Apple and Facebook pressured to reveal terror suspects' data
Advertisement

Apple and Facebook pressured to reveal terror suspects' data

The Turnbull government will challenge tech giants including Apple and Facebook to do far more to stop terror suspects and criminals, using stronger powers to force the disclosure of sensitive information in a major new test of digital privacy.

The government will unveil the measures on Tuesday with a heightened warning to Australians about the threat from terrorists and criminals who are evading authorities by encrypting their messages on devices and social media platforms.

The new laws will impose far greater financial penalties on companies that do not co-operate with the security agencies, in the wake of Apple’s refusal to help US authorities break the codes on an iPhone used in a US terror attack.

Cyber Security Minister Angus Taylor.

Cyber Security Minister Angus Taylor.

Photo: Alex Ellinghausen

The move sets up a clash on privacy and civil liberties as the government insists on the need to gain access to encrypted messages while tech companies and civil liberties groups warn against “weakened” security for their customers.

Advertisement

In a key pledge, Cyber Security Minister Angus Taylor has ruled out the use of “back doors” to give security agencies easy access to confidential messages – one of the biggest fears about the new regime.

“This is not about creating back doors – there are very explicit protections in the legislation that ensure the government will not have the power to weaken encryption systems,” Mr Taylor told Fairfax Media.

The new laws include a section that says communications providers “must not be required to implement or build a systemic weakness” in their services, a provision written after months of consultation with the technology sector.

But the government is prepared for a lengthy public debate over the scale of the new powers after 76 technology companies and civil rights organisations wrote to federal MPs last month warning against any new powers that would compel device manufacturers to help security agencies and police access encrypted data.

Mr Taylor urged companies and community groups to read the draft laws when they are released on Tuesday, saying there would be time for lengthy consultation before the bill is introduced to Parliament and a likely Senate inquiry before any vote.

“The important point to remember is I’m not just the Minister for Law Enforcement, I’m the Minister for Cyber Security. I want more cyber security, I want strengthened encryption,” Mr Taylor said.

The minister said that similar laws in Britain, which triggered a political storm over privacy, did not have the legal ban on “back door” access that is included in the Australian bill.

While security agencies have worked with Telstra, Optus and Vodafone for many years to intercept messages after gaining warrants and court orders, the government is worried about the number of companies now offering encrypted services – not only Apple and Facebook but Whatsapp, Wickr and others.

“There’s a huge increase in the number of companies involved and that means we have to have an industry framework for this and that’s what this legislation is providing,” Mr Taylor said.

“That proliferation is the key to this – when it was a smaller number of companies, we could do things informally.

“The crucial thing here is that if we don’t do this, we will be giving terrorists, paedophiles and other criminals a place to hide.

“We can ensure we don’t give them a place to hide and at the same time we can protect encryption because it is so crucial.”

Syed Rizwan Farook.

Syed Rizwan Farook.

Photo: Supplied

Shaping the debate is the legal fight between Apple and the FBI during 2016 after two terrorists killed 14 people and wounded 22 others in San Bernadino, California. The FBI was unable to unlock an iPhone 5 used by one of the killers, Syed Rizwan Farook. Apple refused to help and the dispute went through the US courts until the FBI found a security company to unlock the phone.

The Turnbull government is insisting its new laws will not be used to “break” a device and its encryption in the way seen in the San Bernadino case, arguing the US dispute with Apple is a false parallel.

The new bill toughens the powers for existing types of search warrants issued by judges and members of the Administrative Appeals Tribunal for use by interception agencies – police, anti-corruption commissions and national security agencies.

A “technical assistance request” will allow for voluntary help by a messaging company, giving their staff civil immunity from prosecution in any dispute.

A “technical assistance notice” can be issued by an interception agency to require a communications provider to offer assistance.

A “technical capability notice” can be issued by the Attorney-General, at the request of an interception agency, to require a company to provide more extensive help such as building functionality, but this cannot include building features to “decrypt information” or “remove electronic protection” in the system.

New powers will also be available to the Australian Border Force, such as orders that require the owner of a device to provide access to the device, provided it is the subject of an existing search warrant.

As well, authorities will be permitted more time they can hold and search a seized device, up from 14 to 30 days.

The new powers cannot be used to impose data retention capabilities, a move aimed at assuring critics there will be no expansion of the controversial but separate powers in the Telecommunications (Interception and Access) Amendment from 2015.

The new bill, the Telecommunications and Other Legislation Amendment (Assistance and Access), provides for judicial review if companies want to challenge requests from police, anti-corruption authorities and security agencies.

Agencies will require an underlying warrant or authorisation for any request, as set out under existing interception law, but the fines for those who do not co-operate will be increased to $10 million for each instance of non-compliance.

The penalties for those who do not comply with the Australian Border Force search warrants will be increased from six months to a maximum of five years in prison. Investigations into the most serious crimes could lead to 10 years in prison.

Advocacy group Access Now last month released a letter from 76 companies, individuals and organisations to urge the government not to pursue laws that would undermine individual rights and security.

The group argued that consumers and businesses rely on strong encryption to keep personal information safe and protect against fraud.

“Australia is facing a choice on cybersecurity and encryption: real security or false,” said the senior legislative manager at Access Now, Nathan White, in the statement last month, before the detail of the federal plan was clear.

“The country can either be the testing ground for policies that undermine privacy and security in the digital era, or it can be a champion for human rights, leveraging its relationships to raise cybersecurity standards for the next generation.”

David Crowe is the chief political correspondent for the Sydney Morning Herald and The Age.