First Western World Country Passes Law Forcing Encryption Backdoors

(Image credit: WhatsApp)

Both chambers of the Australian Parliament have passed a new anti-encryption bill today that will allow the government to force technology companies to add encryption backdoors to their products. According to Reuters, the bill should affect Apple, Google, Facebook, Snapchat and any other technology company that is based in Australia and encrypts Australian users’ communications.

The new Australian surveillance bill will allow the government to issue secret orders to companies to decrypt or assist with the decryption of encrypted communications. There is no judicial oversight of these orders, as well as no judicial review process. Only members of the government will be able to sign-off on these orders.

Supporters of the bill have defended its extended powers by saying the government is not allowed to create “systemic weaknesses” with these encryption backdoors. However, the problem here is, like most security experts have argued from the beginning, any encryption backdoor or method that allows a third-party to access communications between two users is by definition a “systemic weakness” that could be abused by malicious parties.

Five Eyes Continues Anti-Encryption Fight

Australia is the first of the Five Eyes nations, an intelligence alliance among Australia, the U.S, Canada, the UK and New Zealand, to pass this sort of bill, which is set to become law by the end of this year. The U.S., UK and Canada have all failed to do so due to outcry from security experts and the public. The Five Eyes nations recently published a joint statement reiterating their commitment to encryption backdoors.

Unlike the other members of the Five Eyes nations, Australia chose to the large majority of public comments stating opposition against this bill. The left-leaning Australian Labor party, which initially showed some reserves to support the bill, eventually ended-up supporting it to “make Australians safe over Christmas.” It believes it will have a chance to push some amendments next year, after the bill has already become law.

What's the Impact of Australia's Anti-Encryption Law?

Astralian residents and those using an Australia-based service will be impacted. Companies that use only TLS to encrypt their chat services were already capable of handing over private conversations to governments prior to this law. The TLS protocol allows companies to decrypt conversations, unlike end-to-end encryption protocols, where the conversations remain private between the sender and the receiver.

However, under this new law, end-to-end encrypted services, such as Facebook’s WhatsApp, Apple’s iMessage, or Google’s Duo could also be affected because the government could demand that the companies “find a way” to decrypt a particular user’s messages. These companies could, in theory, silently disable end-to-end encryption--without the user being aware--since they can write and update their own apps at will.

Open source chat applications, such as Signal and Telegram, which are out of reach for the Australian government and can’t easily inject malicious code without some users’ noticing, should remain unaffected for now.

Lucian Armasu
Lucian Armasu is a Contributing Writer for Tom's Hardware US. He covers software news and the issues surrounding privacy and security.