Australia’s House of Representatives has finally passed the “Telecommunications Assistance and Access Bill 2018,” also known as the Anti-Encryption Bill, on Thursday that would now allow law enforcement to force Google, Facebook, WhatsApp, Signal, and other tech giants to help them access encrypted communications.
The Australian government argues the new legislation is important for national security and an essential tool to help law enforcement and security agencies fight serious offenses such as crime, terrorist attacks, drug trafficking, smuggling, and sexual exploitation of children.
Since the bill had support from both major parties (the Coalition and Labor), the upper house could vote in support of the Assistance and Access Bill to make it law, which is expected to come into effect immediately during the next session of parliament in early 2019.
Although the new legislation does not properly clarify specifics around the potential power that the Assistance and Access Bill could give Australian government and law enforcement agencies over citizen’s digital privacy, it contains new provisions for companies to provide three levels of “assistance” in accessing encrypted data, as explained below:
- Technical Assistance Request (TAR): A notice to request tech companies for providing “voluntary assistance” to law enforcement, which includes “removing electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services.”
- Technical Assistance Notice (TAN): This notice requires, rather than request, tech companies to give assistance they are already capable of providing that is reasonable, proportionate, practical and technically feasible, giving Australian agencies the flexibility to seek decryption of encrypted communications in circumstances where companies have existing means to do it (like at points where messages are not end-to-end encrypted).
- Technical Capability Notice (TCN): This notice is issued by the Attorney-General requiring companies to “build a new capability” to decrypt communications for Australian law enforcement.
These notices would compel tech companies to modify their software and service infrastructure to backdoor encrypted communications and data that could otherwise not be obtained.
It is worth noting that companies could face massive financial penalties for not complying with the new law.
images from Hacker News