Everything George Brandis Has To Say About Australia's New Encryption Laws

Image: Getty

Ahead of the Prime Minister's announcement today, Attorney General George Brandis spoke at length with media about the Federal Government's new proposed laws to gain access to encrypted messages hosted on platforms like Facebook and WhatsApp.

Here's everything he's had to say so far.

Brandis spoke this morning with both Kris Landers at ABC, and Keiran Gilbert at Sky News.

New Australian Laws Force Facebook, WhatsApp To Open Encrypted Messages

Prime Minister Malcolm Turnbull is set to announce new laws today will "oblige" both telcos and social media platforms like Facebook and WhatsApp to give Australian security agencies access to encrypted messages.

Attorney General George Brandis has confirmed that the government won't be asking for flaws in encryption software to allow access by authorities, and instead companies will need to (where possible) decrypt messages as requested - with a warrant.

Read more

On how the laws will work

What we would do is we would apply to internet companies, to device makers essentially the same obligations that apply under the existing law, to enable provision of assistance to law enforcement and to the intelligence agencies where it is necessary to deal with issues of terrorism, with serious organised crime, with paedophile networks and so on.

.....of course information security is important, the Government acknowledges that, but national security is also important and it is possible to reconcile the two.

Governments and law enforcement and intelligence agencies have always had the lawful capacity to intercept information, under warrant of course, where that is necessary for criminal investigations or for criminal prosecutions. And there has always been an obligation on citizens, including corporate citizens, to assist police, in law enforcement matters. So all we are seeking to do is to apply existing legal principle to a new technology.

So this is, in a sense, a commonplace proposition, but because of the development of encryption technology in the last few years, there are communications which previously would have been as a matter of course, been able to be intercepted under warrant by intelligence and law enforcement, which are now beyond them. So what we’re asking the ISPs and the device makers to do is to accept the same obligation that already applies under existing law, also applies to the new technologies.

On how the laws will work, exactly - taking end-to-end encryption into account

Well there are various claims that have been made. Last Wednesday I met with the Chief Cryptographer at GCHQ, the Government Communication Headquarters in the United Kingdom, and he assured me that this was feasible. So there are various claims made by experts in the field, but what the Government is proposing to do is to impose upon the companies an obligation conditioned by reasonableness and proportionality.

On what happens if a company says it's not "reasonable"

Then let them argue that point in court....our first preference, our very strong first preference, is to work collaboratively with the companies so that there is a voluntary approach to this so imposing legal obligations, coercive legal obligations, is very much a default position.

These are important companies of course, they’re extremely powerful companies, as you say some of the largest companies in the world. So they of all understand the nature of their social obligation, and it’s also a legal obligation. As I said before, we are asking nothing more of them than to accept that the same legal principles that applied to the old technologies, must apply to the new technologies.

Potentially, as the United Kingdom has done with its Investigatory Powers Act, as the New Zealanders did in 2013 with their equivalent legislation and what this does is merely contemporise for the modern era what is a well-established legal principle, and that is persons, including companies, can be subject to an obligation to assist law enforcement in resolving crimes and that principle shouldn’t depend upon the nature of the technology. It applies to all communications.

Now as the Prime Minister has said many times, and I couldn’t agree more, the internet is not an ungoverned space. People lead a large proportion of their lives online today and the rule of law has to apply as much online as it does in everyday life.

On how encryption is impacting on the work of Australian security agencies

It's a rapidly evolving phenomenon, which as I've said before, represents the greatest degradation of our intelligence capability in modern times. Let me give you an example. In 2013, about three per cent of ASIO’s priority investigations involved at one point or another, trying to access encrypted communications. Today, it's more than 50 per cent and with the ubiquity of encryption technology in messaging services, then I think we have to face the situation, that this will be a universal phenomenon within a very short time.

...if it was legally, morally, ethically appropriate for unencrypted private communications to be accessed by lawful means and under warrant before in order to keep the community safe, why has everything changed because a new encryption technology has been developed. Nothing has changed.

Communications do have to be accessed by intelligence and law enforcement in certain defined circumstances and under warrant in order to investigate and protect us against terrorism planning, to investigate and break up organised crime gangs, to investigate and break up paedophile rings and it's not good enough, frankly, for anyone to hide behind the fact that there is a new technology that enables these communications to be encrypted to say I'm sorry, we're not prepared to cooperate with you.

On enforcing a "backdoor" to be enabled

...we don’t propose to require backdoors as they’re sometimes called, though there is a debate about what is and is not a backdoor. What we are proposing to do, if we can’t get the voluntary cooperation that we are seeking, is to extend the existing law that says to individuals, citizens and to companies, that in certain circumstances you have an obligation to assist law enforcement if it's within your power to do so. Now the laws that exist at the moment predate the development of encryption, all we are seeking to do is to apply an existing principle to a new technology.

