The Encryption Wars Continue as ASIO Demands Big Tech Unlock Private Messaging
The ABC’s 7.30’s Sarah Ferguson was last week invited into an ASIO 75th anniversary exhibition that’s usually only open to former ASIO officers, not just to give us a glimpse of how taxpayers are funding private shows for spooks but also, to allow agency boss Mike Burges to spell out why domestic intelligence needs access to our encrypted messaging with assistance from Big Tech.
At this stage in the encryption wars, the ASIO director general can now simply throw his hands in the air and declare, as he did at the National Press Club on 24 April, “that there is a very clear and well established legal framework that allows ASIO to seek warrants to access communications”, which is thanks to current opposition leader Peter Dutton, when he was home affairs minister in 2018 .
So, Burgess’ 5 September appearance on 7.30 was aimed at calling out Big Tech for not assisting his agency when it issues a company with one of the three types of increasingly forceful orders that require those entities, such as Meta or X, to provide Canberra with access to particular end-to-end encrypted messaging and it be supplied in decrypted form.
And following his appearance at the press club, at which time Australia’s eSafety Commissioner Julie Inham Grant was engaged in a battle against X CEO Elon Musk due to his refusal to remove content from his digital platform at her request, Burgess was back speaking to the public stressing the need for these companies to end their resistance to cracking their codes for Australian spies.
All good, with nothing to hide
The issue is, according to Burgess, that ASIO can, via a warrant obtain end-to-end encrypted messages, however, when its received in this form, it’s all “ones and zeros” as the top spy put it, or the information is received in encrypted code form that can’t be deciphered, so his spies “don’t know whether those violent extremists are plotting to kill someone or talking about the football”.
In response to a question from Ferguson, the ASIO director general admits that he and his agency uses encrypted messaging themselves and advises that its “actually a good thing” that “everyday Australians” are using those apps, and he has “no problem with that” but argues that if people “break the law” or they’re “a threat to security”, then they lose their right to privacy.
Burgess uses the old adage that “if you don’t break the law, then you’ve got nothing to worry about”. However, he then adds the more ambiguous posing a “threat to security” to the equation as reason to access private messaging. And he wants the public to feel comfortable with the possibility that spies can have a gander at their private messages if they’re suspicious about what they’re up to.
“I have been asking for those companies that build messaging apps to respond to lawful requests, so when I have a warrant, you give me access to that communication,” Burgess told Ferguson. But the problem he’s experiencing is that companies aren’t providing access to their encrypted platforms and often cite the reasoning that if a backdoor is built into a secure system, then it is rendered insecure.
Encryption-busting law
In mid-2017, a meeting of the Five Eyes security alliance, which involves intelligence sharing between the US, the UK, Canada, Australia and New Zealand, released a communique after a meeting was held in Ottawa, stating that the use of encryption is “impeding lawful access to the content of communications during investigations into serious crimes”, and they’d be engaging Big Tech on this.
This led then Australian PM Malcolm Turnbull to announce plans for the drafting of encryption-busting laws a month later, which culminated in the Morrison government passing the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, which inserted Burgess’ “legal framework” into part 15 of the Telecommunication Act 1997 (Cth).
Part 15 of the Act is titled “industry access”, and it provides a three-tiered system for government to require Big Tech assistance in accessing encrypted messaging, with the first type of order being a “voluntary technical assistance request” that’s provided to a “designated communications provider” by the head of ASIO, ASIS or ASD that asks for assistance in accessing information in their system.
The next level provides for “technical assistance notices”, which can be issued by the head of ASIO or an interception agency, and it requires the designated communications provider to assist the intelligence agency in accessing and understanding private encrypted messaging in regard to enforcing criminal law, assisting with serious foreign offences or safeguarding national security.
The final type of assistance and access order devised by Dutton is the “technical capability notice”, which must only be issued with the approval of the attorney general, and it requires the designated communications provider to build a capability so that encrypted messaging within its system can be accessed and deciphered.
And if a body corporate doesn’t comply with a technical assistance notice or a technical capability notice, they can be fined up to $15.7 million, whilst for smaller entities, a fine of $78,540 can apply.
The war on privacy continues
During his April appearance at the National Press Club, Burgess gave the examples of a neo-Nazi network operating via cover of encryption and an individual suspected of being connected to ISIS operatives overseas as reasons for being able to access encrypted data, whilst AFP commissioner Reece Kershaw sought to bust encryption due to child sex offences.
Indeed, the top cop added that he considers that Big Tech should be complying with these assistance and access orders in a similar manner to the way in which criminal law works, whereby having a “reasonable suspicion” about an individual should be grounds to decrypt and access their private messaging.
So, why did Burgess then appear on the ABC’s 7.30 five months after appearing at the National Press Club only to deliver the same message again?
Well, it would appear that Big Tech is continuing to resist Australian requests to break through their encrypted systems and Meta’s Messenger having turned to end-to-end encryption late last year, and Signal app president Meredith Whittaker’s resolve not to weaken her platform’s closed and encrypted system in June were both cited by Ferguson as pertinent during the interview.
“If we have a warrant for lawful access, they should help us get that lawful access,” Burgess continued. “It is targeted, proportionate – we are not asking for mass surveillance. We need their cooperation. If they don’t cooperate, then there is a private conversation I need to have with government about what we accept – what I need to do my job more effectively.”
Ferguson then asks how many times ASIO has sought the technical assistance of Big Tech over the last 12 months, and he first states that he doesn’t want to divulge such information, but then implies that he hasn’t put in a request over that period but is planning on issuing one to a company right now, but he refused to name which one.
Burgess then ended the interview by explaining that Big Tech companies using encryption that prevents law enforcement and intelligence from perusing its content is essentially like having a specific suburb where police officers and spies are barred entry to. And he doesn’t believe such an online territory should exist.
“I’m not saying in a mass surveillance way,” Burgess clarifies in concluding. “I’m just saying if you’ve got justification to look inside that person’s communications and we can justify it to an attorney general or a judge, we should get the cooperation of the company and not have something built in a way where they can say, ‘Sorry, too bad. We designed it in a way that we can’t help you.’”