The Australian parliament recently passed a bill that authorised law enforcement agencies to compel messaging services such as WhatsApp to give them access to encrypted communications of individuals involved in terrorism and organised crime.
The new law, that was passed by both houses of the parliament, is quite similar to the UK’s Data Retention and Investigatory Powers Act 2014, popularly known as the Snoopers’ Charter, that allowed enforcement agencies to compel social media firms to decrypt encrypted communications of suspected terrorists.
In January this year, the Court of Appeal rendered significant parts of the Data Retention and Investigatory Powers Act unlawful by stating that it allowed authorities to retain and access personal data without sufficient oversight. In May, the High Court directed the government to redraft the 2016 Investigatory Powers Act to make it consistent with EU law.
The new Australian law, called The Assistance and Access Bill, is yet to face any legal challenges as such but the government has promised to exercise “strict oversight” over the issuances of “technical capability notices” using which law enforcement agencies will be able to obtain encrypted communications from popular apps such as WhatsApp, Telegram, and Signal.
Parliamentarians have also argued that in the absence of such an investigatory law, law enforcement agencies struggled to maintain sufficient oversight over the activities of people involved in terrorism and organised crime and that 95% of those being monitored by government agencies used encrypted messaging services to mask their activities and communications.
While it remains to be seen if popular messaging services in Australia will lock horns with the government over the implementation of the new law, WhatsApp had declined a UK government request last year to provide access to encrypted messages that could help the government track those who were planning terrorist operations in the country.
Can messaging services comply with snooping laws?
End-to-end encryption in messaging apps like iMessage, WhatsApp and Telegram ensure that messages sent and received by users are so well scrambled that the services themselves cannot access or read them. In such a case, it is impossible for them to share details with enforcement agencies that they themselves cannot access.
The information that WhatsApp can, and does, provide to authorities in the UK includes the name of an account, the date it was created, the last time it was accessed, the IP address of the device which was used to access it and the associated email address.
A number of technology companies and security experts have argued that end-to-end encryption protects the privacy of the public at large. Any backdoor created to enable authorities to access encrypted communications could also be exploited by hackers to obtain more sensitive information about users.
At the same time, such backdoors could be used by despotic governments to target journalists, human rights activists, defectors, and dissenters, thereby putting their very lives at great risk.