Five Eyes (FVEY) governments are breathing a sigh of relief, following the Labor Opposition Party’s decision to side with the Australian government and pass the highly unpopular encryption bill.
The Assistance and Access Bill 2018 calls for firms to help the authorities break End to End (E2E) encryption, by producing new ways to backdoor securely encrypted communications.
According to FVEY governments including the Trump administration, the prevalence of encrypted communications has risen dramatically since 2013, when only 3% of messages were inaccessible to law enforcement. Since then, ripples of awareness (ignited by the Snowden revelations) have caused citizens to flock to E2E encryption. In 2017, 55% of communications accessed by the Australian Government were securely encrypted, similar figures are being reported in other FVEY countries
Give us back our Big Brother powers
For law enforcement, E2E encryption is seen as an insurmountable barricade citizens have no right to. Right across the FVEY block, government authorities are pushing for tech firms to backdoor encryption and provide them with access to everyone’s messages.
Now, Australia’s new legislation will help to pave the way for the weakening of encryption right across the globe. Commenting on the new law, Danny O’Brien at the Electronic Frontier Foundationexplained that the government can:
“Secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.”
Despite FVEY claims, the encryption law is both highly dangerous and extremely flawed. Any weakness introduced into E2E encryption is unfeasible without also creating a hole that can be exploited by unwanted hackers and cybercriminals.
With the Assistance and Access Bill successfully passed, Australia can begin to successfully pressure Whatsapp (and other tech firms) into creating backdoors - resulting in exploits that can be abused by other FVEY governments in the US and elsewhere, even opening the door for foreign government surveillance.
Failed opposition
Last Friday, Federal Labor Opposition joined the hundreds of privacy experts, advocacy groups, and concerned citizens from around the world who have expressed outrage at the proposed bill.
Shadow Attorney-General Mark Dreyfus wrote to the government announcing his plan to break the tradition of bipartisan commitment through the Parliamentary Joint Committee on Intelligence and Security (PJCIS). In his letter, he called for further review of the negative side effects of the bill.
Unfortunately, the rest of the Labor bench decided to throw in their support with the government, passing the law rapidly, unopposed, and unamended. Expressing his astonishment at the decision to pass the law on the last sitting day of the year, Digital Rights Watch Chair Tim Singleton Norton said:
“This Bill is still deeply flawed, and has the likely impact of weakening Australia’s overall cybersecurity, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections. In its very design, it is antithetical to human rights and core democratic principles. Lawmakers are on notice that they will be responsible for the consequences of introducing weaknesses into our digital infrastructure – including adverse consequences borne by everyday people who rely on encryption to go about their daily lives in a digital society.”
The announcement comes just a week after Digital Industry Group Inc (DIGI) - an association that includes Google, Twitter, Oath, and Facebook in its ranks - made a supplementary submission to PJCIS. In the document, DIGI reiterated its disapproval of backdoors:
“The most significant issue with the Bill is that it proposes new powers for the government to order technology providers to create or install new ways to access secure systems and data. The Government seems to want to maintain encryption, yet also mandate technology providers implement a way to unencrypt data and provide that data without creating a vulnerability. That is a needle that cannot be threaded – you cannot break encryption without introducing a vulnerability into the whole system.”
A downward spiral
With Australia now on board, the UK authorities have been piling on the pressure. Dr. Ian Levy, technical director of the National Cyber Security Centre (NCSC) announced last Thursday that UK intelligence is pursuing options to force tech providers to create 'virtual crocodile clips' for intercepting and decoding end-to-end encrypted emails, text messages, and voice communications.
In the NSCS proposal produced on behalf of GCHQ, Levy suggested that all end to end messages be a three-way conversation, not only between the sender and the intended recipient but also the government - giving them the power to eavesdrop on everything. According to Levy, doing so would be the equivalent of the old-fashioned process of using crocodile clips to physically snoop on people’s phone calls.
What Levy fails to mention, is that unlike in the old days when such an attack was singular, insulated, and directed only at the suspect of an investigation (and only ever with a proper warrant) the new "virtual crocodile clips" would be attached to every wire, on every phone, on every street of Britain, echoing Stasi levels of surveillance.
This is exactly the kind of mass surveillance that caused the general public to shift to using encrypted messengers in the first place. The general public has voted with their thumbs, and it is exactly this level of government invasion that they oppose.
Worryingly, post-Brexit the UK plans to replace the EU Human Rights Act with a British Human Rights Act designed to weaken a person’s right to privacy. In such an environment British citizens may find themselves unable to protect their personal conversations from GCHQ.
Should the government get its way, the backdoors that let the government into everybody's messages will become a weak link that anybody can extort. Encryption is either secure or it isn’t, and calling a backdoor a virtual crocodile clip is intentionally misleading.
The good news is that even if FVEY governments manage to force the likes of WhatsApp into creating a backdoor there will always be Signal or some other new open source messenger for people to turn to. In the end, governments will need to outlaw using encrypted messengers and turn their countries into full totalitarian states if they are ever going to win their incessant war on privacy.
If this story has made you reconsider your own online security, why not take a look at our best VPN services page for more information. Furthermore, if you are an Australian citizen, take a look at our best VPN for Australia page, to ensure your online security.
Image credits: Bro Studio/Shutterstock.com
durantelallera/Shutterstock.com