Internet Australia (IA) has raised serious privacy and security concerns about the Australian Government’s proposal to introduce a new cyber encryption law, warning the draft law seeks unprecedented expansion of powers to access citizen’s devices.
IA - a not-for-profit organisation representing Internet users - says it is deeply concerned with the exposure draft of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill by the Department of Home Affairs - and the short four-week period permitted for public comments and analysis.
“We recognise that law enforcement has a legitimate desire to access and view information transmitted across telecommunications networks by serious criminals, and that often these messages are encrypted in some form, as Internet application developers enhance the security and confidentiality of their services,” the Chair of Internet Australia, Dr Paul Brooks, said on Wednesday.
“However the government needs to recognise the clear potential dangers to the security and privacy of ordinary Australians which this legislation, in its current form, poses.”
IA warns that the methods to gain access to messages must not weaken the confidence that the vast majority of law-abiding users should have in the “strong security measures applied to their confidential communications, including banking, ecommerce and the transmission of sensitive information such as health records”.
According to Dr Brooks, the draft legislation “clearly needs further work before it can be seriously considered to be fit for purpose”.
“A back-door into devices is still a back-door.”
“Law enforcement are seeking expanded powers to issue requirements and instructions directly to manufacturers and distributers of all communications devices mobile phones, landline phones, broadband modems, printers, smart TVs, the new crop of voice-enabled home assistants everything is captured,” Dr Brooks notes.
“Further, these powers appear to permit the government to instruct the device manufacturer to actively change how the device functions, to add or subtract functionality. These new powers go far beyond merely gaining access to messages.”
IA and the global Internet Society (ISOC) will shine a light on the proposed encryption law when they jointly hold an open Experts Session on Encryption at Parliament House in Canberra on the Monday 20 August, with international experts from MIT, Mozilla, the IAB, as well as Australian experts.
Telco industry lobby group Communications Alliance has welcomed release of the draft encrption law and CEO John Stanton says it will take some time to get a clear picture as to what is being proposed and whether the draft legislation is practical and provides "sufficient clarity to allow our industry to implement the new regime in the relevant timeframes envisaged by the law".
CA chief executive John Stanton says the industry is currently working through details of the “complex piece of legislation” and “looking for ways in which it might be improved and understanding the implications of the new rules for our industry”.
CA notes that the draft Assistance and Access Bill extends significantly the reach of government and its agencies and the types of assistance that can be requested or required from telecommunications players in Australia or companies providing communications products and services to Australia from offshore.
In his analysis of the draft law, iTWire's Sam Varghese wrote on Tuesday that the Australian Government has "left open the door for enforcement agencies to use specific cracks to gain access to encrypted communications on specific devices, given the language it has used in a draft of a new cyber law".
"There has been much speculation over the last year about what Canberra would do with regard to encryption. The draft law issued on Tuesday indicates that no foolhardy attempt will be made to insert generic backdoors."
LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACKAustralia is a cyber espionage hot spot.
As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.
It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.
In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.
Cyber security can no longer be ignored, in this white paper you’ll learn:
How does business security get breached?
What can it cost to get it wrong?
6 actionable tips
DOWNLOAD NOW!
10 SIMPLE TIPS TO PROTECT YOUR ORGANISATION FROM RANSOMWARERansomware attacks on businesses and institutions are now the most common type of malware breach, accounting for 39% of all IT security incidents, and they are still growing.
Criminal ransomware revenues are projected to reach $11.5B by 2019.
With a few simple policies and procedures, plus some cutting-edge endpoint countermeasures, you can effectively protect your business from the ransomware menace.
DOWNLOAD NOW!