"There is no intention that we have ... to undermine legitimate encryption," he said. "The specifics of any scheme that may or may not be legislated in due course would have regard to those societal balances.



"You assume that a back door has to be created. I am just saying that that is a cartoon-like assumption, not that you are making, but you have seen the literature."

He said a "more detailed discussion" could take place on what exactly the government proposes to do when legislation is brought to parliament.

The Home Affairs Department, in a submission to a Senate inquiry on emerging technologies last month, repeated that companies such as Apple, Google and Facebook would not be required to break their encryption via a back door.

"The government has committed that companies will not be required to build so-called ‘back doors’," the submission stated. "This will mean that encryption will continue to secure the private and sensitive information of businesses, governments and the general public."

The department flagged that law enforcement might need greater powers to bypass encryption.

"While a legislative response can address some of the challenges posed by encryption, it is likely that agencies will continue to face challenges accessing end-to-end encrypted communications," the submission stated.

"In this environment, it will be increasingly important for law enforcement agencies to utilise alternative methods to investigate serious crimes and combat threats to public safety and national security. For this purpose, the range of powers available to agencies must continually be examined."

The department pointed to work done in the United Kingdom, where tech companies can be issued with a "technical capability" notice requiring them to provide data in an intelligible format to law enforcement where it is "proportionate, technically feasible and reasonably practicable" to do so.

One of the ways that people say you could get past encryption without the need to break it would be to specifically target certain devices with software updates so law enforcement can see the communication when it is decrypted.

So if the AFP was targeting a device owned by a suspected criminal, for example, it would ask the company that made the device or app to push out a software update just to that specific user that would allow tracking of communications.



It's not as much about a master key, but re-designing the door.

But experts don't buy it.

Dr. Vanessa Teague, from the University of Melbourne School of Engineering, said in her submission that this method also creates its own problems, as people can check to see if the update they're installing is a genuine update.



Plus it raises the problem of what happens when another country asks for the same power.

"If we force a company, e.g. Apple, to be able to turn over data, what happens if other governments (perhaps ones we don't like) insist on Apple turning over data on visiting Australians' devices?" she said.

Digital Industry Group, which represents companies including Facebook, Google, Microsoft and Twitter, has urged the government to look at technical training, new investigative techniques with a focus on metadata (call logs, who sent messages to who and when) over encrypted data, and working with the companies, rather than focusing on new laws aimed at compromising encryption.

The Law Council of Australia has called on the government to release an exposure draft of the proposed legislation that would detail exactly how it would work.

Dutton's office did not respond to a list of questions about the proposal from BuzzFeed News.

