Prime Minister Malcolm Turnbull joined Attorney General George Brandis and Australian Federal Police Commissioner Michael Phelan today to announce the Federal Government’s new laws that will will oblige both telcos and social media platforms like Facebook and WhatsApp to give Australian security agencies access to encrypted messages.
Here’s the full transcript of what was said at the Australian Federal Police Forensic Lab earlier today.
Prime Minister Malcolm Turnbull
Well good morning. It’s great to be here at the AFP Digital Forensics Lab here in Sydney with the Attorney-General and the acting AFP commissioner Michael Phelan.
We have been talking today about the challenges that we face in ensuring that the rule of law applies online as well as offline. We’ve been talking about the challenges that some of the great specialists here at the AFP face when they seek to get over the barriers that encryption places in the way of them finding out what terrorists are plotting, what drug traffickers are up to, what people who are exploiting children online are planning.
We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law.
The Australian Federal Police must have the powers – as do all our other intelligence and law enforcement agencies – to enforce the law online as well as offline.
Now, in Hamburg at the G20, this issue was brought to the forefront by Australia with the world’s 20 leading economies and you saw a unanimous statement from the G20 reiterating that we expect the rule of law to apply online as well as offline.
Now one of the big challenges we face is that of encryption. Increasingly communications across the internet, whether it’s messaging applications or voice applications, are encrypted end-to-end. That means that while they can be intercepted, they can’t be read, they can’t be interpreted other than with considerable difficulty.
So what we’re seeking to do, working with the other leading economies in the world, is to ensure that the brilliant tech companies in Silicon Valley and their emulators, bring their brilliance to bear to assist the rule of law. To enable us to be able – not through back doors or any sort of untoward means – but legitimately, appropriately, with the force of law, in the usual way that applies in the offline world, enable our law enforcement agencies to have access to these communications so that they can keep us safe.
As the Attorney-General will describe in a moment, we are already leading the way here in Australia with new legislative priorities that will ensure that internet companies, like the telcos at the moment, will have the obligation to assist the police with getting access to communications and information data that they are lawfully entitled to, in accordance with an appropriate warrant or court order. And also, to give the Australian Federal Police the ability that ASIO currently has to remotely, again in accordance with a lawful order, to remotely monitor computer networks and devices.
These are vitally important reforms to keep Australians safe.
So whether it is in Hamburg at the G20 or at the meeting of the Five Eyes, the closest intelligence cooperation among the five leading countries, Australia, the United States, the United Kingdom, New Zealand and Canada. In that context where the Attorney-General has been, whether it is there or at the G20 or here at home, we are doing everything we can, every day, to keep Australians safe.
I’ll ask the Attorney to say a little bit more about the legislation.
Attorney-General George Brandis
Thank you very much indeed, Prime Minister.
As the Prime Minister has said, we intend to work with the companies in order to address what is potentially the greatest degradation of intelligence and law enforcement capability that we have seen in our lifetimes.
What we are doing – and I want to emphasise this – is not changing any existing legal principle.
It has always been accepted that in appropriate cases, under warrant, there can be lawful surveillance of private communications.
It has always been accepted that in appropriate circumstances there is a compellable obligation on citizens, including corporate citizens, to cooperate with law enforcement authorities in order to resolve or prevent crime.
What we are doing, is bringing those existing legal obligations up to date. We are contemporising them. The existing law was written before the advent of social media, before the growth in very recent years of encryption of communications to a point at which it is now effectively ubiquitous. So in order to address the new technological developments, we are contemporising existing, well-established legal principles.
In the spring sittings of Parliament, the Government will be bringing forward legislation, which will in particular impose an obligation upon device manufacturers and upon service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis, where it is necessary to interdict or in the case of a crime that may have been committed, it is necessary to investigate and prosecute serious crime, whether it be counter terrorism, whether it be serious organised crime, whether it be for example, the operation of paedophile networks.
It is vitally important that the development of technology does not leave the law behind. So as the Prime Minister has said, working with our international partners, in particular with our Five Eyes intelligence partners and with the broader global community as the Prime Minister did last week, and if I may say so, showed international leadership on this issue, we will address this problem so as to keep our people safe. We will work with the corporate sector, we will engage them. It is an aspect of corporate social responsibility, which we will expect them to observe. But we’ll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act, or as long ago as 2013 were introduced in New Zealand under their Telecommunications Act, are available to Australian intelligence and law enforcement authorities as well.
Acting Commissioner of the AFP, Michael Phelan
Certainly on behalf of the Australian Federal Police and all law enforcement agencies and indeed intelligence agencies, we welcome these reforms.
The vast majority of our investigations, indeed 65 per cent of our serious and organised crime investigations, counterterrorism investigations, major paedophile investigations, now involve some sort of encryption. Whether that’s encryption of the phones, whether it’s encryption of computers that we seize or whether or not it’s traffic that goes between conversations over the internet. Then that’s the sort of thing that we need to get behind.
At the end of the day, what has happened here is legislation has not yet kept pace with technology.
If you look at when I first became a police officer, it was quite simple. The phones that we intercepted were one house phone to another fixed phone. Quite simple. Traffic, anybody could listen to it. Now, those same pieces of legislation are designed to try and help us intercept encrypted applications that some of you don’t even know are encrypted and to be able to get that material.
So we seize the material still and we get to see it, lawfully, but it’s just not ‘there’. We can’t view it.
