杏吧原创

Why Australia鈥檚 new encryption laws may actually help criminals

Australia has just introduced new laws forcing companies to give them access to people鈥檚 encrypted messages. Cybersecurity researchers say this will likely backfire
WhatsApp uses end-to-end encryption to keep messages secure
WhatsApp uses end-to-end encryption to keep messages secure
Geoff Smith / Alamy Stock Photo

Why does Australia want to let law enforcement access encrypted messages?
On Thursday, that will force tech companies to help police and security agencies access encrypted communications. Australian police say that of messages they intercept now use some form of encryption. They claim that this affects their ability to investigate terrorists and organised crime groups.

What exactly are encrypted messages?
Messaging services like Apple鈥檚 iMessage and WhatsApp use end-to-end encryption to ensure that only the sender and recipient of a message can read it. The service provider cannot see what鈥檚 written, nor can anyone else who tries to intercept it.

What new powers will law enforcement now have?
Australian police will now be able to force communication providers to help them access encrypted messages, or otherwise face fines of up to A$10 million.

But you just said that wasn鈥檛 possible?
They can鈥檛 simply ask a company to decode the encrypted messages stored on their servers, because only the senders and recipients have the required keys. Instead, they may ask providers to build customised software updates that can be exclusively targeted to criminal suspects鈥 phones to stop their messages from being encrypted in the first place, says at the University of Melbourne.

Why are tech companies and cybersecurity聽researchers worried?
Encryption technology isn鈥檛 just used to protect communication privacy 鈥 it鈥檚 also used to secure online banking, medical records and sensitive government files. If companies are forced to create specialised tools to bypass encryption, these could be stolen and exploited by criminals, say experts.

Hasn鈥檛 this point been made before?
In 2016, the FBI tried to force Apple to create new software to unlock an iPhone that was used by one of the shooters in the San Bernardino attack. , saying that if the customised software one day fell into the wrong hands, it could jeopardise the security of all other iPhone users.

How does Apple feel about the new laws?
Australia鈥檚 new laws would prevent Apple from refusing the same request if it was made by Australia鈥檚 FBI equivalent, the Australian Security Intelligence Organisation (ASIO), says Teague. 鈥淚 believe that鈥檚 the inspiration for this bill,鈥 she says. In a , Apple said it was misguided to think that 鈥渁ccess to encrypted data could be created just for those sworn to uphold the public good.鈥

Is the Australian government not worried about crooks accessing people鈥檚 messages?
According to the legislation, companies will not be required to create any tools that cause 鈥渟ystemic weaknesses鈥. However, this is impossible to guarantee, says Teague. 鈥淭he government thinks you can target anti-encryption software to just one device without any consequences for other people, but those of us who study how cybersecurity actually works can see the potential risks to all other users of that device,鈥 she says.

Will the new laws actually help to catch criminals?
The legislation has been sold to the public as a way to guarantee police access to terrorist messages. However, this is 鈥渓udicrously na茂ve鈥, says Teague. If criminals find out that Apple, for example, is building anti-encryption software for iMessage, they will simply switch to another messaging provider, she says. 鈥淭here is plenty of good-quality encryption software all over the internet that you can easily download,鈥 she says.

Topics: Law / Smartphone