Updates

Encryption

2019

The Australian Parliament has adopted the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. The Bill replaced the definitions of systemic weaknesses and vulnerabilities, which are now defined only as affecting ‘a whole class of technology’, and don’t include those ‘selectively introduced to one or more target technologies that are connected with a particular person’, thereby possibly creating space for those selectively introduced to be exploited by the law enforcement agencies. In addition, the new section (317ZG) introduces certain limitations to law enforcement measures, by specifying that technical assistance requests and notices, and technical capability notices, cannot have the effect of creating new decryption capabilities or weakening existing authentication or encryption mechanisms, or create a risk that otherwise secure information be compromised by unauthorised third parties.

Popular messaging service WhatsApp has stated that Indian government’s proposal to force tech companies to hand over encrypted messages is “over-broad” and “not possible”. The Indian government has been asking WhatsApp to share origin of messages in order to track fake news ahead of national elections. However, WhatsApp communication head reiterated that WhatsApp will not break end-to-end encryption.

According to India Today, Indian authorities are working on amending the IT Act in parts related to liabilities of intermediaries, to allow the government to monitor and remove user content and messages, including encrypted ones. These steps are being justified as a need to monitor unlawful content, and in particular, fake news and inflammatory messages via messenger apps, such as WhatsApp, which resulted in a series of lynch mobbings. WhatsApp and Twitter, both announced that they will respond to consultations opened by the Indian the government, and criticised the new rules as being against privacy and leading to censorship, Financial Times reports.

In the proposed amendments to the Information Technology Act 2000, the Indian government recommended modifications on the rules regarding the liability of online intermediaries. The proposal requires that intermediaries, including social media networks, e-commerce platforms and Internet providers, should be expected to proactively remove unlawful third-party content, or face liability for the illegal content. The rules would change the intermediary liability landmark set by the Shreya Singhal case of 2015, which clarified that companies were only expected to remove content when ordered by a court to do so. 

2018

Australia passed a controversial law, the Assistance and Access Bill, designed to compel technology companies to grant law enforcement agencies access to encrypted messages. According to the Guardian, the law intends to ‘co-opt technology companies, device manufacturers and service providers into building the functionality needed for police to do their spying’ and ‘give to Australian agencies the ability to install key logging software to enable them to see, keystroke by keystroke, what users type into a message’. The law was adopted despite strong criticism from civil society organisations and leading tech companies, such as Apple, Cisco, Mozilla, Google, and Facebook.

The Global Commission on the Stability of Cyberspace (GCSC) has released its 'Singapore package' with the six new proposed norms for state and non-state behaviour. The norms focus on tampering with products, vulnerability disclosure and responsibility, botnets, cyber-hygiene, and conduct of offensive cyber operations by non-state actors. According to its Commissioners, the GCSC may still work on development of few additional norms, but will now put more focus on exploring the ways to steer other processes with its proposed norms.

Pages

 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top