In a recent statement, ASIO head, Mike Burgess, expressed his intent to potentially use his powers to compel tech companies to cooperate with warrants and decrypt encrypted chats to aid in national security investigations. While the intention behind this move may be noble—ensuring national security—it raises serious concerns about privacy and the fundamental principles of security.
Compelling tech companies to break encryption for one entity—even a government agency—essentially opens a Pandora’s box, creating a potential pathway for other entities, including malicious actors, to exploit the same weakness. This is a backdoor and Mike Burgess, and his advisors, know this. The problem with backdoors is that they cannot be exclusively accessed by one party; once a backdoor exists, it can be discovered and exploited by anyone, including hackers, other nations, or even criminal organizations. Mike Burgess argument that it should be a solvable problem is misleading as he is framing it as an intellectual challenge. The problem isn’t that it has yet been solved technically – it is simply not possible to create a backdoor that is used by “good guys” and not by “bad guys”, because one person’s good guy is another person’s bad guys.
The right to privacy is considered a fundamental human right by many national and international organizations. Although Mr. Burgess argues that breaking the law or being a threat to security forfeits this right, it’s important to note that encryption exists precisely to protect this right. The proposition to make tech companies “respond to the lawful requests” raises questions about the potential for misuse and violations of privacy. There is no “balancing all parties interests here”. In accepting privacy, we must accept security of all consumers and this means you cannot break their encryption. If you can break it, they are not free.
Additionally, the broad application of such a rule could lead to violations of innocent citizens’ privacy. While Mr. Burgess clarified that ASIO is not seeking mass surveillance, the targeted access to chat rooms hosted on encrypted platforms could inadvertently capture conversations of innocent people. It is nearly impossible to ensure that only “bad actors” are targeted in such a sweeping operation. To be clear this is not about ASIO as an actor or their reputation. The point is broader, no individual, organisation or entity should have the authority or powers to break encryption en masse if we want to live in a free society.
This move also risks damaging the tech industry and users’ trust in these companies. If tech companies are known to break their own encryption for government agencies, users—especially those concerned about their privacy—might lose trust in these platforms and seek alternatives. Intelligence defense agencies play a crucial role in protecting citizens’ rights and digital freedoms. Using that power to infringe upon those digital freedoms is contradictory to their mission.
The AFP conducted one of the most elaborate and complex stings in history with their fake secure phone AN0M, which netted in 224 arrests in Australia. Whilst this operation was highly successful, it also eroded the public’s trust in both the law enforcement institutions and in encryption, driving people to more secure means such as Signal for communications. Depending on your perspective this is either a good thing or a challenge – clearly, citizens using encryption is a net good for society, however it is equally a problem for law enforcement.
The intent to protect national security is commendable. However, forcing tech companies to create backdoors and provide access to encrypted chats could lead to potential security breaches, privacy violations, and loss of trust. While ASIO’s challenges are acknowledged, compelling companies to create Australian-specific backdoors is a precarious path. Instead, ASIO should encourage lawful use of robust encryption that protects citizens against foreign nation states and international threat actors. There is no magic solution for the ubiquity of such encryption, but it’s a challenge we must face head-on instead of resorting to outdated power approaches.
Leave a Reply