Canberra ignoring 'overwhelming empirical evidence' on encryption busting

Associate professor Vanessa Teague believes Canberra is ignoring efforts from experts to explain why the encryption-busting laws are the wrong approach.

University of Melbourne associate professor Vanessa Teague has told a forum that despite Canberra trying to not break stuff, that it is exactly what is happening as the government ignores warnings on the implications of its recently legislated encryption-busting laws.

Free PDF

Australia’s encryption laws: An insider’s guide

Australia now has world-first encryption laws. This guide explains what the laws can do, what they cannot do, and how Australia ended up here.

Read More

"We've all spent a lot of effort ... patiently explaining that you can't just open encryption when nice police officers are trying to read terrorists' data, and yet keep everyone else's data secure -- and nevertheless, this long history of nicely explaining stuff to them has not worked," Teague said on Wednesday.

"It is my natural inclination to pursue a strategy like that, but as a person committed to empirical science, there seems to be overwhelming empirical evidence that this is not the right strategy."

According to Teague, the nub of the laws will be how the definition of the words "technically feasible" within the legislation is interpreted. While some requests will clearly not be feasible -- such as accessing a device that no longer connects to the internet -- Teague said there is a grey area where some famous cases -- such as the 2016 Apple and FBI stoush over accessing a phone of one of the San Bernardino shooters and the UK's GCHQ detailed plans to be injected into encrypted communications -- sit.

"I think what is going to be really interesting ... is whether this term 'technically feasible' is going to be held to include 'technically feasible to undermine this particular person, and also to do in such as way that it doesn't undermine the security of others'," Teague said.

"Because I think there are going to be a lot of examples in which it is quite feasible to break that one person's security, but it's not feasible to do it in a way that doesn't jeopardise everyone else."

Discussion on Australia's laws is no longer theoretical, as the Department of Home Affairs disclosed last week that law enforcement and national security agencies are already using its powers.

The department added that it had trained the police forces of New South Wales and Victoria on what the new powers include, and would be doing further training this month.

Must read: Australia's encryption laws will fall foul of differing definitions 

The legislation is currently being looked at by the Parliamentary Joint Committee on Intelligence and Security, which is due to report back by April 3.

In a submission to the review, Australian industry groups endorsed resurrecting a number of amendments that Labor dumped when it waved the legislation through Parliament, including judicial consent for warrants and the removal of the definition of systemic weakness.

"It appears very difficult to adequately define the terms 'systemic weakness/vulnerability' and 'target technology'. As currently drafted in the Act, these definitions are difficult to understand, ambiguous, and are significantly too narrow," the submission said.

"It is unclear what constitutes a class of technology, (e.g. would a 'class' be all mobile handsets, or Android phones, but not iPhones, or the mobile handsets offered by one service provider but not another, or some other combination of factors?).

"Assuming this term has a commonsense meaning (to the extent this exists), then the application to the whole class of technology creates a far too narrow characterisation of what constitutes a systemic weakness or vulnerability."

Related Coverage

Home Affairs reveals Australian authorities already using new encryption powers

The Department of Home Affairs has been told law enforcement and national security agencies are already using the Act as the department continues to 'support' its implementation.

NSW police corruption body wants access to encrypted communications

Excluding the Law Enforcement Conduct Commission from accessing encrypted communications may encourage police corruption more broadly, it has argued.

AFP concerned about approving state police usage of Australia's encryption laws

Concerns over a federal body overseeing the operations of state and territory authorities.

Australian industry groups issue wish list of encryption law changes

Some old, some new, some borrowed from the Labor party.

Australia's encryption laws are a cyber cane toad: Husic

Shadow Minister for the Digital Economy Ed Husic continues to state problems with the Bill his party rolled over on and passed.

Merry Christmas, Labor: Dutton baulks at encryption Bill changes

Peter Dutton has indicated that the federal government will not accept all of the Labor opposition's proposed changes to its new encryption laws.