Bypassing Encryption Under Protection of Law
This post is also available in: 
עברית (Hebrew)
In an attempt to target Islamist terrorism, pedophile networks and organized crime, several governments worldwide have been leading a policy forcing technology companies to provide access to their messaging systems and technology platforms, and enable intelligence agencies and police to gather data to tackle serious crime and terrorism.
The debate over bypassing encryption has gathered pace since Apple refused to help the US Federal Bureau of Investigation access data from an iPhone linked to a terrorism case in California that killed 14 people in 2015. Last year, UK ministers stepped up a campaign aiming to persuade encrypted messaging services, such as WhatsApp, to give police access to data to thwart future terrorist attacks. In a submission to parliament, Cisco warned the draft law would set a precedent for “less liberal regimes” to follow. It could also force it to provide “backdoor” access to Cisco products — a situation that would violate its public statements on the issue.
This year Russia and Iran banned Telegram, the encrypted messaging service, which has refused to hand over keys to its encryption technology to authorities. Moscow and Tehran say they are targeting terrorists that use encrypted messaging apps but civil rights campaigners warn they want to reveal the communications of political opponents.
Australia has recently passed a controversial law that will enable police to bypass encryption, despite criticism from technology companies that it could undermine public safety and privacy. The law enables Australia’s attorney-general to order the likes of Apple, Facebook, and Whatsapp to build capability, such as software code, which enables police to access a particular device or service.
Companies may also have to provide the design specifications of their technology to police, facilitate access to a device or service, help authorities develop their own capabilities and conceal the fact that an agency has undertaken a covert operation, according to ft.com.
However, the law prohibits police from requesting companies to build or implement a “systemic” weakness or vulnerability into authentication or end-to-end encryption services. The measures — including a mandatory review of the law after 18 months — did not assuage the concerns of industry or digital rights campaigners.
The Digital Industry Group Inc (Digi), whose members include Google, Facebook and Amazon, warned that the legislation was out of step with surveillance and privacy legislation in Europe and other nations. “The changes proposed in this legislation potentially jeopardize the security of the apps and systems that millions of Australians use every day,” said the lobby group.
