{"id":41383,"date":"2018-08-14T12:06:48","date_gmt":"2018-08-14T02:06:48","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=41383"},"modified":"2018-08-14T14:22:23","modified_gmt":"2018-08-14T04:22:23","slug":"encryption-bill-faces-uphill-battle","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/","title":{"rendered":"Encryption bill faces uphill battle"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"425\" class=\"size-full wp-image-41386 aligncenter\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg 640w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone-205x136.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone-332x221.jpg 332w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/><\/figure>\n<p>After a few <a href=\"https:\/\/www.theguardian.com\/technology\/2018\/apr\/13\/australian-bill-to-create-back-door-into-encrypted-apps-in-advanced-stages\" target=\"_blank\" rel=\"noopener\">false starts<\/a>, the government has released its promised legislation to address the \u2018<a href=\"https:\/\/www.fbi.gov\/services\/operational-technology\/going-dark\" target=\"_blank\" rel=\"noopener\">going dark<\/a>\u2019 problem caused by encryption\u2014something that <a href=\"https:\/\/www.homeaffairs.gov.au\/consultations\/Documents\/limitations-safeguards-factsheet.pdf\" target=\"_blank\" rel=\"noopener\">affects more than 90%<\/a> of the data lawfully intercepted by the Australian Federal Police.<\/p>\n<p>Despite much <a href=\"https:\/\/www.itnews.com.au\/news\/turnbull-govt-wants-to-force-companies-to-break-encryption-464861\" target=\"_blank\" rel=\"noopener\">speculation<\/a> that it might attempt to destroy end-to-end-encryption, the Telecommunications and Other Legislation Amendment (Assistance and Access Bill) 2018 goes out of its way to make clear that it will do no such thing. The <a href=\"https:\/\/www.homeaffairs.gov.au\/consultations\/Documents\/the-assistance-access-bill-2018.pdf\" target=\"_blank\" rel=\"noopener\">draft bill<\/a> explicitly states that no measure can be taken that requires a designated communications provider to build \u2018a systemic weakness, or a systemic vulnerability\u2019 (section 317ZG). The key word here is \u2018systemic\u2019: instead of aiming to create systemic vulnerabilities, the bill seeks to facilitate tailored access and the creation of \u2018<a href=\"https:\/\/www.homeaffairs.gov.au\/consultations\/Documents\/explanatory-document.pdf\" target=\"_blank\" rel=\"noopener\">alternative-collection capabilities<\/a>\u2019.<\/p>\n<p>Reading the draft bill, you get the impression that it has benefited from a long consultation process with industry. But, as discussions that ASPI\u2019s International Cyber Policy Centre has held with the major tech firms, the government, and privacy and encryption experts have revealed, there are a lot of varying views on this issue and the bill will still meet with resistance.<\/p>\n<p>The bill is long and detailed, but here are a few of the key changes it ushers in.<\/p>\n<p>Section 317C brings into the Telecommunications Act\u2019s remit a broad array of companies and individuals under the banner of \u2018designated communications providers\u2019. This includes \u2018the full range of participants in the global communications supply chain, from carriers to over-the-top messaging service providers\u2019. The category also includes providers of an \u2018electronic service\u2019, which is broadly defined to capture \u2018a range of existing and future technologies, including hardware and software\u2019 (section 317D).<\/p>\n<p>Part 15 creates three tools for requesting and compelling assistance from designated communications providers. One is voluntary (a technical assistance request) and two are compulsory (a technical assistance notice and a technical capability notice). Both compulsory requests must meet a test of being reasonable, proportionate, practicable and technically feasible.<\/p>\n<p>A technical assistance notice compels a provider to cooperate if it has the capability to do so\u2014for example, to decrypt messages if it already has that capability.<\/p>\n<p>A technical capability notice, by contrast, compels a provider that doesn\u2019t yet have a capability to enable it to assist, to develop one. As the accompanying explanatory document notes: \u2018The things specified in technical capability notices may require significant investment.\u2019 This is likely to be the most controversial provision of the bill for many of the big tech firms.<\/p>\n<p>The terrain that the three types of notices can cover is broad (section 317E). One provision that\u2019s likely to be especially controversial is the potential for companies to be asked or compelled to hand over source code (section 317E(1)(b)), subject to a test of whether it\u2019s reasonable and proportionate.<\/p>\n<p>The legislation anticipates that companies, in most cases, will cooperate; however, penalties have been added as an inducement. Companies that don\u2019t comply face fines of up to $10 million and individuals can be fined up to $50,000 for each case of non-compliance. It also increases the penalties in the Crimes Act for those who refuse a lawful request to provide access to a device (for example, their password or fingerprint). The penalty increases from a maximum of six months\u2019 or\u00a0 two years\u2019 imprisonment to a maximum of five years\u2019\u00a0 or 10 years\u2019 imprisonment, depending on the seriousness of the crime being investigated.<\/p>\n<p>Many would regard the government\u2019s starting premise as reasonable\u2014that provided a compelling public need exists (as demonstrated by a warrant) governments should be able to compel access to otherwise private information. In this new technological age, a broad range of organisations should help provide that access in the same way traditional telcos have been for a long time. The trick, of course, is in the execution.