The Australian Flag. Photo: Darrian Traynor/Getty Images
The Australian government passed a modified version of its encryption bill Thursday, after the attorney general and his opposition shadow came to an agreement.
Why it matters: The bill gives law enforcement the ability to compel tech firms to circumvent encryption in their products to aid law enforcement. Australia is a member of the Five Eyes alliance along with the U.S., U.K., Canada and New Zealand, and the bill is seen by many as a stepping stone toward new encryption laws in other nations.
What they're saying: "We are very concerned," said Sharon Bradford Franklin, director of surveillance and cybersecurity policy at New America’s Open Technology Institute. "The U.K. Investigatory Powers Act may have been the first domino towards global encryption policy, but Australia's rule is far more dangerous."
The original bill was marketed as one that gives law enforcement access without the creation of back doors or mass surveillance, and indeed it specifically bans "systemic surveillance."
- But it did not define that term, and law enforcement has suggested it interprets that phrase to mean "surveillance that affects literally every owner of a product" — meaning authorities could be free to pursue something closer to mass surveillance than many would like.
The compromise will permit the government to command tech firms to implant surveillance technology or software into products to investigate crimes that carry at least a three-year prison sentence.
- The compromise also adds a semi-judicial oversight process, allowing a firm with the aid of a technology expert and ex-judge to halt an order to circumvent encryption if the order is not as limited as possible, proportionate or technologically feasible.
"This is a backdoor to a backdoor," said Bradford Franklin, who noted that if Australia ordered a surveillance implant in an Apple phone, the U.S. or anyone else could order Apple to provide access to that information feed.