Australia’s Parliament on Thursday passed the world’s first law requiring technology companies to give law enforcement officials access to encrypted messages and communications.
The law authorizes police to compel companies to create a security vulnerability, often called a backdoor, that would give investigators access to an individual’s communication without that person’s knowledge. It marks a major milestone in the so-called “crypto wars” over the public’s ability to “go dark” via the powerful encryption available on commercial devices.
Authorities in Australia, U.S., and U.K. for years have argued such access is necessary to help police combat encryption in modern technology that protects them from traditional interception techniques. Privacy advocates, technologists and businesses including Apple have criticized the Australian bill and similar proposals elsewhere, saying such plans would introduce portals for government abuse and malicious hackers alike.
Companies that fail to obey the law risk being fined.
“This ensures that our national security and law enforcement agencies have the modern tools they need, with appropriate authority and oversight, to access the encrypted conversations of those who seek to do us harm,” said Christian Porter, Australia’s attorney general.
International officials who have pushed for their own measures now will watch the next phase of the “going dark” debate unfold in Australia.
“Once you’ve built the tools, it becomes very hard to argue that you can’t hand them over to the U.S. government, the U.K. – it becomes something they can all use,” Lizzie O’Shea, a human rights lawyer, told the New York Times this week.
O’Shea previously wrote in a Times editorial that other nations in Five Eyes intelligence sharing alliance — made up of Australia, Britain, Canada, New Zealand and the U.S. — have pushed for Australia to “lead the charge” in finding a way to crack encrypted data. The country does not have a bill of rights, making it “a logical place to test new strategies” for breaching apps like WhatsApp and Signal.
“The truth is that there is simply no way to create tools to undermine encryption without jeopardizing digital security and eroding individual rights and freedoms,” she wrote. “Hackers with bad intentions will do their utmost to take advantage of any such tools that companies are forced to provide the government.”