Home Government Tech Policy Encryption laws sought to right the balance between spies and tech
Encryption laws sought to right the balance between spies and tech Pixabay Featured

ANALYSIS The Australian encryption laws were devised for one reason: so that spy agencies could get back on an equal footing with technology firms and have a big stick with which to beat them whenever they want.

Over the years, the tech companies have won most battles with intelligence agencies over access to data, until legislation arrived to help the latter. The most recent example of this — before Australia's encryption laws were passed on Thursday — was the passage of the CLOUD Act by the US to give its law enforcement agencies access to data stored by US companies in any part of the world.

During a recent interview, the head of the Australian Cyber Security Centre, Alastair MacGibbon, provided some insight into the thinking that drove the bill, when he said that, once the laws are passed, "what I do think it will have is reasonable discussions between frankly, often US-based tech companies that for years have seen themselves beyond the reach not just of our law but our social expectations and nothing in this is unreasonable".

And at another point in the same exchange, he said, "...all they wanted was a tool that would give them the ability to work with tech companies in a reasonable and proportionate manner under the rule of law".

So, just another mine-is-bigger-than-yours situation in other words and this morning MacGibbon will doubtless be feeling that the playing field is now level again, or even a bit tilted in favour of the security agencies. It may be a false dawn, though.

The most prominent recent defeat suffered by a big intelligence agency was in 2016, when the FBI challenged Apple over gaining access to the contents of an iPhone belonging to one of the terrorists involved in an attack in San Bernardino, California, in December 2015.

The FBI spoilt its own chances of achieving what it said it wanted, by first changing the iCloud account password for this phone. This meant that scheduled backups from the phone to iCloud could not take place. Else, the data could have been obtained from iCloud by Apple.

The second, probably more grievous, FBI mistake lay in making a hue and cry over the matter. Apple officials have reportedly said that if the FBI had quietly gone to them, the whole thing could have been sorted out and everyone would have been happy.

But when the spooks took the matter to court, the hackles rose on the neck of Apple chief executive Tim Cook. And the rest of the story is well-known; ultimately the FBI paid out nearly a million dollars to the Israeli firm Cellebrite to obtain the data from that phone.

So, given the actual reason for loose laws of this kind to be sought, the ramifications have really not been thought through. Law and order can often prove to be an election-losing issue for politicians and so the Coalition Government used every tactic in the book, including tarring the Labor Party as supporters of terrorists, to push the statute through.

During the interview referred to earlier, MacGibbon raised the fact that Australia's laws are not unique and that the UK already has tougher laws. But he did not offer a couple of additional facts that would have put this in perspective: so far, the UK has never used this law, known as the Snoopers Charter. And the UK has a bill of rights, something Australia lacks.

Additionally, parts of the UK law have been found to be unlawful by the London Court of Appeal. But then, mentioning those qualifiers would have watered down MacGibbon's arguments.

The truth is, no agency needs access to content to decipher what is going on. Metadata cannot be encrypted and metadata often tells a much more detailed and thorough story than the actual data.

Additionally, when third parties are used for data storage and processing, that data cannot be encrypted. Most users, terrorists or law-abiding citizens, fall squarely into this territory.

And since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that. They don't really need access to content of encrypted messages. These aren't my conclusions, by the way, they come from a man with some pedigree.

No, this entire exercise is about a power struggle, and law enforcement now feels it has won the first crucial battle.

There is one more aspect to this whole episode that we have just gone through. The Australian laws will be used by spy agencies from the other Five Eyes countries — the US, the UK, Canada and New Zealand — under the intelligence-sharing agreements that exist between them.

The types of devices used across these countries are similar and therefore information obtained about one by an Australian agency will benefit its counterparts in the other four countries as well. Many birds have been slain by the one stone.

Reminds one of the old Beatles' ditty, "with a little help from my friends".

When the fallout from the existence of the laws will start is anyone's guess. MacGibbon dismissed the prospect of any fallout, saying, "So in the United Kingdom they have much tougher laws [than] here. Those tech companies, the sky hasn't fallen, people aren't rioting in the streets of the UK saying that their rights have been infringed."

Something tells me that that bit of commentary could prove to be somewhat short-sighted. But for the moment, MacGibbon's spin has served its purpose.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect