Key points:

• Encryption technologies have fundamentally changed the way people transmit data, reducing the capacity of law enforcement and intelligence agencies to access information.
• Relying on the private sector to provide agencies with plain text information is no longer productive, yet legislation and frameworks have not caught up.
• Undermining the integrity and security of encryption by mandating the creation of access points in software creates an unacceptable risk to all information security.
• Due to the incompatibility of current technologies and legislation, Australian law enforcement and intelligence agencies may need to operate in a grey area which lacks legislative direction. Regardless of their professionalism, this introduces risks for information security and human rights.
• The fundamental legal and moral approaches to collection of encrypted information need to be reconsidered to balance community trust and public confidence with the ability to deploy sophisticated decryption technologies.

Policy Recommendations:

• Governments should transparently review the principles behind collection of encrypted information to ensure community trust and ethics are balanced with agency capability needs.
• Legal changes are required to codify the powers and thresholds under which law enforcement and intelligence agencies can circumvent strongly encrypted devices.
• Relevant legislated oversight mechanisms should be put in place, modelled upon currently applicable intelligence oversight.