INSUBCONTINENT EXCLUSIVE:
Image copyrightGetty ImagesImage caption
Australian police can now order tech firms to access the encrypted messages of
suspects
Australia has passed controversial laws designed to compel technology companies to grant police and security
agencies access to encrypted messages.The government says the laws, a world first, are necessary to help combat terrorism and crime.However
critics have listed wide-ranging concerns, including that the laws could undermine the overall security and privacy of users
The laws were rushed through parliament on its final day of the year.The Labor opposition said it had reluctantly supported the laws to help
protect Australians during the Christmas period, but on Friday it said that "legitimate concerns" about them remained.Cyber-security experts
have warned the laws could now create a "global weak point" for companies such as Facebook and Apple.Why are encrypted messages an
issueAustralia already has laws which require providers to hand over a suspect's communication to police
This may already be possible if a service provider uses a form of encryption that allows them to view a user's message.But in recent years,
services such as WhatsApp, Signal and others have added an additional layer of security known as end-to-end encryption.End-to-end encryption
allows only the sender and recipient to view a message, preventing it from being unscrambled by the service provider
Australia and other countries have said that terrorists and criminals exploit this technology to avoid surveillance.How would this change
workIt differs from laws in China, Russia and Turkey, where services offering end-to-end encryption are banned.Under Australia's
legislation, police can force companies to create a technical function that would give them access to encrypted messages without the user's
knowledge.Image copyrightEPAImage caption
Only two MPs, Adam Bandt and Andrew Wilkie (left), voted against the bill
"This ensures that our national security and law enforcement agencies have the modern tools they need, with appropriate authority
and oversight, to access the encrypted conversations of those who seek to do us harm," Attorney-General Christian Porter said.However,
cyber-security experts say it's not possible to create a "back door" decryption that would safely target just one person
"Any vulnerability would just weaken the existing encryption scheme, affecting security overall for innocent people," said Dr Chris Culnane
from the University of Melbourne.Such a "security hole" could then be abused or exploited by criminals, he said
In a bid to address these concerns, Australia's law offers a safeguard which says decryptions won't go ahead if they create a "systemic
weakness".However critics say the definition of "systemic weakness" is vague, meaning it is unclear how it may be applied
What are the other concernsDigital rights advocates are highly critical of Australia's move, saying it lacks sufficient checks and
balances.The Electronic Frontier Foundation has said police could order individual IT developers to create technical functions without their
company's knowledge."This has the potential for Australian tech firms to have no clue whether they were even subject to an order," the
foundation's Nate Cardozo told the TheIndianSubcontinent.There is also criticism over how fast the laws were passed
A draft bill was presented only in August.A parliamentary committee examining the legislation did not release its report until late on
The Labor opposition added 173 amendments to the bill on Thursday."It's completely been rushed
There's no way anyone could have formed a properly informed view on the changes to this very technical piece of legislation in that time,"
Dr Culnane said.What does it mean for tech firmsIf companies don't comply with the laws, they risk being fined
That's led to speculation that some global firms which have vocally opposed the laws could withdraw from the Australian market.However, Dr
Culnane said that most companies are likely to comply - partly because users won't be aware if their messages have been accessed.However,
experts say the full implications are unclear and much uncertainty remains
Some firms have already suggested that they may not be subject to Australian law.Experts add that, given the debate involves national
security, many aspects may play out behind closed doors.
