Private chats considered suspicious by the government could become significantly less private, with Australian Security Intelligence Organisation (ASIO) Director-General Mike Burgess in discussions with tech companies about gaining access to encrypted communications.
Burgess said that he may use powers to ensure tech companies negotiate with warrants and provide access to encrypted chats in cases involving national security investigations.
He also pushed for tech companies to design encrypted apps to include mechanisms for government access when requested.
Encrypted chats use scrambling technology to ensure that only the sender and the recipient can view messages, which can be decoded only with a secret “key.”
“If you break the law or you’re a threat to security, you lose your right to privacy, and what I’ve been asking for those companies that build messaging apps (is to) respond to the lawful requests,” Burgess told the ABC’s 7.30.
“So when I have a warrant you give me access to that communication.”
The ASIO head said it should not be tech companies who get to decide where access is appropriate.
ASIO seeks access to chat rooms hosted on encrypted platforms such as Signal and Telegram amid fears they are being used for malicious reasons.
However, Burgess said ASIO was not asking for mass surveillance, only cooperation.
“If they don’t cooperate, then there’s a private conversation I need to have with government about what we accept or what I need to do my job more effectively,” he said.
Since 2018, ASIO has had the power to compel tech companies to cooperate with information requests—a move Burgess says he is willing to make if needed.
While ASIO can access encrypted conversations by stealth, this process is slower and more expensive than if tech companies gave up the information.
“I’ve had a few companies come and talk to me since that time. Which is good. I‘ll leave those conversations in private. Some of them are good. I might be about to have a difficult conversation, but we’ll do that in private as well,” Burgess said.
Burgess acknowledged the concerns of tech companies that enabling access could compromise the privacy of activists and journalists who need to be able to have discussions without government intrusion.
However, Burgess says Australians do not require the same protections.
“I understand there are people who really need it in some countries, but in this country, we’re subject to the rule of law, and if you’re doing nothing wrong, you’ve got privacy because no one’s looking at it,” he said.
“If there are suspicions, or we’ve got proof that we can justify you’re doing something wrong and you must be investigated, then actually we want lawful access to that data.”
Burgess said if the government were to have access to overseeing chats, it would not compromise the integrity of the program.
“I don’t accept that lawful access is a back door or systemic weakness, because that, in my mind, will be a bad design,” he said.
“I believe you can—these are clever people—design things that are secure, that give secure, lawful access.
“I don’t believe in our society you can accept there is portions of the internet that are not accessible by law enforcement or the security service.”
In an increasingly digital world, Burgess says he would consider asking the government for additional support.
“Ultimately, though, I don’t think we should allow technology to set the rule of law and expectations that society would have,” he said.
The use of encryption and its lawfulness varies across the globe.
Call for Australia to Hold Back
The Global Encryption Coalition has urged Australia not to weaken the capabilities of encryption during a review of the Australian Online Safety Act.While end-to-end encryption was increasingly being adopted by online messaging services, the review found that it was also prone to misuse.
“...it can also conceal harmful conduct or hinder investigation of the distribution of harmful and illegal online content such as child sexual exploitation material,” papers in the review released in June noted.
In July 2022, the Australian Institute of Criminology explored the potential impact of end-to-end encryption on the detection of child sexual abuse material.
The Institute’s report noted the challenges end-to-end encryption created for law enforcement investigations, and limitations placed on companies’ ability to prevent, detect, and report child sexual abuse material occurring on their platforms.
The Global Encryption Coalition rebutted claims that secure messaging excessively facilitated criminal activity.
“End-to-end encryption plays a crucial role in ensuring the safety, security, and privacy of millions in Australia,” the group said in a statement.
