The Australian government has passed a law that forces tech companies to give police and security agencies access to encrypted messages, claiming it’s needed to fight crime.
What it says: The Assistance and Access Bill 2018 is a world first, letting law enforcement bodies require companies to hand over user information, even if it’s end-to-end encrypted. Because companies currently have no way of viewing end-to-end encrypted messages, they will be forced to build a “back door” to gain access.
The problem: But once you create a back door to bypass encryption for law enforcement purposes, it weakens security for everyone, everywhere. It cannot be targeted at just one person or one group of users, and it provides a potential avenue for hackers. For example, the UK health service’s biggest ever cyberattack—using WannaCry ransomware—was possible thanks to a Windows exploit found by the NSA in the US.
The future implications: We won’t know for sure until agencies start to use the new powers. Companies could leave Australia or argue they are not subject to Australian law. Amendments to the law are due to be raised for debate next year, but substantive changes seem unlikely.