First Western World Country Passes Law Forcing Encryption Backdoors

Credit: WhatsAppCredit: WhatsApp

Both chambers of the Australian Parliament have passed a new anti-encryption bill today that will allow the government to force technology companies to add encryption backdoors to their products. According to Reuters, the bill should affect Apple, Google, Facebook, Snapchat and any other technology company that is based in Australia and encrypts Australian users’ communications.

The new Australian surveillance bill will allow the government to issue secret orders to companies to decrypt or assist with the decryption of encrypted communications. There is no judicial oversight of these orders, as well as no judicial review process. Only members of the government will be able to sign-off on these orders.

Supporters of the bill have defended its extended powers by saying the government is not allowed to create “systemic weaknesses” with these encryption backdoors. However, the problem here is, like most security experts have argued from the beginning, any encryption backdoor or method that allows a third-party to access communications between two users is by definition a “systemic weakness” that could be abused by malicious parties.

Five Eyes Continues Anti-Encryption Fight

Australia is the first of the Five Eyes nations, an intelligence alliance among Australia, the U.S, Canada, the UK and New Zealand, to pass this sort of bill, which is set to become law by the end of this year. The U.S., UK and Canada have all failed to do so due to outcry from security experts and the public. The Five Eyes nations recently published a joint statement reiterating their commitment to encryption backdoors.

Unlike the other members of the Five Eyes nations, Australia chose to the large majority of public comments stating opposition against this bill. The left-leaning Australian Labor party, which initially showed some reserves to support the bill, eventually ended-up supporting it to “make Australians safe over Christmas.” It believes it will have a chance to push some amendments next year, after the bill has already become law.

What's the Impact of Australia's Anti-Encryption Law?

Astralian residents and those using an Australia-based service will be impacted. Companies that use only TLS to encrypt their chat services were already capable of handing over private conversations to governments prior to this law. The TLS protocol allows companies to decrypt conversations, unlike end-to-end encryption protocols, where the conversations remain private between the sender and the receiver.

However, under this new law, end-to-end encrypted services, such as Facebook’s WhatsApp, Apple’s iMessage, or Google’s Duo could also be affected because the government could demand that the companies “find a way” to decrypt a particular user’s messages. These companies could, in theory, silently disable end-to-end encryption--without the user being aware--since they can write and update their own apps at will.

Open source chat applications, such as Signal and Telegram, which are out of reach for the Australian government and can’t easily inject malicious code without some users’ noticing, should remain unaffected for now.

Create a new thread in the News comments forum about this subject
This thread is closed for comments
20 comments
Comment from the forums
    Your comment
    Top Comments
  • jimmysmitty
    Wow. They are taking 1984 like its a guide to running a proper government.
  • Other Comments
  • jimmysmitty
    Wow. They are taking 1984 like its a guide to running a proper government.
  • antilycus
    And in return, these countries will just block services to these countries. It's cheaper and puts the companies at less legal risk...also here are the flaws:
    ... If China and Russia aren't doing it, it's meaningless
    ... VPNs will still encrypt data that can't have a "back door"
    ... In the U.S. there are laws not allowing the storage or legal ability of back doors for the financial sector...

    Long story short, this means nothing but a loss of service to any country that passes this invasion of privacy/junk
  • COLGeek
    When you build a backdoor, you don't get to choose who opens it.

    Looks like some companies will need to decide whether to do business in those countries, or not.