We still don’t know the full impact of Australia’s big, bad encryption law.
Criticising the law’s vague and broad dictates, some tech companies now storing data in the country say they may soon have one foot out the door of Australia. The domestic tech industry has for months pushed and failed to pass amendments increasing oversight, clarifying loopholes and narrowing the law’s scope.
Documents newly obtained by the Guardian show that the law enforcement and intelligence agencies take an expansive view of the law and what it can be used to compel companies to do.
Australia’s Home Affairs Department, which handles law enforcement and national security issues among others, prepared a briefing showing just how much power the new law gives authorities.
The Telecommunications Access and Assistance Act, passed in December 2018, allows the government to compel cooperation and capabilities from companies as wide-ranging as social media firms, telecoms, manufacturers or even any retail establishment providing wifi to customers.
“The briefing also provides examples of what type of assistance authorities can lawfully require, including: a social media company helping to automate the creation of fake accounts; a mobile carrier increasing the data allowance on a device so surveillance doesn’t chew up users’ data; blocking internet messages to force a device to send messages as unencrypted SMSes; and a data centre providing access to a customer’s computer rack to allow installation of a surveillance device.”
The law’s critics include groups like the Reform Government Surveillance coalition which represents Silicon Valley and American behemoths like Google, Facebook, Twitter, Amazon, and Oath. Digi, a nonprofit representing Australia’s tech industry including many of those same American firms, has also criticised the law for lack of oversight and the potential to undermine cybersecurity for everyday users.
One interesting critic of the law is WhatsApp, the incredibly popular encrypted messenger owned by Facebook. One of the tactics included in the Australian briefing is “blocking internet messages to force a device to send messages as unencrypted SMSes.” Although that’s not an entirely new tactic — hackers have long tried to downgrade connections to impact security —it could potentially directly impact a WhatsApp user being targeted by the Australian government.
The fate of Australia’s bill, the reaction of tech companies and the impact on users will help dictate exactly what the world’s encryption critics do next.