In brief: Australia introduced legislation today that would require tech companies like Google and Facebook to help authorities decrypt some types of encrypted information — primarily communications such as text messages. The proposed measure would impose an AU$10 million (US$7.3 million) fine on companies that do not comply with the legal summons.
According to ABC, the Australian government says that the law is intended to help fight against terrorism, fraud, child abuse, and other crimes.
“The risk here is that criminals, terrorists, pedophiles, and drug smugglers are getting away with their crimes without us being able to hold them to account,” said Cyber Security Minister Angus Taylor.
It says the new legislation is needed because law enforcement is relying on decades-old laws that date back to the days of the landline. Tech companies fear that it will compel them to create backdoors into their systems as has been tried in the US and EU. However, the government assures companies that it does not want to do anything to weaken consumer privacy protections.
“We believe encryption is absolutely crucial to protecting Australians. So the legalization explicitly excludes the potential for law enforcement to ask industry to create a weakness in their encryption systems.”
Instead of creating a backdoor in their systems companies will help agencies "intercept" communications. For example, when one user sends a message to another that message is encrypted when it is sent and decrypted on the other end. Agencies want access to the information at the point of decryption. It is somewhat similar to a phone tap. Agencies can intercept the data and record it upon decryption, but will not have access to the device per se.
"Those crimes in the case of a computer access warrant must be serious. It's not any crime, it's got to be a serious crime. So it's three years' imprisonment or higher."
The law will apply similarly to how law enforcement goes after phone records. Strict guidelines will be enforced to ensure that the communications are essential to an investigation and the crime is serious enough (three-year jail sentences or more). Then companies will be subject to three levels of summons.
First, the intercepting agency will ask for the company’s voluntary assistance. If it does not comply, it will escalate to a “Technical Assistance Notice,” which is more of an insistence that the company cooperates. If that fails, law enforcement can seek a “Technical Capability Notice,” which can only be issued by the attorney general and forces the company to comply under threat of a fine.
The law is currently in a one-month consultation period. If it passes, tech companies could see a sharp increase in information requests from Australian authorities. ABC reports that since 2013, the Aussie government has requested data from Facebook 6,977 times. Interestingly Facebook has granted 67 percent of those requests.