Encryption Laws a Necessary Evil – by Peter Coroneos

CyAN

* by Peter Coroneos, Regional Head APAC for CyAN and former head of the Internet Industry Association (1997-2011). He is co-author of the Cyber Breach Communication Playbook. The views expressed are his own

 

There’s a certain inevitablity about the new laws which will pass today. There are ten main reasons why Australia moves into international focus as the first liberal western democracy to go down the path of regulating encryption.

1. Australian politicians have a high propensity to regulate technology. They often rush in where other nations fear to tread. Our legislative processes lack the checks and balances of some other places, and where the numbers line up, laws pass freely.

2. Our media/political co-dependency means that sensational coverage of isolated events can propel policies into laws much quicker than rational analysis or evidence based deliberations would recommend. Headlines and newspolls drive policies and accelerate the passing of laws (as well as the dumping of prime ministers and just about every other aspect of the political system that we have come to despise). Democracy is the victim of the 24-hour news cycle.

3. Post 9/11, national security generally aces competing policy priorities like privacy and other human rights.

4. Oppositions will always fall into line if the choice is between being labelled as “soft on terror” or bipartisan on national security. No political leader wants to be held accountable for an attack on Australian soil that their opponents say could have been prevented if only they’d supported the proposed law. Whether or not this is true is beside the point.

5. Law enforcement and national security agencies are definitely losing the capacity to investigate serious criminal behaviour; the bad guys continue to embrace anything that will reduce their risk of detection. Legislators have been extensively and repeatedly briefed on this fact.

6. The Australian public are generally slow to rush to the defence of their rights or demand better accountability or justification for new laws; this is part encourages (1.) As a whole, we tend to believe our leaders when they tell us new laws will make us safer. From the early days of internet censorship (1999) through to data retention (2015) we rarely see public protests. Public opposition is generally muted and the noisy protests of minority, special interest groups are safely ignored. A senior politician once told me that as long as laws made people “feel” safer, it didn’t matter whether they worked or not. Another senior political advisor once told me that unless there were mass demonstrations in the streets, governments tend to ignore disquiet. If the political opposition is limited to cross benchers with no balance of power ie. if the two major political parties support a policy, then its passage, perhaps with some tinkering around the edges is generally a fait accomplit.

7. Technology industry associations are underresourced, unlike say the mining, medical, tobacco or pharmaceutical lobbies and have never mounted a successful paid, national TV, full page ads, billboards campaign that stopped bad legislation. Where we did stop bad legislation it was through unpaid media coverage and the capacity to offer politically palatable alternatives. Neither approach seems to have worked here.

8. The main technology opponents of this legislation are multinational corporations whose motives are often questioned by legislators, notwithstanding that they generally have good working relationships and cooperative histories with law enforcement on a practical day-to-day level.

9. Law society and civil libertarian opposition usually goes over the heads of most people, doesn’t make the mainstream media, or is sidelined as sectoral flak that can’t stand up against the “National Interest” imperative.

10. The National Interest, in turn, has become a flexible concept which is invoked by incumbent governments for any purpose which furthers its ideological agenda, and where national security is concerned, the evidence is rarely shared “for reasons of national security”. This first surfaced prior to the Iraq war, the justifications were thin then, but like most issues of this kind, were accepted hook, line and sinker by a complacent and uninformed public (see 6.)

 

Having said this, the amendments will improve a flawed Bill and credit goes to those who’ve fought hard to bring the unintended consequences into focus.

If the law improves the current levels of cooperation between technology companies and law enforcement and reminds technology providers that the abuse of their systems is a matter of public concern (if they need reminding), that’s not a bad thing. But without other jurisdictions following our lead, that’s about all it will deliver. And with the US deciding not to go down our track, don’t expect any weakening of encryption on your devices any time soon. We may however, see some encrypted messaging services withdraw from the Australian market.

Technology has always been a doubled edged sword. The challenge we face as society is what degree of device empowerment we are prepared to sacrifice in the name of our collective safety, and how we can localise law enforcement benefits without jeopardising innovation or our access to the latest and best. The solution will always be a tradeoff. Today, the Australian Parliament puts that tradeoff into law.