An assault on privacy? Anti-data encryption law in Australia

Code

The Assistance and Access Bill 2018 (also known as the Telecommunications and Other Legislations Amendment) is a piece of legislation currently under review in Australia. It states that companies will be asked by law enforcement agencies to provide access to data for purposes related to the enforcement of criminal law domestically and internationally, the pursuit of Australian national interests and the protection of Australia’s national security. Potential items collected would include: written texts, photos, music, and videos.

Agencies would make these requests in three ways:

  1. Technical assistance request: asks providers to respond to agencies voluntarily for the purposes listed above
    1. This ensures that companies are able to give certain types of help
  2. Technical assistance notice: compulsory notice to providers to help the agencies for the purposes listed above
    1. This forces companies to do things to help agencies using the capabilities they already have
  3. Technical capability notice: compulsory notice for a provider to add a capability to meet the requirements for a technical assistance notice

These requests would ask companies to perform specific “acts” or “things” so that law enforcement agencies could access information. These actions include: removing forms of electronic protection, installing and using software, and ensuring that collected information was accessed with the authority of search warrant to name a few. Under section 317E(j), an interesting mandate states that things can be done to hide the fact that anything has secretly been performed without the public’s knowledge.

The troublesome part of this Bill is the execution of some acts and/or things. Articles have stated that the removal of electronic protection would come in the form of eliminating encryption services that protect personal information. Data encryption protects people’s privacy by using mathematical sequences to mask information shared through the Internet. This includes talking to people on Whatsapp, to online shopping, to online banking.

Loosening encryption has the power to put personal information at risk. While it can be used to follow the movement of suspected terrorists on the Web, law-abiding citizens could have their information accessed. Private messages could become targets of law enforcement oversight. The stated purposes of criminal law enforcement and pursuit of Australian interests at home and abroad are vague enough to encompass a wide range of activities. When there are undefined boundaries to access information, the likelihood of abuse of power increases exponentially.

Not only that, but there is also the likely chance that citizens would be unaware of this breach of privacy, as listed under section 317E(j). A breach of privacy is worrisome in itself, but if this information were made public, distrust in the government could arise. This could have the power to weaken the nation from within.

While law enforcement may have legitimate security concerns, the ability to potentially follow the actions of a few suspected criminals is not sufficient reasoning to breach privacy on such a large scale.

This blog post was written by a CCLA Volunteer. Opinions expressed do not necessarily reflect the views of the CCLA.