Australian law could force tech firms to hand over customer data

Companies like Facebook, Apple and Google could face a $7.3 million fine if they don't.

Australia has been relying on criminal telecommunications legislation dating back to the days of the landline, so proposed laws unveiled today are designed to bring the country's legal enforcements in line with the many nefarious opportunities the internet presents for hackers. But it's raised eyebrows among some industry experts.

In a move not dissimilar to that seen in the UK and US, the new rules -- the Assistance and Access Bill 2018 -- will force the likes of Google, Apple, Facebook and other technology groups to help Australian authorities decode certain forms of encrypted communications on their systems, or face fines of up to AU$10 million (US$7.3 million). The government says the legislation will help protect against terrorism, fraud and child abuse crimes, and aims to ensure criminals "have no place to hide."

While the government has stopped short of demanding backdoor access to tech companies' systems (the sort that would have allowed authorities to tap into end-to-end encryption services such as WhatsApp), it does want access to data at "points where it is not encrypted." As ABC explains, Apple wouldn't be made to create a back door for iMessage, for example, where every user's encryption key is different. But the government could request access to the single encryption key for its iCloud services. When you send a message to a friend, it's encrypted as it travels between the two devices, and when it arrives, it's decrypted for your friend to read -- this when authorities could read it. So it's less of a backdoor, and more of a "side gate".

However, cyber security minister Angus Taylor says this will only be allowed under strict guidelines, with companies subject to three levels of escalation: an interception agency requesting the company voluntarily assist; a "Technical Assistance Notice" whereby the companies are instructed to help; and a "Technical Capability Notice", which can only be issued by the attorney-general and basically means "comply or face a fine."

Of course, $7.3 million is not a bank-busting sum for the likes of Google or Facebook, but should a situation arise where they come to that bridge, there will be wider implications at stake. It's not clear whether -- if the laws are passed (a one-month consultation period is now open) -- the Australian government intends on issuing greater numbers of data requests, or if it's more of a helpful law to have in the pocket. Since 2013, though, the Australian government has made 6,977 requests for data from Facebook, with the company providing some data in relation to around 67 percent of those requests. The new laws would certainly make it easier for the government to get its hands on the remaining 33 percent.