Skip to main content
banner image
venafi logo

Why are Government Officials Who Know Next to Nothing About Encryption So Eager to Mandate Encryption Backdoors?

Why are Government Officials Who Know Next to Nothing About Encryption So Eager to Mandate Encryption Backdoors?

Australian encryption backdoor law
February 6, 2019 | Sam Bocetta

It's tough not to be cynical about the government when it seems most of their policies are self-serving and uninformed. Take the recent encryption-busting law passed by the Australian Parliament under the guise of addressing national security concerns.

What New Law?

For those who haven't seen the extensive coverage, a new anti-encryption law was introduced as a supposed amendment to the Telecommunications Act of 1997. Known as the A & A (Access and Assistance) bill, it was passed on December 6, 2018. This law forces telecommunications companies in Australia to allow the government and law enforcement agents backdoor access to encrypted communications. The wording states that requests for access are "voluntary and mandatory," but companies who refuse to comply can face fines of up to $7.3 million; individuals will face prison time.

But there’s an even more insidious element: law enforcement doesn't have to get permission from the courts or the provider company to get what they want.

This bill allows them to bypass regular channels and compel IT specialists, or anyone else with access to the company's security protocols and updates, to give them access to data on demand, even if it's done in secret without informing the company owner.

The rationale for this law is that such access is necessary to fight terrorism and other crimes. Privacy and human rights advocates disagree.

Who Does This Bill Effect?

According to the bill's sponsors, it will only affect drug smugglers, paedophiles, terrorists, and other dangerous criminals. The basis for the law, which was championed by such anti-encryption foes as Home Affairs Minister, Peter Dutton, is that criminals use encrypted communications. Not having unfettered access to their messaging systems and phone conversations hampers law enforcement efforts and investigations.

The reality is that this is a slippery slope toward further infringement on privacy by a governing body that has no idea how technology works. The bill was opposed by technology and cyber security experts, human rights activists, and corporations inside the tech industry and out.

It was also initially opposed by the Labor Party, but they withdrew their objections after a promise from a majority headed by the PM and his AG, Christian Porter, to address their concerns at a later date in exchange for their vote now.

This only reinforces concerns that the process is being rushed without listening to cyber security and IT experts, and with no input from the public.

Should Non-Tech Savvy Government Officials Make Decisions About Technology?

A recent survey of more than 500 IT security professionals found that 88 percent believe government officials should be required to undergo training in basic cyber security. Furthermore, less than 40 percent of those polled think people in government understand the risks facing cyber and physical infrastructure.

Those in favor of the amendment, who are in the minority, would have you believe that anyone who objects to it is in favour of crime and terrorism. Are these the people who should be making decisions about technology given their lack of knowledge?

Objections to the bill are threefold, and they come from all sectors of society:

1. The wording is too broad and vague, opening the door for abuses and government overreach while limiting effectiveness toward the stated purpose of the bill.

2. It has the potential to make sovereign nations or companies subject to Australian law. The internet and telecommunications apps aren't necessarily limited by borders, and neither are the billions of people who use them. Enforcing laws in one country could infringe on the rights of companies and individuals outside of its borders and legal jurisdiction.

3. The "good guys" won't be the only ones with this access. If one country insists on gaining access to encrypted devices and platforms, repressive regimes will demand the same. It also allows covert ops to extend beyond the physical limitations of geography without ever leaving their home country.

The Problem of Unintended Consequences

The Australian government's solutions to criminal threats are knee-jerk and uninformed at best. The continued push of Five Eyes Alliance members toward anti-encryption legislation doesn't just undermine personal privacy and consumer trust in tech providers. It could also undermine their own intelligence-gathering capabilities by weakening their encryption.

This isn't the first attempt by a government to encroach into the realm of tech security. Legislators in the US, UK, and other countries have attempted to pass similar laws. So far, they've been beaten back by court challenges and corporate resistance.

Companies may simply decide not to do business or provide services in Australia over concerns about data integrity. Apple already stood up to the FBI over data access in the US, and they've strenuously objected to the Investigatory Powers Act in the UK in addition to opposing this new law in Australia.

How do you think government encryption backdoors will impact cyber security?

Related posts

Like this blog? We think you will love this.
picture of the statue of liberty from the bottom, holding a lit torch
Featured Blog

Is Cryptography Really a Threat to Liberty? [Labor Day Musings]

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

CIO Study: Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection
Industry Research

Forrester Consulting Whitepaper: Securing the Enterprise with Machine Identity Protection

Machine Identity Protection for Dummies
eBook

Machine Identity Protection for Dummies

About the author

Sam Bocetta
Sam Bocetta
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat