Austria wants to spy on messaging apps, Australia not far behind
Austria is pursuing plans to give police the authority to monitor messaging services such as WhatsApp and Skype in an attempt to "close the gap" on criminals who increasingly avoid communicating via telephone.
The government has asked political, technology, civil rights, and legal experts to review draft legislation that would give it authority to monitor real-time conversations using new messaging services and applications, Justice Ministry officials told Reuters on Monday.
Such surveillance would be permitted only with a court order in investigations into terrorist activities or other crimes punishable by at least five years in prison, one of the officials said.
Other European countries with similar laws include France, Italy, Poland, and Spain, the ministry said.
It was not immediately clear how Austria would conduct such surveillance, though one approach would be to install monitoring software on computers and mobile devices of suspects using messaging tools with end-to-end encryption that prevents the government from accessing it using traditional, remote eavesdropping techniques.
Such tools are sold by a handful of firms that specialise in selling off-the-shelf surveillance tools and spyware to governments.
"Law enforcement and intelligence agencies are gravitating toward this type of spyware to overcome the challenge of end-to-end encryption," said Ronald Deibert, director of the Citizen Lab at the Munk School of Global Affairs in Toronto.
In the G20 leaders' statement on countering terrorism [PDF] released over the weekend, the major economies in the world said they would work with communication providers to "fight exploitation of the internet and social media" for promotion, radicalising, funding, and planning terrorist activities.
"In line with the expectations of our peoples we also encourage collaboration with industry to provide lawful and non-arbitrary access to available information where access is necessary for the protection of national security against terrorist threats," the statement said. "We affirm that the rule of law applies online as well as it does offline."
Speaking from London overnight, Australian Prime Minister Malcolm Turnbull mirrored his comments from June and said the statement was not about the creation of backdoors for government.
"The G20 communique is not talking about giving governments a backdoor to access messaging, nor is it seeking access to the source code that some countries are demanding of companies for the pleasure of doing business in their jurisdiction," he said.
"Rather it is saying to Silicon Valley and its emulators -- the ball is in your court. You have created messaging applications which are encrypted end to end, they are being used by terrorists and criminals to hide their murderous plans.
"You must ensure that these dark places can be illuminated by the law so that the freedoms you hold dear will not be stripped away by criminals your technologies have made undetectable."
Turnbull rhetorically asked how many terrorist plots would be stopped if every terrorist communication was encrypted.
Over recent weeks, Australia has been leading the charge to thwart the use of encryption by terrorists.
Attorney-General George Brandis said last month it was a priority issue for Australia, and he would lead the discussion at the Five Eyes meeting in Ottawa.
Brandis -- who is not known for his technical acumen, particularly after a Walkley Award-winning interview where he struggled to explain what metadata was -- said the discussions will deal with gaining quicker responses to law enforcement from internet companies, without detailing how the "thwarting" would happen.
"These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies," he said.
In the same week, authorities in Germany had their hacking powers increased thanks to the passing of a new law that permits the greater use of malware to allow for the tapping of a person's device.
In Germany, the authorities' hacking tools are widely known as Staatstrojanern, or state trojans. According to the government, the spread of encrypted communications makes traditional wiretapping impossible, so the authorities need to be able to bypass encryption by directly hacking into the communications device.
With AAP