New law could compel backdoors
The Federal Government has launched legislation for cyber abilities that may not be possible.
The Australian Government’s new legislation seek to compel tech firms like Google, Apple and Facebook to provide access to users’ encrypted messages.
“What we are proposing to do, if we can’t get the voluntary cooperation we are seeking, is to extend the existing law that says to individuals, citizens and to companies that in certain circumstances you have an obligation to assist law enforcement if it is in within your power to do so,” Attorney General George Brandis said.
“Last Wednesday I met with the chief cryptographer at GCHQ, the Government Communication Headquarters in the United Kingdom, and he assured me that this was feasible.
“So there are various claims made by experts in the field, but what the Government is proposing to do is to impose upon the companies an obligation, conditioned by reasonableness and proportionality.”
But there is a serious technical hitch - the fact that it may not be mathematically possible to break the end-to-end encrypted communications offered by providers like Apple, Facebook and WhatsApp.
In the case of a relatively simple a 56-bit decryption key, there are 72 quadrillion possible combinations for any computer wanting to break it to go through.
“The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia,” Prime Minister Malcolm Turnbull said on Friday.
But the inability for even the providers themselves to access the contents of communications is a central point of their business model.
In end-to-end encryption, the keys to decrypt messages are available only the user of the service, so these kinds of laws could leave companies no option but to build backdoors into their systems.
Experts have pointed to numerous examples of this not working, and drastically reducing the security of systems.
George Brandis was only able to provide seemingly contradictory advice on the need for backdoors.
“Well, we don’t propose to require ‘backdoors,’ as they are sometimes called, though there is a debate of course about what is or is not a backdoor,” he told the ABC
He had previously said that encryption keys should be provided to the government.
“At one point or more of that process, access to the encrypted communication is essential for intelligence and law enforcement,” he told the Sydney Morning Herald in June.
“If there are encryption keys then those encryption keys have to be put at the disposal of the authorities.”