The jig is up for encrypted messaging, in the eyes of the Australian government.
Australian Prime Minister Malcolm Turnbull announced Friday morning the government will bring in new laws to force tech companies to hand over data protected by encrypted messaging apps such as WhatsApp, Telegram, and Signal.
It’s in light of increased use of encryption in cases related to terrorism, drugs trafficking, and paedophilia rings. The Australian Federal Police (AFP) said 65 percent of serious investigations now involve some sort of encryption.
“At the end of the day, what has happened here is legislation has not yet kept pace with technology,” AFP’s deputy commissioner, Michael Phelan, said during a press conference.
The new laws will be modelled on the UK’s Investigatory Powers Act, which gives intelligence agencies the power to de-encrypt communications.
But here’s the problem: Messaging apps like WhatsApp, Telegram and Signal use end-to-end encryption, which means the key to accessing these messages is held by the sender and the receiver, and not by the company.
So will these companies have to build a backdoor to these encrypted apps, creating a vulnerability that can be taken advantage by hackers with the right tools?
Well, Turnbull isn’t explicitly asking for a backdoor. Authorities will force companies to give access to these encrypted communications “lawfully” via a warrant or a court order.
“What we need is the cooperation where we can compel it, but we will need the cooperation from the tech companies to provide access in accordance with the law,” Turnbull said.
Encryption keys are devised by a mathematical formula. Asked if whether the laws of mathematics would curb the government’s bid to crack end-to-end encryption, Turnbull said Australia’s laws would overrule. No, you read that right.
“Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia,” he said.
Given terrorists aren’t just using readily available messaging apps, it remains to be seen how the government’s proposed laws will deal with the problem of the dozens of encryption packages out there.
It likely won’t work in reality
Matthew Warren, a cyber security professor at Deakin University, said intelligence agencies will potentially focus their efforts on how they can intercept messages in realtime. But that’s unlikely to work.
“The problem is if it would work in reality. It would only work if you knew the terrorist target that you were tracking, and actually knew what technologies they were using,” he explained.
“In order for this to work in realtime it means the intelligence organisations will need access to the encryption keys. Apple and Facebook and WhatsApp aren’t going to do that.”
Even if certain companies agree to create a backdoor to their apps, Warren said those looking to break the law could simply change to one of the many dozen encrypted apps available on the market.
Nevertheless, he expects “a number of countries” will look to implement similar legal powers, after a G20 statement on countering terrorism encouraged companies to collaborate with law enforcement on providing “lawful and non-arbitrary access to available information.”
Facebook and Apple stand firm on encryption
Following a series of terrorist attacks, Facebook announced it will be using artificial intelligence and employed a team of 150 counterrorism experts to stop terrorist activity on its platform. But it will stop short of weakening encryption for authorities.
“We appreciate the important work law enforcement does, and we understand their need to carry out investigations,” a Facebook spokesperson said via email.
“That’s why we already have a protocol in place to respond to requests where we can. At the same time, weakening encrypted systems for them would mean weakening it for everyone.”
WhatsApp, which Facebook owns, won’t succumb to pressure either. Its co-founder Brian Acton stated in January it will “fight any government request to create a backdoor.”
Apple wouldn’t comment directly on the Australian government’s pressure on encrypted messaging, but pointed to a statement by CEO Tim Cook in which he said the company will never allow backdoor access to its products to any government agency.
We’ll find out if the Australian government’s plans hold much if any water, when the legislation is put to the country’s Parliament by the end of the year.