Australia is now the first Western nation to ban security, following a decision by its parliament to pass a bill forcing companies to hand over encrypted data to police upon demand. The government will be allowed to demand this without judicial review or oversight of any kind, beyond the requirement to get a warrant in the first place. Furthermore, the law requires corporations to build tools to give them the ability to intercept data sought by police when such tools do not already exist. While the bill has only passed Australia’s lower chamber, the upper chamber has indicated it will pass the legislation provided there are later votes on unspecified amendments to the current bill.
I think this ‘brilliant’ idea will fail inevitably. It reminds me of another thing from 2015, which was on the whole new level of hilarity and ignorance, when the Kazakhstan government attempted to make everyone install a gov-issued TLS certificate in their browsers:
Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources
They quickly took this page down, but it was an interesting precedent nevertheless. Seems we have something similar with the Australian case, which I don’t think is really enforcable. We have tools like hidden volumes and we have encrypted cloud services registered in ‘data haven’ kind of jurisdictions which can’t be easily coerced into following this ignorant legislation. What would they do in these cases?
For the Australian legislation it can only apply to companies that have an Australian office, like google and apple etc. Unsure if hiring server space in Australia is enough since there is no legal recourse against foreign companies who simply hire server space. For example VPN companies like Nord and Viper and all the others
Also end to end encryption is technically impossible to backdoor as far as the legislation is concerned. Only if the company removed the end to end encryption would it be possible for the company to “render all possible assistance”
So we still have many options like wickr, wire and so on for secure messaging. Also as far as I know firefox cannot be told to comply since they have no Australian registered office/company. But Chrome and apples browser could easily be told to build in backdoors for the Australian government.