A call to action: The Assistance and Access Bill 2018 (a.k.a. The Backdoor Bill")
I was lucky to have the privilege to represent Internet Australia on The Internet Society Encryption Expert's Panel at Australia’s Parliament House on Monday 20th of August. My esteemed co-panellists included Professor Hal Abelson from Massachusetts Institute of Technology , Dr Vanessa Teague from The University of Melbourne, Christine Runnegar (Internet Society), Keith Besgrove (Internet Australia), Linus Chang (Scram Software), Mark Nottingham (Internet Architecture Board, IETF) and Martin Thomson (Mozilla). The panel had been fortutiously timed to be within the first week of consultation for the proposed Assistance and Access Bill 2018, also known as the "Backdoor Bill", as it will facilitate compromise of encrypted communications by law enforcement via indirect access. A significant amount of panel time was spent discussing the proposed new legislation.
To engender discussion from the floor, there were three presentations from the panel. The first presentation was by Hal Abelson, was titled "Coping with the crypto conundrum in seven slogans", with the contention that the debate surrounding encryption is not new, and that society shouldn't compromise security for security's sake. Vanessa Teague's presentation gave a quick overview of how encryption worked, why end to end encryption is important, and how law enforcement fits into the encryption debate. The final presentation was by Linus Chang, who gave an overview of how 'exceptional access' or backdoors can affect small innovative businesses such as his, who create software that utilise encryption, and that customers choose products based on trust; software from jurisdictions that may be subject to interference from government or law enforcement inherently is less trustworthy.
I was surrounded by engineers on the panel - my interest in attending the debate, from the perspective of civil society, and I don’t speak for the whole of civil society, is to get as many citizens involved is the discussion surrounding these proposed laws; whether they support them or not.
The use of encryption is so pervasive in todays society, that most of the time, a regular non-technical citizen doesn’t even know that encryption is being used. It goes without saying that encryption is relied on by millions of journalists, bankers, politicians academics and even a few whistleblowers each day - the vast, vast majority for good pruposes. There are free public courses being advertised, where people with a little technical nous can build their own secure messenger in under three hours. Hal Abelson's lab has developed a point and click programming language that children can use, called appinventor. An easy recipe for a point and click program in appinventor to create a secure messenger in only a few hours has also been developed. We can’t legislate against creativity like this - nor do I believe that we want to be in a society that does.
I am encouraging regular Australian internet users to submit a response to the proposed legislation, before the cut off date of the 10th of September, via email to firstname.lastname@example.org. There is no expectation or need for a voluminous response, a paragraph or two would suffice. Some background content that may inspire responses to government include:
- Dr. Chris Culnane's thoughts on the Assistance and Access Bill
- Electronic Frontiers Foundation There is No Middle Ground on Encryption
- InnovationAus An encryption bill with holes in it
- Just Security Why An Encryption Backdoor for Just the “Good Guys” Won’t Work
- TechCrunch ‘Five Eyes’ governments call on tech giants to build encryption backdoors — or else
If you're planning on writing a submission, a common response to a new law or regulation is to think of a number of ways the new law could be worked around, and then put a position that the law is flawed because it won't achieve 100% coverage of fixing the perceived problem. Thats a very black/white 'engineering' response. To have a constructive discourse with government, we need to provide a more nuanced response, perhaps with the costs and benefits of what’s been proposed within the legislation, as well as concentrating on proposing suggestions, rather than a black and white engineering response. Now is the time that we need to have frank, perhaps difficult discussion about the implications of legislative effects on digital security vs digital security.
What if you don't have the time to make a submission? Digital Rights Watch has an easy form to automatically submit a response, on your behalf, at https://digitalrightswatch.org.au/2018/08/19/defend-encryption/.
Got more money than time? There are several organisations who are currently formulating responses to the legislation; consider supporting them and their efforts in countering this legislation, through a donation: Electronic Frontiers Australia, Digital Rights Watch, Australian Privacy Foundation, Internet Australia, Future Wise, and Access Now. Even better still, become a member of these organisations, and help make a long term impact on civil society in Australia.
Polls repeatedly tell us that citizens feel disengaged with government. My objective is to get as many people involved in the discussion, and making submissions by the 10th of September. It’s in the hands of all of us to contribute.