On September 10th the deadline passed for public comments on a draft version of Australia’s proposed Assistance and Access bill. This is a piece of anti-encryption legislation that is currently being considered by legislators in the Australian House of Representatives. The Department of Home Affairs received over 15,000 comments on the draft of the anti-encryption bill. Many non-profit organizations, businesses, government agencies, and individuals submitted comments on the draft of the Assistance and Access bill, including Access Now, the Internet Architecture Board, Digital Rights Watch, the Asia Cloud Computing Association, and Human Rights Watch among other organizations and individuals.
On September 9th, a day before the deadline for commenting on the bill, a coalition made up of some of the top civil liberties organizations and leading tech companies released a letter in opposition to the Assistance and Access bill. Some of the civil liberties organization which signed on to the coalition letter included Access Now, Defending Rights & Dissent, the Electronic Frontier Foundation (EFF), Human Rights Watch, Freedom of the Press Foundation, Restore the Fourth, among other non-profit organizations. Some of the tech companies which signed on to the coalition letter in opposition to the Assistance and Access bill included Apple, Cloudflare, Google, Microsoft, StartPage.com, among other tech companies. The coalition letter was also signed by a separate coalition of tech companies called Reform Government Surveillance, which is made up of Facebook, Twitter, Dropbox, LinkedIn, Evernote, Snap, Inc., Oath, as well as Google and Microsoft.
The Internet Architecture Board submitted comments on the draft of the anti-encryption bill to legislators. In their comments, the Internet Architecture Board warned that Australia’s desire to enact anti-encryption laws (that would allow law enforcement to force businesses to help them defeat their own encryption) represent an existential threat to the security and integrity of the Internet.
Just slightly over a week after the deadline for comments on the draft of the Assistance and Access bill, the Australian Minister of Home Affairs introduced a virtually unchanged version of the bill in the House of Representatives. It is not possible that the Australian government had read in excess of 15,000 comments in that time, so the Minister of Home Affairs obviously did not take into consideration any of the objections to provisions in the Assistance and Access bill. Nor did he consider the suggestions for ways the bill could have been improved to protect privacy and due process.
During the summer of last year, Australian Prime Minister Malcolm Turnbull had announced plans to introduce legislation that would require hardware manufacturers and service providers to assist law enforcement in gaining access to encrypted information. This bill in question later became the Assistance and Access bill, the draft of which was finally introduced in the House of Representatives in August of this year. The bill was originally intended to focus on issues related to encryption, but the bill now would grant a wide range of powers, including expanding the government’s authority to carry out computer hacking. The United Kingdom of course is not alone in seeking more governmental powers to launch cyber attacks. Last year, the German government’s cybersecurity agency sought approval to launch counter-cyberstrikes against hackers, and also last year the United States House of Representatives considered the Active Cyber Defence Act, a bill that would have authorized corporations to retaliate against hackers.
The Assistance and Access bill would allow Australian law enforcement to demand that a company, organization, or individual provide them with technical assistance in accessing encrypted communications. For example, if the bill were to be enacted, law enforcement could request that a website install spyware, or they could force a software developer to put a backdoor into his apps. The bill would create new government orders, known as a Technical Assistance Request (TAR), Technical Assistance Notice (TAN), and Technical Capability Notice (TCN), all of which would come with a penalty of five years in prison for anyone who discloses that they have received one of these requests or notices.
The bill comes after years of Australian officials and politicians calling for weakening encryption standards and forcing developers to create backdoor access to encrypted communications. If the bill passes the House of Representatives, it will then be sent to a Senate committee where amendments could be added to the bill. The Five Eyes surveillance alliance, of which Australia is a party of, recently announced their intention to gain backdoor access to encrypted communications with the help of hardware and software developers.