In a world-first, Australian security agencies are set to gain unprecedented access to encrypted communications.
Ignoring unanimous warnings and doubts raised by tech experts, academics, and the public alike, the Australian Senate passed the new anti-encryption bill into law by 44 votes to 12, moving it straight into Parliament, where it is expected to be rubber-stamped by the Australian MPs.
The Assistance and Access Bill, also known as the Anti-Encryption Bill, will allow Australian law enforcement agencies to “request” (read: demand) tech companies to introduce backdoors and create security vulnerabilities in their products and would give the government access to encrypted communications.
However, according to Australian lawmakers, if these features are considered “systemic weaknesses”, the technology firms will not be required to insert them into their systems. As per Australia’s anti-encryption bill, these “systemic weaknesses” and “vulnerabilities” are defined as follows:
“Systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.”
“Systemic weakness means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.”
In other words, these definitions have been kept as wide and vague as humanly (or politically) possible. Which is terrible, if not unexpected. But wait, it gets worse: the tech businesses that receive “requests” to essentially hack their own company cannot disclose them to anyone, under penalty of several years in prison.
In a glaring demonstration of technical illiteracy, Australian MPs and government officials stated that the bill will not allow for backdoors in software and is only meant to target serious criminals such as terrorists, sex offenders, and murderers. “This ensures that our national security and law enforcement agencies have the modern tools they need,” Attorney General Christian Porter said.
However, Australian lawmakers failed to mention how a device or a piece of software can be simultaneously secure and vulnerable, presumably disappointing Schrödinger fans across the globe.
According to human rights advocacy group Access Now, “As drafted, the bill would authorize vast new authorities with almost no understanding of the limitations, the implications, or oversight mechanisms. It is unclear who could be implicated, what could be requested, what the effects would be, and how oversight would work.”
We couldn’t agree more: the potential for misuse and government overreach is as appalling as it is obvious.
Will Australia’s new anti-encryption bill turn the country into a surveillance state akin to China? Only time will tell. In the meantime, make sure you’re able to protect yourself from a government that wants to spy on you (for your own safety, of course) by using a quality VPN service.