It has long been thought that Australia was likely to be the next developed country to ramp up their online surveillance powers.
And in a new draft bill, cynically published while the country is in the middle of a full-blown political crisis, they have done just that. And then some.
Australia’s new surveillance bill and its implications
As we have reported before, Australian authorities have been at the forefront of the campaign amongst developed countries to try and undermine encryption. Their rhetoric has gone far further than other governments, but until now their actions haven’t quite lived up to it.
But their new Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 certainly does. And as the Electronic Frontier Foundation (EFF) has reported, it has borrowed heavily from the UK’s own overbearing surveillance legislation, the Investigatory Powers Act.
Before we take a closer look at what the Australian draft bill proposes, it is worth noting that this legislation has the potential to have a huge effect well beyond Australia’s borders.
Australia is a member of the extremely sinisterly named ‘Five Eyes’ group of countries which also includes New Zealand, the UK, Canada, and the USA.
It has long been suspected that these countries were likely to try and award themselves similar sweeping new surveillance powers.
It is therefore no surprise to see Australia following the British lead so closely. Citizens of the other three countries in the group should be bracing themselves for similar proposals from their governments soon too.
The sweeping new powers proposed
So, what does Australia’s ‘Assistance and Access’ Bill propose? It is essentially a distilled version of the UK’s lengthy and rambling legislation, which cuts out a lot of the chaff and retains the majority of the bills most intrusive powers.
According to the EFF, the new bill will empower Australian authorities to require most tech companies to help them conduct online surveillance.
This means they can demand tech companies re-engineer their products to facilitate surveillance using device sensors (cameras and microphones) as well as access data through hacking private computers.
The bill states that such surveillance can be carried out to protect “the interests of Australia’s national security, the interests of Australia’s foreign relations or the interests of Australia’s national economic well-being”. Hardly a specific set of reasons for such sweeping powers.
If that isn’t worrying enough, the sheer range of people who will be required to comply with this new law is truly staggering. It will apply to any “designated communications provider”.
This means ISPs and telecoms companies, but also seems to apply to app and website developers, web and cloud storage hosting companies, and plenty more besides.
The UK’s Investigatory Powers Act did not specifically name VPN providers in their legislation and it is still unclear whether they are expected to comply or not there. At this stage, that appears to remain the case in Australia too.
Little cause for optimism
There are admittedly a few areas where the Australian Bill has improved on its British counterpart. For example, there are clauses in the new bill which prohibit Australian authorities from being able to require companies to build a systemic weakness into their product. This appears to rule out encryption backdoors.
The bill also prevents actions which could cause a material loss to others using a targeted computer lawfully. However, the EFF suggests these clauses are minor and easily circumvented should the Australian authorities see fit.
The EFF concludes that what Australia’s Government is trying to award itself is “the luxury of broad, and secret powers” with no proper oversight. In other words, they want what the UK already has, and the US effectively implements without primary legislation to back it up.
That is bad news for Australian internet and is likely to result in a fresh surge in people turning to VPNs to try and keep their online data private and safe from Government prying.
The EFF believes that when the bill passes into law, both trust and security on the internet in Australia will be seriously diminished. They also suggest that it is likely to lead to other countries (New Zealand and Canada) following their lead.
Their final sentence is both damning and accurate. “This is a bill that will breed digital distrust, and undermine the security of us all,” they conclude.
It is a requirement in Australia that all bill proposes are opened to public comment. If you are inclined to voice your opposition to this new bill which awards the Australian authorities sweeping new online surveillance powers, you can do so here. The consultation is open to submissions until September 10th.