Australia’s new encryption back door law is misguided and betrays a fundamentally computer illiterate approach. Its knee jerk reaction to a false narrative problem is irrational, and a convenient pretext to legislate for long sought after powers to break encryption. She is ignorant of the history of computing and encryption, and her plans will damage Britain. N.B. This is not a criticism of the Australian government in particular. It applies equally to any government anywhere that wants to regulate encryption in their jurisdiction.
The Background and Facts
Australian politicians, like all politicians, know next to nothing about computers and software. In their busy world, computers are the tools of secretaries and assistants, and not something they have a particular interest in.
Professionals in the Security Services on the other hand do understand computers, and are asking for software to be crippled so that no communication can be transmitted in private. They know the complete history of encryption, and how previous attempts to have it outlawed or weakened have failed. They are hijacking the mass hysteria over terrorism to make a fresh attempt to take encryption away from the public.
The Electronic Communications Act 2000 in the UK was an early attempt to make it illegal to sell a software product that did not have a back door for government access. It was defeated and removed from the statutes.
In the USA, several attempts have been made to mandate government access to all private communications; some via new hardware devices like the Clipper Chip, and others through setting legal precedent. They also tried to chill the release of encryption tools by the three year harassment of Phillip Zimmerman, the author of “Pretty Good Privacy”, the tool that Edward Snowden has admitted that the NSA and GCHQ cannot break.
Even today, any encryption system with key lengths longer than 64bits must be approved by the US Department of Commerce’s Bureau of Industry and Security before they can be exported. This is patently absurd, since key lengths of 4095bits are available to everyone globally without restriction, and all SSL is 128bits by default at a minimum world-wide.
The Current Situation
Today, Apple and Google with their iOS and Android operating systems have rolled out full device encryption so that no one can read the contents of a user’s phone. This was done in direct response to the NSA’s mass intrusion into the communications and devices of millions of innocent people.
Now Australia, under pressure from IT professionals and spy agencies who are exploiting computer illiteracy, is trying once again to revive their decades old attempts to cripple the public’s access to encryption and privacy. They failed in the late 1990s and they will fail again, because the iPhone saturated, “selfie” taking world is a very different place today.
Everyone uses encryption, whether they know it or not, on a daily basis. All ecommerce depends on it. If the Australian government makes it law that all encryption must have a back door, then criminals will have default access to all websites that sell anything, together with easy access to the personal information of billions of net users on all devices. Their demands are unworkable and ineffective because different jurisdictions will not follow them, and any software developer in the world can use both the old and new absolutely reliable tools to have secure chat and email and file storage, or simply move their services to a free jurisdiction, avoiding the anti-tech British laws.
Australia can demand that encryption has back doors in Australia, but they cannot demand that Americans or anyone else follow them. This would mean that only Australian web sites and services are vulnerable; the entire Australian internet would be globally recognised as an unsafe zone for e-commerce. It would be a disaster for the tech sector of the Australians that the government is so keen to promote and preserve.
The messages coming out of the Australian government are not coherent. On the one hand, their government wants to be full participants in the global economy, but on the other hand, they are being told to cripple the key tool used in making the tech work. Clearly, this is the sound of computer illiteracy and the most astonishing ignorance.
And it’s not only ecommerce that is threatened by the Australian anti progress stance. There is a vast movement online to put all internet services no matter what they are behind HTTPS by default. Mandating that the government has backdoor access to every website accessed from Australia is literally impossible. It means fundamentally re-engineering the entire web, and no one is going to agree to this. If you access an American email service from Australia, like Gmail, the SSL will not be back doored, and the communications will be private. In the reverse direction, they will not be private. This means that no company will host their email services in Australia, and the money, brains and tech will flow outwards, away from Australia. The“Tech Drain”.
Now that the world depends on encryption for the movement of all of the money in circulation globally, it is not possible to weaken the tools that protect the movement of that money without destroying commerce itself. You cannot weaken the tools that protect everyone without giving blanket access to criminals. Australia has been badly briefed, and they will be forced to back down, or give up any hope of their island becoming a centre for global tech; indeed, they will be isolated and a global pariah.
The Flawed Rationale
The public pretext for this new push to break global ecommerce is the recent spate of anomalous killings by “Jihadists”. Criminal events, especially the more horrifying ones, are always outliers and statistical anomalies. The vast majority of the world’s people never encounter this category of event, and their safety must always come first; that means strong encryption by default.
Politicians are very accustomed to making tradeoffs. In this case, we are trading off the absolute fact of trillions of dollars and billions of people who use ecommerce being kept safe against the remote possibility of detecting and perhaps preventing extremely rare crimes against a vanishingly small number of people, the number of which when combined globally is lower than the number of people who die from mundane causes.
And when we talk about protecting people, we do not only mean protecting their money. Every aspect of your life is shielded by encryption, including all the private matters that you send or receive through your internet connected devices. Encryption keeps your private information away from everyone but the intended recipients. The Australian government is only one hostile adversary out of many trying to gain access to your communications, money, medical records and location.
Encryption is democratic; it keeps everyone safe equally.
The True Reality
The age of the Security Services being able to read everyone’s communications at will is essentially over. The coming of this day was inevitable from the moment that PGP and SSL were developed and released. The net benefit to society is the emergence of global ecommerce and the massive reduction in online crime as the bad guys are permanently locked out.
If Australia’s advisers were serious about reducing terrorism, they would advise a different foreign policy, which is the root cause of the terrorist problems facing Australia.
For example, Libya, had it been left untouched, would have prevented the immigration crisis facing the EU. The consequences of bad policy are the root cause of Britain’s problems, not encryption, and breaking encryption for everyone will not solve them. In fact, it will cause a cascade of knock on effects and another class of unintended consequences that will effectively end Britain’s place as a centre of tech for the foreseeable future.
Australians must push back hard against the voices that used fallacious arguments to get this new damaging law passed. If they do not, Australia faces a collapse of its tech sector, as building products that are safe for consumers will be impossible in that country. The world has changed; not even the Communist Chinese are suggesting that global standard encryption tools be back doored, and they are using all the same software that is used in the west to protect their websites and communications.
We should not have to go through this process again and again every time there is a media frenzy over a killing spree. Someone in Australia’s government must be hired for the sole purpose of bringing sanity to their pronouncements on everything related to software. Perhaps it’s time for a return of the “MinTech” cabinet position, which should be held by a member of industry elected by the software industry, and not a layman. This should be done before another suicidal piece of legislation is enacted, that at the very least, will waste everyone’s time defending their business models against it, and at worse, trigger a “Tech Exodus”.