This article is from the source 'guardian' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.theguardian.com/australia-news/2018/dec/05/coalitions-deal-with-labor-on-cracking-encrypted-messages-what-it-means-for-you

The article has changed 3 times. There is an RSS feed of changes available.

Version 0 Version 1
Coalition's deal with Labor on cracking encrypted messages – what it means for you Coalition's deal with Labor on cracking encrypted messages – what it means for you
(about 21 hours later)
A deal struck between Labor and the Coalition on Tuesday means the government’s encryption-cracking bill will pass this week, the final sitting week of the year.A deal struck between Labor and the Coalition on Tuesday means the government’s encryption-cracking bill will pass this week, the final sitting week of the year.
But despite added safeguards, digital rights groups and tech companies are still concerned the bill goes too far.But despite added safeguards, digital rights groups and tech companies are still concerned the bill goes too far.
What is the encryption legislation?What is the encryption legislation?
In August the Coalition released the telecommunications access and assistance bill, which gives law enforcement agencies new powers to deal with the rising use of encryption to keep electronic communications secret.In August the Coalition released the telecommunications access and assistance bill, which gives law enforcement agencies new powers to deal with the rising use of encryption to keep electronic communications secret.
Why we are governed by idiots and you should be worried | First Dog on the Moon
Applications like Signal, Whatsapp and Wickr, are effectively preventing law enforcement agencies from reading communications intercepted under warrant while investigating crimes.Applications like Signal, Whatsapp and Wickr, are effectively preventing law enforcement agencies from reading communications intercepted under warrant while investigating crimes.
What are the new powers for law enforcement agencies?What are the new powers for law enforcement agencies?
The bill introduces a new form of “computer access warrant” to allow law enforcement agencies to covertly obtain evidence directly from a device, if approved by a judge or member of the administrative appeals tribunal.The bill introduces a new form of “computer access warrant” to allow law enforcement agencies to covertly obtain evidence directly from a device, if approved by a judge or member of the administrative appeals tribunal.
Where a warrant has been issued to intercept telecommunications, the director general of security or head of an intercepting agency can then issue a “technical assistance notice” for a company to assist in decryption.Where a warrant has been issued to intercept telecommunications, the director general of security or head of an intercepting agency can then issue a “technical assistance notice” for a company to assist in decryption.
The attorney general would also gain a power to issue a “technical capability notice” requiring a communications provider to build a new capability that would enable it to give assistance to Asio and interception agencies.The attorney general would also gain a power to issue a “technical capability notice” requiring a communications provider to build a new capability that would enable it to give assistance to Asio and interception agencies.
Coalition and Labor do deal on law enforcement access to encrypted messagesCoalition and Labor do deal on law enforcement access to encrypted messages
The original bill stipulated that a technical capability notice could not require companies to build “systemic weaknesses” in their products, but no definition was provided on this safeguard.The original bill stipulated that a technical capability notice could not require companies to build “systemic weaknesses” in their products, but no definition was provided on this safeguard.
What were the concerns with the encryption bill?What were the concerns with the encryption bill?
The bill went to the parliamentary joint committee on intelligence and security, which has heard concerns from tech giants including Facebook, Google, Twitter, Amazon and device manufacturer Cisco that the bill would introduce back doors in their products. Tech companies noted the safeguard against “systemic weaknesses” was not defined.The bill went to the parliamentary joint committee on intelligence and security, which has heard concerns from tech giants including Facebook, Google, Twitter, Amazon and device manufacturer Cisco that the bill would introduce back doors in their products. Tech companies noted the safeguard against “systemic weaknesses” was not defined.
The Australian Human Rights Commission warned the bill would harm the privilege against self-incrimination because criminal suspects could be forced or tricked into giving access to encrypted messages, for example, by a notification to upgrade software such as Facebook Messenger that in fact gives agencies access to the user’s phone.The Australian Human Rights Commission warned the bill would harm the privilege against self-incrimination because criminal suspects could be forced or tricked into giving access to encrypted messages, for example, by a notification to upgrade software such as Facebook Messenger that in fact gives agencies access to the user’s phone.
