say are needed to help foil criminal activity like child pornography or terrorism. Under the Assistance and Access Bill 2018, tech companies and individuals -- including those who own a device in question -- would first be asked to voluntarily help with investigations, but could face penalties of $10 million fines or ten years jail for not complying.
Encrypted messaging services offer the security that messages can only be read by the sender or intended recipient, with each party having a 'key' to unlock the encrypted message. The idea is that nobody else, not even the service provider itself, can unlock those messages.
"We know that more than 90 per cent of data lawfully intercepted by the Australian Federal Police now uses some form of encryption. This has directly impacted around 200 serious criminal and terrorism-related investigations in the last 12 months alone," cyber security and law enforcement minister Angus Taylor said.
Taylor claimed the new legislation would "expressly prevent the weakening of encryption", and would not include "back doors" to give easy access to data.
But tech expert Justin Warren said this was "incredibly cynical".
"The government has noticed society generally is very uncool with the idea of a backdoor, but they really want one, so they're trying to get one as long as it's not called a backdoor but functions exactly the same," he told ten daily.
"The legislation is very specifically saying it's not a back door, while simultaneously ensuring they install multiple side doors and windows. The legislation seems to say 'we won't force you break encryption but anything else you can do to help is on the table'."
The legislation includes giving the government the ability to ask tech companies to install software. Warren, an IT consultant and Electronic Frontiers Australia board member, called it a "massive power grab".
He suggested the government could compel tech companies to install keylogging software or malware to record text someone writes on their phone, among other ideas that would not constitute a 'backdoor' but still allow access to previously uncrackable communications.
"It will be a massive fight to stop a panopticon. It’s astounding," he said.
The tech sector has been vocal in opposing regulations which would wind back encryption. The Digital Industry Group, which represents the likes of Facebook, Microsoft and Twitter, warned in a January submission:
"great care must therefore be taken in developing future government policy around investigatory powers and avoid promulgating regulation that would compromise the effectiveness of encryption technology in the wider public and economic interest."
Nigel Phair, director of UNSW Canberra Cyber, said it would be difficult to force foreign companies like Apple, Facebook or Whatsapp to comply with Australian legislation.
"Generally speaking it's good legislation. I understand the gist of it, if they can stop an incident then that's a big thumbs up. Generally speaking I get it, but practically is another thing. We can't keep adding more laws and think we’ll be safe online," he told ten daily.
"These companies aren't Australian-based, so if we try to fine them, they might not pay it."
Phair raised the oft-cited case of Apple refusing to unlock an iPhone owned by the gunman behind the San Bernardino terror attack in 2015.
"It's about working on international normalisation with these companies. We want more carrot and not so much more stick. The background of these tech companies is they're generally anti-establishment, so being overly burdensome won't make them help you," he said.
"The government is being explicit to say there's no backdoor, which means there will have to be some kind of front door. Whether it's tracking what you're dictating or typing in text, there will have to be some mechanism to do this."
Technology advisor Rob Livingstone also said the global reach of such messaging services would make enforcing the laws difficult, and wondered how the government would gain access to information while keeping to its promise to not force backdoors.
"In end-to-end encryption, the service provider has no way of decrypting messages, which is intrinsic to the security protocols. Even if the government wants a provider to make a backdoor or master key, some providers are not able to do that," he told ten daily.
But since tech giants like Facebook do conduct business in Australia, Livingstone said the government would have some ability to make them comply.
"They do derive Australian revenue, they have a business presence, ABN numbers, staff employed, so they would come under Australian laws. It'd be hard for them to say 'we've got nothing to do with your laws'," he said.
The laws are to be introduced into parliament and debated.