It’s Christmas come early this week for hackers, organised crime and terrorists, with Labor caving in and agreeing to pass the government’s encryption backdoor bill, with some modifications. It’s the same story that we’ve seen repeatedly in the last five years: the government demands the passage of outrageous abuses of basic rights and common sense that even the Howard government, in the wake of 9/11, never tried to introduce, and Labor, after an initial pretence of judicious consideration, agrees.
The result — if the legislation works the way the major parties want it to work — will be government-approved malware being released into the wild by IT companies, to be harvested by criminals, foreign governments and anyone looking to circumvent the encryption that safeguards our privacy and ability to undertake commerce online, and which protects companies from commercial espionage. All in the cause of identifying terrorists — all of whom, as we keep seeing time and time again, are already known to security agencies.
Smart crime gangs and hacking teams are probably already working on ways to attract the attention of Australian intelligence and law enforcement agencies with the hope of having some malware uploaded onto a target device, which they can then repurpose for their own activities. And the people who devote their professional lives to fighting hackers have realised just how much more difficult this will make their jobs. Well done, major parties.
How did Australia come to be the village idiot of the internet? Earlier in the year I outlined several reasons why there’d been so little resistance to the adoption of the mechanisms of a police state in Australia over the last five years. In this case, there have been some additional factors:
The ignorance of politicians and journalists about basic cybersecurity issues
Few journalists, and fewer politicians, lack even an informed layperson’s understanding of either the basics of cybersecurity or its history. The journalists that do tend to write for specialist publications. Mainstream media journalists — in addition to pushing the agenda of their executives, as News Corp journalists do — have almost zero understanding of cybersecurity, and would be unaware, despite how easy it is to google it, of the history of government-sanctioned malware being used by malign actors to undermine cybersecurity. It’s why a journalist like Peter Hartcher can cut and paste intelligence agency talking points without criticism.
The lack of a homegrown tech industry and the tattered reputation of foreign giants
Australia’s IT market is dominated by foreign companies across hardware, software and media platforms. While the local tech sector has been vocal in opposing the encryption backdoor bill, ultimately it is aimed at major players — phone manufacturers, operating system designers, app makers and social media platforms. Few of these command untrammelled respect, and Facebook and Google are both regarded — rightly — with mistrust over privacy and their malign impact on the markets they operate in. The company of Cambridge Analytica, fake news and the wholesale monetisation of its users’ personal information brings no moral authority to a debate about privacy and cybersecurity. The likes of Apple and Facebook, while opposed to the bill — the global damage from users knowing they might insert malware at the request of governments would be massive — can also afford to take the view that Australia can legislate how it likes — good luck enforcing it, because both have very deep pockets with which to protect their brands in endless litigation.
Australians can’t discuss abstract rights issues
One of the structural flaws in our rancid political culture is that we’re unable to discuss abstract issues around rights, because we don’t have the language or mental framework for it. The Americans have a clear language and framework for considering the real-world application of abstract rights, and have been doing it for two centuries. Debates about free speech, surveillance and a free press can be discussed, legislated and litigated without participants being damned as soft on terrorism or encouraging pedophilia. The UK has traditionally lacked a formal framework for rights discussions but been much more capable of arguing the balance between individual rights and state responsibilities, and in recent decades has had the European Convention of Human Rights to guide policy in areas like privacy and surveillance. In Australia, there’s literally nothing in terms of rights protections beyond a right to political communication invented by the High Court to protect the revenues of TV networks. And because we lack either the language or the framework for such discussions, we end up with lowest-common denominator stuff. Want to protect privacy? You’re soft on terrorism. Spot a major problem in a bill? Deal with it via a special exemption, not a coherent policy. Debates on free speech default to whether you agree with the person whose speech is contested. Want to check the powers of law enforcement? You want to help pedophiles.
Consistent with that, the entire “debate” over encryption backdoors has been the stuff of idiots.