èƵ

Why Australia’s new encryption laws may actually help criminals

Australia has just introduced new laws forcing companies to give them access to people’s encrypted messages. Cybersecurity researchers say this will likely backfire
WhatsApp uses end-to-end encryption to keep messages secure
WhatsApp uses end-to-end encryption to keep messages secure
Geoff Smith / Alamy Stock Photo

Why does Australia want to let law enforcement access encrypted messages?
On Thursday, that will force tech companies to help police and security agencies access encrypted communications. Australian police say that of messages they intercept now use some form of encryption. They claim that this affects their ability to investigate terrorists and organised crime groups.

What exactly are encrypted messages?
Messaging services like Apple’s iMessage and WhatsApp use end-to-end encryption to ensure that only the sender and recipient of a message can read it. The service provider cannot see what’s written, nor can anyone else who tries to intercept it.

What new powers will law enforcement now have?
Australian police will now be able to force communication providers to help them access encrypted messages, or otherwise face fines of up to A$10 million.

But you just said that wasn’t possible?
They can’t simply ask a company to decode the encrypted messages stored on their servers, because only the senders and recipients have the required keys. Instead, they may ask providers to build customised software updates that can be exclusively targeted to criminal suspects’ phones to stop their messages from being encrypted in the first place, says at the University of Melbourne.

Why are tech companies and cybersecurity researchers worried?
Encryption technology isn’t just used to protect communication privacy – it’s also used to secure online banking, medical records and sensitive government files. If companies are forced to create specialised tools to bypass encryption, these could be stolen and exploited by criminals, say experts.

Hasn’t this point been made before?
In 2016, the FBI tried to force Apple to create new software to unlock an iPhone that was used by one of the shooters in the San Bernardino attack. , saying that if the customised software one day fell into the wrong hands, it could jeopardise the security of all other iPhone users.

How does Apple feel about the new laws?
Australia’s new laws would prevent Apple from refusing the same request if it was made by Australia’s FBI equivalent, the Australian Security Intelligence Organisation (ASIO), says Teague. “I believe that’s the inspiration for this bill,” she says. In a , Apple said it was misguided to think that “access to encrypted data could be created just for those sworn to uphold the public good.”

Is the Australian government not worried about crooks accessing people’s messages?
According to the legislation, companies will not be required to create any tools that cause “systemic weaknesses”. However, this is impossible to guarantee, says Teague. “The government thinks you can target anti-encryption software to just one device without any consequences for other people, but those of us who study how cybersecurity actually works can see the potential risks to all other users of that device,” she says.

Will the new laws actually help to catch criminals?
The legislation has been sold to the public as a way to guarantee police access to terrorist messages. However, this is “ludicrously naïve”, says Teague. If criminals find out that Apple, for example, is building anti-encryption software for iMessage, they will simply switch to another messaging provider, she says. “There is plenty of good-quality encryption software all over the internet that you can easily download,” she says.

Topics: Law / Smartphone