Update, 12/6: The bill has now passed after the Labor party agreed to drop its proposed amendments — you can read full details of the bill here.
Australia’s controversial anti-encryption bill is one step closer to becoming law, after the two leading but sparring party political giants struck a deal to pass the legislation.
The bill, in short, grants Australian police greater powers to issue “technical notices” — a nice way of forcing companies — even websites — operating in Australia to help the government hack, implant malware, undermine encryption or insert backdoors at the behest of the government.
If companies refuse, they could face financial penalties.
Lawmakers say that the law is only meant to target serious criminals — sex offenders, terrorists, homicide and drug offenses. Critics have pointed out that the law could allow mission creep into less serious offenses, such as copyright infringement, despite promises that compelled assistance requests are signed off by two senior government officials.
In all, the proposed provisions have been widely panned by experts, who argue that the bill is vague and contradictory, but powerful, and still contains “dangerous loopholes.” And, opponents warn (as they have for years) that any technical backdoors that allow the government to access end-to-end encrypted messages could be exploited by hackers.
But that’s unlikely to get in the way of the bill’s near-inevitable passing.
Australia’s ruling coalition government and its opposition Labor party agreed to have the bill put before parliament this week before its summer break.
Several lawmakers look set to reject the bill, criticizing the government’s efforts to rush through the bill before the holiday.
“Far from being a ‘national security measure’ this bill will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian,” said Jordon Steele-John, a Greens’ senator, in a tweet.
Tim Watts, a Labor member of Parliament for Gellibrand, tweeted a long thread slamming the government’s push to get the legislation passed before Christmas, despite more than 15,000 submissions to a public consultation, largely decrying the bill’s content.
The tech community — arguably the most affected by the bill’s passing — also has slammed the bill. Apple called it “dangerously ambiguous,” while Cisco and Mozilla joined a chorus of other tech firms calling for the government to dial back the provisions.
But the rhetoric isn’t likely to dampen the rush by the global surveillance pact — the U.S., U.K., Canada, Australia and New Zealand, known as the so-called “Five Eyes” group of nations — to push for greater access to encrypted data. Only earlier this year, the governmental coalition said in no uncertain terms that it would force backdoors if companies weren’t willing to help their governments spy.
Of the Five Eyes, the U.K. was first with its 2016-ratified Investigatory Powers Act, a controversial law that critics dubbed the “snoopers’ charter.” The European Court of Human Rights later found that parts of the surveillance powers violated human rights laws — including obtaining communications data directly from providers.
Near-identical powers proposed by Australia’s draft bill, much in the U.K.’s shadows, however, aren’t covered under European law — and are likely to escape any international legal challenge.
Australia is likely to pass its bill — but when exactly remains a mystery. The coalition government has to call an election in less than six months, putting the anti-encryption law on a timer.