How the Australian Government has eyes on your data

At 226 pages the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 is a hefty read:

I also like when they use the term "Other Legislation" in any law.

These are my observations based on an initial quick review. I’ll be interested in anyone else’s views if you’d like to comment.

• It’s intended to force companies and individuals to provide access to encrypted communications (and potentially other encrypted data) to law enforcement. It's an ability that a lot of governments have tried to put into a legal framework in the past, but usually clearer minds have intervened.
• It’s noteworthy as it contains frameworks to force encryption to be bypassed at multiple levels up to, and including, end user devices.
• It’s an Australian law, and it’s targeted at any company who transmits data to an end-user in Australia. But that's basically every company in the world one way or the other. So potentially it can impact the Facebooks, Whatsapps, Googles, Apples and Ciscos of the world (and anyone else who has a website, app, piece of hardware or software that is used by Australian users).
• It can coerce individual citizens (I believe only Australian citizens) who are working for those companies. Potentially an Australian programmer (working domestically or outside Australia) could be compelled (under threat of jail-time) to compromise a system to enable access to encrypted comms.
• Companies and individuals can be requested to participate covertly. So a company couldn’t notify a customer that their encrypted data is being accessed, and an employee may be told not to inform their employer that they have circumvented a security system.
• The subject of the request can be anyone, even if they are not a direct suspect in an investigation. So you may have no criminal connection or intent, but could still be the subject of a request to circumvent your encryption.
• Oversight is vague in areas. Some requests require a judge, some do not.
• And of course Australia is a member of the Five Eyes signals intelligence community, which shares intelligence between the US, UK, Australia, New Zealand and Canada.

At this stage this is all untested territory. But I suspect that it will be pushed to it’s limits as it gives far reaching and potentially significant power to breach an area of privacy that has previously been either difficult or impossible for governments to access.

Footnote: I understand and support the need to pursue criminal activity in any way possible, and I certainly agree that encrypted communications are often used by elements of the criminal community. But I believe this law is ill conceived, has consequences for privacy globally and won't ultimately address the problem. If you are interested in why I think that feel free to comment or message me.