Australia Wants to Criminalize Withholding of Data Encryption Keys

For those who want to keep their documents safe, data encryption has been an excellent way of keeping those documents from being seen by prying eyes. Data encryption turns data into incomprehensible strings of text that could only be deciphered using an encryption key. It is the digital world’s equivalent of using coded messages, a technique for hiding messages that has been in use since the ancient world. With data security steadily becoming a concern for many, especially after we learned from Edward Snowden that the government has been using the internet to spy on us, the popularity of data encryption has been growing. Data encryption can be pretty effective, and certain governments seem unhappy about this.

Specifically, Australia is extremely unhappy about this. Not even shrugging their shoulders at the idea of accessing the private data of their citizens, Australia’s Attorney-General’s Office has recently added some interesting words in the midst of a new wiretapping law.

The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions.

The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.

[....]

Under this approach, the person receiving a notice would be required to provide ‘information or assistance’ to place information obtained under the warrant into an intelligible form. The person would not be required to hand over copies of the communication in an intelligible form, and, a notice would not compel a person to do something which they are not reasonably capable of doing. Failure to comply with a notice would constitute a criminal offence, consistent with the Crimes Act.

The above approach is consistent with the approach taken by the United Kingdom, which permits officials of law enforcement and national security agencies to, where authorised under a warrant, issue a notice requiring a person to provide assistance in connection with accessing encrypted communications. Similarly, South African law permits agencies to apply to a judicial officer for a direction requiring a person to provide information to the agency to enable the agency to decrypt lawfully intercepted communications.

Those who are using data encryption better beware, Australia doesn’t appear to want to let them away with hiding their data, making it an actual criminal violation to refuse to hand over encryption keys. We also learn from this that Australia isn’t the only country that wants more access to encrypted files, as it appears that the United Kingdom and South Africa both allow law enforcement agencies to apply for warrants to receive data encryption keys.

Of course, this won’t make data encryption useless. Unless a country actually makes it completely illegal, highly unlikely, data encryption can still protect people. Using data encryption will still protect people from non-governmental prying eyes. It will also prevent the government from being able to automatically scan data. While they may be able to receive a warrant to receive the data encryption keys, unless there is reasonable cause to receive a warrant this will be unlikely to occur. So smart internet criminals can still find themselves able to use encryption to protect themselves.