The federal government plans to act against criminals using encrypted apps to escape detection - but won't reveal how they plan to do this.
Encryption is a method for ensuring communications between two parties remains private from everyone else, including the carrier.
Cyber Security Minister Angus Taylor says companies must be able to encrypt information, but law enforcement should still have access in a way that won't create a weakness for hackers to exploit.
Mr Taylor says technology has changed rapidly and the government must ensure law enforcement does not lose access to the data and information they need to prevent crimes and to hold criminals to account.
“The old legislation only applied to traditional communications. It applied to telecommunications companies; it didn't apply to all those other companies now that are providing those messaging services. So we need to broaden it. And the nature of those communications has changed. They are now digital and they are often encrypted. So the legislation gives law enforcement the powers to go after criminals, and to pre-empt attacks or crimes and to convict criminals, to hold them to account by getting access to the evidence they need.”
Currently law enforcement can already access emails, texts and voice messages stored on a carrier’s network providing they have a warrant.
During the 2015-16 financial years, 712 such warrants were issued.
They now want the contents of any communication encoded via encryption.
Encryption is used as a security tool for personal banking platforms and some messaging services.
Security analyst Greg Barton, from Deakin University, says the government is right to be concerned about the impact of encrypted messaging.
“At the moment around half of all the messaging at least occurs visa encrypted messaging. So that's just a massive change in the landscape. Not because the terrorists or the criminals have become so much smarter, the technology has just moved on. All of us use end-to-end encrypted messaging apps as a matter of habit because they are made available to us. That's good for most of the people most of the time. But if it's child sexual exploitation, other criminal activity, drugs, terror - it's a problem for the authorities. They have a legitimate case.”
The government won't reveal what techniques would be used to access encrypted data, refusing to answer questions about whether it included installing surveillance code on devices.
Dr Sue Dreyfus is a lecturer in the Department of Computing and Information Systems at The University of Melbourne.
She says while it's too early to know the full details of the government's plan, she's concerned the government could compromise the safety and privacy of users of tech companies such as Google and Facebook.
“If you want to capture a terrorist yes, okay, you want to be able to get their communications with a warrant signed by a judge, and you might need that. But it is also potentially risky if you're saying 'What we want to do is create a tool that breaks a phone's security.' Well what if that tool gets out into the wild? What if that becomes something that darker forces can use to break hundreds of thousands of phones? We just don't know.”
The laws would apply to telecommunications companies like Telstra, Optus and Vodafone, and tech service providers including Facebook, Whatsapp, Apple and Google.
Mr Taylor says there will be more discussions around technical aspects once the legislation is introduced to parliament.
