ArrowArtboardCreated with Sketch.Title ChevronTitle ChevronEye IconIcon FacebookIcon LinkedinIcon Mail ContactPath LayerIcon MailMenu BurgerPositive ArrowIcon PrintIcon SearchSite TitleTitle ChevronIcon Twitter

Australia shocks global tech community with anti-encryption law

Vaguely worded legislation threatens privacy and security of smartphone users

Tech companies say no one's data is safe without secure encryption. The Australian government says terrorists will imperil safety if encryption cannot be bypassed by authorities.   © Reuters

SYDNEY -- Australia provoked a howl from global cybersecurity experts by introducing a bill that forces device makers, service providers and a raft of other parties that safeguard data to give government agencies a peek at what people are saying and sharing online.

As the legislation was on its way to passage, Apple came out strongly against it. But after the bill was passed on Dec. 6 by a parliament in a hurry to go on holiday, Big Tech has had little to say.

One day later, Apple, Facebook, Google, LinkedIn, Microsoft, Twitter and four other companies released a 115-word statement through the Reform Government Surveillance coalition. "The new Australian law is deeply flawed, overly broad, and lacking in adequate independent oversight over the new authorities," the statement says.

Australia's government said it needs to compel tech companies and their engineers to come up with anti-surveillance tools to combat terrorism and organized crime, but the country was already considered to be ahead of its peers when it comes to the right of the government to snoop.

The anti-encryption act grants police and security agencies the power to order app developers, tech companies, service providers and just about anyone who provides communications technologies and services to an end user in Australia to develop encryption bypasses.

The backdoor mandate gives Australian authorities the right to listen in on people's encrypted communications without anyone ever learning they have been hacked. And since Australia is a member of the Five Eyes -- which also includes spy agencies from New Zealand, the U.K., Canada and the U.S. -- Canberra's partners are expected to begin demanding access to the same backdoors.

The new law is something of a contradiction. In August, the Australian government issued guidance that implies the country's communications companies are banned from buying 5G equipment from China's Huawei Technologies and ZTE. It is believed that the guidance was issued out of fear that these companies could provide backdoors to Beijing, allowing China to listen in on sensitive Australian communications.

One reason Big Tech came out against the law is that backdoors are vulnerable and can be exploited by spy agencies from other countries and by other bad-faith actors.

"What investigative authorities can see can also be seen by criminals," one expert said.

Australian Prime Minister Scott Morrison, however, says the bill -- the first of its kind anywhere in the world in terms of scope and lack of independent judicial review -- will play an important role in impeding criminals.

Apple disputes this. In a submission to parliament, it says that weakening encryption will make "criminals' jobs easier, not harder. ... [The law] will just incentivize criminals to use service providers that never assist Australian authorities or ones that operate underground in jurisdictions unfriendly to Australian interests." Apple made the submission in October.

Tech providers are especially concerned about Australian law enforcement's new power to issue what are called technical capability notices, or TCNs, which require their recipients to build decryption capabilities. Whether these notices are reasonable is solely up to the issuing agency. Refusing to act on a notice invites penalties of up to 10 million Australian dollars ($7.06 million).

In its submission, Apple argued that there is no real need for the law. "In just the past five years alone," the submission says, "we have processed over 26,000 requests from Australian law enforcement agencies for information to help investigate, prevent and solve crimes."

It can also be argued that Big Tech came out against the bill to protect corporate images.

Tech companies "could lose customers if consumers think their data, which should be strictly protected, can be extracted using backdoors," said Takashi Nishide, an associate professor at the University of Tsukuba in Japan.

For example, Apple's iPhones, which are known for their high level of security, are specifically designed to prevent the extraction of user information. The design also protects the iPhone's brand.

But there are fears that the anti-encryption act puts this kind of security at risk. It forces tech providers to "make models fitted with backdoors exclusively for Australia or to ignore the law," said Harumichi Yuasa, a professor at the Institute of Information Security in Japan.

Apple has taken strong privacy stances before. In 2016, it went to court against the Federal Bureau of Investigation, which was demanding that Apple create and digitally sign software that would enable the FBI to extract information from a locked iPhone.

The phone had belonged to a shooter involved in a 2015 terrorist attack in the California city of San Bernardino, east of Los Angeles. An Israeli company eventually stepped up and helped the FBI hack into the iPhone. The Los Angeles Times later reported that the phone contained no information about the terror attack.

In Australia, tech companies no longer have the right to refuse such orders.

John Stanton, CEO of Communications Alliance, criticized the law. "It has clear potential to weaken the security of Australian networks and communications products," he said. And it "will undermine international confidence in the Australian IT industry." The alliance is an industry organization made up of Australian telecommunications companies such as Telstra.

The law could still be amended. One reason it passed was that its backers promised detractors to take up dozens of amendments once parliament reconvenes.

The Australian parliament's intelligence and security committee intends to "review the amendments and provide further input that could feed into future amendments," according to Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute.

But Stanton and others say the act "remains a serious threat to the cybersecurity of all Australians and to people in other countries," given that data and services regularly cross borders.

"Encryption is simply math," Apple said in its submission. "Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone."

These protections not only keep people's photos private, they allow for online banking, credit card transactions and confidential exchanges of health care records, Apple said.

Parliament reconvenes on Feb. 12.

Sponsored Content

About Sponsored Content This content was commissioned by Nikkei's Global Business Bureau.

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this monthThis is your last free article this month

Stay ahead with our exclusives on Asia;
the most dynamic market in the world.

Stay ahead with our exclusives on Asia

Get trusted insights from experts within Asia itself.

Get trusted insights from experts
within Asia itself.

Get Unlimited access

You have {{numberArticlesLeft}} free article{{numberArticlesLeft-plural}} left this month

This is your last free article this month

Stay ahead with our exclusives on Asia; the most
dynamic market in the world

Get trusted insights from experts
within Asia itself.

Try 3 months for $9

Offer ends June 30th

Your trial period has expired

You need a subscription to...

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers and subscribe

Your full access to the Nikkei Asian Review has expired

You need a subscription to:

  • Read all stories with unlimited access
  • Use our mobile and tablet apps
See all offers
NAR on print phone, device, and tablet media