Posted by z3d in Cryptography

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption. The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include:

  • Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies. Companies are not legally obligated to comply with a TAR but law enforcement sends requests to solicit cooperation.
  • Technical Assistance Notices (TANs): TANS are compulsory notices (such as computer access warrants) that require companies to assist within their means with decrypting data or providing technical information that a law enforcement agency cannot access independently. Examples include certain source code, encryption, cryptography, and electronic hardware.
  • Technical Capability Notices (TCNs): TCNs are orders that require a company to build new capabilities that assist law enforcement agencies in accessing encrypted data. The Attorney-General must approve a TCN by confirming it is reasonable, proportionate, practical, and technically feasible.

It's that final one that's the real problem. The Australian government can force tech companies to build backdoors into their systems. This is law, but near as anyone can tell the government has never used that third provision. Now, the director of the Australian Security Intelligence Organisation (ASIO)—that's basically their CIA—is threatening to do just that.

2

Comments

You must log in or register to comment.

PredictedGate wrote

This is why we endorse, support & use open source software. Anything else associated with a company is a liability. They can't "force" shit on open source encryption and implementation.

1