Attorney General Wants To Make It A Criminal Offense To Not Turn Over Private Encryption Keys
From the a-disaster-waiting-to-happen dept
The Attorney-General's department in Australia is apparently pushing for new laws down under that would force anyone who's asked to hand over their private encryption keys -- and that covers both end users and service providers. Buried in the middle of a submission concerning revising Australia's wiretapping laws, the AG's office notes:
The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions.
The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.
Under this approach, the person receiving a notice would be required to provide ‘information or assistance’ to place information obtained under the warrant into an intelligible form. The person would not be required to hand over copies of the communication in an intelligible form, and, a notice would not compel a person to do something which they are not reasonably capable of doing. Failure to comply with a notice would constitute a criminal offence, consistent with the Crimes Act.
The above approach is consistent with the approach taken by the United Kingdom, which permits officials of law enforcement and national security agencies to, where authorised under a warrant, issue a notice requiring a person to provide assistance in connection with accessing encrypted communications. Similarly, South African law permits agencies to apply to a judicial officer for a direction requiring a person to provide information to the agency to enable the agency to decrypt lawfully intercepted communications.
The Orwellian nature of "intelligibility assistance notices" is fairly striking. Basically, this says if you don't make encrypted communication "intelligible" upon request, you would have violated criminal law. It's kind of funny how it claims this doesn't require anyone to hand over communication in an intelligible form... because it just asks for the encrypted content and the key to decrypt them. Which, you know, is basically the same **bleep** thing.