New Australian Laws Force Facebook, WhatsApp To Open Encrypted Messages

Image: iStock

Prime Minister Malcolm Turnbull is set to announce new laws today will "oblige" both telcos and social media platforms like Facebook and WhatsApp to give Australian security agencies access to encrypted messages.

Attorney General George Brandis has confirmed that the government won't be asking for flaws in encryption software to allow access by authorities, and instead companies will need to (where possible) decrypt messages as requested - with a warrant.

When Is 'Not A Backdoor' Just A Backdoor? Australia's Struggle With Encryption

The Australian government wants the ability to read messages kept secret by encryption in the name of aiding criminal investigations. But just how it proposes to do this is unclear.

Read more

As reported by SMH, current laws do obligate telcos to help law enforcement agencies access messages, but it's not clear if this extends to messages protected by encryption, and that's what the government is looking to change.

In the case of services providing full end-to-end encryption, where the provider doesn't store your data at all, the warrant would need to be issued to either the sender or receiver.

These new laws are modeled on the UK's current strategy. Brandis is also looking other other countries to take the same approach, with the hopes it will assist in uncovering both local and international paedophile networks as well as organised crime and terrorist activity.

While it will be announced today, the legislation will be introduced to the Parliament later in the year.



    So.. if the new laws (thankfully) don't require companies to compromise their encryption, but just to decrypt users' messages where possible (and only when given a warrant) - then how are they different to how it's always been? If end-to-end encryption still requires getting the plaintext from sender or recipient, that's good, but I'm unclear as to what's changed here.

    Are the proposed laws merely there to provide more clarity about the existing cases? Are they mostly for political theatre?

      I don't know much about this but the story says that with the law currently it's not clear if this extends to messages protected by encryption and this new law clarifies that to explicitly state that it does apply to encrypted messages.

      I guess making warrants for these messages a little easier to obtain and avoiding challenges to their validity after they've been actioned?

      The law could require companies to change encryption keys for a particular user making then known to authorities from the moment the warrant is served.
      This would allow them to decrypt the messages without weakening the user's encryption against unlawful adversaries (no backdoors, weakened algorithms or keys). Wouldn't be that different from a wiretap.
      I believe while Signal notifies you about key changes mid communication, WhatsApp doesn't, theoretically allowing Facebook to perpetrate a man in the middle attack on its users if it so wishes, or comply with a warrant :)

    Another dud move by an increasing illiterate PM. "Bad" people will simply encrypt their messages before sending through encrypted channels. The PM cannot achieve the goal of reading "bad" people's messages but instead will ensure that the messages of the general populace can never really be private.

      As per the article the warrant could be served directly to the "Bad" people to compel them to decrypt their messages. I don't think this particular law has too great an impact on the general populace, it still requires a warrant and there's no backdoor to the encryption that could be used by law enforcement or other parties.

      I take back what I said before. I've read the transcript of the announcement today. Despite Prime Minister Turnbull & Attorney General Brandis insisting otherwise, what they want amounts to a backdoor to all consumer encryption.

    What I want to know is how this applies to privilege of self incrimination. To quote the high court:

    A person may refuse to answer any question, or to produce any document or thing, if to do so ‘may tend to bring him into the peril and possibility of being convicted as a criminal

      Good point, and of course serving warrants to the sender/recipient aren't so helpful for secret surveillance either.

      I'm sure Turnbull is well aware how end-to-end encryption means effective communication monitoring is no longer practical (as he uses it himself), so I imagine these laws are little more than a fig leaf to make the situation seem more palatable to those who haven't yet accepted the new status quo.

      Then they will just charge and convict you for obstruction of justice and interfering with evidence, etc.

      Don't be fooled, we have no 'amendment' rights.

    I just like how the politicians think, we wrote this, now you (the companies) must "oblige"

    These are American companies and they have been refusing and fighting their own government for years on this (and winning), congratulations making a mute law that will be contested every time you serve a warrant.

      my thoughts exactly, most of the companies dont have offices in Australia

      what are they going to ban Whatsup downloads from the Applestore or Playstore?

    Hey Malcolm! Read this...
    -----BEGIN PGP MESSAGE-----
    Version: GnuPG v2

    -----END PGP MESSAGE-----

      "go fuck yourself"

      i assume

      Can I have your public key please?

      Don't have enough flops for a brute force.

      Or what is your mailing address so I can serve you a warrant?

Join the discussion!

Trending Stories Right Now