The people were most worried about will circumvent it and the ones who most need it are the ones who are going to lose their privacy.<\/p>\n
In a press conference this FridayPrime Minister Malcolm Turnbull announced the Governments intention to introduce new encryption laws that would compel tech companies to provide Australian security agencies with access to encrypted messages. The laws are intended to make it easier for law enforcement to access the messages of suspected terrorists and criminals. <\/p>\n
Unfortunately, Turnbull also used the press conference to demonstrate a deep misunderstanding of how encryption works. Specifically, he said that the laws of mathematics are very commendable but do not apply in Australia. This did not inspire confidence. <\/p>\n
Given the importance of encryption for security and privacy, and the enormous potential consequences of inserting so called backdoors in software, people are understandably pretty freaked out. The UK laws the Australian laws are supposedly based on have also been roundly criticised as an invasion of privacy, and have been nicknamed the Snoopers Charter for that reason. <\/p>\n
For the time being, though, its not totally clear exactly what the Australian laws will entail, whether theyll work, and whether theyll be much of a threat. Heres what you need to know at the moment: <\/p>\n
Apart from that the laws of mathematics dont apply down under? Not much. <\/p>\n
Basically, Turnbull said the government is concerned about making sure the rule of law applies online as well as offline so that the internet is not used as a dark place for bad people to hide their criminal activities from the law. <\/p>\n
Attorney-General George Brandis emphasised that the new laws are not changing any existing legal principle. It has always been accepted that in appropriate cases, under warrant, there can be lawful surveillance of private communications. He characterised the new laws as bringing these up to date with technology. <\/p>\n
As far as how the government plans to ensure this, we got vague mixed messages. Turnbull insisted that the legislation will require [tech companies] to provide assistance, except not through backdoors, but legitimately, appropriately. <\/p>\n
The problem? Its not clear what this means, or whether its possible. <\/p>\n
End-to-end encryption, which is used by messaging applications like WhatsApp, works by scrambling a message as its transmitted such that it can only be unscrambled by the intended recipient. The Guardian has an excellent explainer on how encryption works here, but the basic takeaway you need is this: the service provider (i.e. WhatsApp), cannot unscramble the message. <\/p>\n
This is the point on which the governments vague press conference doesnt make a lot of sense. The law may compel companies like WhatsApp to provide assistance, but theres not a lot that WhatsApp can do. In the words of independent cybersecurity researcher Troy Hunt, you cant break the mathematics in that way, its just not how it works. <\/p>\n
This brings us to the question of backdoors. A backdoor is a method of bypassing security or encryption, which can end up in a program by design or by mistake. One way that the government could hypothetically obtain encrypted messages is if they were able to compel an encrypted messaging provider to remove encryption, or to implement some kind of backdoor allowing messages to be retrieved from a device. <\/p>\n
The problem with inserting backdoors, as Troy Hunt puts it, is that you cant ensure theyll only be used by legitimate forces. Once there is a way of exploiting devices, sooner or later it tends to fall into the hands of people its not meant to, he told Junkee. <\/p>\n
The global WannaCry ransomware attacks several months ago, for example, were the result of a backdoor in Windows operating systems being exploited by malicious hackers. When security is compromised through backdoors or the removal of encryption, everybody loses. <\/p>\n
Of course, Turnbull was adamant that no backdoors would be used. But given that he was cagey on how exactly the laws would work, people are a bit worried. <\/p>\n
Troy Hunt told Junkee what the laws might actually mean in practice. <\/p>\n
He thinks that rather than trying to compel services like WhatsApp to remove their encryption, were more likely to see the government proactively pursue intercepting messages at the end points, for example by using exploits to gain access to it on phones of suspects, which makes a lot more sense technically than what some of the headlines say at the moment. <\/p>\n
This would entail trying to work with companies like Apple and Samsung to break into their devices something that has received huge pushback from such companies in past. Given that in the past tech companies have stood their ground, and ultimately it took the FBI paying about a million bucks to get some exploit tool to get in, Troy isnt particularly worried about the Australian governments use of backdoors becoming particularly widespread in practice, even if thats their tool of choice. <\/p>\n
While it might be unlikely that the government manages to force tech companies to bypass encryption, Troy cautions that it wouldnt be great for most of us if they did. <\/p>\n
If they managed to do that, we still have all of these mechanisms of encryption that are outside the scope of any one company or service we still have things like PGP mail. And all of these channels will still exist for people who want to use them and keep their messages private. <\/p>\n
The people were most worried about will circumvent it and the ones who most need it are the ones who are going to lose their privacy. <\/p>\n
Basically, at the moment what the governments proposing is pretty unclear, and sounds a bitdodgy, but nothings actually been finalised. The takeaway for now is that this is one to watch further details of the actual laws will emerge as the bills themselves are drafted. <\/p>\n<\/p>\n
Sam Langford is Junkees Staff Writer. She tweets at@_slangers. <\/p>\n
<\/p>\n