Go home, Australian government, you're drunk. That's the general sentiment among technology firms and privacy advocates around the world, in response to a controversial encryption bill Australia's parliament passed this week. The new legislation forces companies to crack their own encryption when and if it's requested by law enforcement and intelligence agencies.
That in and of itself is controversial—Apple, for example, refused the US Federal Bureau of Investigation's demands to build a backdoor into iOS so that it could crack an iPhone that was confiscated from a crime scene. The issue was headed to court, until the FBI found another way to unlock the iPhone, and subsequently dropped its lawsuit.
Australia's law is much more concerning though. The vaguely worded bill would force companies like Apple and Facebook to build backdoors into their secure messaging platforms (WhatsApp and iMessage, respectively). Not only that, the bill enables intelligence and law enforcement officials to approach specific employees within a company to break encryption.
The way the bill is worded, a law enforcement official could, in theory, compel a software engineer in charge of pushing out software updates to crack his or her company's own security measures, and do it in secret. Failure to comply could mean actual jail time, while companies would be on the hook for fines of up to around $7.3 million.
Australian lawmakers passed the controversial bill, but what's really surprising is that even opponents to the bill in Parliament threw their support behind it.
"We will pass the legislation, inadequate as it is, so we can give our security agencies some of the tools they say they need," opposition Labor party leader Bill Shorten told reporters, according to Wired.
Australia is essentially setting a dangerous precedent that other government agencies around the world can follow.
"The debate about simplifying lawful access to encrypted communication carries a considerable risk of regulations spilling to other countries," says Lukasz Olejnik, a security and privacy researcher and member of the W3C Technical Architecture Group. "Once the capabilities exist, there will be many parties interested in similar access. It would spread."
It remains to be seen how all of this will play out and how far Australia is willing to go. Would it actually threaten an Apple employee with jail time, for example, if the worker didn't comply? Probably not, but it's concerning that there's now a law that would allow such a thing.