Email
Password
Remember meForgot password?
    Log in with Twitter

article imageOp-Ed: Australia's new anti-encryption laws a world first, but…?

By Paul Wallis     Dec 4, 2018 in Crime
Sydney - New encryption laws in Australia are likely to be a major litmus test for encryption legislation around the world. The initial proposal was ultimately modified in a bipartisan approach, but there are many questions to be asked yet, let alone answered.
The proposed legislation has received a lot of flak on privacy grounds, and other fundamentals. Equally seriously, it has also received some unexpected criticism from technical experts and business leaders. The mix of criticisms pretty much defines the likely response to any type of encryption legislation.
The positives
With all due respect to critics of this legislation, there are some major issues to be addressed regarding encryption which are much less obvious and directly impact law enforcement capabilities:
There is a real and pressing need for anti-encryption capacity in real time, right now. The dark web, organised crime, terrorists, bikie gangs, paedophiles, you name it; they all use encryption. If law enforcement is not able to access encryption technologies and manage cases of encryption, it's pretty much game over for law enforcement intelligence gathering. The Australian government made a rather dry point of reminding Parliament that 95% of people under surveillance in Australia use encryption as standard communications.
Emerging technologies, including new forms of encryption and artificial intelligence-guided encryption mean that law enforcement will be well behind encryption technologies if it doesn’t have the required legislative powers. The next wave of encryption technologies will be far more sophisticated, and can be reasonably expected to be very high value communications security measures. This means that anti-encryption legislation is effectively inevitable, anyway.
At the national level, communications interception is an absolute, fundamental must-have. Intelligence agencies can't be expected to rely on guesswork. Given that Australian intelligence agencies have managed to prevent so many terrorist attacks, even without this legislation, a step up with better anti-encryption powers is likely to be a major plus.
The negatives
One of the least obvious negatives is based on the realities of intelligence gathering. The simple fact of being able to intercept and decode communications isn't the whole story. Understanding the meaning of communications, and being able to adapt and adjust quickly to changing circumstances is imperative. Encryption technologies and legislation don't really do much than provide a few more tools for intelligence agencies.
A point raised by business leaders is that the risk of creating "system vulnerabilities" in allowing access to encrypted communications. That's a fair point, and it has been addressed in the new bipartisan approach to be encryption legislation, to the extent that it can be addressed in theory. In practice, however, this need may or may not run the risk of creating weak points.
Privacy concerns, naturally, are a major potential problem. The ability to invade privacy has now become a sort of "entitlement" for mass media. Hordes of paparazzi bugging celebrities, sleazy little personal revenge posts, etc. You could literally write an encyclopaedia on the risks of privacy invasion using various technologies. Encryption is very much one of those technologies.
This is not a simple issue, and be multiple ramifications of privacy invasion in whatever form is applied to anti-encryption legislation really shouldn't be trivialised. The problem is that this is also an imponderable issue in practice. There is no way of knowing which way anti-encryption legislation would impact privacy, except in specific circumstances. Minds and legislative thinking should remain open while this problem is addressed.
Not getting much of a mention is another issue – Whether or not information which has been accessed by anti-encryption legislation is secure. Hacking law enforcement agencies is a sort of international sport, and it is a very high value type of information. Nobody can say that agency information is secure simply because the agency holds that information. It's reasonable to assume that a higher level of security will be placed on unencrypted information, but that doesn't make it leakproof.
Arguably the biggest problem for anti-encryption technologies is the likelihood of that others outside law enforcement and intelligence will also have access to anti-encryption software and technologies. An anti-encryption arms race is quite likely, and on a global scale, that could mean nations, criminals, hate groups, and the rest of the 21st century’s wonderful tapestry of psychos.
Will there be a need to ban the sale and distribution of anti-encryption software, to protect financial institutions and online transactions? It could happen, in a rather grim way, if anti-encryption technologies are freely available. It could also be a very easy political point scorer across the board for Law and Order, libertarian, and privacy advocates. The trouble is that the points would be very easy to make, and legitimate targets for political ends.
It's the old story, "Who watches the watchers", and the short answer is likely to be "Everybody", including good guys and bad guys. Legislation has one major redeeming benefit; it has to be visible, and it has to have judicial support. That may ultimately be the only possible protection against the anti-encryption boom, when it finally hits the mainstream.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com
More about Australian antiencryption laws 2018, digital encryption, surveillance technologies, artificial intelligence and encryption, intelligence services antiencryption powers
More news from