So what we’re advocating here, certainly on behalf of all of us, is no change to what we’re able to lawfully intercept, just now giving us the power to be able to see that material. It’s not only serious and organised crime investigations, but national security investigations as well. We have seen a rapid growth in the amount of encrypted traffic from around 3 per cent a couple of years ago to now over 55, 60 per cent of all traffic is encrypted.
We welcome the fact that the legislation will keep pace with the technology.
When asked about what exactly he was expecting tech companies to do, Turnbull went on to explain that the legislation will require them to “provide assistance”, as with the existing UK legislation – when police need access to information, and have a warrant to do so.
“Look, I’m not suggesting this is not without some difficulty,” Turnbull said. “As I have said, you would have heard me say when I was in Europe, that there is a culture particularly in the United States, a very libertarian culture, which is quite anti-government in the tech sector. Now, the reality is however, that these encrypted messaging applications and voice applications are being used – obviously by all of us – but they’re also being used by people who seek to do us harm.”
“They’re being used by terrorists, they’re being used by drug traffickers, they’re being used by paedophile rings.”
Turnbull said the G20 agreed, at Australia’s initiative, that we need to say with one voice to Silicon Valley and its emulators:
Alright you’ve devised these great platforms, now you’ve got to help us to ensure that the rule of law prevails and that they’re not exploited by those who want to hide from the law as they plan to do us harm.
“I’m not a cryptographer”
Here’s Turnbull’s exchange with a journalist at the event, regarding end-to-end encryption, backdoors and the Prime Minister’s understanding of the technology:
Prime Minister, in some of these messaging platforms you’ve got keys – a sender has a key and the receiver has a key – but actually the companies don’t keep the keys for themselves-
That’s what end-to-end encryption is, yeah.
Are you asking Facebook and Apple to now keep a copy of the keys that they give out to their customers?
I’m not a cryptographer, but what we’re seeking to do is to secure their assistance. They have to face up to their responsibility. They can’t just wash their hands of it and say: “It’s got nothing to do with us”. So we need, what we need to do is to secure their cooperation and this is an issue that all of the countries of the G20 recognised.
You know, many of these big messaging platforms are hosted in the United States, WhatsApp is probably the best known but of course Telegram is another one that is very popular, is hosted in Berlin so I discussed that with Chancellor Angela Merkel in Berlin, in Hamburg when I was there at the G20.
The bottom line is we have got a situation where you have gone from the law enforcement agencies, police, the security services being able lawfully to intercept communications and lawfully have access to communications, and no-one’s argued about that. That’s been the case forever. Now, because of this end-to-end encryption, all of that information, all of that data, that communication being effectively dark to the reach of the law. That’s not acceptable. We are a society, a democracy, under the rule of law, and the law must prevail online as well as offline.
Prime Minister, you say it’s not a backdoor – you say you’re not proposing a backdoor and so how exactly do you suggest that the companies do this?
That’s a matter for them. But –
What is your understanding a backdoor is?
Do you want me to tell you what a backdoor is?
Well a backdoor is typically a flaw in a software program that perhaps the developer of the software program is not aware of and that somebody who knows about it, can exploit. You know, if there are flaws in software programs, obviously that’s why you get updates on your phone and your computer all the time.
We’re not talking about that. We’re talking about lawful access. If you look at the communique from the G20, it’s talking about lawful authorised access which is done in accordance with the law.
You mentioned that a backdoor was a flaw, that perhaps the developer wasn’t aware of. What if, say, WhatsApp did put in a backdoor, you know, that they deliberately put in, that they were aware of so they could provide –
Well, I’m not going to speculate about that.
What we’re talking about is lawful access. What we’re talking about is the rule of law continuing to prevail in the online world as it has in the past, in the pre-encrypted, in the world when telecoms were not encrypted, were not end-to-end encrypted.
If the tech companies won’t co-operate, what happens? Turnbull says this is where international cooperation becomes a necessity, recalling a recent meeting with the Home Secretary Amber Rudd in London where Rudd spoke of plans to travel to Silicon Valley “with her American counterpart and raise these very issues”.
Turnbull said where the Australian Government can gain cooperation it will, but it will need the cooperation from the tech companies to provide access in accordance with the law.
Now if there is a company that falls outside of the G20, or if there are groups using private end-to-end encryption services – the Prime Minister doesn’t have a real answer for that.
“I’m not suggesting this is a problem susceptible to one quick fix,” Turnbull said. “But it is a very big issue and you have to tackle it and you have to show leadership.”
“Now, I have shown leadership on Australia’s behalf at the G20. George has shown leadership among the Five Eyes on Australia’s behalf. What we have to do is to work together as a global community to ensure that the rule of law prevails online as well as offline.”
If Facebook says no, if Apple says no, if the tech companies uphold the privacy of their users above all else – if they ignore the laws the Australian Government puts in place, Turnbull says what we need to do is “recognise that we live in a society governed by the rule of law.”
“The law applies to technology companies as it does to everybody else,” Turnbull said.
“So this is a question of whether you want the rule of law to prevail or whether you want the internet to be used as a place, because of encryption technologies, criminals can hide from justice, criminals can hide from those whose job it is, like the men and women of the AFP we’ve seen today, who’s job it is to keep us safe.”
The Australian government wants the ability to read messages kept secret by encryption in the name of aiding criminal investigations. But just how it proposes to do this is unclear.Read more