ITP Techblog

Brought to you by IT Professionals NZ
« Back to Government

Aussie lawmakers still have their sights on encryption

Peter Griffin, Contributor. 10 August 2021, 9:12 am

Software makers and social media platforms could soon face a big fine in Australia if they don't adhere to rules that require them to detect unlawful material on encrypted platforms.

That's what is outlined in the Draft Online Safety (Basic Online Safety Expectations) Determination 2021, a set of rules, the Basic Online Safety Expectations, which the Australian government has prepared and which will take effect from January 23 under the Online Safety Act 2020.

That piece of legislation includes a raft of provisions aimed at tackling abusive behaviour by, among other things, requiring tech companies to limit use of anonymous accounts and take measures to prevent "unlawful or harmful" content circulating on their networks.

A fine of A$550,000 would apply for instances of non-compliance by a company, A$111,000 for an individual. Eliminating anonymous accounts would mark a major shift for some social media and messaging providers that would cause technical headaches in attempting to link an account to a real human being. Still, it could be done, by having a user offer trusted proof of identity on sign up.

Tech companies, such as the major social media platforms already have automated systems and human content moderators sifting through digital material to identify inappropriate content.

But another provision may cause them more concern:

"If the service uses encryption, the provider of the service will take reasonable steps to develop and implement processes to detect and address material or activity on the service that is or may be unlawful or harmful."

Policing what you can't see

Currently, messaging providers from Whatsapp to Signal make a virtue of the fact that their services are fully encrypted. Not even the provider can see the content that passes between users on those networks - or so we are told. So how would a provider police encrypted conversations and file transfers for unlawful or harmful content?

It would effectively have to break encryption, allowing its content filters to access everything going across its "encrypted" channels. That may not be the encryption backdoor some governments are pushing for, where tech companies are forced to make their secure networks interception capable. 

But once information is unencrypted it could then be easily accessed by law enforcement agencies via their usual means of obtaining a warrant via a court order.

These are draft rules and with submissions on them open to 15 October, you can expect tech companies to outline in detail how difficult the proposals are to execute. Arguments may centre around what exactly is involved on the part of the provider in taking "reasonable steps regarding encrypted services". For instance, is it reasonable for Facebook to tell the Australian government that it can't access encrypted messages on Whatsapp but will look at a user's non-encrypted account activity for evidence of sharing unlawful or harmful content? 

Ultimately, that is unlikely to cut it with the Aussies signalling back in 2018 it wanted assistance from tech platforms to access encrypted systems with the passing of the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act.

It will be interesting to see how these new rules are shaped as a result of the consultation. Our own government hasn't moved on encrypted systems yet, focusing instead on cyberbullying, harmful content and, more latterly, hate speech. 


You must be logged in in order to post comments. Log In

Web Development by The Logic Studio