The Australian government wants to create a system for law enforcement to access encrypted information.
The government of Australia is wanting technology firms to weaken encryption so that law enforcement can gain access to encrypted communications. Recently, it announced a new bill titled the Assistance and Access Bill 2018 that would compel companies to decrypt information. The government says that it is making these moves so that terrorists and pedophiles will have nowhere to hide.
Of course, the technology and security sectors are not happy with this latest push.
In the last few years, the battle between government and those that create encryption has been quite heated. This has spawned a classic debate between law enforcement and privacy.
The problem is that weakening tools to better ones personal privacy is often a major step forward to suppressing speech. China, for instance, has spent decades trying to weaken encryption in an effort to prevent the spread of certain words such as democracy. The natural fear is that other governments would use this as a way of tracking and silencing dissent.
As a way of countering these fears, governments typically employ the idea of paedophilia and terrorism as a selling point. More simply, they are just going after the bad guys, so no reason to worry.
Unfortunately, weakening encryption means that bad actors have a method of attack on various forms of encryption in the first place. If there is a deliberate way to circumvent and decrypt content, hackers will likely find it sooner or later. While this may sound like some sort of what-if scenario, this scenario has already played out in real life in a very big way.
Last year, the US government had secret backdoor access to certain operating system and server software. That access method was ultimately leaked online and gave birth to the famous Wannacry ransomware attack that brought down various institutes such as hospitals. It wreaked global havoc and compelled Microsoft to fix those exploits all the while admitting that these vulnerabilities were left in intentionally to aid the government. The lesson there is that if a backdoor can be used, it can be abused.
That incident alone shows us that if backdoors are being put in place, think about the worst possible way it can be abused. If you assume that this is what is going to happen, there is a good possibility that it will happen.
Furthermore, this is going to be bad for the security community in Australia in the first place. If a company starts up that follows a government mandate like that, it simply cannot be trusted. As a result, money will begin to flee the country because Australian businesses are basically telling their customers that the government is watching your every move. Should something like this law be passed, it simply wipes out the credibility of any encryption from Australia.
At the end of the day, while there is that surface debate of privacy vs security, there are a whole lot of unintended consequences that are boiling beneath the surface of this debate. It remains unclear how far this law will go, but there is no question people will be pushing back against this.
Drew Wilson on Twitter: @icecube85 and Google+.