Australia data encryption laws explained

Australia has passed controversial laws designed to compel technology companies to grant police and security agencies access to encrypted messages.

The government says the laws, a world first, are necessary to help combat terrorism and crime.

However critics have listed wide-ranging concerns, including that the laws could undermine the overall security and privacy of users.

The laws were rushed through parliament on its final day of the year.

The Labor opposition said it had reluctantly supported the laws to help protect Australians during the Christmas period, but on Friday it said that “legitimate concerns” about them remained.

Cyber-security experts have warned the laws could now create a “global weak point” for companies such as Facebook and Apple.

Australia already has laws which require providers to hand over a suspect’s communication to police.

This may already be possible if a service provider uses a form of encryption that allows them to view a user’s message.

But in recent years, services such as WhatsApp, Signal and others have added an additional layer of security known as end-to-end encryption.

 FBI says device encryption is ‘a huge problem’

 Geeks v government: The battle over public key cryptography

End-to-end encryption allows only the sender and recipient to view a message, preventing it from being unscrambled by the service provider.

Australia and other countries have said that terrorists and criminals exploit this technology to avoid surveillance.

It differs from laws in China, Russia and Turkey, where services offering end-to-end encryption are banned.

Under Australia’s legislation, police can force companies to create a technical function that would give them access to encrypted messages without the user’s knowledge.

“This ensures that our national security and law enforcement agencies have the modern tools they need, with appropriate authority and oversight, to access the encrypted conversations of those who seek to do us harm,” Attorney-General Christian Porter said.

However, cyber-security experts say it’s not possible to create a “back door” decryption that would safely target just one person.

“Any vulnerability would just weaken the existing encryption scheme, affecting security overall for innocent people,” said Dr Chris Culnane from the University of Melbourne.

Such a “security hole” could then be abused or exploited by criminals, he said.

In a bid to address these concerns, Australia’s law offers a safeguard which says decryptions won’t go ahead if they create a “systemic weakness”.

However critics say the definition of “systemic weakness” is vague, meaning it is unclear how it may be applied.