Australia will be a testing ground for the “Five Eyes” powers’ attacks on encryption due to our lack of privacy protections and national security oversight mechanisms.
A bill to implement the Coalition’s attacks on encryption was introduced into parliament during its last sitting week, after a risible 10-day “consideration” of thousands of submissions the government invited on its proposals, which revolve around forcing tech companies to help install malware on devices or find other ways of “cooperating” with security agencies. The bill has gone to Parliament’s intelligence and security committee for review.
That came a couple of weeks after the domestic security ministers of Five Eyes countries (US, Canada, UK, Australia, New Zealand) met here and issued a communique, in effect saying they would impose decryption requirements on tech companies, but cloak it in the guise of “cooperation” and without using backdoors that undermine encryption for everyone. As with the government’s approach here, the detail has been left nebulous, but it is clear that the use of secretly inserted malware is central to the Five Eyes’ approach — which of course is no safer than encryption backdoors, because malware, like backdoors, can be lost or stolen and repurposed by malicious actors.
Perhaps that’s why, as US cybersecurity law expert Susan Landau pointed out last week in an incisive analysis, the statement has come from domestic security and immigration ministers and not from Five Eyes intelligence agencies. Whatever their views on encryption, senior signals intelligence officials, who are usually charged with the dual roles of stealing enemies’ secrets and protecting their own, understand that anything that undermines encryption can end up coming back to hurt you and your allies — as happened when the NSA lost a trove of malware later repurposed for a massive ransomware attack.
The government has been at pains to insist that its anti-encryption legislation will be based on similar UK legislation. The problem for the UK government, however, has been that while it remains in the European Union, its citizens are able to use the European Convention on Human Rights to defend themselves. Last month, the European Court of Human Rights struck down parts of the UK’s mass surveillance laws in response to a suit brought by an array of privacy and human rights organisations.
Australians have no such protection, nor access to a US-style bill of rights that entrenches human rights in law and provide a case for civil society groups to take governments to court, or an equivalent to the Canadian Charter of Rights and Freedoms. As Landau noted, “Australia is the perfect candidate: the country’s lack of a comprehensive set of human rights protections means that Australia does not face the balancing requirements of privacy and civil liberties protections that the U.K. and U.S. do.”
Australia is perfect in another way. The US Congress has two intelligence committees, and although they can be partisan, they aren’t under the thumb of the executive and can pursue whatever they want, even if intelligence agencies object. While less independent, the UK Intelligence and Security Committee, especially since reforms in 2013, has a wide-ranging remit including the operations of agencies and capacity to handle highly sensitive information and cabinet material. Canada’s equivalent committee can also now examine operational matters.
Here, the Parliamentary Joint Committee on Intelligence and Security (PJCIS) is controlled by the government and can’t examine the operations of security and intelligence agencies.
Recent moves to address this have been kicked into the long grass. Last year an intelligence review commissioned by Malcolm Turnbull shied away from real reform, recommending the PJCIS be given the power to initiate inquiries — but it would still be prohibited from looking at operational matters. In any event, the government has done nothing to progress any reform since then, except announce yet another intelligence review earlier this year.
More curious is the case of Labor. Once gung-ho for improving the PJCIS, Labor introduced a reform bill John Faulkner left behind when he retired. Turnbull had that bill killed off. But in August, Centre Alliance Senator Rex Patrick introduced the Intelligence Services Amendment (Enhanced Parliamentary Oversight of Intelligence Agencies) Bill 2018, which would add agency activities to the committee’s general review remit (subject to a ministerial veto), enabling it to pursue operational matters off its own bat.
Patrick had earlier tried to move the relevant sections as amendments to government legislation, putting pressure on the government to accept the change if it wanted its bills passed, but Labor refused to back him. Labor has now sent the bill off to an inquiry by the senate’s Finance and Public Administration committee, where it sits in obscurity with just one submission. Perhaps Labor wants to sit on the issue until it is in government. But it’s a curious way to treat an issue it used to support.
Meantime, Australians remain unprotected from the Five Eyes’ war on privacy.
What do you make of the proposed bill on encryption? Write to boss@crikey.com.au and let us know.
I have an unsettling feeling that the overwhelming majority of our MPs do not have even a loose grasp of the potential repercussions for our privacy should this Bill pass. Not just our privacy… but also theirs.
And if these idiots pass stupid legislation such as this, I hope someone like Anonymous targets them just so they understand how stupid and vulnerable they are.
We Australians deserve everything we will get for idling through these bloody awful laws. We have such a love for our third rate oppositions, second rate governments, and now a first rate personal intrusion apparatus.
You are being overly generous in your rating of Australian political party’s and their epsilon minus members, Appelet.
It makes me despair. What is wrong with so many complacent Aussies who can’t be bothered spending even a minute thinking about the threat this poses to us all?
As for the ALP, what a pack of useless “yes men and women” you are. Stand up Shortening, Albo, Plibersek, Wong etc. Are any of you cowards prepared to stand up to this outrageous attack on our personal rights, or is the lure of getting back into government too great for you to stand up and be counted?
I would remind you that the ALP can do NOTHING until it returns to government…so anything which threatens that occurring has to be ignored for now.
As usual with people like you…its all Labor’s fault…while this bloody useless government gets away with everything!!
