Everyone will use encryption, Australia should get over it: UN Special Rapporteur
In relation to the right to privacy, the United Nations Special Rapporteur Joe Cannataci has told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to focus on other ways to deal with the issue of encrypted communication, rather than trying to break into it.
“As it stands, the Bill enables gross invasions of privacy,” Cannataci said on Tuesday. “The government has not substantiated the need for this Bill, asserting a growth in the use of encryption does not constitute an argument, or evidence.”
“Everybody is going to use encryption, and so they should, get over it.”
Cannataci said the government’s proposed Assistance and Access Bill was a technologically naive framework that ignored the realities and dangers of the digital world.
“No government has found a system that provides both exceptional access and security,” he said.
“There is no disguising the fact, ladies and gentlemen, that you are being confronted by a rushed job.”
Must read: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)
Under the proposed law, Australian government agencies would be able to issue three kinds of notices:
- Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
- Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
- Technical Assistance Requests (TAR), which have been described by experts as the most dangerous of all.
The Special Rapporteur pointed out the blindingly obvious, that serious terrorists and criminals will roll out their own encryption rather than use regular services, which renders the Bill’s provisions of asking or compelling service providers to intercept their customers to be “totally useless”.
“From a technical point of view, what is being proposed here really doesn’t make sense at all,” Cannataci said.
After following the proceedings and submissions to PJCIS, Cannataci said the Committee had not been presented with evidence that would persuade him that the legislation was necessary or proportionate.
“Indeed, I would be pretty confident that it would not only be found deficient by the United Nations Committee on Human Rights, but also it would be thrown out quickly out of the European courts on amongst a plethora of shortcomings,” he said. “It does not offer the adequate safeguards.”
Cannataci added that if the Bill was passed, Australia would be setting a bad example for the rest of the world.
In his submission released last month, Cannataci said the Bill was fatally flawed and should be set aside.
“Its aims do not justify a lack of judicial oversight, or independent monitoring, or the extremely troubling lack of transparency,” he said.
The Special Rapporteur was dismissive of the oversight and transparency measures in the Bill, particularly the lack of judicial oversight and the ability for heads of agencies to approve actions by their own people.
Speaking to PJCIS on Monday, Representatives from the Department of Home Affairs attempted to water down concerns that the Bill would impact Australian exporters.
“The Bill expressly says under the Technical Capability Notice provisions that agencies cannot ask companies to build a capability to remove one or more forms of electronic protection,” Home Affairs Assistant Secretary Andrew Warnes said on Monday. “The Bill has already expressly ruled that out, so that’s where they should be hanging their hats on.”
“If they don’t have the capability to do it now, we will not ask them to build the capability to do it, so that’s their assurance.”
Opening the hearing on Monday was Director-General of Security at the Australian Security Intelligence Organisation (ASIO) Duncan Lewis, who said the spy agency has cases where it wants to use the proposed powers.
“I anticipate that ASIO would immediately seek to use this legislation if and when it becomes available,” Lewis said.
Asked whether there are any specific threats that ASIO needs the powers for, Lewis did not identify a threat, but instead said there is a general increased threat over the Christmas period.
Monday’s hearing was shifted forward due to requests from Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton to have the legislation passed in this sitting fortnight.
“I would call on all members of the committee to do what they can to deal with this matter in an expeditious way, because we do want to arm the police with the ability to look at these encrypted messages,” Dutton said last week.
In the 2019 Parliamentary sitting calendar released on Tuesday night, there are only 7 sitting days before the Budget on April 2.
ASIO will immediately seek to use the legislation when it comes into force.
Australia’s proposed encryption-busting legislation is one of the most significant changes to surveillance laws in a generation, but the government is skimping on the review processes.
If an Australian company is compelled by legislation to deny that a capability in its products exists, then its assertions are meaningless, security company Senetas has said.
What cyber crimefighters really need are better global collaboration and faster access to IP address data, not the content of encrypted data communications, according to Jacqueline McNamara.
Head of ASIO Duncan Lewis has said there is a time limit to any assistance rendered under the Assistance and Access Bill.
The Australian Parliament’s own human rights watchdog committee has identified a raft of concerns with the Assistance and Access Bill 2018, and is ‘seeking additional information’.