EFA signs open letter demanding governments enshrine encryption

Safety, privacy, human rights, and national security all depend on encryption, according to an open letter signed by Electronic Frontiers Australia as well as dozens of organisations worldwide.

Electronic Frontiers Australia (EFA) has come out in support of encryption as being necessary to ensure national security and human rights, rejecting any legislation that could ban or undermine encryption by requiring a backdoor to access unencrypted communications.

EFA joined organisations, companies, and individuals from more than 35 countries in signing an open letter to governments worldwide, urging them to abandon any plans to legislate on the issue.

"Calls to undermine encryption in the name of 'national security' are fundamentally misguided and dangerous," EFA executive officer Jon Lawrence said.

"Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce, and the operations of organisations of all types, including, of course, government agencies.

"Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe."

Other organisations that are signatory to the letter include the American Civil Liberties Union, Amnesty International, the Australian Privacy Foundation, European Digital Rights, and the Human Rights Foundation.

"Encryption tools, technologies, and services are essential to protect against harm and to shield our digital infrastructure and personal communications from unauthorized access," the open letter says.

"The ability to freely develop and use encryption provides the cornerstone for today's global economy. Economic growth in the digital age is powered by the ability to trust and authenticate our interactions and communicate and conduct business securely, both within and across borders."

The United Nations Special Rapporteur for Freedom of Opinion and Expression David Kaye has also supported the call, saying encryption is vital for human rights.

"Encryption and anonymity, and the security concepts behind them, provide the privacy and security necessary for the exercise of the right to freedom of opinion and expression in the digital age," Kaye said.

Tech companies began implementing end-to-end encryption partially in response to US National Security Agency (NSA) whistleblower Edward Snowden revealing the scale of intelligence agencies' spying activities.

United Kingdom Prime Minister David Cameron last year called for legislation to ensure that all forms of digital communication -- including emails, text messages, and video chats -- be decrypted and able to be accessed by police or intelligence services with a warrant, calling it a matter of anti-terrorism.

"We have always been able, on the authority of the Home Secretary, to sign a warrant and intercept a phone call, a mobile phone call, or other media communications, but the question we must ask ourselves is whether, as technology develops, we are content to leave a safe space -- a new means of communication -- for terrorists to communicate with each other," the prime minister explained to Parliament.

"My answer is no. We should not be."

Electronic Frontiers Foundation (EFF) staff attorney Nate Cardozo recently claimed that Australia "may do dumb things" in relation to introducing laws on encryption in 2016, and France, India, and China are also considering legislation.

The United States government, however, decided late last year against introducing laws at present, with President Obama saying they "will not -- for now -- call for legislation requiring companies to decode messages for law enforcement".

The open letter, meanwhile, also stated that "No government should mandate insecure encryption algorithms, standards, tools, or technologies" -- something that Australia is at risk of, thanks to its proposed telco national security legislation.

The Telecommunications and Other Legislation Amendment Bill requires telecommunications carriers to provide greater oversight to government agencies to intervene for the purpose of protecting national security.

The Bill "will introduce a framework to better manage national security risks of unauthorised interference and access to telecommunications networks", according to the government -- though it won't protect networks against interference from the government itself.

In addition to risk assessment of their networks, the Bill will force telcos to give notice to security agencies of any modification they make to their networks and management systems that could impact the security of their networks -- and must comply with government oversight in regards to the IT equipment they may purchase.

"Vulnerabilities in telecommunications equipment and managed service providers can allow state and non-state actors to obtain clandestine and unauthorised access to networks and thereby extract information and control, and to disrupt and potentially disable networks," the explanatory memorandum for the Bill's second exposure draft says.

"[The] new Section 314A of the Telecommunications Act outlines the types of changes in arrangements that should be notified to the CAC, which include but are not limited to: Outsourcing or offshoring arrangements affecting sensitive parts of a network and/or procuring new equipment or services for sensitive parts of a network, and changes to the management of services."

Greens communications spokesperson Senator Scott Ludlam argued that Attorney-General George Brandis, who once famously struggled to define metadata during an interview on data retention, should not be telling telecommunications experts which technology to buy.

"I think the last thing we would want to see is Commonwealth bureaucrats telling computer security experts who run these big telecommunications companies how to run their networks and their datacentres," Ludlam said.

In the past, EFA has also called for amendments to Australia's data-retention legislation to shorten the "unjustifiably long" two-year retention period.

Under the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015, which came into effect in October, customers' call records, location information, IP addresses, billing information, and other data will be stored for two years by telcos and made accessible without a warrant by law-enforcement agencies.

EFA had also welcomed the opposition Labor party's call for a review of data retention. At the 2015 ALP National Conference held in July last year, the party said data retention creates "a culture of fear" and invades the privacy of Australian citizens.

"It's reassuring to see that within the wider ALP, there remains an understanding of the importance of meaningful protections for individual privacy, and for the protection of whistleblowers and other journalists' sources," EFA chair David Cake said in July.

"It's unfortunate, however, that the party leadership chose to allow this badly flawed legislation to pass the parliament despite these concerns. EFA looks forward to the opportunity to participate in a review of this legislation, should the ALP form government after the next election."

EFA added that the protection of privacy and of journalists' sources is paramount. A provision was added to the Bill in March that requires agencies to obtain a warrant in order to access the communications data of journalists, although Brandis had disagreed that this was necessary.