Australia Wants to Take Government Surveillance to the Next Level, by Lizzie O’Shea.
A state’s capacity to spy on its citizens has grown exponentially in recent years as new technology has meant more aspects of our lives can be observed, recorded and analyzed than ever before. At the same time, much to the frustration of intelligence agencies around the world, so has the ability to keep digital information secret, thanks to encryption.
That’s why the main intelligence agencies of the Anglophone world are now hoping that Australia will lead the charge in developing ways to get decrypt information at will, and to tap into data that was previously kept secret. A proposed law, the draft of which was released last month by the cybersecurity minister, is an aggressive step in that direction.
We should all be worried, because it’s not just criminals or terrorists who use encryption, but every one of us. We use encryption to buy things online, manage our finances, and communicate personally and professionally. Hospitals, transportation systems and government agencies use encrypted data. Creating tools to weaken encrypted systems for one purpose weakens it for all purposes. If Australia succeeds in doing so, it could be your bank account or your medical records that are compromised in the end.
This particular bill has been more than a year in the making. At the June 2017 meeting in Ottawa of the Five Eyes — the intelligence alliance made up of the United States, Britain, Australia, Canada and New Zealand — Australia made a point of the need for states to find ways to overcome encryption. …
Australia, which has no bill of rights, is a logical place to test new strategies for collecting intelligence that can later be adopted elsewhere. Among other things, the proposed law would create a process for “designated communications providers” — defined so expansively that it covers any business hosting a website — to assist intelligence and law enforcement agencies to do almost anything to give them access to encrypted communications. For example, providers may have to build tools, install software or keep agencies up-to-date with developments. In essence, state agencies will be able to circumvent encryption, either with the cooperation of tech companies or by compulsion. …
If we give state agencies more power to build tools to circumvent encryption, not only do we expose ourselves to the risk that they can be stolen, we are forced to trust that these agencies will behave responsibly. The evidence to date suggests the opposite.
hat-tip Mark Ellis