Home Affairs makes changes to encryption Bill without addressing main concerns Watch Now

For a solid ten days this month, it appeared as though Australia was taking truly scary steps to become a nexus of surveillance among the Five Eyes nations.

The southern land is in the midst of bringing on legislation to ask, before forcing, internet companies, telcos, messaging providers, basically anyone deemed necessary, to break into whatever content the country's federal and state police and anti-corruption forces want access to.

The proposed laws have been labelled as outrageous and dangerous, thanks to an amazingly broad scope written into the Bill, and a lack of oversight and ability to challenge.

Also: Ex-Google CEO: An internet with Chinese rules is coming your way

One particular troubling clause in the draft legislation would have required companies to potentially break laws in overseas countries to remain compliant with Australian laws. That clause disappeared between the draft and introduced versions of the Bill, and the international tug-of-war it could have set off was avoided.

Unlike almost every other western nation, Australia is without a Bill of Rights or a robust framework for challenging laws based on human rights, and so it is a perfect testing ground to see how far the Five Eyes push on encryption can go. There is no European Court of Human Rights to strike it down, nor even anything as troubling as the US constitution's Fourth Amendment and probable cause to worry about.

Make no mistake, Australia is doing all the front-running on this law for the Five Eyes, an intelligence alliance made up of the Unites States, United Kingdom, Canada, Australia, and New Zealand. Canberra is taking Britain's Snooper's Charter, making it as broad as it can, and avoiding any definition it can get away with.

Once the encryption-busting scheme is in place, politicians in the rest of the Anglosphere will be able to point to it, more than likely slap descriptions on it like "world-leading" and "tough but fair", and ask their electorates to let them impose a similar regimen on them. For historical precedent, notice whenever Australia's "world-leading" immigration system is referred to in nativist political discourse.

With news on late Friday that the encryption Bill is going to be rammed through the usual consultation and committee period, this thing is coming at Australia quicker than a bat out of hell.

Also see: Governments stand ready to regulate a cyberscape they do not understand

At the same time, a Senate committee is looking into the muffed rollout of Australia's e-health record system, and the viewing only adds to a depressing outlook. Despite having witnesses appear that are security experts that could provide testimony on the failings of the current system design, committee members have spent precious time asking the experts to explain the difference between centralised and distributed system design in the most basic terms.

It shows the people involved across the Parliament, the parties, and the politician offices, either cannot provide, or do not care enough, to give the committee members a quick tutorial before the hearings so that they can ask probing questions.

This is the same calibre of person that is expected to examine various ways to access a device and understand the difference between compromising a single mobile phone versus a systemic weakness in a messaging or security protocol and make an informed judgement. Once the Joint Committee on Intelligence and Security begins its hearings, the full technical ineptitude of Canberra will be on display.

And once Australia is done, it will move onto the rest of the Anglosphere -- particularly if the UK decides to free itself from the judgements of European Courts.

For anyone expecting or hoping that the internet giants will take a stand and fight back against such laws, the outlook is bleak. It is folly to expect the same companies that are happy enough to do business in China -- a country where the social credit system takes the worst elements of current digital surveillance technology and combines it to track and sort an entire population -- to take a stand against a comparatively watered down set of laws.

Also: Australia's anti-encryption law will merely relocate the backdoors



Similarly, expecting Australia's opposition Labor party to block or significantly modify the laws is wishful thinking. As the current government has imposed more or more technology-focused national security laws, the Labor party has made a habit of complaining loudly, but voting for the legislation anyway. Australia would not have a data retention system if Labor had a spine, but it doesn't want to be accused of being soft on crime or terror. Even as the system is mostly used to chase down drug-related crimes.

Already this month the Internet Architecture Board (IAB) has warned Australia's proposed laws represent an existential threat to the internet's security and integrity, and have the potential to fragment the internet. The fragmentation wouldn't need to be as overt as the Chinese Great Firewall, but rather one around trust and expectation.

"This approach, if applied generally, would result in the internet's privacy and security being the lowest common denominator permitted by the actions taken in myriad judicial contexts. From that perspective, this approach drastically reduces trust in critical internet infrastructure and affects the long term health and viability of the internet," IAB chair Ted Hardie wrote.

The future could contain a combination of a China-led internet, full of great firewall blocking and definitely surveillance; an Anglospheric one where you might be surveilled, and claims by vendors to have end-to-end encryption need to be examined even more closer than today; and a European-led internet.

Europe would appear to have lucked out and landed itself in the prime position to benefit from the increasing surveillance of others, but there is a chance it could fundamentally rework how content is presented to its citizens with its Copyright Directive that could require licencing to share content and links.

Read more: EU copyright reform proposal: 3 things businesses need to know

If the GDPR was enough for some sites to serve up a degraded page to European users, then the Copyright Directive represents a much bigger threat and it's possible to envision geoblocks being used to avoid compliance with it.

We could very well be witnessing the high watermark of openness and trust on the internet, where for the vast majority of users it is possible to create properly secure channels of communication without having to fear government snooping or bad actors using weaknesses demanded by the police.

In 2020, there is every chance that the Tasmanian Police, responsible for Australia's smallest state and just over 500,000 people, could use its powers to force a global technology company to change a product in a fundamental way.

Whether the actors involved know it or not, the internet and use of technology is about to get a lot worse, and another piece of liberty disappears for so-called safety using a mechanism that in no way could possibly backfire on us.

Previously on Monday Morning Opener: