There are controversial laws that allow Australia’s police and intelligence agencies (including ASIO) to access the content of encrypted communications. While police and intelligence agencies can bypass basic forms of encryption (such as the passwords protecting email accounts), they cannot bypass ‘end-to-end’ encryption. End-to-end encryption is freely available on many smartphone applications, including WhatsApp, Facebook Messenger and Apple’s iMessage. This type of encryption is so secure that even the companies that built the applications cannot access the content of the messages sent by its users.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) inserted a new industry assistance scheme into the Telecommunications Act 1997 (Cth). That scheme allows police and intelligence agencies to request technical assistance from technology companies, including large multinationals such as Facebook and Apple, so that the content of secure messages can be accessed. Police and other investigative agencies can require mandatory assistance, and the companies are subject to significant fines if they refuse to comply.
The scheme has been heavily criticised by the technology industry, both in Australia and globally, for creating risks to users’ privacy and cyber-security. This is partly because the powers are not strictly limited to accessing encrypted communications, as they could require technology companies to modify or introduce other vulnerabilities into their products. During a parliamentary inquiry into the laws, Apple warned the Australian Government that the new powers could require it to install eavesdropping capability in its speakers. Many local technology companies have also expressed concern that Australian technology companies will no longer be trusted by overseas buyers, given the wide scope of these powers.