Digital Industry Group Incorporated (DIGI) — a group whose members include Facebook, Google, Microsoft, Oath and Twitter — has urged caution over any regulatory moves by the government that could compromise the effectiveness of encryption.
The government is preparing to unveil legislation that is intended to boost the ability of law enforcement agencies to access to communications using encrypted services.
The move is part of an international push by governments to tackle a phenomenon that law enforcement agencies have described as ‘going dark’: Their inability to access communications conducted over services with end-to-end encryption.
Prime Minister Malcolm Turnbull has argued that “global social media and messaging companies” should provide police with access to encrypted messaging services such as WhatsApp.
Federal parliament’s Joint Committee on Law Enforcement is currently holding an inquiry into the impact of new and emerging technology on Australian police and security agencies.
Under its terms of reference, in addition to scrutinising the ICT capabilities of Australian law enforcement agencies, the inquiry is examining “the role and use of the dark web” and “the role and use of encryption, encryption services and encrypted devices”
“Encryption has become a fundamental part of our digitally connected world and economy,” a DIGI submission (PDF) to the inquiry states.
“From keeping our banking data safe, safely storing our private photos and videos, or securely making payments online, encryption makes our digital social and economic lives function. Encryption is also a means to keeping government data secure, and how law enforcement agencies around the world have protected their information for decades.”
The DIGI submission argues that the “the availability of much digital evidence is not affected by the use of encryption”.
“Where encryption may limit the ability of a provider to disclose user content, metadata with considerable investigative value is available, and providers work closely with agencies to raise awareness of this and adapt processes and procedures for lawful access to such data accordingly,” it argues.
Many strong encryption schemes are available as open source code, and as a result any “efforts to impose limits on encryption by regulating how companies can deploy this ubiquitous technology will not necessarily achieve the goal of opening up a new trove of information that can be used for investigative purposes”.
DIGI believes that the biggest challenge facing the investigation of crimes committed online is law enforcement education and training, the submission states.
It highlights the adoption by police in the UK of a ‘single point of contact’ (SPOC) model, whereby a trained expert sits within each constabulary, as one potential boost to law enforcement effectiveness when it comes to hi-tech crime.
“The digital industry can focus their training efforts in a much more effective and targeted fashion, and officers within each constabulary have internal experts to draw on to ask questions, sanity check investigatory options and channel data access requests through,” the submission states.