Security agencies would be given access to encrypted messaging apps under bid to ‘modernise’ laws

This article is more than 2 years old

This article is more than 2 years old

Technology companies such as Facebook and Google would be forced to give Australian security agencies access to encrypted data under legislation to be introduced by the Turnbull government.

But the government has refused to say how the security agencies would access the data.

The government has drafted legislation to be introduced in the coming months that would force companies to co-operate with security agencies seeking access to encrypted data.

• Sign up to receive the top stories in Australia every day at noon

On ABC radio on Wednesday, the cyber security minister, Angus Taylor, said the bill would “modernise” existing laws to give security agencies access to information transferred through encrypted messaging apps.

“The key point here is that we need to modernise our laws and get access to information for holding criminals and terrorists to account for investigations and gathering evidence,” he said.

“Those laws were developed during an analogue era decades ago and they are now out of date. Much data and information is transferred through messaging apps and it’s digital not analogue. There’ve been very substantial changes in the technology and we need to update the powers.”

Taylor has said the legislation will avoid introducing “weaknesses” in encrypted data devices by avoiding using “backdoor” methods of accessing data, such as a so-called “key” to de-encrypt data.

Previous attempts to legislate to allow access through what is termed a “backdoor” for security agencies have been frustrated by tech companies’ reluctance to allow government interference. Backdoor entry points have been resisted because they could introduce weaknesses in encryption services that could be exploited.

But Taylor hopes to avoid those roadblocks by legislating to allow alternate access to data.

“There have been ideas around for decades that you should create some kind of key that law enforcement can get to ... that’s not what were proposing,” he told the ABC.

What he is proposing though is unclear. On Wednesday he dodged multiple questions about whether the legislation would mean forcing companies to include surveillance codes in devices, so that agencies could access data before it is encrypted.

Encryption keeps us safe. It must not be compromised with ‘backdoors’ | Robby Mook Read more

He said it was “not within my remit” to talk about the ways law enforcement agencies access data.

But Nigel Phair, from the Centre for Internet Safety at the University of Canberra, said if the legislation avoided having to use a backdoor entry to encrypted data then it was likely that it would use a “frontdoor”, a means of accessing the information before it was encrypted.

“What we’re probably talking about here is straight up an agreement with the device manufacturer [to] enable law enforcement agencies at some stage to get access to data,” he said.

“This is why it would be helpful to actually be able to see the legislation. Under what particular circumstances would access be granted? This is really serious eavesdropping, so it should only be used for really serious offending and national security.”

While the mooted legislation would force tech companies to hand over encrypted information, most companies do so voluntarily.

In the second half of 2017 alone Apple received 2,601 requests for access to devices from Australian law enforcement agencies and granted them in 87% of cases.