Careful to Whom You Hand the Keys for Encryption

The Kingswood! You’re not taking the Kingswood, I’ve just shampooed the dipstick! Ted Bullpit, Kingwood Country (TV series 1980-4)

man-65049_640Most Australians are very cautious about whom they hand their car keys to. In that regard, they’re still a bit like Ted Bullpit (played by the late Ross Higgins) from the iconic Aussie 80s sitcom Kingswood Country (see the quotation above).

So how did encryption key laws pass both houses in the last hours of the last sitting week of parliament (6 December) in the lead up to the summer parliamentary break?

Given the apparently innocuous-sounding name of the “Assistance and Access Bill 2018” [1] it happened so quickly, at a time when most Australians were distracted with their preparations for the holidays. I’m not sure that many people will have much idea that the Australian Government now have presented our law enforcement and surveillance agencies with the right to circumvent internet encryption keys for matters pertaining to criminal and terrorist investigations.

Government Case

The Government’s case has been led by Home Affairs Minister Peter Dutton has consistently stated that laws enforcement agencies need powers to intercept encrypted messages to keep Australians safe from criminal and terrorist threats. He’s argued that the news laws modernise the way that authorities can access information but doesn’t expand on current surveillance powers. A key feature of the Government’s approach has been to stonewall objections to the Bill by the tech industry.

There’s a reason for the amendments to be referred to as  the “Assistance and Access Bill” It’s as if the Government were condescendingly saying: “you tech guys are really smart, we need these surveillance and protection laws, just do your jobs and give us the technical assistance and access required.” Oh, and if you don’t do so voluntarily, we’ll make you do it by imposing heavy fines or imprisonment, on you as an individual, not just your company.

Not being used to being treated this way by governments the Aussie tech industry has been taken by surprise and forced to take a defensive footing. They have responded by declaring that the bill introduces “encryption busting laws” [2] that will open back-doors that will be exploited by unscrupulous third parties and ultimately weaken the safety and security of the entire internet

Opposition Case

The Federal Opposition had been insisting that they would not pass the legalisation unless 173 of their own amendments were accepted first. Many of the opposition amendments were concerned with strengthening protections around issuing judicial warrants under the Bill.  For instance, Shadow Attorney-General Mark Dreyfus was concerned that the Bill could be used to force tech companies to write malware to break into a journalists’ phone and expose their sources [3], something he said was “obviously dangerous.”

Cross Bench Case

Adam Bandt, Australian Greens MP for Melbourne has argued passionately that the AA Bill will actually make Australians less secure, threaten the tech industry and erode civil liberties. He argues that interception of encrypted and secure communication for messaging apps will open a back door that effects all other internet applications as well, including secure banking, commerce and retail. He concludes by saying that the dangers introduced far outweigh the benefits that might be gained.

The Australian Greens Senator for WA and Digital Rights spokesperson Jordon Steele-John, has argued that the back door created for messaging encrypted apps will make them vulnerable to misuse by criminals and compromise the safety of Australians.

The Bill Passes

Surprisingly,  on the afternoon of the last sitting day for parliament, the opposition did a complete about-face and sided with the Government to allow the Bill to pass, the final vote being 44-12. The reason for the sudden change of heart by the opposition leader Bill Shorten, he said, was that, if that if the parliament didn’t pass the bill, that Australians would be left unprotected from threats to national security and criminal activity over Christmas and New Year holiday period.

The same bill that the federal opposition had said contained “obviously dangerous” provisions passed both houses of parliament and were signed into law by royal assent on 9 December. opposition leader Bill Shorten managed to secure a promise from the Government that “legitimate concerns” could be amended when parliament next meets (12 February 2019) [3] does give some hope that the most egregious aspects of the bill – now law – might be amended.

Tougher Attitudes

Welcome Australia to the post-Snowden surveillance and security era where being tough on crime and terrorism means also taking a tough attitude on any technological method that criminals and terrorists use for covert communication, Come February I wouldn’t hold out much hope for Bill Shorten to provide significant amendments to the AA Laws. Both Government and Opposition are determined to give the law enforcement and surveillance organisations some form of “encryption busting” powers come what may.

The question still remains: why the indecent haste? The other question that arises is: how can deeply flawed legislation be better at providing safety to Australians than no legislation at all?

My mother, now passed, always told me to get it right the first time. The only reasons that I can think of for apparent haste and lack of proper discussion are that both the government and opposition were both under strong pressure from our international security partners in the Five Eyes intelligence alliance (often abbreviated FVEY).

Ministers from the 5-Eyes nations met at the Gold Coast [4] in late August. Given the topics discussed at that Ministerial Summit, there would seem to be an obvious connection between that meeting and the AA Bill brought before the Australian parliament in the following December. In a concluding statement, the Five Nations Ministerial Summit affirmed  their commitment to personal and privacy rights, they also stated the following under the section titled:: “Principles on access to evidence and encryption”

Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions. Five Nations Ministerial, 2018.

Now that we’re firmly in a post-Snowden era, our law enforcement and intelligence agencies seem to be waging a war on two fronts: against criminals and terrorists on the one hand and against the misguided do-gooders in the tech industry, for not providing voluntary access solutions to their products on the other.

