If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism — by unlocking secret encrypted messages and data belonging to suspected violent plotters — the Prime Minister can expect a heated tussle with America’s powerful Silicon Valley.
Turnbull intends to nudge world leaders at the Group of 20 in Germany this week to pressure predominantly US-based tech giants to share more readily with authorities the secret digital behaviour of criminal suspects using smartphones and messaging apps.
The world’s most valuable companies such as Apple and Facebook are in the crosshairs of like-minded political leaders from Australia, Germany and the United Kingdom.
Criminals are using encrypted devices such as the iPhone and messaging apps like WhatsApp, Wickr, Telegram Messenger, Signal, SilentCircle, ChatSecure and even the Sony Play Station 4 to covertly plot their crimes.
Even though Donald Trump has presented himself as a tough law and order leader and has often been at loggerheads with progressive Silicon Valley, it appears unlikely that the US President will readily embrace Turnbull’s offensive against American tech firms.
Zachary Goldman, co-founder of the Center for Cyber Security at New York University, says: “These are American companies, so in terms of economic competitiveness you are potentially putting at risk the darlings of the American economy.”
“The European and Australian governments may not have the same concerns.”
Security v privacy debate
Encryption is effectively mathematical algorithms designed to stop hackers accessing information on phones and messaging app communications.
More than 1 billion transactions globally a day are encrypted, including online banking and internet shopping.
Silicon Valley is paying close attention to Australia’s posturing.
While Australia is more than a year behind the US in the so-called privacy versus security debate between tech firms and national security personnel, the battle lines are already well defined.
Apple chief executive Tim Cook wrote an open letter to customers last year after the world’s most valuable company refused to build a system to help the FBI unlock the iPhone of a San Bernardino terrorism culprit who jointly killed 14 people.
The FBI wanted to see who else the husband and wife killers had been communicating with and their recent places of movement, to help identity possible accomplices and stop any future attack.
Cook stood firm, arguing that Apple had a duty to protect personal information from conversations, photos, calendars, contacts, financial information and health data.
“The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers — including tens of millions of American citizens — from sophisticated hackers and cybercriminals,” he wrote. “The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”
What is a backdoor?
Trump, then the Republican presidential frontrunner, said at the time that Apple should comply with the California judge’s order to help the FBI break into the phone.
“But to think that Apple won’t allow us to get into her cell phone.
“Who do they think they are?”
Since the heat of the election, President Trump and US lawmakers have sat pat, in effect siding with technologists, privacy advocates and libertarians suspicious of government intrusion.
These groups have argued that weakening encryption will make people and businesses more vulnerable to cyber hacking criminals.
Turnbull, a former internet entrepreneur, has been at pains to emphasise the government does not want a “backdoor” to access devices and messages.
But that is not how the technologists frame this debate and they view the Prime Minister’s argument as semantics.
The tech sector argues that any weakening of encryption is in effect a backdoor for the good guys and the bad guys.
Once a decoding key is built or a vulnerability is exposed, hackers will do their best to hunt down the decryption method.
Exploiting a vulnerability
Amie Stepanovich, US policy manager at Access Now, which is funded by tech firms such as including Facebook, Google, Microsoft, Yahoo and human rights groups, says Australia is in a difficult position but risks weakening digital security for individuals and business.
“Weakening encryption won’t work because the criminals will be incentivised to get access to the tools,” she says.
“Across the board it will lower the security of the rest of the world.”
The government sees it differently.
As the Prime Minister hinted at in interviews with Fairfax Media and the ABC this week, the government believes the tech companies are already aware of flaws and weaknesses in their systems.
With this knowledge, one policy under consideration is to legally compel the companies to give their best effort to access the correspondence and data, without threatening the intellectual property of the tech firms.
The government believes this is more akin to exploiting a vulnerability, not creating a backdoor.
The government may also argue that digital companies already spend billions of dollars protecting their most precious and sensitive IP such as source code, so the firms could also do the same for any information about how to get around their encrypted systems.
Illuminate the dark
Chris Swecker, a retired head of the FBI criminal investigative division, says tech advocates have created an “artificial distinction” between lawful intercept of old tech like cell phone calls and pager messages, compared to new encrypted communications.
“Technology moved way ahead of the legal structure,” he says.
“We can’t put ourselves in a position where the only guys we catch are the dumb criminals who don’t use cutting edge modern technology.”
“I believe this technology communications material should be available via a valid court order.”
In echoes of that, Turnbull said this week that the rule of law must extend to cyber with the appropriate legal authority, such as a court order or warrant.
“We cannot allow these systems to be used as they are at the moment to enable terrorists and other criminals to basically conceal themselves to operate in the dark, a dark that we cannot illuminate and the law must be able to reach into those dark crevices and so that our agencies are able to keep us secure.”
Still, any such move by Turnbull would also undermine the commercial interests of tech firms.
Since the 2013 revelations from rogue National Security Agency contractor Edward Snowden about the extent of US government spying, sometimes assisted by US telco and technology companies, Silicon Valley has become more circumspect about being seen to cooperate with law enforcement.
No costless solution
Turnbull knows from his time as communications minister that US tech firms like IBM and Cisco Systems suffered commercially in China because the Snowden affair raised perceptions that American hardware vendors were leaving backdoors open for NSA spooks.
If customers believe Silicon Valley is in cahoots with US spies, sales are likely to suffer, especially in large consumer markets such as China and Russia that are suspicious of the US government.
Furthermore, a related argument by technologists is that is that if Western governments like Australia force tech firms to decrypt private data and messages, less trusted foreign regimes such as in China and Russia will do the same against citizens from overseas.
The government has considered this problem too, but is also aware that presently nothing stops such regimes already doing this.
Indeed, Russia has tried to compel digital companies to share their source code, while China is forcing tech firms to retain locally their source code and intellectual property.
Encryption was discussed by Attorney General George Brandis and “Five Eyes” intelligence counterparts from Canada, New Zealand, the United Kingdom and US last week.
NYU’s Goldman says there is no costless solution for governments and societies.
“The question is what costs are you willing to bear to accept risk?”
Critics of government-mandated decryption suggest other compromise options such as better training law enforcement to tap into digital data and for government agencies to improve their hacking techniques.
In the San Bernardino Apple iPhone case, the FBI ultimately paid a third-party firm to successfully break the device’s pass code.