Australia's Government wants to pass world-first laws that would force technology companies to help police access encrypted messages.

Attorney-General Christian Porter has said a high number of people involved in terrorist plots and serious organised crime use encrypted messaging apps.

But not only does encryption keep text messages secret, it underpins the security of the internet, from email to online banking.

Technology companies, human rights groups, lawyers and others aren't happy about the law, and — given the bill's powers will be unprecedented globally — it's unclear how this will play out.

This is what we know so far about how it will affect you.

Why is this a big deal?

This is the story of a government seeking to get around a key selling point of some of the biggest companies in the world.

Encryption is the mathematical breakthrough that allows a message to stay secret between the person who wrote it and the person receiving it, no matter who ferries the message between the two.

Not only that, encryption is the foundation of many of things we take for granted on the internet, including secure stock market trading, health information storage and online voting.

But the Australian Government apparently pays little heed to the limitations of maths.

"The laws of mathematics are very commendable, but the only laws that apply in Australia is the law of Australia," then-prime minister Malcolm Turnbull said when announcing the new laws in 2017.

But on a serious note, critics are concerned the bill grants our spies and police extensive powers that could undermine internet security, with limited oversight or safeguards.

Can the Government already read my messages?

In some cases, yes, although authorities say they need these new powers to keep up with the criminal threat.

The risk of bad actors "going dark" online is not new, and law enforcement agencies currently have numerous tools they can use to access the data of suspects.

In 2015, for example, the government passed a law requiring telecommunication companies to retain metadata for two years.

Under the ASIO Act and other laws, the top spy agency can obtain remote access to computer networks and their data.

"They already have powers to hack end points where information is not encrypted," explained Monique Mann, a Queensland University of Technology law and technology researcher.

This power is strengthened by the current bill, which will allow state and federal authorities investigating certain offences to obtain computer access warrants similar to ASIO.

In some circumstances, law enforcement can also compel people under threat of jail time to disclose their computer or smartphone passwords — and the current bill steps up these penalties.

In addition, technology giants like Apple and Google voluntarily assist authorities.

During July-December 2017, for instance, Australian police made 120 requests for Apple account details, which could include someone's iCloud content. Apple provided data in 64 per cent of these cases.



So what extra access will the new laws give?

At almost 200 pages, the encryption bill introduces a raft of new powers, but criticism has focused largely on Schedule 1. It proposes three key powers for law enforcement:

A technical assistance request (TAR): Police ask a company to "voluntarily" help, such as give technical details about the development of a new online service

A technical assistance request (TAR): Police ask a company to "voluntarily" help, such as give technical details about the development of a new online service A technical assistance notice (TAN): A company is required to give assistance. For example, if they can decrypt a specific communication, they must or face fines

A technical assistance notice (TAN): A company is required to give assistance. For example, if they can decrypt a specific communication, they must or face fines A technical capability notice (TCN): The company must build a new function to help police get at a suspect's data, or face fines

The things a smartphone manufacturer or even a website owner could be asked to do by authorities are extensive: From installing software and modifying a service on demand, to providing technical information such as its source code.

While a TAR could ask a company to remove "electronic protection", the Government argues that safeguards in the bill prevent a TAN or TCN being issued that causes "systemic weakness" or breaks encryption.

Technology companies and encryption experts have warned that any tinkering with the security of online systems could have serious consequences.

Francis Galbally, chairman of the encryption provider Senetas, told a Senate committee last week that changing just one part of a telecommunication network could have unforeseen "systemic" effects — exacerbated by the bill's demand for absolute secrecy.

Dr Mann agreed, arguing that building a new function, such as inserting malicious code into one smartphone's software update, is a systemic weakness because the technique can be replicated across multiple devices — including by bad actors if they became aware of the capability.

An 11th-hour compromise between the Labor Party — which seems set to support the bill — and the Government promises to define "systemic weakness" and provide additional oversight of TCNs.

But it is not clear exactly what this will mean for technology companies who have to design and develop the functionality.

