Nicknamed Anti-Encryption Bill is the latest bill passed by\u00a0Australia's House of Representatives and its official name is\u00a0Telecommunications Assistance and Access Bill 2018.\u00a0This bill would now\u00a0allow law enforcement agencies to force\u00a0all organizations \/companies including Google, Facebook, WhatsApp, Signal etc to help them access encrypted communications. Thus Australia has successfully managed to break all sorts of Encryption by the help of those who know nothing about technology i.e. Politicians\u00a0 Why Australia passed AA Bill ? Australian government believes this new Bill\u00a0is important for national security and an important tool to help law enforcement agencies and security apparatus to fight serious crimes such as, terrorist attacks, drug trafficking, smuggling and sexual exploitation of children. Illustration of AA Bill backdoor What Assistance and Access Bill Permits You can read the complete 228 pages of legislation here\u00a0or let me present to you the points which matter to us all.\u00a0the Assistance and Access Bill could give Australian government and law enforcement agencies over citizen's digital privacy, The bill requests companies to provide "assistance" in accessing encrypted data which is divided in 3 categories, as explained: \tTechnical Assistance Request (TAR):\u00a0A notice to request tech companies for providing "voluntary assistance" to law enforcement, which includes "removing electronic protection, providing technical information, installing software, putting information in a particular format and facilitating access to devices or services." \tTechnical Assistance Notice (TAN): This notice requires, tech companies to give assistance they are already capable of providing that is reasonable, proportionate, practical and technically feasible, giving Australian agencies the flexibility to seek decryption of encrypted communications in circumstances where companies have existing means to do it.\u00a0It is to bring those companies which are not already utilizing the best encryption techniques in the government trap of complying. \tTechnical Capability Notice (TCN):\u00a0This notice is issued by the Attorney-General requiring companies to "build a new capability" to decrypt communications for Australian law enforcement. I am sure you must be shocked by what you read, so Australian government be like , Mate! Show us what you got, if you can't make something so you can Does the Bill Allow Weird Stalking Rights BIG YES,\u00a0You can read the complete PDF I linked above or let me present some excerpts from the same for your shock The Bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person\u2019s home, require a provider to monitor health data of its customers for indications of drug use, or require the development of tool that can unlock a particular user\u2019s device regardless of whether such tool could be used to unlock every other user\u2019s device as well\u2026 and after stating that in the final approved bill, it has the audacity to mention this as well While we share the goal of protecting the public and communities, we believe more work needs to be done on the Bill to iron out the ambiguities on encryption and security to ensure that Australian are protected to the greatest extent possible in the digital world. Government Supports Encryption - For Others Only The Bill states that tech companies can not be compelled to introduce a "systemic weakness" or "systemic backdoor" into their software or hardware, or "remove electronic protection" like encryption to satisfy government demands. The bill failed to explain what systemic might exactly mean in term of powers vested with authorities. Australian Government inspired by this meme made for US Government The new legislation requests measures at facilitating lawful access to information through two available options "decryption of encrypted technologies and access to communications and data at points where they are not encrypted." It is yet to see how companies comply with the government requests because it is absurd. Top 5 Reasons why AA Bill is Not Good \tThe bill is bad for security because encryption keeps us safe from criminals. This bill will make it easier for them to hack us. Although the bill doesn't ask to weaken the encryption or put backdoor, but they ask to allow special access to government. Enabling it prone to Social Engineering attacks. \tThe bill is bad for jobs because software companies will choose not to work in Australia, as this bill is fundamentally incompatible with GDPR. \tThe bill is bad for workers, as it opens up all sorts of penalties if we conscientiously object to being drafted into the security services. \tThe bill is bad for democracy as it will make it easier for a sitting government to access the private communications of journalists, opposition politicians, unions, businesses, etc. \tThe bill is bad for the economy because global consumers will choose digital services that come from countries that are not threatened by Australian legislation. I agree with these points as shared by Tom Sulston\u00a0, this not 'all' that is bad with AA Bill but the most important ones. What Next Open Source Renaissance Another remedy for people who perceive this legislation as overreach is to use Open Source software (and hardware); after all, who would a TAN or TCN be served upon? Against this is the impracticality of OS for the majority of people, and momentum in the other direction from \u201ccloud\u201d services. Going Incognito The other obvious countermeasure to things like\u00a0#aabill\u00a0is to use encryption prolifically; not only \u201con the wire\u201d, but \u201cend to end\u201d \u2013 i.e., between you and the people you\u2019re communicating with, and not\u00a0anyone\u00a0in between. Again, we\u2019re already seeing this, in messaging apps like\u00a0Signal\u00a0and\u00a0Wire. Unfortunately the design of e-mail makes it impractical for everyone to do it there; for things like file storage, it hasn\u2019t caught on very well, and the way the Web works means you\u00a0have\u00a0to trust the server. Less is More the instruments in this legislation that the \u201cinterception agencies\u201d\u00a0really\u00a0want to be using are the TARs and TANs \u2013 Technical Assistance Requests and Notices. \u201cAssistance\u201d means that they\u2019re just asking for data or a capability that the provider already has lying around. Some of that is unavoidable; such as, a Web store is always going to know what you buy, so they\u2019ll be able to give this if they\u2019re served with a TAR or TAN \u2013 which have a lower bar for oversight, as compared to TCNs. That said, a lot of what\u2019s collected isn\u2019t what you do, it\u2019s extra information \u2013 sometimes called \u201cmetadata\u201d \u2013 that helps them run their services, or is just collected in the normal process of business. Interestingly, it\u2019s not at all clear what kind of oversight applies to metadata. If consumers get nervous about these powers being misused, it might create a market for services and software that intentionally limits data collection. Australia Gets Clayton\u2019s Security An international company that serves Australia and wants to stay has another choice; it can create special, Australia-specific products and services; that way, if an \u201cintercepting agency\u201d asks for access to a non-Australian version, the company can tell them to\u00a0get f**ked\u00a0(this is Australia, after all). That Australian product (or service) is likely to have fewer guarantees around privacy and security, because it is operating in an environment that\u2019s perceived as unfriendly to them. Outsourcing Our Mates Australian companies who serve global markets, especially when they have products or services that handle lots of sensitive data (whether that be military, corporate, government or personal). After this bill companies outside of Australia will think twice before hiring someone from Australia , because that Aussie can always share the code or data with the government (he will go to jail if he doesn't) Somebody Pulls Out Some hardware vendor, software author, or service provider might perceive the risk of continuing to do business in Australia \u2013 therefore making them subject to this law \u2013 as too high, and as a result pull their business fully out of this country. What risk? The thinking goes that being subject to this legislation means that they are \u201ctainted\u201d; there might be an overreaching TCN or TAN applied, and its very limited oversight and transparency combined with the onerous secrecy measures means that overseas buyers will lose confidence. Non Compliance to AA Bill In case a company decides not to comply (which is really unlikely)\u00a0that company could face massive financial penalties for not complying with the new law.\u00a0This new bill would force tech companies to modify their existing software and service infrastructure to provide means for the government to have access to the required information. Conclusion Australia has made itself the guinea pig of the world in testing a regime to circumvent encryption. It is a highly technical experiment being conducted in real time with a legislative process yet again asked to catch up with the messiness and uncertainty of the world of crime and its concealment. It might even lower the crime or the government might come up with show-cases that due to this bill they have been able to achieve success, but what about the loopholes ? Should we let it go and see where it goes? How to know how the data is being handled who is being spied, will every data request will be only in nation's interest or maybe personal or political as well ?