The Australian government is looking for a way to access encrypted communications of certain services, as well as access to non encrypted communications
Specialists in information security and digital forensics from the International Institute of Cyber Security report that the Australian House of Representatives has approved the “Telecommunications Assistance and Access Bill” nicknamed “Anti encryption Law”. According to experts, this law will allow Australian authorities to force companies such as Google, Facebook, etc., to provide access to encrypted communications from their users in cases where it is deemed necessary.
According to the Australian government, approving this law implies providing law enforcement agencies with a fundamental tool for combating and preventing high-impact crime, such as terrorist attacks, narcotics trafficking, arms smuggling, or children sexual exploitation.
This bill was supported by the main Representatives political forces in Australia, so it was sent to the upper house. Thus, the Anti encryption law could enter into force at the beginning of 2019. Although details of the actual scope of this law are still unknown, it is clear that it contains guidelines necessary for technology companies to provide assistance to the Australian Government at three different levels:
- Request for technical assistance: technology companies are requested to provide “voluntary assistance” to law enforcement agencies. In other words, companies must “eliminate electronic protection, provide technical information, install software, place information in a particular format, and facilitate access to devices or services”
- Technical assistance notice: instead of asking the company for assistance, this level of action implies that the company is flexible with the authorities in cases where they have the means to intervene a communication (when there is no encryption, for example)
- Notice of technical capabilities: This notice, issued by the attorney General, will require companies to “develop new capabilities” to decrypt communications required by the Australian police
In other words, these guidelines would force technology companies to modify their software and infrastructure to access encrypted communications via backdoor, reaching information that would be impossible to access in other ways. It should be noted that companies that do not adhere to this new regulatory framework could face severe economic sanctions.
According to specialists in digital forensics, the document states that no company will be forced to implement a “systemic weakness” in its software or hardware, nor can they be forced to “eliminate electronic protections”, such as encryption. On the other hand, the legislation establishes measures aimed at facilitating legal access to information through two different ways:
- Decrypting encrypted technologies
- Access to communications and data in points where there is no encryption
“We encourage the Government to maintain its intention not to weaken encryption or to force suppliers to build weaknesses in their products” the Bill stipulates.
In this way, the Australian authorities intend to break into the encrypted communications of the users of these services without forcing the companies to disrupt the encryption of their developments, as well as exploiting the possibility of accessing unencrypted communications. It is obvious that to achieve these objectives companies like Apple, Samsung, Google or WhatsApp must collaborate with the Government, although the position of all major providers of this kind of services is not yet known.
Australia integrates the Five Eyes alliance with the United States, the United Kingdom, Canada and New Zealand, so that specialists in digital forensics and cybersecurity consider that, if approved in Australia, the Anti encryption law could find counterparts in the rest of the member countries of this alliance.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.