On mass surveillance fears

It’s got nothing to do with mass surveillance. It is not mass surveillance and it’s not going to make their everyday dealings in social media insecure. The fact is that information security is a very high value. It is an economic benefit. It matters to people and the Government is determined to protect it. But having said that, there is also an important value to be served in protecting national security and as I said in answer to your earlier question, it has been accepted for decades that in certain defined circumstances, law enforcement and intelligence agencies on a warranted basis should be able to access communications in order to keep the community safe.

In 2015, the authorities busted a plot to conduct a mass casualty terrorist attack at the Anzac Day memorial service in Melbourne. It was one of the 12 terrorist attacks that we have interdicted in Australia since September 2014. We now know that the planning and preparation for what would have been a mass casualty terrorist attack at the shrine, the Anzac shrine in Melbourne, was being conducted by using encrypted messaging.

Now I think the Australian people would accept that as long as they can be reassured, as they can be assured, that we are only seeking to access these communications for the purpose of preventing terrorist crime or preventing and busting criminal rings or paedophile rings, then they would accept that this is no different from the existing law that enables for example, telephone calls or emails to be surveilled by the authorities on warrant for proper reasons.

When Is 'Not A Backdoor' Just A Backdoor? Australia's Struggle With Encryption

The Australian government wants the ability to read messages kept secret by encryption in the name of aiding criminal investigations. But just how it proposes to do this is unclear.

Read more

On the timeframe expected to allow access to encrypted messages

...of course we need to be nimble. We need our intelligence agencies and our police need to be able to act in real time to intercept and decrypt these messages to keep people safe

On warrants

Like the United Kingdom and indeed like the existing law that governs electronics surveillers in Australia, this would be on a warranted basis.

On when the new laws will be put to Parliament

As our first preference, and this is something that Mr Turnbull discussed at the G20 and a week before that I discussed at the Five Eyes intelligence conference in Ottawa, we want cooperation from industry and that cooperation will be embodied, if it’s forthcoming, in a series of understandings or protocols.

But as a default position, very much as a second best position, we are proposing to legislate as the British have done, as the New Zealanders have done, to impose a statutory obligation of cooperation if that cooperation is not forthcoming voluntarily, and I’ll be introducing that legislation into the Parliament before the end of this year.

We are preparing the laws at the moment and I will be introducing them between now and the end of the year.

WATCH MORE: Tech News


Comments

    Like I said in another thread...

    Hey George, read this:
    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v2

    hQELA6dcrEqRAxdrAQf4uMn2lnieHxe3yM6F7sSkODZkOizqtd/E+XggjfEs9sbc
    HPiV0n+d/t0dVYD2Z6XTdmrvV6F8lGDY1xjZJyGzvOBHEGr7TEQfiTaxau0VqCx1
    mbXqX/17lXS7qB3o18ZsCetGW77jp41A4zAWeSRpxhcfZVRRqv9Uc4k9RxGIue7N
    vBQQ8/T4IqiHDEobKntCViw9pJ+32F4wF7BAMnG0+YG+Zim+QP8QHojHbhuCNYSi
    bjQU9BhZjiMTWq8dhbHHZIfGEkYenDuHg72lX9dX+bVdsG5nAubBnyuoSt/PMTPz
    Z7YpVAWrzaihU6SYV462MXQCk3uYXdyX1lB4cUk20sCOATunl7cvBhI8K/etgtl6
    nW02iswcsxrSPbDc+1Q/e9a4alTPzK3TH+TYAa4Tqx9efYEBz9N0AkxhGt7MMdp3
    dHYYpn1ljL6mxa9mj2sI6h5azwSe8T1I+IZQaYwed27m0cUR8dk9vYJtlkaIoKwM
    RfHgrcQAarlCRSNnlRXkEeDdhKQzp0/i4sO9Wo9R8KMO0BDkACGRD4MSXpoFbcgA
    zJoj8C4JbJL/JUYbnrcfaMPGdkYDvTVGq5oK9MTvjRT6ue5hgJRxPgw8wdKrWi03
    kiRnZfA6adu+A1NPAaF3bTjJDsbW1YR0qRvsIt4wMafMAaDYiJiwK1lA+XPvaWll
    9ofebubTVs/Nw1eRjRUcD18K7n2MuQpLSRF3DMwnV1RsNrWmTbswtMnc7S2av4/P
    DMwGXW1zZz23r+hbuuTjgQwYN2yoUmrJFaycZgF/aQ==
    =pU3Z
    -----END PGP MESSAGE-----

      LOL....
      Might be an idea for everyone to look up their local federal member's name and email address, and send a message reminding them this is stupidity.
      If they come up with a way to weaken encryption to "stop terrorism", then they've also weakened encryption for the defence force, government agencies, Australian businesses and so on.... You can't have it one way for terrorists and another for law abiding citizens and businesses.

