SUBJECTS: National security, Encryption
Well good morning. It’s great to be here at the AFP Digital Forensics Lab here in Sydney with the Attorney-General and the acting AFP commissioner Michael Phelan.
We have been talking today about the challenges that we face in ensuring that the rule of law applies online as well as offline. We’ve been talking about the challenges that some of the great specialists here at the AFP face when they seek to get over the barriers that encryption places in the way of them finding out what terrorists are plotting, what drug traffickers are up to, what people who are exploiting children online are planning.
We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law.
The Australian Federal Police must have the powers - as do all our other intelligence and law enforcement agencies - to enforce the law online as well as offline.
Now, in Hamburg at the G20, this issue was brought to the forefront by Australia with the world's 20 leading economies and you saw a unanimous statement from the G20 reiterating that we expect the rule of law to apply online as well as offline.
Now one of the big challenges we face is that of encryption. Increasingly communications across the internet, whether it's messaging applications or voice applications, are encrypted end-to-end. That means that while they can be intercepted, they can't be read, they can't be interpreted other than with considerable difficulty.
So what we’re seeking to do, working with the other leading economies in the world, is to ensure that the brilliant tech companies in Silicon Valley and their emulators, bring their brilliance to bear to assist the rule of law. To enable us to be able - not through back doors or any sort of untoward means - but legitimately, appropriately, with the force of law, in the usual way that applies in the offline world, enable our law enforcement agencies to have access to these communications so that they can keep us safe.
As the Attorney-General will describe in a moment, we are already leading the way here in Australia with new legislative priorities that will ensure that internet companies, like the telcos at the moment, will have the obligation to assist the police with getting access to communications and information data that they are lawfully entitled to, in accordance with an appropriate warrant or court order. And also, to give the Australian Federal Police the ability that ASIO currently has to remotely, again in accordance with a lawful order, to remotely monitor computer networks and devices.
These are vitally important reforms to keep Australians safe.
So whether it is in Hamburg at the G20 or at the meeting of the Five Eyes, the closest intelligence cooperation among the five leading countries, Australia, the United States, the United Kingdom, New Zealand and Canada. In that context where the Attorney-General has been, whether it is there or at the G20 or here at home, we are doing everything we can, every day, to keep Australians safe.
I'll ask the Attorney to say a little bit more about the legislation.
Thank you very much indeed, Prime Minister.
As the Prime Minister has said, we intend to work with the companies in order to address what is potentially the greatest degradation of intelligence and law enforcement capability that we have seen in our lifetimes.
What we are doing - and I want to emphasise this - is not changing any existing legal principle.
It has always been accepted that in appropriate cases, under warrant, there can be lawful surveillance of private communications.
It has always been accepted that in appropriate circumstances there is a compellable obligation on citizens, including corporate citizens, to cooperate with law enforcement authorities in order to resolve or prevent crime.
What we are doing, is bringing those existing legal obligations up to date. We are contemporising them. The existing law was written before the advent of social media, before the growth in very recent years of encryption of communications to a point at which it is now effectively ubiquitous. So in order to address the new technological developments, we are contemporising existing, well-established legal principles.
In the spring sittings of Parliament, the Government will be bringing forward legislation, which will in particular impose an obligation upon device manufacturers and upon service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis, where it is necessary to interdict or in the case of a crime that may have been committed, it is necessary to investigate and prosecute serious crime, whether it be counter terrorism, whether it be serious organised crime, whether it be for example, the operation of paedophile networks.
It is vitally important that the development of technology does not leave the law behind. So as the Prime Minister has said, working with our international partners, in particular with our Five Eyes intelligence partners and with the broader global community as the Prime Minister did last week, and if I may say so, showed international leadership on this issue, we will address this problem so as to keep our people safe. We will work with the corporate sector, we will engage them. It is an aspect of corporate social responsibility, which we will expect them to observe. But we’ll also ensure that the appropriate legal powers, if need be, as a last resort, coercive powers of the kind that recently were introduced into the United Kingdom under the Investigatory Powers Act, or as long ago as 2013 were introduced in New Zealand under their Telecommunications Act, are available to Australian intelligence and law enforcement authorities as well.
