The regulation of cryptography in Australia: Analysing the criminalisation of non-compliance with access and assistance orders
Dr Michael Wilson1
1Murdoch University, Perth, Australia
Since the release of public key cryptography in 1991, there has been a ‘crypto war’ concerning the regulation (and criminalisation) of the technology (Diffie & Landau, 2007). The debate concerns to what extent citizen communications should be protected from surveillance by law enforcement and intelligence agencies. The issue is complicated by criminal misuses of cryptography, such as facilitating the trade of illicit goods and services, the distribution of child exploitation materials, or enabling extremism on the dark web (Weimann, 2016). Consequently, the Australian Government has introduced legislation that compels both industry and citizens to decrypt communications subject to data access or assistance orders. Under section 317E of the Telecommunications Act (1997), technology companies can be compelled to assist law enforcement to gain access to the contents of encrypted communications. Further, proposed amendments to the Surveillance Devices Act (2004) would compel citizens to disclose ‘any information necessary’ to access or disrupt digital information, with non-compliance punishable with up to 10 years imprisonment. This paper presents the results of a content analysis of parliamentary reviews of ‘compelled access’ and ‘assistance order’ legislation from 2018 to 2020. Using a mixed inductive-deductive category identification process, the research examines the justifications for, and criticisms of, the regulation of cryptography and the criminalisation of non-compliance with lawful orders. The sample includes the second reading speeches for the relevant legislation and 128 public submissions to associated reviews by the Parliamentary Joint Committee on Intelligence and Security. The results suggest that the problem of ‘going dark’ is used to position the use of cryptography as ‘suspicious’ within the discursive logics of preventive justice (Zedner, 2007; Joh, 2013), while objections to the criminalisation of non-compliance with lawful orders are articulated within republican and anarchist logics of non-domination.
Dr Michael Wilson is a Lecturer in the School of Law at Murdoch University. He teaches courses on computer crime, digital forensics, and criminal justice. His research examines the regulation of cryptography, cyber disobedience, surveillance law, and digital evidence. His doctoral thesis (2020) examined the moral equivalence drawn between privacy protection and the evasion of criminal investigations within the ‘problem of going dark’ and associated strategies of resistance to metadata retention and encryption access laws. He has previously published research in Computers & Security, International Communication Gazette, and Crime, Law, and Social Change.