<\/p>\n<p>The tech companies have been rightly concerned about any attempt to create systemic vulnerabilities or remove encryption. In the wake of the Snowden affair, when brand reputation depends on keeping an arm\u2019s-length relationship with government, many of the tech companies will be loath to appear too close to any government and concerned about any precedents that might be set in a broader international context. Handing over source code, for example, might be one area where some companies draw a line, concerned about the implications in other more authoritarian jurisdictions where that information could be used to cause harm or intellectual property theft.<\/p>\n<p>Some companies might also try to game the law. As drafted, the safeguards that require requests to be reasonable, proportionate, practicable and technically feasible could encourage some companies to secure data in a way that makes it impracticable for them to assist, even if they\u2019re compelled to do so. Companies like Apple already encrypt communications in such a way that they claim they themselves can\u2019t decrypt. Over time, areas where opportunities for assistance exist could be gradually closed off in a similar manner.<\/p>\n<p>This bill is a long way from the one outlined in early reporting last year that claimed encryption would be broken. While it contains provisions that will no doubt receive pushback over the coming weeks, it\u2019s a more nuanced response than reports suggested.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>After a few false starts, the government has released its promised legislation to address the \u2018going dark\u2019 problem caused by encryption\u2014something that affects more than 90% of the data lawfully intercepted by the Australian Federal &#8230;<\/p>\n","protected":false},"author":685,"featured_media":41386,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[95,1570,704,1369],"class_list":["post-41383","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber-security","tag-encryption","tag-legislation","tag-telecommunications"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Encryption bill faces uphill battle | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Encryption bill faces uphill battle | The Strategist\" \/>\n<meta property=\"og:description\" content=\"After a few false starts, the government has released its promised legislation to address the \u2018going dark\u2019 problem caused by encryption\u2014something that affects more than 90% of the data lawfully intercepted by the Australian Federal ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-14T02:06:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2018-08-14T04:22:23+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"425\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Fergus Hanson\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fergus Hanson\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg\",\"width\":640,\"height\":425},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/\",\"name\":\"Encryption bill faces uphill battle | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#primaryimage\"},\"datePublished\":\"2018-08-14T02:06:48+00:00\",\"dateModified\":\"2018-08-14T04:22:23+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Encryption bill faces uphill battle\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f\",\"name\":\"Fergus Hanson\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g\",\"caption\":\"Fergus Hanson\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/fergus-hanson\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Encryption bill faces uphill battle | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/","og_locale":"en_US","og_type":"article","og_title":"Encryption bill faces uphill battle | The Strategist","og_description":"After a few false starts, the government has released its promised legislation to address the \u2018going dark\u2019 problem caused by encryption\u2014something that affects more than 90% of the data lawfully intercepted by the Australian Federal ...","og_url":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-08-14T02:06:48+00:00","article_modified_time":"2018-08-14T04:22:23+00:00","og_image":[{"width":640,"height":425,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg","type":"image\/jpeg"}],"author":"Fergus Hanson","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Fergus Hanson","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/08\/1408phone.jpg","width":640,"height":425},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/","url":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/","name":"Encryption bill faces uphill battle | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#primaryimage"},"datePublished":"2018-08-14T02:06:48+00:00","dateModified":"2018-08-14T04:22:23+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/encryption-bill-faces-uphill-battle\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Encryption bill faces uphill battle"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/7eb1098c6aa7cd08e874d9b8dc1d376f","name":"Fergus Hanson","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/fbd719c7258d6f0affed7dd4223f32eb?s=96&d=mm&r=g","caption":"Fergus Hanson"},"url":"https:\/\/www.aspistrategist.ru\/author\/fergus-hanson\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/41383"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/685"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=41383"}],"version-history":[{"count":8,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/41383\/revisions"}],"predecessor-version":[{"id":41406,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/41383\/revisions\/41406"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/41386"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=41383"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=41383"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=41383"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}