Australia has become the first western country to pass a bill forcing tech companies to hand over your encrypted data
- Facebook, Twitter, Apple, Google and others say the move will create a back door to users’ data and inevitably undermine security for everyone
The bill, the most far-reaching imposed by a western country, is set to become law before the end of the year.
“Let’s just make Australians safe over Christmas,” opposition Labour Party leader Bill Shorten told reporters outside parliament in the capital of Canberra.
There has been extensive debate about the new law and its reach beyond Australia’s shores in what is seen as the latest salvo between global governments and tech firms over national security and privacy.
Australian authorities can also require that those demands be kept secret.
Time to get serious about cybersecurity
The bill, passed by the lower house of parliament earlier on Thursday, was to be debated in the upper Senate, where Labour said it intended to suggest new amendments, before going back to the lower house.
But in an eleventh-hour twist, Labour said that despite its reservations, it would pass the bill in the Senate, on the proviso that the coalition agreed to its amendments next year.
“We will pass the legislation, inadequate as it is, so we can give our security agencies some of the tools they say they need,” Shorten said.
The bill provides for fines of up to A$10 million (US$7.2 million) for institutions and prison terms for individuals for failing to hand over data linked to suspected illegal activities.
Five Eyes expands to counter China’s foreign influence
When the bill becomes law, Australia will be one of the first nations to impose broad access requirements on technology firms, after many years of lobbying by intelligence and law enforcement agencies in many countries, particularly the so-called Five Eyes nations.
Australia’s government has said the laws are needed to counter militant attacks and organised crime and that security agencies would need to seek warrants to access personal data.
[It’s] equally as likely to endanger security as not
“This legislation is out of step with surveillance and privacy legislation in Europe and other countries that have strong national security concerns,” the statement said.
“Several critical issues remain unaddressed in this legislation, most significantly the prospect of introducing systemic weaknesses that could put Australians’ data security at risk.”
National cybersecurity adviser Alastair MacGibbon said police have been “going blind or going deaf because of encryption” used by suspects.
Brushing off the warnings from tech giants that the laws would undermine internet security, he said they would be similar to traditional telecommunications intercepts, just updated to take in modern technologies.
Cybersecurity threats dey national borders, so countries should collaborate
Experts such as the UN special rapporteur on the right to privacy Joseph Cannataci have described the bill as “poorly conceived” and “equally as likely to endanger security as not”.
“Encryption underpins the foundations of a secure internet and the internet pervades everything that we do in a modern society,” said Tim de Sousa, of privacy and cybersecurity consultancy elevenM.
“If you require encryption to be undermined to help law enforcement investigations, then you are ultimately undermining that encryption in all circumstances. Those back doors will be found and exploited by others, making everyone less secure.”
As the bill also includes secrecy provisions, doubts have also been raised about whether vendors have already been forced to act – undermining business models where privacy is a key selling point.
Additional reporting by agencies
