One giant step backwards for cyber security in encryption bill fiasco

Image: Fairfax media

Australia will soon be relegated to the backwaters of the global digital community. We will no longer have a functioning security software industry, nor will we have faith in the safety of our telecommunications systems. Our elected representatives in Canberra have passed into law an obscene bill that will have long-lasting impacts on the infrastructure of the digital economy, and they don’t even seem to care.

The Assistance and Access Bill, passed with bipartisan support through Parliament last week, was ostensibly designed to give law enforcement the power to gain access to encrypted communications. Despite assurances this doesn’t involve intentionally compromising these systems, that’s exactly what will eventuate.

Encryption is not a barrier to a safe society; it is a form of protection against criminal acts, including state-sponsored hacking. It plays a role in protecting our digital infrastructure, such as the banking system, the electricity grid and mass-transit systems. It is an important line of defence against bad actors, and we weaken it at our peril.

This entire parliamentary process has been a farce. With a severely truncated public consultation, a  rushed parliamentary inquiry barely had time to read all the submissions. Secret hearings with law-enforcement and spy agencies stated that suddenly these new powers were needed before Christmas.

Those agencies already have considerable powers at their disposal to deal with modern, digital threats. The claim that strong encryption has hampered their efforts to do their job has not been justified in any meaningful way – either through the inquiry into this bill or in any other public arena. If we authorise the creation of intentional weaknesses in our digital systems, even under the guise of improving law-enforcement capability, we expose ourselves to attacks from bad actors who will seek to utilise any such opportunity.

In an effort to provide expert opinion and analysis, human rights organisations, trade unions, cryptographers, academic security experts, business and industry groups, technology companies and telecommunication providers all stood in agreement, pleading with the government to see that the negative ramifications of the bill far outweighed the purported need.

For a fleeting moment, we thought the Labor opposition might stand up and see reason, but then both major parties teamed up to push through a law in the final hours of sitting, with a record 173 amendments that were introduced only hours before the vote was cast.

These laws are deeply flawed, and have the likely impact of weakening Australia’s overall cyber security, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections. In their very design, they are antithetical to human rights and core democratic principles.

Our collective future should be one that embraces the opportunities that are presented by technology. Instead, this encryption legislation will only push us backwards – a direction in which both major parties seem determined to see our nation head.

First published in The Age on Monday 10 December 2018