Last week, Australia’s parliament passed a new law that theoretically allows the country’s government to compel tech companies to assist law enforcement agencies by modifying software, should that be needed for officials to retrieve whatever information it is they want.
This so-called “technical capability notice” is the most controversial part of the law, which critics fear will allow the Australian government to essentially mandate backdoors to encryption software like secure messaging apps, or mobile devices like the iPhone.
Open Whisper Systems, the organization that makes the popular Signal encrypted messaging app, has now come out with a strong statement against the law: “We can’t include a backdoor in Signal,” developer Joshua Lund wrote in a blog post published on Signal’s official site on Thursday.
“By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars,” Lund added. “The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom.”
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
As we wrote in the Motherboard Guide to Not Getting Hacked, Signal is one of our favorite messaging apps for security and privacy. Millions of people around the world use the app. And the company’s statement is a well-argued reaction to the law that sends a clear message: Signal would rather have the app banned than comply with an overreaching order.
“Although we can’t include a backdoor in Signal, the Australian government could attempt to block the service or restrict access to the app itself. Historically, this strategy hasn’t worked very well. Whenever services get blocked, users quickly adopt VPNs or other network obfuscation techniques to route around the restrictions,” Lund’s post concluded. “This doesn’t seem like smart politics, but nothing about this bill seems particularly smart,”
Signal isn’t alone there either. Apple, Google, Microsoft, and other tech giants have already sent a strong-worded letter condemning the bill.
And it’s not just rhetoric. What Signal is saying here is that it can’t, at a technical level, comply with orders to turn over the encrypted content of messages sent over the app. And according to critics, therein lies the danger of Australia’s bill, which has yet to become law. Will it allow the country-continent, home to nearly 25 million people, to compel Apple to create a one-off version of its operating system to get into, say, a terrorist’s phone?
At this point, no one knows for sure. But privacy-minded companies and organizations are already fearing, and speaking against, this worst case scenario.
Listen to CYBER, Motherboard’s new weekly podcast about hacking and cybersecurity.