Why Australia’s Encryption Law Could Affect Africa
What is happening in Australia?
Australia has published a draft law that weakens encryption and privacy protection, for public review and comments submissions. This draft law grants unrestricted powers to the Security Intelligence Organisation with no oversight, to request or require a wide range of communications providers to provide information or implement a “capability” that will tap into encrypted communication and messages in transit, for any number of reasons, ranging from economic to security to foreign policy interest. It proposes to collect this information from literally any communication device as its definition of things that will be regulated under the proposed law is so vast it includes any structure or thing used or in connection to a telecommunications network.
What is Encryption?
Encryption is a computer method by which something or message in plaintext is made unreadable or encoded (using a key) to a format that only someone with the key can convert or decrypt the message back to a readable, plaintext format.
Many chat applications like Signal, Whatsapp, Telegram etc., today use this technology. End-to-end encryption means only the devices
actually talking to each other know and keep the keys to decrypt the message. The communications service provider or carrier doesn’t have a copy of the key and therefore cannot provide your messages in a readable format to a third-party if asked.
What does the draft law claim not to do?
Even though it attempts to list exceptions of things or acts that the law cannot require a communications provider to do, in some way, things
that are outside the scope of the law, like any act that would introduce “systemic” weakness or vulnerability into encryption, the draft law does a
horrible job of giving clarity on what “systemic” weakness or “systemic vulnerability” is or where a line can be drawn as to what scale of an interception act can be systemic. Encryption technologies usually allow another device like a user’s desktop or tablet to be introduced into the end-to-end encryption system that would normally be used on their phones primarily, for example. Introduction of an additional device would trigger an announcement or alert of some sort, informing the user that a new device has joined the conversation. With this
draft law, this notification could be something the communications provider is required to suppress for example, when a state organisation inserts a ghost device to monitor a target’s encrypted communication or messages. One could argue that if such muting of users’ notifications significantly increases, like in the case of mass surveillance that would be a systemic vulnerability or weakness.
But how does it affect Africa?
Not only does it include in its definition of who will be regulated as any electronic service with one or more end users in Australia, if
this law is passed as it is (with no oversight), and other states around the world copy and enact similar laws, it will adversely impact democracy in many countries in Africa. Unlike in Australia where state organisations generally do not abuse their powers and where the judiciary is independent, if a similar law is passed with no significant oversight by repressive governments like in
Cameroon, Uganda and the likes, it will become a tool for human rights abuse, mass surveillance of rights activists and journalists, privacy violation and suppression of free speech.
Today, the citizens of some of these countries enjoy a level of freedom of expression in the confines of end-to-end encrypted services like
Signal, Whatsapp and Telegram, because they are sure of the privacy benefits they enjoy there. Australia must understand that encryption is the last line of defence for civil society actors, activists and journalists in these countries from their governments. It is the last line of defence for people who are simply asking for better governance, accountability and democracy from their governments. If this line of defence were to be torn down by such laws, by states weakening encryption or actively building backdoors to encryption technologies, then the safety of citizens in repressive African states will be severely jeopardized. We request that the Australian government not only consider the impact of such a law domestically, but also its impact to democracy internationally.
N.B: The views and opinions expressed in this article are those of the author and do not necessarily reflect the official position of the African Academic Network on Internet Policy.