24 Aug The Assistance and Access Bill 2018
The Australian Government have released a draft Bill [The Assistance and Access Bill 2018] designed to compel device manufacturers and service providers to assist law enforcement in accessing encrypted information. Although apparently developed to allow government agencies access to encrypted communications, the Bill also grants broad, sweeping powers to government agencies that will harm the security and stability of our communications and the internet at large. The government has asked the public for feedback before September 10, 2018. Enclosed is a copy of my submission to the Department of Home Affairs.
24 August 2018
Department of Home Affairs
By Email: AssistanceBill.Consultation@homeaffairs.gov.au
I write to express my concerns over the draft legislation titled ‘The Assistance and Access Bill 2018’, and outline these concerns below.
1. This Bill would harm cybersecurity
This Bill would require companies to provide information about how their systems work. It would allow more people physical access to networks. It would require organisations to test and install new functionality built by the government. Both of these measures would undoubtedly introduce new threats and vulnerabilities into the systems that we all use each day.
2. This Bill would lead to an increase in government hacking
This Bill grants government officials power to both compel organisations to reveal information about their systems and to make changes to those systems. Combined with the government’s new ability to issue warrants to seize information directly from devices, this would empower Australian government agencies to develop and grow their hacking capacities without vital and necessary protections. Any government hacking must come with strong safeguards given the high risk of harm. While the orders issued under this authority must be reasonable and proportionate, there is nearly no limitation to ensure that the government would not use any vulnerabilities it uncovered around the world or share that information with its allies.
3. This Bill could create a backdoor into end-to-end encryption despite assurances to the contrary
Whilst the Bill does specifically prohibit the government from mandating a systemic weakness in an encrypted system, the ambiguity in the use of the term “systemic” will highly likely be exploited, and will result in less trust in technologies deployed in Australia. It may be that a company could be compelled to use its software update mechanism to interfere with the system of a specific user. Such a function would undermine faith in software updates, leading users not to update. That means more unpatched systems and overall harm to cybersecurity.
4. This Bill is a huge overreach into the fundamental workings of our digital world
As drafted, this Bill would authorize vast new powers to authorities with almost no understanding of the limitations, the implications, or oversight mechanisms. Encryption protocols are the backbone of the digital economy, facilitating every single transaction online. Any attempt to weaken these will be a risk that no other democracy is taking. Strong encryption is essential to the modern Australian economy, and it would be a mistake to deliberately weaken it.
I urge the government to consider how this Bill, in its current draft form, could damage the way that I, and many other Australians, use digital communications on a daily basis. I am also concerned about the impact on my rights – particularly the right to privacy.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Cth) is still in a draft stage and the Department of Home Affairs invites public comment up until 10th of September 2018. Submit any comments to firstname.lastname@example.org.