The Australian government has proposed a new cybersecurity law to force global technology companies such as Facebook and Google to give law enforcement agencies access to encrypted messages sent by suspected extremists and criminals.
Malcolm Turnbull said on Friday the law would be modelled on Britain’s Investigatory Powers Act, passed in November, which gave intelligence agencies some of the most extensive surveillance powers in the western world.
Under the law, internet companies would have the same obligations as telephone companies to help law enforcement agencies. Police would need warrants to access the communications. Turnbull said the legislation was necessary to keep pace with advances in technology that could facilitate crime.
“We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law,” he said.
Asked by reporters how legislation would prevent users simply moving to encryption software not controlled by tech companies, Turnbull said Australian law overrode the laws of mathematics.
“The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only laws that applies in Australia is the law of Australia.”
Turnbull denied the government’s plans involved the use of a “back door” into programs to allow access to encrypted messages on platforms such as WhatsApp and Telegram.
“A back door is typically a flaw in a software program that perhaps the developer of the software program is not aware of, and that somebody who knows about it can exploit,” Turnbull said. “If there are flaws in software programs, obviously, that’s why you get updates on your phone and your computer all the time. So we’re not talking about that. We’re talking about lawful access.”
Pressed on whether the government’s plans meant it would ask companies such as Facebook and Apple to keep a copy of encryption keys used by customers, Turnbull said:
“I’m not a cryptographer, but what we are seeking to do is to secure their assistance. They have to face up to their responsibility. They can’t just wash their hands of it and say it’s got nothing to do with them.”
The attorney general, George Brandis, said the legislation would “impose an obligation upon device manufacturers and service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis”. It could be used to tackle terrorism, or serious organised crime such as paedophile networks.
“It is vitally important that the development of technology does not leave the law behind,” Brandis said.
Brandis said the bill that would allow courts to order tech companies to quickly unlock communications would be introduced to parliament by November.
Australian Federal Police deputy commissioner Mike Phelan said “the vast majority” of investigations now involved some sort of encryption.
“Whether that’s encryption of phones, whether it’s encryption of computers that we seize or whether … it’s traffic that goes between conversations over the internet, then that’s the sort of thing that we need to get behind. At the end of the day, what has happened here is legislation has not yet kept pace with technology.”
Independent security researcher Troy Hunt told the ABC there were dangers for all users in undermining encryption systems.
“As soon as you start to build in weaknesses into the design of encryption, you put it at risk for everyone,” he said.
Turnbull himself has long advocated the use of encryption for journalists and others with a legitimate reason for keeping messages confidential. Defending the introduction of data retention laws in 2015, he recommended the use of platforms such as WhatsApp, Wickr, Signal and Telegram to ensure that the government’s collection of metadata did not mean the content of messages was exposed.
Asked at the time whether that meant terrorists and child sex offenders would also be able to get around the laws, Turnbull said: “There are always ways for people to get around things, but of course a lot of people don’t, and that’s why I’ve always said the data retention laws, the use of metadata, is not a silver bullet.”