According to Article 12 of the Universal Declaration of Human Rights, privacy of communication and information is a basic right accorded to every citizen. That’s about to change with the passage of a new legislation in the Australian Parliament.
The Assistance and Access Bill of 2018 amends the Telecommunications Act of 1997. The legislation aims to establish specific guidelines on voluntary and mandatory industry assistance to law enforcement and intelligence agencies in relation to encryption technologies.
Basically, the new law requires tech companies and designated communications providers to provide the information needed in the enforcement of its laws, even if it means accessing someone’s private, encrypted information.
There are three parts to the implementation of the bill:
- Technical Assistance Requests (TAR)
- Technical Assistance Notices (TAN)
- Technical Capability Notices (TCN)
Technical Assistance Requests ask the provider to perform “acts or things” on a voluntary basis that will ensure that the provider is capable of giving certain types of help to the Australian Government in relation to the enforcement of Australian criminal laws and preservation of national security.
Technical Assistant Notices are sent to companies to compel them to provide information to the government through a bypass or decryption of certain user data which can be used for the same purpose as that provided under TARs.
Technical Capability Notices require communications providers to establish a system for government access to user data or encrypted information, again, for the same purpose as that provided under TARs. Companies who refuse compliance could face penalties.
The legislation is wide in scope, as it potentially covers entities not only residing in Australia but also those outside who transmit information to end users located in the said country.
Reform Government Surveillance, a coalition representing Apple, Microsoft, Facebook, and Twitter expressed its disagreement over the provisions of the new law, calling it “deeply flawed, overly broad, and lacking in adequate independent oversight over the new authorities and that it would undermine the cybersecurity, human rights, or the right to privacy of its users.”
The coalition also urged the Australian Parliament to promptly address the flaws when it reconvenes in 2019.
Lizzie O’Shea of the Alliance for Safe and Secure Internet, a group representing tech giants like Facebook and Google, said that the legislation is “extremely broad and extremely dangerous,” and that there could be lots of unforeseen consequences which may arise in the implementation of the law.
She further elaborated that encryption serves as a protection for communication covering not just individuals but also banking, mass transit, and others. The passage of the bill will weaken that encryption in the guise of national security and could be opening the doors for nefarious hackers to gain access to such encrypted systems.
Tech giant Apple has previously expressed its opposition to the law, as it had fears that the law, if passed, could set a dangerous precedent which countries like the US are likely to follow.
The statement is in reference to Australia being part of the Five Eyes intelligence network, an alliance comprising Australia, Canada, New Zealand, the United Kingdom, and the United States.
In its letter to the Australian Parliament, Apple challenged the idea that weakening encryption is necessary to aid law enforcement. The company reiterated that “the legislation is dangerously ambiguous with respect to encryption and security,” as “encryption is the single best tool it has to protect data and ultimately lives.”
“To allow for those protections to be weakened in any way slows out our pace of progress and puts everyone at risk,” it added.
Ultimately, the “AABill,” as it’s called, not only affects Australia but the world as a whole. Due in part to its vague language, the law grants unhampered and broad powers to the government and its intelligence agencies. It can compel an individual to pry on protected information or require a company to provide details on confidential information shared by its users without their consent.
This sets a dangerous precedent for other countries to encroach on the realm of protected speech and communications.