Take one look at the upcoming legislative agenda of the Turnbull government and you’d be excused for assuming that our antipodean democracy was a police state under threat from many faceless foreign nations. Supposed espionage threats and foreign interference claims are being used to ram through laws that will have a huge impact on civil society, as well as changes to security regulations that will allow police to demand identification at airports without due cause, and intimidation tactics directed at citizens who dare to criticise government services.
One impending piece of legislation, slated to be introduced in the coming weeks, will directly affect the ways in which we all use technology to communicate, operate businesses and engage in our daily lives. At a recent meeting of the Five Eyes (the name for the joint surveillance operations of Canada, United Kingdom, New Zealand, United States of America and Australia) our government gleefully proclaimed that they planned to introduce legislation that would allow them to intercept encrypted communications.
Many modern technologies rely on strong end-to-end encryption to secure communications directly between users. Encryption is a foundational tool for the proper functioning of the digital society and economy, and is used in a wide range of settings, including banking, public service delivery, and communications. The only way to allow law enforcement officials to access the content of encrypted communications is to break end-to-end encryption for everyone by introducing weaknesses that allow third parties to snoop on communications between users. To create a technological opportunity for anyone to access encrypted messages, be it a police officer, a judge or a politician, is a very dangerous exercise that would destroy the very architecture that makes encryption work in the first place. Once these weaknesses are introduced, we all become much more vulnerable to commercial surveillance, data leaks, criminal eavesdropping, national security threats, and overreach by government officials.
Australians should be confident that the services we use haven’t been weakened or compromised by government mandate or pressure. As a society, we accept that people can meet and discuss things in private, that people can draw the curtains on their bedroom windows so the government can’t see in. We also presume that when we share private information with businesses and organisations, that the technology facilitating these transactions is strong.
This is a case of political bluster attempting to win out over logic. It’s a truly farcical environment when we witness the Prime Minister, himself known to be astute about the workings of the tech industry, claiming “the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia”. Despite Turnbull’s best efforts, it is highly doubtful that his self-imposed omnipotence will allow for such an overruling of the basic principles of technological mathematics.
It’s also likely a futile exercise. Efforts to weaken encryption within the US have been met with similar criticism, with a panel of 100 cybersecurity experts polled by The Washington Post showing strong objection to any attempt to provide law enforcement with backdoor access to encryption protocols. One expert, Matt Blaze, a cryptographer and computer science professor at the University of Pennsylvania said “weakening encryption might make the FBI’s job easier in some cases … but that would be a very shortsighted policy that would create far more crime than it would solve”.
Any attempt will likely drive criminals and terrorists toward tools and technologies that are beyond the reach of any mandated access mechanism, leaving those who are less technically sophisticated or financially privileged to bear the insecurity caused by the mandate. Any attempt to undermine encryption will ultimately hurt security, with potential knock-on effects that we cannot anticipate today.
There are many questions surrounding the intersection of crime and technology, and as with any complex social issue, these cannot be addressed in a silo. They require careful consideration and investment, including in education and training for law enforcement and research into rights-respecting mechanisms.
To use the spectre of terrorism in such a way that it unduly impacts on the rights of all citizens to exercise their right to privacy and freedom of speech is a massive overreach. There are limits on government’s powers, and encryption is an integral part of this right to privacy in digital society.
The government should not erode the security of our devices or applications, pressure companies to keep and allow government access to our data, or mandate implementation of vulnerabilities or backdoors into products. Weakening encryption weakens the entire internet and increases risk for everyone on it.