Critics say there are no legitimate uses of encryption—they’re wrong

The Parliament of Australia is considering legislation to give new powers to the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police. These powers will allow them to modify online data, monitor network activity, and in some circumstances handle online accounts.

Last week, in its submission to Parliament regarding the proposed powers, ACIC made an erroneous and related claim about privacy and information security. ACIC claimed “the law abiding member of the community has no valid reason to own or use the encrypted communication platform.”

Encrypted communication platforms including WhatsApp, Signal, FaceTime and iMessage are in common use, allowing users to send messages that can only be read by intended recipients. There are several valid reasons that law-abiding people can use them. And surveillance systems, no matter how well-intentioned, can have negative effects and can be used for different purposes or by different people for whom they were designed.

How can monitoring go wrong

Monitoring systems often produce unexpected effects.

In 1849, officers of the Port Arthur penal colony of Tasmania built a separate prison, aimed at a humane and enlightened method of imprisonment. Based on the views of Jeremy Bentham’s Panopticon, the design emphasized continuous monitoring and psychological control rather than corporal punishment. However, many prisoners faced severe psychological problems as a result of lack of general communication with others.

Since 2006, Facebook has developed a privacy-invasion mechanism, which aims to make it easier to make money through targeted advertising. Facebook’s system has been misused by Cambridge Analytica and others for political manipulation, with disastrous consequences for some democracies.

In 2018, the Parliament of Australia passed the Telecommunications and Other Legislative Amendment (Assistance and Access) Act, which was intended to help police catch terrorists, pedophiles and other serious criminals. The act empowered the Australian Federal Police to “add, copy, delete or change” the content on the computer. These powers were used the following year to conduct raids on the Australian Broadcasting Corporation in connection with a story on alleged war crimes in Afghanistan.

These examples demonstrate two facts about Secure.

These examples demonstrate two facts about security and surveillance. First, surveillance can be used by people of any moral character. Second, a monitoring mechanism can be used by different people, or can achieve completely different effects from its original design.

We therefore need to consider what it would mean to avoid, mitigate or even outlaw the use of encrypted platforms for community law abiding members.

Encryption limits the power of security agencies

There are already laws that decide who is allowed to listen to communications over telecommunications networks. Although such communications are generally protected, law enforcement and national security agencies may be authorized to intercept them.

However, where communications are encrypted, agencies will not be able to automatically retrieve the content of conversations that they intercept. The Telecommunications and Other Legislative Amendment (Assistance and Access) Act 2018 was passed to enable agencies to obtain assistance to maintain the ability to gain access to the (unencrypted) content of communications. For example, they may ask that one or more forms of electronic security be removed.

There are also federal, state and regional laws that may require people to assist law enforcement and national security agencies in accessing (unencrypted) data. There are several proposals to clarify these laws, expand the powers of the state, and even prevent the use of encryption under certain circumstances.

More monitoring power is not always better

While people may have different views on special resolutions about state powers and encryption, there are some things on which we should all agree.

First, facts matter. If ACIC is mistaken about the legitimate use of encryption, its claim must be withdrawn or exempted.

Second, people need both security and privacy. In fact, privacy can facilitate security (the more people learn about you, the easier it will be to cheat you, track you down and / or harm you).

Third, law enforcement and national security agencies require certain monitoring powers to perform their work. Most of the time, it contributes to the social interest of public safety.