      Exactly. This is the browsing meta data issue all over again. Let's spend millions of dollars to catch low hanging fruit with a scheme that can be completely subverted for under $5 a month.

      No matter what the government forces these companies to do, you cant uninvent asymmetrical cryptography. Sure you can make its use more difficult on popular communication platforms, but that's a minor inconvenience at best.

    Governments and law enforcement and intelligence agencies have always had the lawful capacity to intercept information, under warrant of course
    ... except you rewrote the Intercept laws last year to allow warrant-less intercept of information under Meta-data laws.

    We now know that the planning and preparation for what would have been a mass casualty terrorist attack at the shrine, the Anzac shrine in Melbourne, was being conducted by using encrypted messaging.

    So ... terrorists were using encrypted messaging and we caught them and stopped the attack? Why do we need the new laws then?

    Now I think the Australian people would accept that as long as they can be reassured, as they can be assured, that we are only seeking to access these communications for the purpose of preventing terrorist crime or preventing and busting criminal rings or paedophile rings ...

    Cool! So you can write into the legislation that warrants will only be issued in cases of terrorism, organised crime and organised paedophilia. I look forward to seeing the draft.

      Brandis also said the same thing about Meta-data being used for as a weapon against "those crimes"... and then had a draft submitted for review less than a year later for it to be open for any civil litigations. (which was quietly cancelled)

    A lot of this is still thinking in the same manner as the old wiretaps.

    Problem is if the messages (letter in the envelope) is encrypted, it doesn't matter if the connection is compromised encryption wise. The effort is wasted.

    Instead, the wiretap concept needs to be abandoned (it has no place in today's world) and instead focus on what messages are in possession (after getting a warrant but that goes without saying).

    A bit broad stroked I know but seriously, I do not see how wiretapping is even viable given that the world has moved on both in how communications are carried out and how they are made secret.

    At least he's right about this law having nothing to do with mass surveillance, they've already got that well and truly covered with the no warrant, god knows how many agencies have access to it, metadata collection scheme. Aside from inconveniencing companies I don't really see too much to fault here, as long as a warrant remains a requirement.

    On how the laws will work, exactly - taking end-to-end encryption into account:

    Well there are various claims that have been made. Last Wednesday I met with the Chief Cryptographer at GCHQ, the Government Communication Headquarters in the United Kingdom, and he assured me that this was feasible.
    I had no idea what Brandis was claiming "is feasible" about end-to-end encryption here (certainly can't be MITM decryption), so I dug up the actual question:

    How do you legislate against a terrorist suspect or a criminal creating their own encryption system: just hiring their own cryptographer, just like a criminal might use a money launderer?

    Which has nothing to do with end-to-end encryption specifically, and it appears that what GCHQ has assured Brandis is that it is either "feasible" for criminals to use their own encryption (of course), or "feasible" to legislate against it (go right ahead, but being criminals they're entirely likely to ignore those laws too).

    edit: formatting

    Last edited 14/07/17 2:26 pm

      And thus we end up in a society where the public has no encryption because it's illegal but the criminals keep using it because no one can feasibly stop them

    Oh ffs, edit a comment to fix its formatting (it kept moving my quote tags) - and now it's held for moderation. Which on another discussion has hidden my comments for 26 hours now, and counting.

      Really sorry about that, @namarrgon. Unfortunately when you edit a comment it goes back into moderation, but doesn't show up on our "to moderate" list - so unless we see it just browsing the site, we have no way to know we need to approve it. It is a bug we have passed on to our dev team, and will hopefully have a fix for soon.

      If you could make a quick comment on your other reply now, I should see it and can fix that one up ASAP.

        Ah I see - fair enough, you're excused :-) Hold your dev team's toes to the fire.

        Held comments here and here (and the above comment again - still can't fit Brandis' response in the quote for some reason).

    no one can take this clown seriously, their is no accountability or transparency in his words his actions or his party.

    Am I the only terrortist who doesn’t keep message threads in any apps?

    Please note, I have brown skin, I sometimes sit in malls on a laptop looking around “suspiciously”, and I like yelling out Allah Akbar in crowds of people because I like watching everyone jump.

    That last bit was a joke, seriously.

Join the discussion!

Trending Stories Right Now