Australian National Review – ASIO wants access to encrypted messages

Burgess said ASIO was not asking for mass surveillance, only for cooperation.

Private chats deemed suspicious by the government could become significantly less private. Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess is in talks with technology companies about gaining access to encrypted communications.

Burgess said he could use powers to ensure tech companies negotiate search warrants and provide access to encrypted chats in cases involving national security investigations.

He also urged tech companies to design encrypted apps with mechanisms that allow the government to gain access on request.

Encrypted chats use scrambling technology to ensure that only the sender and recipient can view the messages. The messages can only be decrypted with a secret ‘key’.

“If you break the law or pose a threat to security, you lose your right to privacy. And what I’m asking of the companies that build messaging apps is to respond to the lawful requests,” Burgess told ABC’s 7.30.

“So if I have a warrant, you give me access to those communications.”

Technology companies should not be allowed to dictate where access is desirable, according to the head of ASIO.

ASIO is attempting to gain access to chatrooms hosted on encrypted platforms such as Signal and Telegram amid fears they are being used for malicious purposes.

However, Burgess said ASIO was not asking for mass surveillance, only for cooperation.

“If they don’t cooperate, then I have to have a private conversation with the government about what we will accept or what I need to do my job more effectively,” he said.

Since 2018, ASIO has had the power to compel technology companies to cooperate with information requests, a step Burgess says he is prepared to take if necessary.

While ASIO can covertly access encrypted conversations, the process is slower and more expensive than if technology companies were to release the information.

“Since then, I’ve had a couple of companies come to me and talk to me. That’s good. I’ll keep those conversations private. Some of them are good. I might have a difficult conversation, but we’ll do that privately too,” Burgess said.

Burgess acknowledged tech companies’ concerns that enabling access could jeopardize the privacy of activists and journalists, who need to be able to conduct discussions without government interference.

However, Burgess says Australians do not need the same protection.

“I understand that in some countries there are people who really need it, but in this country we are subject to the rule of law, and if you do nothing wrong, you have privacy because no one is looking at you,” he said.

“If there are suspicions, or if we have evidence that we can justify that you’re doing something wrong and you need to be investigated, then we actually want legitimate access to that data.”

Burgess said if the government were to monitor the chats, it would not compromise the integrity of the program.

“I don’t accept that legitimate access is a back door or a systemic weakness because that would be bad design in my view,” he said.

“I believe that you can – these are smart people – design things that are secure, that provide secure, lawful access.

“I don’t believe that we can accept in our society that there are parts of the Internet that are not accessible to law enforcement or security services.”

Burgess says that in an increasingly digital world, he would consider asking the government for additional support.

“Ultimately, I don’t think we should let technology dictate the rule of law and the expectations of society,” he said.

The use of encryption and its legality vary around the world.

While Russia and China have strict laws, most other countries also allow entry, with or without a search warrant or through general law.

Call for Australia to exercise restraint

The Global Encryption Coalition has called on Australia not to weaken encryption capabilities during a review of the Australian Online Safety Act.

The research, published in June, found that while end-to-end encryption is increasingly being used by online messaging services, it is also susceptible to abuse.

“…it may also conceal harmful conduct or impede investigations into the distribution of harmful and illegal online content, such as child sexual exploitation material,” the investigation documents said.

In July 2022, the Australian Institute of Criminology examined the potential impact of end-to-end encryption
on the detection of child pornography.

The institute’s report noted the challenges end-to-end encryption poses to law enforcement investigations and the limitations it places on companies’ ability to
prevent, detect and report child abuse material on their platforms.

The Global Encryption Coalition refuted the claim that secure messaging would disproportionately facilitate criminal activity.

“End-to-end encryption plays a critical role in ensuring the safety, security and privacy of millions of people in Australia,” the group said in a statement.