Encryption battle plays out in Australian Parliament

Man holding smart phone with data security on display at office
(Image credit: Getty Images)

An Australian committee report has outlined that public servants should retain records about government decisions, including messages sent via encrypted messaging or social media apps.

The report was published by the Parliamentary Joint Committee on Public Accounts and Audit this month. Although there are calls to strengthen existing legislation, the report didn’t support any changes or recommendations to the way the government keeps records of its communications.

David Fricker, the National Archives of Australia (NAA) director-general, explained in the inquiry that the Archive Act defines a “Commonwealth record” as being “a record that is the property of the Commonwealth.” He noted, however, that WhatsApp and Facebook are not the property of the Commonwealth. Fricker underlined that the increasing use of third party non-government, non-Australian platforms for the conduct of official business is a pressing issue for the NAA.

“I would like to see our legislation modernised, first and foremost, to embrace a more 21st-century definition of a Commonwealth record, one that incorporates a message sent on WhatsApp, for example,” he said at the inquiry in April last year.

NAA guidance explains that public servants should keep a record of what they’ve done. If encrypted messages are sent through WhatsApp, Signal, or Telegram, then the responsibility is on the user to make sure a copy is saved without encryption and put into the Commonwealth record-keeping system.

However, Fricker underlined that no transfers of social media records from Commonwealth government agencies or ministerial offices have been received by the NAA yet. He added that initial planning discussions are underway with some agencies over this topic.

The director general was asked if there were any penalties in place for entities, public servants, or ministers who failed to supply encrypted messages and keep a record as required. Fricker said that under the Archives Act, the only breach is to engage in conduct that leads to the deterioration, loss, or alteration of a Commonwealth record. If the record is never made in the first place then there isn’t any penalty available through the Archives Act.

Fricker confirmed that advice has been sought on the definition of the Commonwealth record, as in the act the powers in his office are limited to records that are the property of the Commonwealth. NAA has provided advice to the Attorney-General’s department on this matter and is in active discussion to bring the law into the 21st century, he added.

The committee has failed to acknowledge in its findings the evidence received that the Archives has received few or no records of social media or encrypted messages from public servants or ministers, said Julian Hill, Labour minister and deputy chair of the committee.

“Dancing around this evidence and failing to make a finding doesn’t change the fact this is a Government addicted to secrecy, and that the definition of Commonwealth record requires updating to ensure government records made or transmitted via modern forms of communication are captured,” added Hill.

Hill said the committee could have gone further by providing recommendations to the government like providing a more modern definition of “Commonwealth Record” and addressing gaps in rules and policy guidance to make sure encrypted messages and social media that relate to government decision making are retained.

How does this compare to the UK?

Overall, the UK government has supported the use of encryption but has attempted to implement measures that would allow it to bypass barriers to accessing secured data if it needed to. The government has said that end-to-end encryption inhibits law enforcement’s ability to gather data that could lead to the protection of vulnerable individuals.

In April 2021, Priti Patel said that Facebook’s plan to implement end-to-end encryption is likely to jeopardise the progress in fighting online child abuse. The same fears were raised, that the technology could hinder law enforcement efforts to track down and arrest child abusers.

Despite the Australian parliament calling for more transparency when it comes to ministers’ communications, the country also passed a controversial surveillance bill last year. It granted the authorities extensive new powers, more than any of its allies like the UK or US has, which is said to take surveillance of citizens to the next level. Citizens are said to have their communications listened to, data on their computers altered, copied, added, or deleted, and their social media accounts closed and their identities impersonated.

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.