The government of Australian has proposed legislation that would compel technology companies to decrypt users’ messages for investigations.
If passed, the new laws would function similarly to the United Kingdom’s Investigatory Powers Act by requiring companies to cooperate with investigators. That could mean providing access to encrypted messages exchanged between suspected terrorists or criminals. In doing so, companies like Google and Facebook could help catch pedophiles and help disrupt organized criminal networks, the Australian government feels.
Prime Minister Malcolm Turnbull says the new laws are necessary for Australia to adequately prosecute criminals who abuse the web for nefarious activities. As quoted by ABC News:
“We cannot allow the internet to be used as a place for terrorists and child molesters and people who peddle child pornography, and drug traffickers to hide in the dark. The laws of mathematics are very commendable but the only laws that apply in Australia is the law of Australia.”
At this time, it’s unclear how the laws could force technology companies to break their encryption.
Apps that employ end-to-end encryption like WhatsApp and Signal encrypt a message with a public key. Only a user with the corresponding private key can decrypt and read that message. But WhatsApp and others can’t access those private keys.
With that said, companies could circumvent their own encryption by access a message before it’s encrypted by recording what a user types or saving it after the receiver has decrypted it. Alternatively, they could adjust the means by which they encrypt their messages. The Guardian elaborates on this option:
“One way is that at the point of message encryption the message is not just encrypted for the recipient’s key but also with a key belonging to the technology company that makes the app. Then the technology company would be able to decrypt the message, store it and then later provide this to law enforcement agencies. This amounts to what most people would call a ‘backdoor’ – that is a method introduced, usually by the manufacturer, that allows someone to bypass a security system.”
Attorney General George Brandis, who told ABC News that those in the Australian government “don’t propose to require ‘backdoors,’” said he spoke to a cryptographer at GCHQ, the United Kingdom’s spy agency. That individual told Brandis “that this was feasible” to break end-to-end encryption.
Technology companies aren’t impressed. Here’s what a spokesperson for Facebook had to say about the laws:
“Weakening encrypted systems for [law enforcement] would mean weakening it for everyone. We appreciate the important work law enforcement does and we understand their need to carry out investigations. That’s why we already have a protocol in place to respond to requests where we can.”
As of this writing, it’s expected the proposed laws will come before Parliament by the end of the year.