New Encryption Security Laws
I spent some time recently talking with our lawyers about the new Australian encryption laws that were passed by Federal Parliament late last year. These laws were passed as an amendment to the Telecommunications Act 1997 (Cth) and are called the Access and Assistance Bill.
The government passed laws to allow federal or state agencies to gain access to encrypted communications in an attempt to stop illegal activity, such as terrorism. In case you missed the Australian media commotion that followed:
As you can see there were many conflicting points of view on this legislation portrayed in the Australian media at the time (including some misleading or sensationalised news), and I wanted to grasp a greater understanding of what was really passed in parliament.
Firstly, I noticed that the legislation was passed rather quickly and had the support of both major political parties, which led me to consider whether there may have been special activities or investigations that the authorities needed to deal with urgently.
I was specifically interested in how this legislation could ensnare our company, employees and customers.
How the act applies to Laminar?
In speaking with our lawyers, they were able to simplify and outline the complex range of amendments to the Telecommunications Act. These amendments are called the “Telecommunications and Other Legislation Amendments (Assistance and Access) Act 2018”. I have also heard that there are likely to be some minor amendments coming up in the early part of 2019.
Importantly, Laminar is affected by this legislation, specifically points 2-4 as listed below.
The Act applies to the following:
- Carriers and carriage service providers.
- Entities that manufacture, supply, operate or maintain telecommunications infrastructure or equipment.
- Entities that supply services that allow users to access material using a carriage service (e.g. website and messaging app access); or
- Entities that provide services (including software) for use in connection with a carriage service or electronic service.
There are three types of requests that can be made by authorities, meaning Laminar can be called upon by various authorities as below.
- Technical Assistance Request (TAR) – Request for voluntary assistance from Federal and state authorities, that is; ASIO, ASIS, ASD or an Interception Agency (IA) – AFP, Australian Crime Commission, or State/Territory Police Forces.
- Technical Assistance Notice (TAN) – Notice requiring mandatory assistance from ASIO or an IA.
- Technical Capability Notice (TCN) – Notice requiring mandatory assistance to the extent that special capabilities may need to be created to help the authority. This request can only come from the federal attorney general with ministerial approval and will only involve ASIO.
The Technical Capability Notice (TCN) and it’s impact on our industry
The TCN is a section in the legislation that has raised the most concern by many in our industry. It is one of the avenues many believe will allow authorities to request Australian organisations to create a “back door” in encryption software. However, creating a “back door” in encryption software is not that simple.
Any such requests made by the authorities, if technically feasible, will allow the requested organisation to be compensated for its efforts. Despite this assurance, local technology developers are worried that overseas customers will not buy their products as a result of this “back door” perception.
I wonder if Apple will comply with such a request?
So I have come to the conclusion, that for Laminar and its clients this is not a really big deal. In fact if an authority approached us we would probably comply and help anyway.
For our employees its important to realise that any notice or request is bound to the company not an individual. That is, we can discuss the request internally. Our staff are immune from civil liability arising from their carrying out of technical assistance and technical capability notices.
However, unauthorised disclosure of information relating to the request or notice is a criminal offence under the Act for communications providers and their staff and contractors.
How might Laminar be involved?
Our staff may be called on to assist by:
- Removing electronic protections;
- Providing technical information (e.g. source code, service design plans, etc);
- Installing, maintaining, testing or using software or equipment;
- Giving effect to a warrant;
- Facilitating access to a facility, customer equipment, devices and software; and
- Concealing enforcement activities.
Laminar will assist authorities to the best of its capabilities and while we may not be able to inform our customers of any activities of the authorities, we will endeavour to protect infrastructure or information under our care by:
- Ensuring any request will be handled by the CEO of Laminar
- Checking the bona fides of any people and agencies
- Keeping records of activities of the authorities
- Briefing our lawyers of any notice
- Preventing access to organisations or peoples systems/information who are not subject to the investigation
- Prevent the installation of software or other technology that may weaken our service offerings
- Illegal or unreasonable requests.
If you are interested in investigating the legislation for yourself, here is the link below.
Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 Link : https://www.legislation.gov.au/Details/C2018A00148
If you have any queries in relation to this issue, feel free to get in contact with us.