Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Australia Passes Cyber Snooping Laws With Global Implications

Australia Thursday passed controversial laws allowing spies and police to snoop on the encrypted communications of suspected terrorists and criminals, as experts warned the “unprecedented powers” had far-reaching implications for global cybersecurity.

Australia Thursday passed controversial laws allowing spies and police to snoop on the encrypted communications of suspected terrorists and criminals, as experts warned the “unprecedented powers” had far-reaching implications for global cybersecurity.

There has been extensive debate about the laws and their reach beyond Australia’s shores in what is seen as the latest salvo between global governments and tech firms over national security and privacy.

Under the legislation, Canberra can compel local and international providers — including overseas communication giants such as Facebook and WhatsApp — to remove electronic protections, conceal covert operations by government agencies, and help with access to devices or services.

Australian authorities can also require that those demands be kept secret.

The conservative government had pushed for the bill to be passed before parliament rises for the year this week, saying the new powers were needed to thwart terror attacks during the festive period.

A last-minute deal was struck with the opposition Labor Party over its demands for more oversight and safeguards when the laws are used, with a review of the legislation to take place in 18 months.

The government also agreed to consider further amendments to the bill early next year.

National cyber security adviser Alastair MacGibbon said police have been “going blind or going deaf because of encryption” used by suspects.

Advertisement. Scroll to continue reading.

Brushing off warnings from tech giants that the laws would undermine internet security, MacGibbon said they would be similar to traditional telecommunications intercepts, just updated to take in modern technologies.

– ‘Serious problems’ –

Global communications firms, including Google and Twitter, have repeatedly said the legislation would force them to create vulnerabilities in their products, such as by decrypting messages on apps, which could then by exploited by bad actors.

A central protection in the laws to block authorities from forcing companies to build a “systemic weakness” into their product remains poorly defined, critics say.

The Law Council of Australia, the peak body for the legal profession, said it had “serious concerns” about the changes.

“We now have a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist,” it said in a statement.

Experts such as the UN special rapporteur on the right to privacy Joseph Cannataci have described the bill as “poorly conceived” and “equally as likely to endanger security as not”.

“Encryption underpins the foundations of a secure internet and the internet pervades everything that we do in a modern society,” Tim de Sousa, a principal at privacy and cybersecurity consultancy elevenM, told AFP.

“If you require encryption to be undermined to help law enforcement investigations, then you are ultimately undermining that encryption in all circumstances. Those backdoors will be found and exploited by others, making everyone less secure,” he said.

The new laws also include secrecy provisions, which could raise doubts over whether Australian and foreign vendors have already been compelled to act — undermining their business models where privacy is a key selling point.

The most high-profile clash over security and privacy was between Apple and the US’ FBI, when agents sought access to the data of the San Bernardino attackers in California in 2015.

Meanwhile, the Australian legislation could allow for policy laundering by its “Five Eyes” intelligence-sharing partners — Canada, Britain, New Zealand, and the United States — who cannot enact similar powers because of constitutional or human rights protections.

“There is an extraterritorial dimension to it, where for example the US would be able to make… a request directly to Australia to get information from Facebook or a tech company,” said Queensland University of Technology’s technology regulation researcher Monique Mann.

Written By

AFP 2023

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Defense contractor Nightwing has appointed Tricia Fitzmaurice as Chief Growth Officer.

Xage Security has appointed Russell McGuire as CRO and Ashraf Daqqa as VP of the META region.

Mario Duarte, formerly head of security at Snowflake, has joined Aembit as CISO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.