Back in August, we reported on a controversial piece of legislation working its way through the Australian Parliament. The law would require tech companies to provide law enforcement and security agencies with access to encrypted communications. The New York Times reported last week that this bill had been approved and signed into law.
The contentious Access and Assistance Bill 2018 could impose fines as high as AU$10 million for companies refusing to comply. Several companies have made it clear that they are not in favor of this law.
Signal announced on Thursday that it would not be able to comply with access requests. It claims that it is not because it doesn’t want to, but that it just can’t due to the design of its messaging app.
“By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles or group avatars,” said Signal’s Joshua Lund in the company’s blog. “The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us.”
"If a country decided to apply pressure on Apple or Google to remove certain apps from their stores, switching to a different region is extremely trivial on both Android and iOS."
Furthermore, since Signal is open-source and available on GitHub, there is no way to “hide a backdoor” in the software, even if the government demanded it. The only option is to ban the software outright, but as Lund points out, this does not usually go well.
“Whenever services get blocked, users quickly adopt VPNs or other network obfuscation techniques to route around the restrictions,” he said. "If a country decided to apply pressure on Apple or Google to remove certain apps from their stores, switching to a different region is extremely trivial on both Android and iOS."
Besides, several officials within the Australian government including Attorney General Cristian Porter and former Prime Minister Malcolm Turnbull use Signal themselves. Weakening encryption methods for the app would actually pose a national security risk for the very politicians charged with enforcing the law.
Apple has been vocal about its opinion of the bill. In a seven-page letter to the Australian Parliament, it criticized the legislation saying that it gives the government "overly broad powers" and is extraterritorial in impact. While it did not come right out and say it would not comply with the law if asked, that seemed to be the company's insinuation.
So far authorities have not had reason to invoke the law. It will be interesting to see how the industry reacts when it finally does.