13 Jun 2017
Terrorists are using encryption. Our laws need to keep up with the technology
As we learn details from investigations into recent terrorist attacks in Tehran, London, Jakarta and Manchester, a common theme is emerging of terrorists using commercial encrypted communications services to plan, support and commit terrorist attacks.
In Australia, the heads of ASIO and the Australian Federal Police have warned of the challenges of "going blind" in their attempts to lawfully keep up with criminal use of rapidly evolving communications technology - a sentiment echoed by their "five eyes" intelligence-sharing partners in the United States, UK, Canada and New Zealand.
The answer isn't just in keeping up with technical intrusion methodologies – the modern-day equivalent of wire tapping. This will, of course, always continue to play a part for intelligence agencies. But encrypted communications bring challenges and unintended consequences on another scale from these previous technical interceptions.
The recent "Wannacry" ransomware attack demonstrates the hazards of the back-door approach: information on technical vulnerabilities, first identified by western intelligence agencies, was obtained by others and used for criminal purposes - harming both public services and business.
Concerns about privacy are another reason to rethink how we go about dealing with this challenge.
In an age where most freely give much of their personal information to global corporations, the paradox of public demands for privacy from government is well known. But it is incumbent on governments in liberal democracies to protect human rights and privacy, in balance with the public interest.
The importance of secure and confidential communication to support a free press is also critical for legitimate governments. This sets a high benchmark for balancing privacy with the complex and global challenge that encrypted communications poses to security.
We must be focused on the principles, not the technology. Communications have evolved substantially from the phone, fax and telegraph technology of the time when much of Australia's existing telecommunications security legislation was introduced. But the principles remain the same.
Where an individual or group is using any form of communications to support terrorism or other designated criminal activity, this may be intercepted by specified authorities and under appropriate authority.
For Australia and the "five eyes" community in particular - and other liberal democracies - this means that both our laws and practices need to be updated to work in partnership with the communications sector to ensure access when needed to prevent and prosecute criminal activities, including terrorism.
Just as the telecommunications sector already works closely with intelligence and law enforcement to access "wires" and call data, so the globalised communications sector is the key to dealing effectively with terrorist use of current and evolving communications and data technology.
This means that these companies - whether headquartered in Australia or overseas - must maintain visibility and access to the service they are providing.
Most businesses understand their shared responsibility for security - including corporate responsibilities to not facilitate crime - they just need to be involved as partners with government in working out how to best do this. This is where a multilateral approach is key: few of the major business players are Australian.
The laws regulating access to communications data would be, in principle, the same as those currently in place for other forms of telecommunications intercepts: companies ensuring data is available to access if required, warrants being issued by the appropriate authority such as the Attorney-General, with both time limits and regular scrutiny and review through the Inspector-General of Intelligence and Security, the Independent National Security Legislation Monitor, parliamentary committees and others.
Encrypted communications are yet another valuable innovation for our society and our economy. As our technology evolves, our policies, practices and laws need to evolve with them.
Jacinta Carroll is head of the Australian Strategic Policy Institute's Counter-Terrorism Policy Centre and a former national security official in the federal government.