Australia legislation 'would allow police to break encryption' (pic: Colin Anderson Productions/Getty Images)
New laws have been passed in Australia that will force tech companies to give police and intelligence agencies access to encrypted communications.
The government said the laws were necessary to combat crime and terrorism. Under the laws, communication service providers would have to build in wiretapping capabilities for investigators.
The Telecommunications Access and Assistance Bill was passed on the last day of Australia’s parliament despite strong opposition. The opposition Labor party said it had reluctantly supported the laws to protect Australians over the Christmas period, but according to reports by BBC News, it has "legitimate concerns" over the laws.
The laws allow the Australian attorney-general to order websites to build in eavesdropping capabilities and conceal the fact that an agency is running a covert operation. But the Australian government said this would not undermine encryption as it would prohibit police from making companies build or implement vulnerabilities into authentication or end-to-end encryption services.
"This ensures that our national security and law enforcement agencies have the modern tools they need, with appropriate authority and oversight, to access the encrypted conversations of those who seek to do us harm," Attorney-General Christian Porter said. "Australia is a safer place as a result."
The bill will see any person failing to hand over data go to prison, and organisations could be fined as much as A$10 million (£5.6m) under these laws.
Technology companies have expressed concerns over the new law, including the likes of Apple, Google and Facebook.
In a submission to the Australian parliament, Apple said the bill "could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor the health data of its customers for indications of drug use, or require the development of a tool that can unlock a particular user’s device regardless of whether such tool could be used to unlock every other user’s device as well".
It added that it was "deeply concerned that the government may seek to force providers to provide real-time interception of messages or internet-based audio or video calls should the law pass in its current form".
The Digital Industry Group Inc (DIGI), representing a number of tech companies said that the legislation was "out of step with surveillance and privacy legislation in Europe and other countries that have strong national security concerns".
Jake Moore, cyber-security expert at ESET UK, told SC Media UK that this could have a devastating knock-on effect around the world.
"Creating a backdoor for law enforcement will never assure that no one else will be able to access the database or files, and criminals will learn to exploit these vulnerabilities. If you break the fundamental way that encryption works, you risk breaking the internet and eradicating any trust and security. The www would stand for the ‘Wild Wild West’ not ‘World Wide Web," Moore said.
Joseph Carson, chief security scientist at Thycotic, told SC that this was "an extremely bad idea".
"While the intention is to make a safe and secure physical society to live in, the major problem is that our lives are more online than ever and such actions make our digital society exposed to cyber-crime and cyber-attacks. This weakens the foundation on what security is built on which is secure communications and any methods to weaken security opens up society to cyber-crime across borders. This will likely have a major impact to the Australian economy over time," he said.
Brad Poole, consumer security expert at HMA, told SC that this was another "gross abuse of power that shatters the principles of privacy for law-abiding citizens".
"This is not to say that national security isn’t important. Wiping out terrorism, organised crime and paedophilia should always be prioritised, but it shouldn’t take legislation that snoops on everyone and everything to achieve it," he said.