Australian government proposed a new cybersecurity law that forces web services such as Google and Facebook to lower their encryption systems. According to the motion the companies are required to provide access to law enforcement agencies.
Australian Law Enforcement Agencies Are to Be Given Access to Encrypted Services
A planned cybersecurity law has stirred Australia by proposing lower encryption standards of popular services: Facebook, Yahoo and Google among others. Today the Australian Prime Minister Malcolm Turnbull stated that the proposed motion will require technology companies to provide the intelligence and law enforcement agencies access to the private user communications.
In comparison with other bills that are in effect in other countries the Australian attorney-general and the prime minister stated that the measures would not utilize backdoors, Trojan components or similar functions to be built into the encryption application. However exact technical specifications and ideas have not been mentioned.
The new law follows the model of the Investigatory Powers Act that is in effect in the United Kingdom. Part 2 of is dedicated to “Lawful interception of communications” where three warrants are detailed:
1. Targeted Interception Warrants – a warrant which authorizes or requires the person to whom it is addressed to secure, by any conduct described in the warrant.
2. Targeted examination warrants – the obtaining of secondary data from communications transmitted by means of a postal service or telecommunication system.
3. Mutual assistance warrants – the disclosure, in any manner described in the warrant, of anything obtained under the warrant to the person to whom the warrant is addressed or to any person acting on that person’s behalf.
The Attorney-General has stated that encryption is “greatest degradation of intelligence and law enforcement capability”. The official stated to the media that in discussion with the UK’s chief cryptographer the proposed motion would be compatible with the current Australian laws. The changes would also oblige internet service providers as well.
The proposed Australian law would hinder security standards as the popular web services already hold a track record of cooperating with law enforcement agencies around the world. Facebook has stated that it has provided data to officials 567 times last year.
Industry and academic specialists have warned numerous times that existing approaches endanger overall security. A popular method involves the use of a special key string by government agencies to access user records. In a hypothetical situation if this “master decryption key” is lost or stolen then the user data of the target service would be severely compromised.
It remains to be seen if the Australian cybersecurity law will come into effect and what mechanisms it will impose on the services and providers.