What the world must not learn from Australia

Australia asks tech cos to do impossible: They must decrypt any communications by users, upon a secret demand made by the competent authorities, but cannot cause a 'systemic weakness' when decrypting

In the aftermath of Pokhran II , the United States went to town investigating those who could have been guilty of exporting “dual-use” technology from America. Many Indians and non-resident Indians in the global IT industry faced questions. You need high-end computers for all sorts of military purposes, including encrypted communications, decryption of encoded messages,  and weapon design. The generation of weather forecasts and the simulation of nuclear explosions also requires supercomputers. 

India developed the Param precisely because it was denied Cray supercomputers. The Indian Space Research Organisation (Isro) struggled for years to design and make cryogenic rockets because that, too, is dual-use. But some of the American paranoia was also stupid. Software engineers who had written their own, strong encryption programs while sitting outside the US, were accused of stealing US’ dual-use technology.

Encryption depends on maths, which has universal laws. It's feasible that a teenager sitting in Tristan da Cunha or Tawang may write an encryption program good enough to thwart the National Security Agency (NSA). Technology has advanced by leaps and bounds since Pokhran II. 

The average smartphone has fairly strong encryption. High-end phones have even more solid systems. You could hand over a phone to somebody and that person would not be able to decrypt it without passwords and PINs. Laptops and servers have even higher levels of protection though many users appear to be unaware of this, or uninterested in deploying it. 

End-to-end encryption (or E2EE) is a default feature of many instant messaging services. A message sent on WhatsApp, Signal, Telegram, etc., can neither be read by the service provider nor by the telecom company that transmits it, nor, indeed, by any agency that intercepts it. E2EE is also a feature of certain email services including, famously, the one used by Vijay Mallya for his personal account. 

This ensures privacy of data and freedom of speech — no small things in a world increasingly overrun by undemocratic regimes and black hat hackers. But law enforcement authorities and security agencies and other government organisations hate this level of strong encryption. 

They argue that terrorists and criminals use these services. But so do law-abiding individuals and companies that need privacy. So do whistleblowers, dissidents, politicians, lawyers and journalists.  The entire global financial industry would come to a crashing halt if strong encryption was impossible.
 

If you damage strong encryption, a cascade of insecurities would arise. Once there is a way to decrypt communications, bright lads in Tristan da Cunha or Triplicane will figure out how to do it as well. The private lives of billions of individuals and companies would become exposed to the world at large.

Dissidents would be ruthlessly rounded up and admonished with bone-saws. Sitting politicians who control law enforcement and security agencies would know what their political opponents were planning and who exactly was funding the Opposition. The gaurakshaks would know which anti-nationals use which credit card to pay for beef-rolls down in Kolkata. 

Law enforcement authorities, immigration officers, tax authorities and security agencies have gotten around this by persuading lawmakers to impose criminal penalties on individuals and corporates that refuse to decrypt their data, or communications, upon demand. But they would really like the power to snoop at will, without the targets ever finding out that they are under surveillance.

Australia has just put in a law that tries to do this. It asks tech companies to do the impossible: They must decrypt any communications by users, upon a secret demand made by the competent authorities. But they cannot cause a "systemic weakness" when decrypting. 

The laws of mathematics make this impossible. What's more, those laws and our current state of technology make it entirely possible for some kid somewhere to write a strong encryption system and build machines using off-the-shelf components incorporating that encryption. 

Unfortunately,  politicians don't understand this, or they wilfully pretend not to understand. Former Australian Prime Minister Malcolm Turnbull once demanded, in so many words, that the laws of Australia take precedence over the laws of mathematics. When a career politician with "merchant banker" and "venture capitalist" on his resume says this, one must assume malice. That law could end up changing the world if versions of it are copy-pasted and passed by other governments.

Twitter: @devangshudatta