Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Australia Passes Cyber Snooping Laws With Global Implications

Australia Thursday passed controversial laws allowing spies and police to snoop on the encrypted communications of suspected terrorists and criminals, as experts warned the “unprecedented powers” had far-reaching implications for global cybersecurity.

Australia Thursday passed controversial laws allowing spies and police to snoop on the encrypted communications of suspected terrorists and criminals, as experts warned the “unprecedented powers” had far-reaching implications for global cybersecurity.

There has been extensive debate about the laws and their reach beyond Australia’s shores in what is seen as the latest salvo between global governments and tech firms over national security and privacy.

Under the legislation, Canberra can compel local and international providers — including overseas communication giants such as Facebook and WhatsApp — to remove electronic protections, conceal covert operations by government agencies, and help with access to devices or services.

Australian authorities can also require that those demands be kept secret.

The conservative government had pushed for the bill to be passed before parliament rises for the year this week, saying the new powers were needed to thwart terror attacks during the festive period.

A last-minute deal was struck with the opposition Labor Party over its demands for more oversight and safeguards when the laws are used, with a review of the legislation to take place in 18 months.

The government also agreed to consider further amendments to the bill early next year.

National cyber security adviser Alastair MacGibbon said police have been “going blind or going deaf because of encryption” used by suspects.

Brushing off warnings from tech giants that the laws would undermine internet security, MacGibbon said they would be similar to traditional telecommunications intercepts, just updated to take in modern technologies.

– ‘Serious problems’ –

Global communications firms, including Google and Twitter, have repeatedly said the legislation would force them to create vulnerabilities in their products, such as by decrypting messages on apps, which could then by exploited by bad actors.

A central protection in the laws to block authorities from forcing companies to build a “systemic weakness” into their product remains poorly defined, critics say.

The Law Council of Australia, the peak body for the legal profession, said it had “serious concerns” about the changes.

“We now have a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist,” it said in a statement.

Experts such as the UN special rapporteur on the right to privacy Joseph Cannataci have described the bill as “poorly conceived” and “equally as likely to endanger security as not”.

“Encryption underpins the foundations of a secure internet and the internet pervades everything that we do in a modern society,” Tim de Sousa, a principal at privacy and cybersecurity consultancy elevenM, told AFP.

“If you require encryption to be undermined to help law enforcement investigations, then you are ultimately undermining that encryption in all circumstances. Those backdoors will be found and exploited by others, making everyone less secure,” he said.

The new laws also include secrecy provisions, which could raise doubts over whether Australian and foreign vendors have already been compelled to act — undermining their business models where privacy is a key selling point.

The most high-profile clash over security and privacy was between Apple and the US’ FBI, when agents sought access to the data of the San Bernardino attackers in California in 2015.

Meanwhile, the Australian legislation could allow for policy laundering by its “Five Eyes” intelligence-sharing partners — Canada, Britain, New Zealand, and the United States — who cannot enact similar powers because of constitutional or human rights protections.

“There is an extraterritorial dimension to it, where for example the US would be able to make… a request directly to Australia to get information from Facebook or a tech company,” said Queensland University of Technology’s technology regulation researcher Monique Mann.

Written By

AFP 2023

Click to comment

Expert Insights

Related Content

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Ransomware

US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Ransomware

The Hive ransomware website has been seized as part of an operation that involved law enforcement in 10 countries.

Privacy

The EU's digital policy chief warned TikTok’s boss that the social media app must fall in line with tough new rules for online platforms...

Cybercrime

The owner of China-based cryptocurrency exchange Bitzlato was arrested in Miami along with five associates in Europe

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.

Cyberwarfare

Google Project Zero has disclosed the details of three Samsung phone vulnerabilities that have been exploited by a spyware vendor since when they still...