As Encryption Bill opposition digs in, data-retention abuse a reminder of unintended consequences

Agency overreach has eroded public trust in intentions of privacy-compromising laws

Credit: ID 31149093 © Loganban | Dreamstime.com

Damning reports of government agencies’ ongoing misuse of investigational powers have poured fuel on the fire as concerns about the Morrison government’s planned encryption interception legislation led Labor to step away from national-security bipartisanship by declining to blindly support the new legislation.

Debate over the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 had been minimal in the wake of government decisions to publish just a small portion of the nearly 15,000 submissions lodged during the consultation process over the bill.

The bill was initially greeted with cautious optimism by industry figures who welcomed the decision not to require explicit back-doors to work around encryption controls.

But as the government accuses Labor of siding with terrorists and tries to ramrod the legislation through Parliament, it has attracted criticism from all corners – including Apple, which took the unusual step of warning that the bill is “dangerously ambiguous”; Australian security success story Senetas, which warned during recent hearings that the legislation could push it and much of Australia’s software community overseas; and the Media, Entertainment & Arts Alliance (MEAA), whose chief executive Paul Murphy is concerned that the risk of snooping on encrypted conversations would have a chilling effect on investigative journalism by discouraging confidential sources from speaking out.

“Journalists increasingly rely on encrypted communications to protect the identity of confidential sources,” Murphy said. “Offering this protection is vital [and] gives whistleblowers the confidence to come forward with public interest concerns. In the absence of that confidence, many important stories will never come to light.”

Absolute power corrupts absolutely

Concerns about the Encryption Bill are heightened by recent revelations to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) that existing powers – putatively granted to law-enforcement authorities under telecommunications data retention legislation passed in 2015 – are being routinely abused by an expanding roster of authorities that were never meant to have access to the data.

Recent reports, for example, noted that more than 100 bodies are making thousands of requests for details on mobile phone users, with bodies including Brisbane City Council; the Queensland Office of Fair Trading; Bankstown, Fairfield, and Rockdale councils in Sydney; and others.

Just 22 agencies are officially supposed to be accessing the data, but the many dozens of organisations are actually lodging a reported 350,000 requests per year for the data – reflecting scope creep that many fear would be repeated in the context of the passage of the Encryption Bill.

Industry association the Alliance for a Safe and Secure Internet (ASSI) – whose membership includes a range of telecommunications industry bodies as well as privacy and pro-consumer groups such as ACCAN, Access Now, Blueprint for Free Speech, Amnesty International Australia and the Human Rights Law Centre – welcomed Labor’s “principled” decision not to cave to government pressure to fast-track the Encryption Bill.

“The powers contained within the Bill appear to have far reaching consequences that could be devastating to the security of all Australians if enacted,” the group said in a statement, “and it is important that leaders within the Government slow down and listen to the experts when they receive overwhelming evidence of the harm this Bill could cause.”

In October, ASSI released the results of a survey of 2028 Australians in which 84.8 percent of respondents said it was important or very important that anti-crime efforts shouldn’t compromise online security; 74.2 percent were concerned that increasing government cyber surveillance would compromise the security of all Australians’ data; and 80.9 percent were concerned about the powers elucidated in the Encryption Bill.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
CSO WANTED
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags encryptioncybersecurity

More about Amnesty InternationalAppleAustraliaBillBrisbane City Council

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

More videos

Blog Posts