ASIO head: Oz anti-encryption law swiftly used, didn’t break internet

data blocks / code encryption
Iaremenko / Getty Images

Mike Burgess, chief of the Australian Security Intelligence Organisation (ASIO), has once again defended Australia’s new encryption laws as lawmakers seek new rules for judicial oversight.    

In his first threat assessment address as head of Australia’s domestic spy agency, Burgess said law enforcement agencies’ rapid use of new powers under the encryption-fighting Assistance and Access (AA) Act reinforced the law’s urgency, which didn’t — for now — harm internet security. 

“I can confirm that ASIO has used the Assistance and Access Act to protect Australians from serious harm,” said Burgess. 

“We needed to take advantage of the new powers within 10 days of the legislation coming into effect – a clear indication of its significance to our mission. And I’m happy to report that the internet did not break as a result.”

Burgess took on the top ASIO role in late 2019 after a two-year stint leading Australia’s foreign spy agency, the Australian Signals Directorate, during the Coalition Government’s efforts to pass the AA Act, which was pushed through at the end of 2018. 

At the time, as ASD’s chief, Burgess wrote a blog aimed at shooting down criticisms of the law, which allows law enforcement to force tech firms to assist the government in investigations involving encrypted information. 

He said it would be “absurd” the law would put Australian tech companies on par with the likes of Huawei, which has been banned from providing network equipment for Australia’s 5G networks over concerns the Chinese government could force it to create backdoors. 

Burgess then argued the law would not ‘break the internet’ because the act only supported “highly” targeted investigations. He compared the authority police would get to accessing a single hotel room rather than a ‘master key’ for all rooms — an analogy Apple CEO Tim Cook previously used against proposals for similar laws in the US

In defense of the AA Act, Burgess on Monday said encryption was stifling 90% of its “priority” counter-terrorism cases.   

“The relentless advance of technology was outstripping our technical capabilities to monitor threats and protect our fellow Australians. Remember, encrypted communications impacts intelligence coverage in nine out of 10 priority counter-terrorism cases,” he said

The first Telecommunications Act annual report from Home Affairs covering requests under the AA Act, released in January, revealed the law was only used seven times during the first half of 2019. 

The act enabled Technical Assistance Reports (TAR), where industry voluntarily provide assistance. It also created Technical Assistance Notices (TAN) and Technical Capability Notices (TCN), which oblige providers to assist law enforcement, with the latter requiring joint approval by the Attorney General and the Communications Minister.    

Home Affairs recently revealed that, as of November 2019, 25 TARs had been issued by three unnamed agencies. 

The opposition Labor party has proposed amendments to the bill that would require the authorizations be approved by a judge rather than the head of an agency. 

Burgess acknowledged the government’s demands created a “dilemma” for tech executives and called on the industry to “work together to help organisations like ASIO and the police defeat the threats posed by malicious use of the Internet, while protecting the opportunities and freedoms it offers for all Australians.”

He added that all sides need to be “open about he need for balance between privacy and security” and recognize the “importance of the rule of law that supports a free society”. 

“Technology should not be beyond the rule of law,” he said. 


Copyright © 2020 IDG Communications, Inc.

Microsoft's very bad year for security: A timeline