Last week, the Australian government passed the country's controversial Access and Assistance Bill 2018 into law, legislation that allows government agencies to demand access to encrypted communications. Companies that don't comply with the new law could face fines of up to AU$10 million ($7.3 million). A number of companies that stand to be affected have spoken out about the legislation, and Signal has now joined in, explaining that it won't be able to fulfill such requests if asked.
"By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles or group avatars," Signal's Joshua Lund wrote in a blog post. "The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us." Lund added that Signal is open source, meaning anyone can "verify or examine the code for each release." "People often use Signal to share secrets with their friends, but we can't hide secrets in our software," he wrote. "We can't include a backdoor in Signal."
Before the law was passed, Apple sent a letter to the Australian government, outlining its concerns about the bill. The company described portions of the bill as being "overly broad" while also noting a lack of judicial oversight and the global impact such a law stands to have. "There is profound risk of making criminals' jobs easier, not harder," Apple said. "Increasingly stronger -- not weaker -- encryption is the best way to protect against these threats." Similarly, the Reform Government Surveillance coalition, a group that includes Apple, Facebook, Google and Twitter, among others, released a statement saying Australia's law is "deeply flawed, overly broad and lacking in adequate independent oversight over the new authorities."
Tech companies and government agencies have continued to butt heads over access to communications, both in Australia and abroad. In the US, federal agencies have repeatedly called for backdoor access and tech firms have fought back against those demands in courtrooms.
Signal acknowledged that Australia could try to block its service throughout the country, but it added that in the past, that hasn't worked so well for other countries. With VPNs and other strategies available to get around those sorts of maneuvers, such restrictions wouldn't necessarily have the impact the government would be striving for.
Signal isn't new to these kinds of challenges as it has faced pushback from other countries as well.
"Attempting to roll back the clock on security improvements which have massively benefited Australia and the entire global community is a disappointing development," wrote Lund, who reiterated Signal's commitment to opposing mass surveillance around the world.