The source of this story is a 10-minute interview on ABC Radio this morning [1]. Unfortunately, there’s no transcript, but it’s a more reliable source than the second-hand summary in the article.
Despite the headline, it’s not clear that any bill has actually been drafted and certainly nothing has been introduced to Parliament. According to the minister, what will be proposed is a law that is ‘completely consistent in principle with the existing laws for telephone intercepts.’ While he ‘dodged multiple questions’ about whether the laws would authorise the use of ‘surveillance codes’ (whatever that means), he denied that there was any proposal to introduce laws requiring the use of backdoored encryption algorithms.
It would be consistent with the existing telephone intercept laws in Australia [2] (and most other developed countries) to require service providers to surveil users upon production of a warrant. In Australia, judges must consider the seriousness of the offence being investigated, and the impact on privacy, before issuing a warrant [3]. Warrants can also be obtained to install covert surveillance devices (ie. bugs) [4] if a telephone intercept or search warrant is unlikely to produce evidence.
Contrary to the comments suggesting that the legislators are completely uninformed, an Australian parliamentary committee has been conducting a public inquiry into the ‘impact of new and emerging information and communications technology’ since October 2017 [5]. Any member of the public may make a submission [6] to the inquiry and advocacy groups such as Electronic Frontiers Australia and the Law Council of Australia have done so. Relevant experts have also appeared before the committee in public hearings. It is likely that any draft legislation would be informed by the committee’s findings.
Given that the government recognises the efficacy and importance of strong encryption, the proposed new laws may look more like the US All Writs Act at the centre of the FBI–Apple encryption dispute [7]. It might not be practical to backdoor the ciphers used to encrypt data at rest on an iOS device, or in flight in a WhatsApp message. But it would be consistent with the principles of the existing telephone intercept powers (which are targeted and subject to judicial, parliamentary and ombudsman scrutiny) to require publishers like Apple to push out backdoored OS updates or apps to targeted users (or physically seized devices, as in the San Bernardino case). Perhaps the ability to obtain such targeted warrants would be less socially harmful than increased use of the existing, but more intrusive, surveillance powers.
> [...] to require publishers like Apple to push out backdoored OS updates or apps to targeted users (or physically seized devices, as in the San Bernardino case). Perhaps the ability to obtain such targeted warrants would be less socially harmful than increased use of the existing, but more intrusive, surveillance powers.
We've seen in the push to Windows 10 that, when automated updates are used in a harmful manner, people disable automated updates. The same would happen here: once it's been shown that the automated updated mechanism has been used to purposefully push a harmful update, people will start disabling automated updates.
Which means that Apple and Google have a good reason for opposing such requests.
(And that's before getting to the "elephant in the room": the same mechanism created for these requests can, and probably will, also be used by malicious actors.)
Can malicious actors issue Windows 10 updates? I heard this for (improperly implemented) application updates but not for Windows 10 updates. Microsoft has strong incentives to prevent this and done a good job so far. I agree with you if MS would push a bad update it would be a PR desaster for MS.
Well, the other issue is that if the public lose trust in first-party updates, they're also potentially skipping security patches, making everyone more vulnerable on the whole. Obviously this might work in favour of one government's agenda, but equally opens those devices up to exploiting by anyone else (including foreign actors.)
Despite the headline, it’s not clear that any bill has actually been drafted and certainly nothing has been introduced to Parliament. According to the minister, what will be proposed is a law that is ‘completely consistent in principle with the existing laws for telephone intercepts.’ While he ‘dodged multiple questions’ about whether the laws would authorise the use of ‘surveillance codes’ (whatever that means), he denied that there was any proposal to introduce laws requiring the use of backdoored encryption algorithms.
It would be consistent with the existing telephone intercept laws in Australia [2] (and most other developed countries) to require service providers to surveil users upon production of a warrant. In Australia, judges must consider the seriousness of the offence being investigated, and the impact on privacy, before issuing a warrant [3]. Warrants can also be obtained to install covert surveillance devices (ie. bugs) [4] if a telephone intercept or search warrant is unlikely to produce evidence.
Contrary to the comments suggesting that the legislators are completely uninformed, an Australian parliamentary committee has been conducting a public inquiry into the ‘impact of new and emerging information and communications technology’ since October 2017 [5]. Any member of the public may make a submission [6] to the inquiry and advocacy groups such as Electronic Frontiers Australia and the Law Council of Australia have done so. Relevant experts have also appeared before the committee in public hearings. It is likely that any draft legislation would be informed by the committee’s findings.
Given that the government recognises the efficacy and importance of strong encryption, the proposed new laws may look more like the US All Writs Act at the centre of the FBI–Apple encryption dispute [7]. It might not be practical to backdoor the ciphers used to encrypt data at rest on an iOS device, or in flight in a WhatsApp message. But it would be consistent with the principles of the existing telephone intercept powers (which are targeted and subject to judicial, parliamentary and ombudsman scrutiny) to require publishers like Apple to push out backdoored OS updates or apps to targeted users (or physically seized devices, as in the San Bernardino case). Perhaps the ability to obtain such targeted warrants would be less socially harmful than increased use of the existing, but more intrusive, surveillance powers.
[1]: http://www.abc.net.au/radionational/programs/breakfast/new-e...
[2]: http://www.austlii.edu.au/au/legis/cth/consol_act/taaa197941...
[3]: http://www.austlii.edu.au/au/legis/cth/consol_act/taaa197941...
[4]: https://www.homeaffairs.gov.au/about/national-security/telec...
[5]: https://www.aph.gov.au/Parliamentary_Business/Committees/Joi...
[6]: https://www.aph.gov.au/Parliamentary_Business/Committees/Joi...
[7]: https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute