Australia passed encryption laws late last year, and we still don’t know the full impact of this law. Will companies who are storing data in Australia now leave because of this? Since the law came into effect, many Australian tech companies have pushed to pass amendments in order to increase oversight, clarify loopholes and also to narrow the law’s scope. But these companies haven’t been successful. The problem with the new law? Law enforcement and intelligence agencies take an expansive view of the law. Which means, the interpretation is left open and vague, making it hard for the industry to comply, even if they wanted to.
On one hand, an encryption law sounds like a good thing – especially from a consumer perspective, but this new power gives Australia’s Home Affairs Department new powers that they didn’t previously have. The relatively new act allows the government to compel cooperation from companies as wide-ranging as social media firms, telecom businesses, manufacturers and even retail establishments providing wifi to customers.
“The briefing also provides examples of what type of assistance authorities can lawfully require, including: a social media company helping to automate the creation of fake accounts; a mobile carrier increasing the data allowance on a device so surveillance doesn’t chew up users’ data; blocking internet messages to force a device to send messages as unencrypted SMSes; and a data centre providing access to a customer’s computer rack to allow installation of a surveillance device.”
The Reform Government Surveillance coalition has a problem with this particular law. Reform Government Surveillance represents some pretty big Silicon Valley names like Google, Facebook, Twitter, Amazon, and Oath. In addition, a non-profit by the name of Digi is also criticizing the law for lack of oversight and the potential to undermine cybersecurity for everyday users.
An interesting critic of the law is WhatsApp – who, of course, is owned by Facebook. One of the tactics mentioned above is the idea that this law would block the transmission of messages over the internet, and force those messages to be sent as an SMS. This would affect WhatsApp in a major way after all sending messages via the internet is their business.
But what might be a bigger concern is related to this idea of oversight. One example of how this plays out is that if you’re using public wifi – say in a Starbucks – law enforcement may be able to view your messages. So maybe we should be calling this a surveillance law, rather than an encryption law. When I first saw encryption, my thought was that this was going to help protect consumers from having their data taken advantage of, but the way the legislation is written indicates that they want to remove that encryption in order to make things easier to access. Confusing right?
It’s hard to know how this is going to play out, but from first glance, it doesn’t seem well. One spy agency has said that this new legislation is great because encryption technology has affected 90% of its business. I think I’m on the side of the tech companies in this case. The legislation needs to be clearer, it’ needs to have a better-defined scope and it needs a lot more work.