The systems protecting Australians' private information and communications from criminals could be undermined under proposed federal laws, two cyber security executives have warned.
Under the new laws, tech companies such as Apple, Facebook and Google could be forced to help law enforcement view iMessage, WhatsApp or other encrypted messages to assist criminal investigations.
Should the tech giants refuse or argue they aren't capable of doing so, the attorney-general will have the option to order them to write software to allow access.
Joe Levy, the chief technology officer of global cybersecurity provider Sophos, says unintended consequences could occur once a company is forced to build a new feature.
"All software has some kind of flaw or exploitable vulnerability," he told AAP.
"Any attacker worth his or her salt would immediately go after those interfaces because they would effectively provide the keys to the kingdom."
He says Sophos already complies with requests from law enforcement all over the world where it sees fit.
But the global firm will not introduce flaws to its products or, as the bill proposes, allow agencies to view source code.
The government stresses it doesn't want to "break" encryption but instead find other ways to view a target's messages.
Companies who don't comply would face fines of up to $10 million while people under suspicion of certain crimes who refuse to unlock their phone to agencies could face up to 10 years in jail.
Symantec, the makers of Norton virus protection, says it holds much less information on its users than Apple and Facebook but still won't write software that undermines its products.
"No one wants to get in the way of law enforcement putting criminals behind bars or being able to investigate criminal activity," Symantec's Asia-Pacific chief technology officer Nick Savvides told AAP.
"But on the other hand, you don't want to build a tool which can be used against you."
Mr Savvides said he sympathised with lawmakers trying to find a workable solution amid a debate dominated by the fringes.
But the Melbourne-based expert warned Australia can't legislate its way out of trouble.
"You use encryption to keep the data secure from bad guys and to facilitate trust," Mr Savvides said.
"If you're really after criminals and want to observe criminal activity, you'll end up with criminals using their own encryption."
Australia's Home Affairs Department says 95 per cent of the most dangerous counter-terrorism targets actively use encrypted messages to conceal their communications.
Companies would be asked to provide access to customers' information only where it is deemed "reasonable, proportionate, practicable and technically feasible".
The government says it has "no interest in undermining systems that protect the fundamental security of communications" and the new bill "explicitly provides" that new powers cannot be used to compel companies to build weaknesses into their products.
Any person who exposes the methods used to gain access would face up to five years in jail.
Share
