Prime Minister Malcolm Turnbull’s favourite secure messaging app Wickr is among the 76 organisations and individuals that have signed an open letter today calling on his government to reject its plans to ‘undermine strong encryption’.
Wickr, Twilio, ThoughtWorks, Linux Australia, Startpage.com and a slew of digital rights, civil liberties and privacy organisations signed the open letter to the Attorney-General Christian Porter and Minister for Law Enforcement and Cyber Security Angus Taylor. They are calling on government “not to pursue legislation that would undermine tools, policies, and technologies critical to protecting individual rights, safeguarding the economy, and providing security both in Australia and around the world”.
The government is adding the finishing touches to proposed legislation that it says will boost the ability of law enforcement agencies to access communications sent via encrypted services.
It remains unclear how this would be achieved. Both the PM and key cyber security advisor Alastair MacGibbon have said the government it is not interested in ‘backdoors’ for security agency access to communications services.
However, Turnbull’s definition of a backdoor is fairly specific: an unknown vulnerability.
It seems likely the responsibility for undermining end-to-end encryption will be put in the hands of service providers. Taylor said last month that the government would not be seeking decryption keys.
“While the apparent commitment to avoid an escrow system for encryption keys is a positive step, we note that, generally speaking, all known methods of bypassing, altering, or watering down security tools or technologies to provide law enforcement access have been shown to carry severe risk,” the open letter, additionally signed by a number of academics, lawyers and business people, states.
While the approach the government will pursue is not yet known, there have been suggestions providers would need to guarantee access to messages but not detail their precise methods, or otherwise adhere to a ‘mandatory decryption requirement’.
“Adopting either of these requirements would be a mistake,” the letter says.
Turnbull once lauded Wickr as the epitome of secure communications. He is believed to have used it to discuss the September 2015 revolt against then-prime minister Tony Abbott with allies.
The app, according to some infosec commentators, could “become his decryption Waterloo”.
"We must keep the dialogue open on how we protect our personal, business, and government data against hacking threats which are growing more sophisticated, scalable, and cheap,” said Joel Wallenstrom, CEO of Wickr in a statement today.
“It is no time to limit Australia’s options in securing its economy, critical infrastructure, and business communications. It is unrealistic to expect effective law enforcement when our digital systems become porous and vulnerable due to weakened encryption.”
Wallenstrom’s comments were backed by digital rights not-for-profit Access Now.
“Australia is facing a choice on cybersecurity and encryption: real security or false. The country can either be the testing ground for policies that undermine privacy and security in the digital era, or it can be a champion for human rights, leveraging its relationships to raise cybersecurity standards for the next generation. The world is watching,” said Access Now senior legislative manager Nathan White.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.