Gaining access may well be the holy grail for governments, but will the charges against those whose messages are accessed hold up in court unless encryption is banned altogether?
Dutton issued what was more or less an ultimatum to the companies who provide encryption: you have to do what the government commands, or else...
But that is easier said than done. For one, most of the companies in the picture — Facebook, for example, which owns WhatsApp — call the US home. Government functionaries located in Australia are unlikely to be able to sway an American company, no matter how serious or desperate their pleas.
Governments could, of course, work out cosy arrangements with tech firms and receive unwritten agreements that in specific cases, the companies will be willing to slip targeted malware onto specific devices — identified by their Unique Device Identifiers — so that communications are tapped before anything gets encrypted.
Given that it is mainly the Five Eyes countries which are shouting themselves hoarse about encryption, one problem that could present itself is that methods of collection of evidence are often sought by defence lawyers. And it is unlikely that any government is going to reveal how it has collected the evidence if it is by the method cited earlier.
In March last year, government investigators in Washington state dropped all charges against a man charged with child pornography offences as they did not want to reveal the technological means they had used to locate him.
And in April 2017, the US Government dropped two child pornography cases against a man rather than reveal material available on WikiLeaks — which is still classified by the US Department of Justice — in court.
Melbourne-based lawyer and business adviser Joel Vernon pointed out that a facilitated access regime held water in theory but not so much in practice. A redesign of encryption methodologies would, he suggested, "undermine the constructive purposes like government transactions, online banking and even simply validating the identity of a website for which encryption is used".
Vernon has an additional point to make: "Crime and terror existed before the Internet, and a facilitated access regime simply won’t miraculously render them non-existent. In the meantime, device and service providers would have had to retool and re-engineer, passing on those costs to the end-user. Any incidental performance hit will also be absorbed by the end-user."
Now that is not going to make Joe Public happy.
It is unlikely that any government would want to drive a big business (and encryption is mainly provided by those in that domain) offshore. Certainly not a government that claims to be obsessed with jobs. In this context it is interesting to note that while the US is accusing Huawei of spying, the UK is perfectly content to do business with the company – jobs and investment are at stake.
What does Dutton propose to do about a company like Open Whisper Systems which produces the messaging app Signal? It has been designed to generate the minimum logs possible. In fact, when a subpoena was issued in October 2015 asking for email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, OWS owner Moxie Marlinspike could not provide anything. He had nothing to give: Signal does not store such details.
But maybe Signal is not so much on the government's radar as WhatsApp is. Will the use of VPNs also be outlawed? Nobody is sure at the moment. But there is no doubt, the laws will be rolled out later this year, as the longer the wait, the more the chances that the horse will bolt and leave the stable door swinging.