Thank you. Michael, do you want to add a bit about encryption?
ACTING COMMISSIONER OF THE AFP, MICHAEL PHELAN:
Certainly, thank you very much, Prime Minister. Certainly on behalf of the Australian Federal Police and all law enforcement agencies and indeed intelligence agencies, we welcome these reforms.
The vast majority of our investigations, indeed 65 per cent of our serious and organised crime investigations, counterterrorism investigations, major paedophile investigations, now involve some sort of encryption. Whether that's encryption of the phones, whether it's encryption of computers that we seize or whether or not it's traffic that goes between conversations over the internet. Then that's the sort of thing that we need to get behind.
At the end of the day, what has happened here is legislation has not yet kept pace with technology.
If you look at when I first became a police officer, it was quite simple. The phones that we intercepted were one house phone to another fixed phone. Quite simple. Traffic, anybody could listen to it. Now, those same pieces of legislation are designed to try and help us intercept encrypted applications that some of you don't even know are encrypted and to be able to get that material.
So we seize the material still and we get to see it, lawfully, but it's just not ‘there’. We can't view it.
So what we're advocating here, certainly on behalf of all of us, is no change to what we're able to lawfully intercept, just now giving us the power to be able to see that material. It's not only serious and organised crime investigations, but national security investigations as well. We have seen a rapid growth in the amount of encrypted traffic from around 3 per cent a couple of years ago to now over 55, 60 per cent of all traffic is encrypted.
We welcome the fact that the legislation will keep pace with the technology.
Thank you very much, do you have some questions?
Prime Minister, what method do you propose that these big tech companies should use to actually provide this encrypted information?
The legislation will require them to provide assistance, it's modelled on the UK legislation. So what they will have to do is to provide assistance to the police to enable them to have access to the information pursuant to a warrant. Look, I'm not suggesting this is not without some difficulty. As I have said, you would have heard me say when I was in Europe, that there is a culture particularly in the United States, a very libertarian culture, which is quite anti-government in the tech sector. Now, the reality is however, that these encrypted messaging applications and voice applications are being used - obviously by all of us - but they're also being used by people who seek to do us harm. They're being used by terrorists, they're being used by drug traffickers, they're being used by paedophile rings.
Now what the G20 agreed at our initiative, at Australia's initiative, is that we need to say with one voice to Silicon Valley and its emulators: “Alright you’ve devised these great platforms, now you’ve got to help us to ensure that the rule of law prevails and that they're not exploited by those who want to hide from the law as they plan to do us harm”.
Prime Minister, in some of these messaging platforms you’ve got keys – a sender has a key and the receiver has a key – but actually the companies don’t keep the keys for themselves-
That's what end-to-end encryption is, yeah.
Are you asking Facebook and Apple to now keep a copy of the keys that they give out to their customers?
I'm not a cryptographer, but what we're seeking to do is to secure their assistance. They have to face up to their responsibility. They can't just wash their hands of it and say: “It's got nothing to do with us”. So we need, what we need to do is to secure their cooperation and this is an issue that all of the countries of the G20 recognised.
You know, many of these big messaging platforms are hosted in the United States, WhatsApp is probably the best known but of course Telegram is another one that is very popular, is hosted in Berlin so I discussed that with Chancellor Angela Merkel in Berlin, in Hamburg when I was there at the G20.
The bottom line is we have got a situation where you have gone from the law enforcement agencies, police, the security services being able lawfully to intercept communications and lawfully have access to communications, and no-one's argued about that. That's been the case forever. Now, because of this end-to-end encryption, all of that information, all of that data, that communication being effectively dark to the reach of the law. That's not acceptable. We are a society, a democracy, under the rule of law, and the law must prevail online as well as offline.
Prime Minister, you say it’s not a backdoor – you say you’re not proposing a backdoor and so how exactly do you suggest that the companies do this?
That's a matter for them. But -
What is your understanding a backdoor is?