It’s clear that this isn’t only an Australian problem. Australia was the thin edge of the wedge. Unlike most liberal democracies Australia has no Bill of Rights, at least not in a single document, for this reason, she has become an obvious choice to be a test candidate for new laws. But if you live in a Five Eyes country a version of the AA Bill will be coming your way before too long. Are you listening: Canada, United States and New Zealand? The United Kingdom already has is own Investigatory Powers Act (2016) which has similar powers to the Australian A&A Bill – which is now law in Australia.


392f5d1900000578-3826598-image-a-9_1475825767714
Ted Bullpit from Kingswood Country

Oh, for the simpler times of Kingswood Country in the 80s when a man’s home was his castle; pre-internet, pre-Snowden, pre-political correctness, where a man could speak his mind without fear or favour.

I can hear Ted Bullpit in my head right now. I know just what catchphrases he would be saying if he were still around:

Pickle me Grandma! Bloody shambles of course! No wonder the country’s in a bloody mess! Someone should blow politicians up! Ted Bullpit.


The Bullpit Effect

Using the Home Affairs Minister Dutton as a stonewalling frontman, our law enforcement, security and intelligence agencies have succeeded by using what I’m calling the “Bullpit Effect.” They proved more adept than the tech industry and have spun the tables on the conventional thinking by painting the tech industry as the stuck-in-the muds, mired in their thinking, and not understanding what a modern, safe and secure internet society should be about.

They managed to portray themselves as being all about modernising Australia’s outdated security and intelligence apparatus. With all its, mostly negative, talk of encryption and backdoors the tech industry have come off looking like a blustering Ted Bullpit carrying on about: “[t]he Kingswood, you’re not touching the Kingswood, I’ve just ducoed the tyres” or “I’ve just Mr Sheened the number-plate” or some such catchphrase.

Ted, through all his bluster, never managed to stop anyone from taking the keys to his beloved Kingswood. This is pretty much what happened with the Assistance and Access Bill on 6 December, the encryption keys were taken from right under the noses of the Australian tech and internet industries, figuratively speaking.

Note for non-Aussies (or those too young to remember the 80s)

Ted Bullpit might be characterised as Australia’s best-known stuck-in-the-mud: much of the comedy of Kingswood Country came about when Ted and Thelma tried to deny that the 1980s had happened yet. They were stuck in a bygone era of faulty-memories where Protestants and Catholics didn’t get along, where feminism and multi-culturalism didn’t exist and where there was no such thing as political correctness.

Declaration of Interest

I’ve written this article with what I hope is a dispassioned scientific interest. However, I must declare an interest as a part of the Australian tech industry because I see myself as being an EDTECH specialist. Like anyone, I want to see laws introduced that will make Australia safer and more secure but rushed legislation without adequate consultation with industry sectors isn’t helpful. I deplore what the Liberal -National Party Coalition and the Australian Labor Party have done in this instance: they have compromised the safety of the internet over political gamesmanship through their reckless decision-making on 6 December.

Afterword

An interesting observation on the 5-Eyes Ministerial Summit is the number of references to the word “lawful” as in the statement: “lawful access to information” as quoted above. In this instance, the word “lawful” refers to laws that hadn’t actually come into effect in Australia at the time. Nevertheless, the communique [4] has been written as if the laws were actually in effect at the time of writing (late August).

Furthermore, the communique [4] refers to laws that don’t apply in many of the countries whose ministers were in attendance. This implies that these ministers were in anticipation that such laws would come into effect in their countries in the near future. Indeed, the word “lawful” reoccurs, in the anticipatory future sense, a total of 8 places in the official communique of the Ministerial Summit [5].

Former Australian PM Malcolm Turnball used the term “lawful” in this same anticipatory sense in his press conference on encryption laws as far back as June 2017 as shown in the video below. This is the press conference in which he said that: “the laws of mathematics were admirable but that the rule of law would apply in Australia.”

In retrospect, the tech industry should have been forewarned, much better prepared and taken the threats to the encryption standards, on which it depends, far more seriously. The writing was clearly on the wall over a year ago for those with the eyes to see it.

____________________

[1] Parliament of Australia, Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, available online, published: 6 December; accessed 12 December.

[2] Ry Crozier, “Australia gets world-first encryption busting laws,” IT News, available online, published 6 December; accessed 12 December (limited free access).

[3] Michael Koziol, “‘Obviously dangerous’: Labor doubles down on encryption bill with press freedom warning,” The Sydney Morning Herald, available online, published 1 December; accessed 12 December (limited free access).

[4] Five Country Ministerial 2018,  Department of Home Affairs, Australian Government,  available online, last updated: 11 November; accessed: 12 December.

[5] The words “lawful” appears in this anticipatory sense of future law in ref [4] under the “Preamble” section, twice in the “Encryption” section under point 1; twice in the “Principles” section under point 1; also under point 2; and twice more under section 3.

One Reply to “Careful to Whom You Hand the Keys for Encryption”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.