Australian Parliament passed a bill on Thursday requiring tech companies to grant access to encrypted messages or data to law enforcement. The move comes shortly after the country’s dueling political parties struck up an agreement earlier this week requiring stricter oversight for data requests and subjecting the legislation to a 12-month parliamentary review.
Other last-minute sticking points included defining the term ‘systemic weakness,’ an action implemented into a form of electronic protection that would render methods of authentication or encryption less effective and cannot be required under the new law. The tweaks appeared specifically designed to nullify the privacy and cybersecurity concerns that have plagued the bill and others like it around the globe, but don’t offer up any answers to lingering doubts about the efficacy of such a law when it comes to combating terrorism.
Still, that might not stop other countries from hopping on the bandwagon. Jarno Vanto, a shareholder with Polsinelli, said shortly before the Parliament approved the new legislation, “I think we’re going to see renewed attempts in the U.K., also maybe the U.S., for these types of laws.”
Among other things, the law would requires a person with “knowledge of a computer or a computer system” to assist the Australian Security Intelligence Organization to gain access to data on a device subject to a warrant.
Lizzie O’Shea, who sits on the board of Australian advocacy organization Digital Rights Watch, remained critical of the bill earlier this week despite saying that some “extremely dangerous elements” had been addressed.
“Make no mistake—this bill is still deeply flawed, and has the likely impact of weakening Australia’s overall cybersecurity, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections. In its very design, it is antithetical to human rights and core democratic principles,” O’Shea said in a statement posted to the Digital Rights Watch site.
The criticism doesn’t necessarily discount the possibility of a similar law popping up in other countries. Australia is a member of Five Eyes, an intelligence alliance featuring Canada, New Zealand, the United Kingdom and the United States that made waves in August with a communiqué advocating for backdoors to encryption in the name of security.
The tech community has responded less than enthusiastically, citing potential vulnerabilities to cybersecurity. Just because you build a door with the government in mind doesn’t mean that a hacker can’t come along and kick it down.
There’s also no guarantee that risk and reward are a package deal. Vanto raised the possibility that bad actors would simply adapt in the face of increased scrutiny.
“I also think that any of these bad actors, terrorists, are most likely not using smartphones to communicate whatever it is that they’re doing. They’re using other methods of communication because they’re aware of this, the vulnerabilities of these technologies, as well,” Vanto said.
Last week, the Digital Industry Group—an association of tech companies that boasts marquee names like Google, Facebook and Twitter—sent a message to Australian Parliament urging the government to consider exploring alternative solutions.
“A number of governments around the world have rejected such legal and market interventions in favour of a broader policy response which embraces international engagement, technical training for agencies, investment in new investigatory techniques and enhanced company engagement,” read the message.
The tech companies’ interest in the problem might not be entirely humanitarian. Vanto questioned whether or not consumers in general would be inclined to use their personal devices less if they knew that Big Brother could be watching.
He doesn’t foresee a bill similar to Australia’s going the distance in the U.S. any time soon.
“I think right now there’s little appetite in the U.S. for this kind of law,” Vanto said.