Do you want me to tell you what a backdoor is?
Well a backdoor is typically a flaw in a software program that perhaps the developer of the software program is not aware of and that somebody who knows about it, can exploit. You know, if there are flaws in software programs, obviously that's why you get updates on your phone and your computer all the time.
We're not talking about that. We're talking about lawful access. If you look at the communique from the G20, it's talking about lawful authorised access which is done in accordance with the law.
You mentioned that a backdoor was a flaw, that perhaps the developer wasn’t aware of. What if, say, WhatsApp did put in a backdoor, you know, that they deliberately put in, that they were aware of so they could provide -
Well, I'm not going to speculate about that.
What we’re talking about is lawful access. What we're talking about is the rule of law continuing to prevail in the online world as it has in the past, in the pre-encrypted, in the world when telecoms were not encrypted, were not end-to-end encrypted.
Prime Minister, you say you want these tech companies to cooperate and work with you. What if they don’t? Can you force them to?
Well, this is where we need the international cooperation that George was talking about earlier. In fact, when I was in London just a few days ago, I was meeting with the Home Secretary Amber Rudd, who had been meeting with the other Five Eyes security ministers and she'll be travelling to Silicon Valley with her American counterpart to raise these very issues.
Look, I'm not suggesting this is an easy nut to crack. But the fact is we’ve got a problem. We have got a real problem that our law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and paedophile rings are up to because of the very high levels of encryption.
What we need is the cooperation, where we can compel it we will, but we will need the cooperation from the tech companies to provide access in accordance with the law.
Won’t the laws of mathematics trump the laws of Australia? And aren’t you also forcing everyone to decentralised systems as a result?
The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia.
What about companies that are not operating in Australia, Prime Minister?
That was the point I just answered.
I know, but say a company outside of the G20 or if these terrorist groups use their own end-to-end encryption systems, what can you do about that?
Again, I'm not suggesting this is a problem susceptible to one quick fix.
But it is a very big issue and you have to tackle it and you have to show leadership.
Now, I have shown leadership on Australia's behalf at the G20. George has shown leadership among the Five Eyes on Australia's behalf. What we have to do is to work together as a global community to ensure that the rule of law prevails online as well as offline.
What if Facebook and Apple just say no? What if they defy the Government in this space because you're asking for an obligation? Would you go as far to say as you'll ban iMessage and ban WhatsApp?
I'm not going to get into hypotheticals. The important thing is to recognise the challenge and to call on those companies to provide the assistance. I am sure they know morally they should. Morally they should.
Prime Minister, it's not a hypothetical. Apple has in the past flagged it does uphold the privacy above almost everything else, we saw with the San Bernardino case. So why do you think they are suddenly going to change now because you’ve asked them?
Again, this is a major challenge to our law enforcement ability, our law enforcement agencies’ ability to keep our citizens safe.
What we are doing is everything we can within the parameters of our domestic Australian legal ability and internationally, working with other nations to ensure that we leave no stone unturned in our efforts to keep Australians safe. That's my job. That's the Attorney-General's job. That's the Commissioner's job. To keep Australians safe.
We will do everything we can online, as we do offline to keep Australians safe from those who seek to do us harm. Whether they are terrorists or drug traffickers or paedophile rings or criminals of any kind, we are a society governed by the rule of law and it must prevail. The rule of law must prevail online as it does offline.
Isn't it the case without the cooperation of these tech companies, these legal changes will essentially be ineffective? They won't mean anything?
Well I disagree with you there. The reality is we need to ensure that we have, of course, the cooperation of technology companies but we also need to recognise that we live in a society governed by the rule of law and the law applies to technology companies as it does to everybody else.
So this is a question of whether you want the rule of law to prevail or whether you want the internet to be used as a place, because of encryption technologies, criminals can hide from justice, criminals can hide from those whose job it is, like the men and women of the AFP we’ve seen today, who's job it is to keep us safe.
Thank you all very much.
Press Conference with Attorney-General and Acting Commissioner of the AFP - Sydney - 14 July 2017
SUBJECTS: National security, Encryption