Australia isn’t breaking encryption

I would like to see spy laws and laws that encroach on the individual curtailed, but that can only succeed with reasonable and sound arguments, not hyperbole.

You’ve seen it in your social feeds, and even in respectable technology news sites: Australia passes new law to thwart strong encryption

In the competitive pursuit of eyeballs, many authors are ringing the alarm bells, however, the issue is more mundane.

This bill has attracted the attention of major organisations, such as Apple, Internet Australia, even the Internet Architecture Board who usually resist politics. Most have constructive feedback, some exaggerated.

You would think with all this attention and publicity, such a “dangerous” law would have been easily stopped. The reality is, there is no alarm, and no rational grounds to stop the bill.

No one in Government was trying to break the mathematics of encryption

Rather, law enforcement wants to make it easier to capture what people are typing into their smartphones before it is sent in an encrypted form to someone else.

Only yesterday, Signal App joined the conversation saying they won’t comply with the new Australian law. I’m guessing this is mainly to guard their well-earned reputation because the Australian Law this is NOT about the solid encryption system they use. It’s about the text that users enter, and the text they read back – humans work with plain text. So they certainly CAN comply, but they claim they will not.

To comply, Signal just needs to issue a version of the app that is different to everyone else’s. That app version would be signed, and the targetted user would have no clue that it was compromised. It can work as normal, except that the communication would be sent twice – once to the intended recipient, and another time to a Signal account belonging to a police unit; in both cases using their full uncompromised encryption.

So what if Signal doesn’t comply. A mobile app runs within the Operating System, which has full control and access to the system. Text that the user types is seen by the operating system before the app processes it. So Signal doesn’t have to comply in order for one of their users to be targetted.

(If Signal is serious, they’ll create a Warrant Canary dedicated to the Australian Law)

I struggle to see how this is new and shocking. We’ve had wiretapping laws for phones for decades, and such wiretapping have required warrants; law enforcement have certainly overstepped lines in the past, and laws and processes have been improved. People knew that law enforcement had the power to wiretap, and criminals most certainly adapted accordingly. For a while, people have been able to hide behind encryption, but now that such a law has been passed in Australia, citizens are fully aware.

As with all digital laws, they’ll need extra care to perfect. Human Rights organisations and technology companies are going to need to help in a way that minimises the reach and impact of these laws; any efforts to “stop” such laws are a waste of time and resources and reduce the credibility of such activist organisations with their government relations. We need strong organisations who read the legislation and campaign in a way that will be effective for citizens and in turn for their brands.

(I was involved with Internet Australia as a member analysing and rationalising the bill in the early stages. There were certainly problems and concerns, but none that would stop the bill. This organisation ended up taking a pragmatic approach helping to curb the overly general language in the bill. See their Media Release from August here – https://www.internet.org.au/images/MediaReleases/180815—MEDIA-RELEASE–Internet-Australia-concerned-about-device-back-doors.pdf)