Proposed Australian Bill Would Require ‘Masterkey’ to Defeat Encryption
This proposed law comes in the wake of several well-publicized disputes between the tech industry and law enforcement, where law enforcement has sought to compel manufactures to provide assistance in accessing encrypted data. To avoid these conflicts, Australia’s new law would establish written protocols which would, in some instances, require “Designated Communications Providers” or “DCPs” to provide government investigators access to their information systems. In instances where companies lack a mechanism to defeat their own security architecture, the proposed law would require companies to construct a digital “masterkey” or “backdoor” to enable government access to encrypted communications and other content.
Scope of the proposed law
Seeking a broad application of the law, the proposed bill would cover any corporation which manufactures, supplies, installs, or maintains data processing devices that would be connected to a telecommunications network in Australia. This would capture various electronic devices including smart phones, computers, and other networking equipment such as servers and electronic storage devices. The law would also apply to any corporation that supplies, develops, or updates software that can be installed on those devices.
Given Australia’s $1.6 trillion economy, many observers predict the proposed law will spillover to other regions outside Australia. It is also expected that other jurisdictions will enact similar legislation mimicking Australia’s, so foreign governments can simply piggy-back on the technical controls DCPs would have already developed to comply with the Australian law.
Adding an additional wrinkle to the bill’s potential territorial scope, Australia is a signatory to the United Kingdom – United States of America Agreement, aka “UKUSA.” Known as the “Five Eyes,” this multilateral agreement enables intelligence sharing between the intelligence agencies of Australia, Canada, New Zealand, the United Kingdom, and the United States.
Assuming the law is passed, many suspect the Australian bill could become a periscope for the Five Eyes group of nations. Under this theory, any decrypted information obtained by an Australian governmental agency could immediately transfer over to the other four signatories of the Five Eyes agreement.
Future of the bill
Underscoring a number of unresolved issues with the law, the Government of Australia recently conducted a lengthy public consultation period that closed on September 10. Following an internal review of public feedback, the Government plans to introduce a revised version of the bill to the Australian Parliament sometime in December 2018. Despite some opposition to the bill, support within the ruling party remains strong.