He told iTWire that the reason why these agencies were continuously asking for access to encrypted content was, "because I think they don't know better. I think they are not trained in computer forensics. I think they've gotten soft and they need to be taught how to investigate crimes in the computer age. They've just gotten sloppy".
Last month, during hearings on what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a number of law enforcement agencies — ASIO, the Australian Signals Directorate, the Australian Federal Police and Victoria Police — said the law needed to be passed as quickly as possible, and before Christmas, though no concrete justification was offered for this.
Later, Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton told the media that they would be asking the Parliamentary Joint Committee on Intelligence and Security, which was holding hearings into the bill, to speed up the process and send the bill back to Parliament as soon as possible.
"But the point that companies have to break their encryption to satisfy the demands of law enforcement – companies are not going to do that. They are not going to do it so I don't know what Australia thinks they are getting out of this."
In his latest book, Click Here to Kill Everybody, Schneier, a prolific author, outlined three reasons why there was no need for access to the content of encrypted messages.
For one, metadata cannot be encrypted – and that very metadata tells an investigator much more about a message than the actual content. Secondly, when third parties are used for data storage and processing, that data cannot be encrypted. And thirdly, since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.
"When data is stored with a third party and is made to do work, then it cannot be encrypted," Schneier said. "If Google is going to delete spam, how can they encrypt your email? That's just one example.
"There are ways to get data which is useful for solving crimes. Sometimes it is metadata which is useful, sometimes it is data that third parties are storing because they are using it, and sometimes it is data that is collected by some of these IoT gadgets, and together they are all very valuable."
It was pointed out to him that those who refused to fall in line with the law would face heavy penalties.
His response was: "Right. So you can imagine programmers not wanting to work for a company [that would do that kind of thing]. Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that.
"The law shows a fundamental misunderstanding of how software development works. So it would be really interesting to see how this whole thing comes together. I don't think it's going to end well."
Schneier did not disagree with the theory that law enforcement agencies had sought this type of law because until now technology companies have always held the upper hand in any tussles over gaining access to encrypted data.
"I think Australia is not going to get what they want," he said. "Many companies will pull out of the market, it's not worth it. Companies work on reputation."