The Communications Alliance argued it could harm Australians $3.2bn information technology export sector, because Australian products could no longer be trusted not to have back doors, and warned law enforcement agencies could use new powers to extend the reach of metadata retention laws.The Communications Alliance argued it could harm Australians $3.2bn information technology export sector, because Australian products could no longer be trusted not to have back doors, and warned law enforcement agencies could use new powers to extend the reach of metadata retention laws.
The Senate president, Scott Ryan, warned it would undermine parliamentarians’ ability to keep their work secret from police, because extending covert surveillance powers to police agencies would prevent parliamentarians having an opportunity to claim parliamentary privilege over material seized under warrant.The Senate president, Scott Ryan, warned it would undermine parliamentarians’ ability to keep their work secret from police, because extending covert surveillance powers to police agencies would prevent parliamentarians having an opportunity to claim parliamentary privilege over material seized under warrant.
What fixes are proposed in the Coalition-Labor deal?What fixes are proposed in the Coalition-Labor deal?
Proposed amendments to the bill have not yet been released publicly but the attorney general, Christian Porter, and Labor have revealed: On Wednesday evening the intelligence and security committee tabled its report, and on Thursday morning government amendments were introduced to implement key parts of the deal:
The new encryption cracking powers will be limited to “serious crimes”, defined as terrorism and child sexual offences or other offences with a term of imprisonment of three years or moreThe new encryption cracking powers will be limited to “serious crimes”, defined as terrorism and child sexual offences or other offences with a term of imprisonment of three years or more
The communications minister’s approval will be needed in addition to the attorney general to issue technical capability notices to build backdoorsThe communications minister’s approval will be needed in addition to the attorney general to issue technical capability notices to build backdoors
The bill will contain a definition of “systemic weakness” The bill will contain a definition of “systemic weakness” it is one that “affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person”
Companies will be able to dispute a technical capability notice, with a former judge and a person with technical expertise to judge whether a proposed back door was an impermissible “systemic weakness” Companies will be able to dispute a technical capability notice, with a former judge and a person with technical expertise to judge whether a proposed back door is “reasonable and proportionate” or is an impermissible “systemic weakness”
State anti-corruption bodies have been removed from the list of agencies that could access the new powersState anti-corruption bodies have been removed from the list of agencies that could access the new powers
The intelligence and security committee will continue to scrutinise the bill in 2019 The inspector general of intelligence and security will get notice when law enforcement agencies issue technical assistance requests and assistance notices
The new encryption cracking powers will be limited to “serious crimes”, defined as terrorism and child sexual offences or other offences with a term of imprisonment of three years or more The intelligence and security committee will continue to scrutinise the bill in 2019, and the Independent National Security Legislation Monitor will review it within 18 months.
The communications minister’s approval will be needed in addition to the attorney general to issue technical capability notices to build backdoors
The bill will contain a definition of “systemic weakness”
Companies will be able to dispute a technical capability notice, with a former judge and a person with technical expertise to judge whether a proposed back door was an impermissible “systemic weakness”
State anti-corruption bodies have been removed from the list of agencies that could access the new powers
The intelligence and security committee will continue to scrutinise the bill in 2019
Has the deal settled industry’s concerns?Has the deal settled industry’s concerns?
In a word: no. The Communications Alliance and the Digital Industry Group Inc – which represents Facebook, Google, Twitter, and Amazon – have several concerns.In a word: no. The Communications Alliance and the Digital Industry Group Inc – which represents Facebook, Google, Twitter, and Amazon – have several concerns.
No ministerial sign-off is required for technical assistance notices, which are in many respects as far-reaching as technical capability notices. For example, they can also require companies to remove a form of electronic protection.No ministerial sign-off is required for technical assistance notices, which are in many respects as far-reaching as technical capability notices. For example, they can also require companies to remove a form of electronic protection.
