What is the impact of the new Cyber Security Law in Australia?
Data encryption, security and privacy have been prevailing issues since Prime Minister Malcolm Turnbull’s call for online governance on the 14th of July 2017. This involves the government’s plan to attain access over encrypted data in an attempt to safeguard the security of the unstable online world of terrorism, cyber-crimes and hacking which have all been on the rise. Technological companies and human rights’ movements are however, voicing their concerns over this calculated move by the government to gain greater control of the ‘dark side’ or ‘dark web’ that they are vulnerable to at the moment.
Source: The Sydney Morning Herald
Turnbull’s New Law
In a press conference on Friday, Prime Minister Malcolm Turnbull mentioned that this law would impose an obligation for technological companies to provide Australian security agencies with access to encrypted user communications.
Along with Attorney-General George Brandis, although it has been insisted that ‘back doors’ will not be built into encryption software, it has sparked much contestation on how their goal can otherwise be achieved.
What is the impact of ‘backdoors’?
A backdoor is a method of bypassing security or encryption, which can end up in a program by design or by mistake. One way that the government could hypothetically obtain encrypted messages – to compel an encrypted messaging provider to remove encryption, or to implement some kind of backdoor allowing messages to be retrieved from a device.
The problem comes with the creation of these ‘back doors’, one can’t ensure they’ll only be used by legitimate forces. The global WannaCry ransomware attacks is an example where the result of a ‘backdoor’ in Windows’ operating systems have been exploited by malicious hackers. When security is compromised through ‘backdoors’, ethics is also highly likely to be compromised should authorities continue to allow this to happen for them to attain access to encrypted data.
Nevertheless, Turnbull has reiterated that the government would not pursue ‘backdoors’ or access to technology companies' source code.
Privacy issues still prevail
"... just as a locked bank vault or filing cabinet cannot resist a court order to produce a document, why should the owners of encrypted messaging platforms like Whatsapp or Telegram or Signal be able to establish end to end encryption in such a way that nobody, not the owners and not the courts have the ability to find out what is being communicated," Turnbull said.
The debate between technology firms and their agendas versus upholding national security will only continue and below states some of the reasons:
Negative sentiments amongst tech companies with scepticism of government’s intention to ‘spy’
There is a growing concern alongside continuous speculation amongst technology firms that the Australian government has an intention to spy on encrypted means of communications. This includes devices like the iPhone, or apps like WhatsApp and Telegram or anything that secures chats and voice calls. By erecting the data encryption law, this would impose a detrimental sacrifice to the privacy of users of online applications including messaging apps and their relevant data.
In addition, the Human Rights Watch have stepped up to voice out their opinion in a latter to Turnbull that the Australian government should not enforce this on technology companies as it weakens the security of their products. The strategy taken on would also undermine cyber-security for all users and would not deter determined criminals from targeting encryption which may ultimately lead to unethical issues.
Government’s inherent lack of awareness on how data encryption works
Large technological companies like Apple in Australia argued that the creation of ‘backdoors’ into iPhones for example, will put everyone’s security at risk. The company had mentioned that it had provided significant assistance to police agencies during such investigations. Apple did the same thing in North America, providing user information which is the kind of metadata that’s useful for investigations, and which isn’t protected by encryption.
Turnbull’s government, meanwhile, explicitly said that it doesn’t want a ‘backdoor’ in iOS encryption, or weaker iOS encryption. Instead, it requires Apple and any other technological company to provide assistance to law enforcement agencies when needed.
The overwhelming consensus between information security experts and former high-ranking intelligence officials – no technical solution would allow law enforcement agencies to decrypt communications without creating vulnerabilities that would expose all users to harm.
This has only further proven that governments have no viable idea of how to tackle this sensitive problem as of now. For the time being, it appears that you can’t have it both ways. It’s either end-to-end encryption which comes with the unwanted side effects of protected communications which may include those between criminals or even terrorist organizations or, weaker encryption where the government has access to but so does any hacker with the means to do it.
The future of data encryption
Encryption is effectively mathematical algorithms designed to stop hackers from accessing information on mobile devices and messaging applications’ communications.
Australia as well as the UK are both suffering from the same issue – ignorance of the government on encryption and the potential impact on security of data. This is extremely pertinent as other nations have mentioned the introduction of similar laws despite Australia poised to become the first country to adopt laws on encrypted messages. Several European nations, including France and Britain, have committed to new laws which require access to encrypted messages.
Unless these countries are open to a deeper evaluation of data encryption and the impact it has, reckless moves may very well result in irreversible outcomes such as elevated cyber-crime rates and the rise of human rights movements against the invasion of privacy.
There should not be a complete ban on the use of encryption software despite the need for law enforcement officers to have the complete tools in their investigation of crimes. This is definitely still a work-in-progress. Individuals within the data encryption sector will only start to increase in demand, especially with Turnbull’s new law.
If you would like to find out more about the talent within this sector, or if your organisation requires advice on your recruitment strategies in the coming year, do connect with Josh Littlewood or follow us on our LinkedIn page for more industry related insights.
Source: Reuters, Australia Financial Review, Asian Financial Review, HRW.org, BGR.com, Junkee.com, ITnews, The Sydney Morning Herald.