A push to compel Australia’s telecommunications companies to install spyware on customers’ phones under broad new security plans could be “severely damaging” to the country’s cybersecurity, the industry has warned.
Telcos are part of an expanded group, which includes device makers like Apple, search engines like Google, and social media apps like Facebook, which could potentially be compelled to help federal authorities gain access to encrypted communications, according to submissions made on a draft bill currently before parliament for consideration.
“Agencies could oblige a device manufacturer to preload (and then conceal) tracking or screen capture software (spyware) on commercial handsets which could be activated remotely,” said a joint submission lodged by the Communications Alliance (the representative body for Telstra, Optus and device manufacturers like Nokia and Huawei), the Australian Information Industry Association and the Australian Mobile Telecommunications Association.
“The lack of clarity and detail raises significant concerns around intent, actual implementation and, ultimately, legislative overreach.”
The Minister for Home Affairs Peter Dutton is seeking the new powers on behalf of Australia’s security agencies in response to the rising use of encryption by criminals.
“Criminal syndicates and terrorists are increasingly misusing and, indeed, exploiting these technologies,” Mr Dutton said in a speech last week introducing The Assistance and Access Bill 2018 to Parliament.
Home Affairs Minister Peter Dutton proposes new legislation forcing tech giants to hand over encrypted information to security agencies.
“The bill provides law enforcement agencies with additional powers for overt and covert computer access. Computer access involves the use of software to collect information directly from devices,” he said.
It is an enormous expansion of the range of entities, in Australia and overseas that can be compelled to provide assistance of almost any type
Communications Alliance’s John Stanton
The tech industry has unanimously denounced the bill despite assurances from Mr Dutton that the legislation will not “weaken encryption or mandate backdoors into encryption”.
“It is an enormous expansion of the range of entities, in Australia and overseas that can be compelled to provide assistance of almost any type – including building new capabilities to allow enforcement agencies to circumvent encryption,” said Communications Alliance chief executive, John Stanton. He said the spyware scenario could include compelling local telco providers to install this software on customers’ mobile phones.
The Digital Industry Group, the representative body for tech giants like Facebook, Amazon, Google and Twitter, has reportedly made a submission warning that these proposed “security vulnerabilities, even if they are built to combat crime, leaves us open to attack from criminals”.
Even the Internet Architecture Board (IAB) the body that oversees the technical operation of the network, took the unusual step of commenting on the bill.
“While we normally do not review proposed legislation, we are concerned that this proposal might have a serious and undesirable impact upon the Internet,” it said. If this results in similar legislation in other countries it “may result in the fragmentation of the Internet,” said the IAB.
A government spokesman insisted that the bill had “robust safeguards” to ensure that any help requested of industry was “reasonable and proportionate” and would not threaten the security of communications systems.
Labor has criticised what it argues is undue haste to pass the legislation with the bill introduced into Parliament just 10 days after submissions to its exposure draft closed.
“Proposals that seek to provide security agencies with powers to bypass encryption and access personal communications must be subject to robust and well-considered consultation,” said the statement from Labor MPs Mark Dreyfus, Michelle Rowlands and Ed Husic.
The MPs noted that similar legislation in the UK took two years to develop. The Australian government is not alone in seeking ways to penetrate the encryption barrier that has become a mandatory tool for criminals and terrorists.
Last year Apple refused a request from the FBI to unlock the phone of a mass shooter in Texas. In May, all the tech giants including Apple, Facebook, Google, Microsoft, criticised proposals that would give law enforcement authorities access to locked and encrypted devices.
“Weakening the security and privacy that encryption helps provide is not the answer,” the companies said in a joint statement.