Unlike capability notices, assistance notices do not require any consultation period with the communications provider and can take immediate effect. Assistance notices can be issued, and subsequently varied by delegated officers within enforcement agencies, not just by the head of that agency.Unlike capability notices, assistance notices do not require any consultation period with the communications provider and can take immediate effect. Assistance notices can be issued, and subsequently varied by delegated officers within enforcement agencies, not just by the head of that agency.
On Tuesday Porter said the definition of systemic weakness was still being finalised but indicated it was one that “affects all applications on all devices at any given single point in time”.On Tuesday Porter said the definition of systemic weakness was still being finalised but indicated it was one that “affects all applications on all devices at any given single point in time”.
Without encryption, everything sent over the internet – from credit card details to raunchy sexts – is readable by anyone who sits between you and the information's recipient. That includes your internet service provider, and all the other technical organisations between the two devices, but it also includes anyone else who has managed to insert themselves into the chain, from another person on the same insecure wireless network to a state surveillance agency in any country the data flows through.With encryption, that data is scrambled in such a way that it can only be read by someone with the right key. While some older and clumsier methods of encryption have been broken, modern standards are generally considered unbreakable even by an attacker possessing a vast amount of computer power.But while encryption can protect data that it is vital to keep secret (which is why the same technology that keeps the internet encrypted is used by militaries worldwide), it also frustrates efforts by law enforcement to eavesdrop on terrorists, criminals and spies.That's particularly true for “end-to-end” encryption, where the two devices communicating are not a user and a company (who may be compelled to turn over the information once it has been decrypted), but two individual users.Without encryption, everything sent over the internet – from credit card details to raunchy sexts – is readable by anyone who sits between you and the information's recipient. That includes your internet service provider, and all the other technical organisations between the two devices, but it also includes anyone else who has managed to insert themselves into the chain, from another person on the same insecure wireless network to a state surveillance agency in any country the data flows through.With encryption, that data is scrambled in such a way that it can only be read by someone with the right key. While some older and clumsier methods of encryption have been broken, modern standards are generally considered unbreakable even by an attacker possessing a vast amount of computer power.But while encryption can protect data that it is vital to keep secret (which is why the same technology that keeps the internet encrypted is used by militaries worldwide), it also frustrates efforts by law enforcement to eavesdrop on terrorists, criminals and spies.That's particularly true for “end-to-end” encryption, where the two devices communicating are not a user and a company (who may be compelled to turn over the information once it has been decrypted), but two individual users.
The Communications Alliance chief executive, John Stanton, said the definition was “too narrow” and would still allow a weakness to be built – for example – in all devices in Victoria, or all users who select a push notification to install an upgrade in a particular language. The Communications Alliance chief executive, John Stanton, said that definition was “too narrow” and would still allow a weakness to be built – for example – in all devices in Victoria, or all users who select a push notification to install an upgrade in a particular language. However, the final definition in the amendments may address this concern.
The Greens digital rights spokesman, Jordon Steele-John, said the bill “will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian”.The Greens digital rights spokesman, Jordon Steele-John, said the bill “will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian”.
“Furthermore, any individual – whether that be a politician or a journalist – who uses encrypted messaging services to ensure the privacy of their sources, or the privilege of their policy discussions, should feel threatened by this bill’s potential unintended consequences.”“Furthermore, any individual – whether that be a politician or a journalist – who uses encrypted messaging services to ensure the privacy of their sources, or the privilege of their policy discussions, should feel threatened by this bill’s potential unintended consequences.”
Australian politicsAustralian politics
EncryptionEncryption
Christian PorterChristian Porter
Social mediaSocial media
Digital mediaDigital media
analysisanalysis
Share on FacebookShare on Facebook
Share on TwitterShare on Twitter
Share via EmailShare via Email
Share on LinkedInShare on LinkedIn
Share on PinterestShare on Pinterest
Share on Google+Share on Google+
Share on WhatsAppShare on WhatsApp
Share on MessengerShare on Messenger
Reuse this contentReuse this content