Prime Minister Malcolm Turnbull has been threatening to pass a law to effectively end the use of secure encryption in Australia for a while now. On Friday, he made his intentions more concrete and said that legislation mandating a government back door of some type will be introduced before the end of the year. This is bad for everyone.
Public debate around the government's ability to access encrypted files exploded in 2015 when Apple fought the US government over its requests to unlock a terrorists iPhone. A wider audience than ever before received an education in the fundamental principles of encryption and the fact that it loses its security value if anyone has a key to decrypt the files. It appears that Prime Minister Turnbull does not understand this principle. On Friday, the Australian government revealed details about its plans the require tech companies to offer access to encrypted files. Turnbull's comments about the law betray his willful ignorance on the issue.
"The laws of Australia prevail in Australia, I can assure you of that," Turnbull said. "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." Please let that sink in. The laws of maths are "commendable." Turnbull is very bluntly saying that Australia simply won't have end-to-end encryption. The laws of maths don't change just because Australia wants them to.
"A back door is typically a flaw in a software program that perhaps the — you know, the developer of the software program is not aware of and that somebody who knows about it can exploit," Turnbull said, before he demonstrated that those are just words in his head of which he has no understanding. "We're talking about lawful access." Lawful access is simply a back door.
Australian Attorney General George Brandis told ABC on Friday that what the government is seeking is something along the same lines as the UK's Investigatory Powers Act. While that legislation has its own issues, it only requires communications service providers that are based in the UK to have an ability to access encrypted files at the government's request. It exempts foreign companies from the rule.
Brandis told ABC, "Last Wednesday I met with the chief cryptographer at GCHQ, the Government Communication Headquarters in the United Kingdom. And he assured me that this was feasible." As TechDirt points out, Brandis is likely confused about the conversation he had. On July 10th, the former head of GHCQ, Robert Hannigan said that back doors shouldn't be implemented and intelligence agencies should focus on attacking the end points of encryption, a practice that has been used for some time. It seems that Brandis probably heard that it was feasible to attack end points without disrupting the security of end-to-end encryption.
Anthony Albanese, leader of the opposition to Turnbull's government made no promises about how the legislation would be received, saying that lawmakers would take "a common sense approach that we must keep Australians safe." Weakening encryption for global tech companies would make everyone, not just Australians, less safe. As Elaine Pearson, Australia director at Human Rights Watch, put it in a statement:
The government needs to accept that it won't know what everybody is doing all of the time. We don't outlaw whispering or drawing the blinds for privacy. In the same way, we should accept encryption is the only way to safeguard our communications in an era of cybercrime and unauthorised surveillance.