Everything George Brandis Has To Say About Australia’s New Encryption Laws
Ahead of the Prime Minister’s announcement today, Attorney General George Brandis spoke at length with media about the Federal Government’s new proposed laws to gain access to encrypted messages hosted on platforms like Facebook and WhatsApp.
Here’s everything he’s had to say so far.
Brandis spoke this morning with both Kris Landers at ABC, and Keiran Gilbert at Sky News.
Attorney General George Brandis has confirmed that the government won’t be asking for flaws in encryption software to allow access by authorities, and instead companies will need to (where possible) decrypt messages as requested – with a warrant.”]
On how the laws will work
What we would do is we would apply to internet companies, to device makers essentially the same obligations that apply under the existing law, to enable provision of assistance to law enforcement and to the intelligence agencies where it is necessary to deal with issues of terrorism, with serious organised crime, with paedophile networks and so on.
…..of course information security is important, the Government acknowledges that, but national security is also important and it is possible to reconcile the two.
Governments and law enforcement and intelligence agencies have always had the lawful capacity to intercept information, under warrant of course, where that is necessary for criminal investigations or for criminal prosecutions. And there has always been an obligation on citizens, including corporate citizens, to assist police, in law enforcement matters. So all we are seeking to do is to apply existing legal principle to a new technology.
So this is, in a sense, a commonplace proposition, but because of the development of encryption technology in the last few years, there are communications which previously would have been as a matter of course, been able to be intercepted under warrant by intelligence and law enforcement, which are now beyond them. So what we’re asking the ISPs and the device makers to do is to accept the same obligation that already applies under existing law, also applies to the new technologies.
On how the laws will work, exactly – taking end-to-end encryption into account
Well there are various claims that have been made. Last Wednesday I met with the Chief Cryptographer at GCHQ, the Government Communication Headquarters in the United Kingdom, and he assured me that this was feasible. So there are various claims made by experts in the field, but what the Government is proposing to do is to impose upon the companies an obligation conditioned by reasonableness and proportionality.
On what happens if a company says it’s not “reasonable”
Then let them argue that point in court….our first preference, our very strong first preference, is to work collaboratively with the companies so that there is a voluntary approach to this so imposing legal obligations, coercive legal obligations, is very much a default position.
These are important companies of course, they’re extremely powerful companies, as you say some of the largest companies in the world. So they of all understand the nature of their social obligation, and it’s also a legal obligation. As I said before, we are asking nothing more of them than to accept that the same legal principles that applied to the old technologies, must apply to the new technologies.
Potentially, as the United Kingdom has done with its Investigatory Powers Act, as the New Zealanders did in 2013 with their equivalent legislation and what this does is merely contemporise for the modern era what is a well-established legal principle, and that is persons, including companies, can be subject to an obligation to assist law enforcement in resolving crimes and that principle shouldn’t depend upon the nature of the technology. It applies to all communications.
Now as the Prime Minister has said many times, and I couldn’t agree more, the internet is not an ungoverned space. People lead a large proportion of their lives online today and the rule of law has to apply as much online as it does in everyday life.
On how encryption is impacting on the work of Australian security agencies
It’s a rapidly evolving phenomenon, which as I’ve said before, represents the greatest degradation of our intelligence capability in modern times. Let me give you an example. In 2013, about three per cent of ASIO’s priority investigations involved at one point or another, trying to access encrypted communications. Today, it’s more than 50 per cent and with the ubiquity of encryption technology in messaging services, then I think we have to face the situation, that this will be a universal phenomenon within a very short time.
…if it was legally, morally, ethically appropriate for unencrypted private communications to be accessed by lawful means and under warrant before in order to keep the community safe, why has everything changed because a new encryption technology has been developed. Nothing has changed.
Communications do have to be accessed by intelligence and law enforcement in certain defined circumstances and under warrant in order to investigate and protect us against terrorism planning, to investigate and break up organised crime gangs, to investigate and break up paedophile rings and it’s not good enough, frankly, for anyone to hide behind the fact that there is a new technology that enables these communications to be encrypted to say I’m sorry, we’re not prepared to cooperate with you.
On enforcing a “backdoor” to be enabled
…we don’t propose to require backdoors as they’re sometimes called, though there is a debate about what is and is not a backdoor. What we are proposing to do, if we can’t get the voluntary cooperation that we are seeking, is to extend the existing law that says to individuals, citizens and to companies, that in certain circumstances you have an obligation to assist law enforcement if it’s within your power to do so. Now the laws that exist at the moment predate the development of encryption, all we are seeking to do is to apply an existing principle to a new technology.
On mass surveillance fears
It’s got nothing to do with mass surveillance. It is not mass surveillance and it’s not going to make their everyday dealings in social media insecure. The fact is that information security is a very high value. It is an economic benefit. It matters to people and the Government is determined to protect it. But having said that, there is also an important value to be served in protecting national security and as I said in answer to your earlier question, it has been accepted for decades that in certain defined circumstances, law enforcement and intelligence agencies on a warranted basis should be able to access communications in order to keep the community safe.
In 2015, the authorities busted a plot to conduct a mass casualty terrorist attack at the Anzac Day memorial service in Melbourne. It was one of the 12 terrorist attacks that we have interdicted in Australia since September 2014. We now know that the planning and preparation for what would have been a mass casualty terrorist attack at the shrine, the Anzac shrine in Melbourne, was being conducted by using encrypted messaging.
Now I think the Australian people would accept that as long as they can be reassured, as they can be assured, that we are only seeking to access these communications for the purpose of preventing terrorist crime or preventing and busting criminal rings or paedophile rings, then they would accept that this is no different from the existing law that enables for example, telephone calls or emails to be surveilled by the authorities on warrant for proper reasons.
The Australian government wants the ability to read messages kept secret by encryption in the name of aiding criminal investigations. But just how it proposes to do this is unclear.
On the timeframe expected to allow access to encrypted messages
…of course we need to be nimble. We need our intelligence agencies and our police need to be able to act in real time to intercept and decrypt these messages to keep people safe
Like the United Kingdom and indeed like the existing law that governs electronics surveillers in Australia, this would be on a warranted basis.
On when the new laws will be put to Parliament
As our first preference, and this is something that Mr Turnbull discussed at the G20 and a week before that I discussed at the Five Eyes intelligence conference in Ottawa, we want cooperation from industry and that cooperation will be embodied, if it’s forthcoming, in a series of understandings or protocols.
But as a default position, very much as a second best position, we are proposing to legislate as the British have done, as the New Zealanders have done, to impose a statutory obligation of cooperation if that cooperation is not forthcoming voluntarily, and I’ll be introducing that legislation into the Parliament before the end of this year.
We are preparing the laws at the moment and I will be introducing them between now and the end of the year.