You are correct, the ALP is doing nothing, as usual. Their not elected and very well paid to do NOTHING.
APPLET: “They’re not elected…”
correction…. They’re , not Their.
A: it is the current government’s fault we are going down this path.
B: The Labor can absolutely do something, they can bring it up in parliament and pull the bill apart for what it is. They are in opposition to a government who is only just in with a majority of 1.
The issue is not many people care about this because they don’t really know how it will effect them. MSM doesn’t report on it with the view people won’t understand it, people don’t understand it because no one reports on it. The people that do understand it make submissions, in very short windows for comment, and have those submissions not read by the home affairs department, probably because no one there actually understands it beyond the fact that terrorists use encryption. Terrorists also use vehicular transportation, electricity and money. Government should probably look into not understanding how they work at some point soon… Ah… nevermind.
Exactly. Who benefits from a government that doesn’t understand the implications of legislation it puts up?
Uh-oh
How much does our government stand to make on this “sacrifice”?
Its not every day that I agree with z.a. or birdbrain but on this matter I do. Among others who do not seem to comprehend the implications is, apparently, Mr Keane. The proposed bill, or protection from it, has nothing to do with human rights or bills of rights or whatever. It is about, rather directly, effective representation in Parliament.
Let’s be clear. The proposed legislation will compel internet companies to assist law enforcement in decrypting messages sent with end-to-end encryption (E2EE). It is envisaged that the “assistance” will take the form of “back doors”. Microsoft, as Snowden pointed out, was passing on suspect messages transmitted by SKYPE to the NCA. That is Microsoft has a back door to Skype.
In theory (or fact using RSA or AES), as the name implies, E2EE protects data such that it can only be read on the two ends or by the communicating parties. Not even the architects of RSA (or whatever) can crack it (over a reasonable period of time such as two or three years).
The ONLY way to obtain the content is via other back-door means. Internet providers can also be made to substitute a service they provide with a different service at a law enforcement agency’s directive. Despite what has been asserted by descriptions of the bill stating that there are to be no backdoors – of course there are going to be backdoors – in one form or another.
What has been said in regard to a “commitment to no backdoors” is nonsense because backdoors can be placed anywhere in the secure messaging pipeline. Further, as with almost all government initiatives (the Parliament is hardly a concert of intellectuals) what is on offer is no more than simple minded idiocy. Proposals to overcome terrorism, or whatever, need to be thought through and not leap to the simple minded “solution” of breaking E2EE. Alternatively, look on the bright side : installing additional software on selected devices, in an otherwise secure environment (thus making the environment less secure – maximum security occurs with no connection) is in itself a systemic weakness and open to exploitation. Ok – sometime into the future someone might be charged (with the device detected) but the cat would be out of the bag – or the horse up the road.
Keep in mind that former Attorney-General, Senator George Brandis, QC, said, about a year ago, that encrypted messaging was “impeding lawful access to the content of communications”. As to what “lawful access” might mean is anyone’s guess but, to the best of my knowledge, no one
asked Brandis.
So this bill has no implications on rights to privacy, this back door access to all my secrets thingy, but IS about effective representation in parliament.
You may have an argument to make there Kyle, but I wish you luck trying to convince me that governments seeking to access my private communications has no implications for my right to privacy ( my ethical human right as it is not legislated).
You also may have an argument about how it is about effective representation in parliament, but alas you didn’t make it.
“So this bill has no implications on rights to privacy, this back door access to all my secrets thingy, but IS about effective representation in parliament.”
Yes D.B., that is a fair, albeit abbreviated, assessment of what I have written.
With E2EE who needs legislation if the communicating users are intent on privacy? Even DES (date encryption standard – that has been around for 40 years – with improvements over time) would suffice for small office and home requirements (and, strictly, isn’t E2EE – but close). But then we have the likes of Brandis who are not bought to account for their idiotic statements – and become responsible for such idiotic legislation.
As to a Bill of Rights – well take a look at the countries that have such instruments
and ask : did the Bill prove to be a panacea and the answer is no. It was on this point that Snowden blew the fable of personal protection (i.e. privacy) sky-high and Microsoft, among others, were complicit. The Bill, in practice, wasn’t worth a rat’s.
Moreover, the Bill would NOT protect Snowden should he return to the USA. With all due respect those who yearn for such Bills (Mr Keane to identify one) just haven’t
thought the matter through; more a kin to a copycat mentality; if NZ has such a Bill then Oz needs such a bill.
Just assume, D.B., that your data will never be safe from the government. That is the safest option.
“You also may have an argument about how it is about effective representation in parliament, but alas you didn’t make it.”
True – actually only, implicitly, in outline. Do you want me to make it or should Keane (who is, after all being paid) make it – and NOT bang on about santa-claws like Bills. There is also the issue of future technology and I, for one, have no confidence in any Australian government (on the basis of pre-selection methods alone) being qualified to legislate for the future.
At the risk of appearing trite if there was a more equitable distribution of the GDP (for all countries) such legislation would be superfluous.
Kyle, I’m crushed to hear that “it’s not everyday that I agree with….birdbrain”.
As a magpie I have the intellectual capacity of a 5 year old ‘uman. Spare me some slack for my intellectual failings.
Some days we do agree and other days less so but on this topic there is agreement!
But it is also a complex topic – witnessed by the relatively few replies and hence a useful topic for Crikey.