12-11-2018 , 03:50 AM
Quote:The Australian government yesterday passed a controversial bill that allows law enforcement agencies to compel tech companies to hand over encrypted messaging data.
The legislation has been broadly condemned by privacy groups and technology companies with suggestions it could not only harm the Australian tech industry, but undermine encryption security worldwide. The Australian legislation has been brewing for more than a year now, with constant calls from governments around the world reiterating concerns over an inability for law enforcement agencies to access encrypted communications. The legislation, called The Assistance and Access Bill 2018, can compel a private company to create new interception capabilities so no communications data is completely inaccessible to the government. Even more controversial is the fact that this security vulnerability must be deployed in secret, without public knowledge. The new legislation is undoubtedly problematic, in a variety of ways, however, the Australian Senate rushed the bill through at the end of the final sitting day for the year, amidst a whirlwind of political games and sniping. The country's primary opposition party ultimately capitulated into supporting the bill, despite long-standing concerns, with opposition leader Bill Shorten buying into the argument that delaying the legislation until next year would threaten the country's national security.
Earlier this year, in a submission to the Australian Parliament, Apple condemned the proposed legislation calling it "extraordinarily broad" and "dangerously ambitious". The core issue frequently raised is that forcing companies to embed some kind of backdoor access to encrypted data fundamentally weakens security for everyone. It's unclear exactly what this bill will be asking of technology companies as comprehensive end-to-end encryption is a fundamentally unassailable process. Once encryption is enabled in an app such as WhatsApp, the company has no way to access that data. So, if it were legally compelled to create something under the parameters of this legislation it would have to involve some kind of backdoor that allows the company to intercept a message at either the point of sending, or the point of receipt. Due to the vagaries in the new legislation it is unclear exactly what will play out over the next six to 12 months. What we can be sure of is that this Australian regulation will have far-reaching global implications.
Ted Hardie, chair of the Internet Architecture Board, suggested the legislation may even break laws in other countries if the Australian government tries to force companies to hand over sensitive data. The massive GDPR law rolled out across Europe earlier this year is a prime example raised by Hardie."We are concerned that the proposed legislation may cause these service providers to violate contracts or laws in other jurisdictions, depending upon the exact nature of the requests made," Hardie writes. "For example, companies with European presence are required to handle sensitive data according to the GDPR, and by complying with an Australian order for data that might be located in Europe, that provider could be required to violate the GDPR to satisfy Australian law."
https://newatlas.com/australia-encryptio...rsy/57560/