Sorry, this video has expired Cyber Security Minister Angus Taylor maintains there will not be any "back door" requirement in the legislation

Will I ever know if my messages have been read?

"How will you know if your app has been compromised by some kind of notice issued by the bill?" said Lizzie O'Shea, board member of Digital Rights Watch.

"You won't know."

The bill contains extensive secrecy provisions, meaning that if a company does build a new way for a suspect's messages to be read, they can't really tell anyone.

There are also concerns about secrecy when it comes to law enforcement obtaining warrants to access computer networks.

Senate President Scott Ryan — himself a Government MP — made a last-minute intervention in the debate that highlights some of the complexity around keeping such orders under wraps.

He confirmed politicians could have their messages accessed by law enforcement agencies without their knowledge, and have sensitive correspondence used in investigations without being able to claim privilege.

Can they block access to WhatsApp or Signal if they don't comply?

The laws aren't about shutting down these services, but they do include penalties for non-compliance.

Many technology companies that provide popular messaging apps are based overseas, so questions have been raised about how police could make them do anything under the new law.

The Communication Alliance said in its Senate submission that the attempted extraterritorial reach of the legislation is "unprecedented", and could mean companies avoid offering products here.

Similarly, companies like Senetas claim they may lose overseas clients because they can't guarantee they haven't compromised their products for Australian police.

But the biggest problem raised by critics is that any new vulnerabilities built to access a suspect's messages could damage the security of smartphones or the internet more generally, making us all less safe online.

For example, Ms O'Shea pointed out the Wannacry malware that shut down computer systems all over the world in 2017 was allegedly the result of a vulnerability stolen from the United States National Security Agency.

So who is allowed to spy on my messages?

The laws are being made by the federal Government, giving additional powers to national law enforcement agencies:

Australian Security Intelligence Organisation

Australian Security Intelligence Organisation Australian Secret Intelligence Service

Australian Secret Intelligence Service Australian Signals Directorate

Australian Signals Directorate Australian Federal Police

Australian Federal Police Australian Commission for Law Enforcement Integrity

Australian Commission for Law Enforcement Integrity Australian Crime Commission

But the laws are also designed in many cases to give state police the same access.

This is a point of contention raised by the federal Opposition, which is concerned about the lack of oversight of state agencies.

Why does the government care if I'm WhatsApping my ex?

According to the Government, this legislation is focused on preventing terrorism and tackling organised crime.

Yet some parts of the bill could be used for investigations of federal crimes with a three-year penalty, which could include things like copyright breaches.

But the late compromise between Labor and the Government appears set to limit its scope to serious offences only.

In any law enforcement reform, there's also the potential for legislative creep.

When the metadata collection laws were passed in 2015, the Government said only a limited number of agencies would use them.

Now reports suggest that even local councils are using these powers to the tune of more than 350,000 requests a year.

Attorney-General Christian Porter argues these laws are needed to prevent terrorism. ( ABC News: Matt Roberts )

Can terrorists get around the new laws?

As Mr Porter notes, encrypted messaging is popular among criminals.

It's popular because it's effective — it allows them to avoid the prying eyes of police.

However, criminals may adapt to the new arrangements to avoid detection and build their own encrypted messaging platforms.

And while criminals adapt, police believe they will have access to information that will be useful for preventing crime and potentially saving lives.

Do we really know how this will play out?

Are you kidding? This is wild!

Not only are these laws a world-first, there is international concern about how they might make the entire internet less secure.

Many of the specific implications of these laws will play out behind closed doors.

Technology companies are likely to be the best source of information about the efficacy of these laws, but their perspective may be biased against anything that negatively affects their bottom line.

The public is likely to receive glowing reports from politicians of terrorist acts being foiled thanks to these new powers.

The Labor Party claims scrutiny of the bill will continue in 2019 through an ongoing committee process.

But Australians still may not end up knowing whether the policy was the most appropriate and proportionate response to the dangers.