The secure open source messenger Signal has published a blog post in which it expresses both frustration and disappointment with Australia’s recently passed Assistance and Access Bill.
The legislation, which was rushed through parliament despite campaigning by privacy experts, permits the government to force tech companies to provide backdoor access to encrypted messages.
In addition to communicating its discontent towards the bill, Signal has gone on the record to emphasize that despite the authorities wishes it “can’t include a backdoor in Signal.”
Signal’s message comes as no surprise to security experts, who have long understood that it is impossible to put backdoors in secure messengers without completely destroying their value.
For Open Whisper’s Signal - a product designed from the ground up to provide private communications - backdoors are unfeasible. This means that despite hastily passing the Assistance and Access Bill - Australia’s plans have hit an early roadblock.
“By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars. The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.”
Signal’s developers have been quick to point out that it is those key privacy features that make the messenger desirable. And Signal's developers say they aren't going to break its messenger just to appease Australia’s dangerous new law.
“Everyone benefits from these design decisions – including Australian politicians. For instance, it has been widely reported that Malcolm Turnbull, the 29th Prime Minister of Australia, is a Signal user. He isn’t alone. Members of government everywhere use Signal. Even if we disagree with Christian Porter, we would never be able to access his Signal messages, regardless of whether the request comes from his own government or any other government.”
Blocked and banned but still secure
Signal’s decision is likely to be met with anger not only by Australia’s government - but the rest of the Five Eyes members. Governments in the US, Australia, the UK, Canada, New Zealand, and Australia have long been pushing for tech firms to provide backdoors. Without them, the authorities argue, it is impossible for the police to do their job properly.
Australia’s Assistance and Access Bill is generally seen as the first step towards encryption backdoors being rolled out elsewhere. After all, once a backdoor has been implemented in one location, that vulnerability can easily be exploited elsewhere.
Signal’s refusal to provide backdoors means that, despite the government's wishes, citizens will still be able to communicate in private. Signal developer Joshua Lund believes this could eventually inspire the government to ban Signal altogether:
“The Australian government could attempt to block the service or restrict access to the app itself. Historically, this strategy hasn’t worked very well. If a country decided to apply pressure on Apple or Google to remove certain apps from their stores, switching to a different region is extremely trivial on both Android and iOS.”
Tug of war
With VPNs freely available, any attempt to remove Signal from popular app stores like iTunes and Google Play would likely result in more people encrypting not only their messages but their web traffic also. This means that the entire Assistance and Access Bill could backfire. As Lund suggests, a VPN would permit anybody in Australia to access the encrypted messenger by spoofing their location elsewhere.
In the long term, this could cause the Australian government (and other Western governments) to copy China and Russia’s widespread ban on VPNs.
For the time being, it is unknown whether other encrypted messengers are going to push back against the Australian government if asked to provide the authorities with backdoors. According to Whatsapp, one billion people worldwide now use its service. That means the privacy of a seventh of the world’s population may hang in the balance. We can only hope that other tech firms will follow Signal's lead and issue statements refusing to break their encrypted messenger platforms.