Open letter urging Australian government to protect encryption with revision of Online Safety Act.

Australia could be the first of the Five Eyes to abolish end-to-end encryption.

Australia could be the first of the 5 Eyes to abolish end-to-end encryption - will others follow?

At Tuta, we are committed to safeguarding the privacy and security of your digital communications. Today, we are announcing our endorsement of a crucial joint statement urging the Australian government to protect end-to-end encryption in the statutory review process of the Online Safety Act.


Importance of end-to-end encryption

End-to-end encryption is vital for ensuring the safety, security, and privacy of millions of Australians. Security experts agree that it’s not possible to break encryption for the “good guys only”. The demand to break encryption so that law enforcement can monitor all online data for potential criminal activity puts the security of all us at risk.

Yet, the Australian government keeps ignoring these warnings and could become the first member of the Five Eyes Alliance to pass a law that outlaws end-to-end encryption: The ongoing statutory review of the Australian Online Safety Act has wrongly characterized end-to-end encryption as a hindrance to online safety and law enforcement.

Impact of weakening encryption

Failing to protect end-to-end encryption will undermine the fundamental rights to privacy and free expression. Australian politicians are planning to introduce a general duty of care to the act, explicitly without encryption safeguards, which will pressure service providers tocompromise the confidentiality of encrypted communications, enabling widespread surveillance.

A call to action

We strongly urge the Australian government to utilize the Online Safety Act review process to correct its course and actively support the use of end-to-end encryption. This would not only benefit individuals and businesses but also align with the overarching goals of the Online Safety Act. In addition, by protecting strong encryption and citizen’s right to privacy, the government would be in line with what their own public wants. In 2023, the Australian government published a study that shows how desperately Australians want privacy and how they are frustrated by the lack of privacy protections.

Continuing battle for privacy

This open letter comes at a difficult time as encryption is under pressure in many parts of the world. This, however, makes us even more committed to continuously push for digital privacy and security.

Earlier this month, we signed a joint statement defending end-to-end encryption in the EU - which was under threat again by Chat Control, butyesterday failed to get the needed majority in the EU Council! Now we are hoping to having a similar impact on the reviewing process of the Australian Online Safety Act.

In 2021, Australia already pushed through the Australian Surveillance Legislation Amendment (Identify and Disrupt) which gives sweeping surveillance powers to the police and law enforcement. Now we must make sure that the legal situation in Australia does not get worse – if it does, Australia could become the pioneer mass surveillance state for the entire Five Eyes Alliance.

Prominent hacks like the recent Microsoft China hack where Chinese hackers were able to get hold of ~60,000 emails from the US government officials show that only encryption can keep us and our data safe. That’s why we must continue to fight for encryption!

At Tuta, we remain steadfast in our commitment to protecting end-to-end encryption and the privacy of digital communications. We believe that robust encryption is essential for keeping our online communication private and confidential.

We call on the Australian government to recognize the critical importance of end-to-end encryption and to ensure its protection in the Online Safety Act.


Official open letter

Joint statement urging the Australian government to protect end-to-end encryption in the statutory review process of the Online Safety Act, published by Access Now.

End-to-end encryption plays a crucial role in ensuring the safety, security and privacy of millions in Australia. However, the statutory review of the Australian Online Safety Act erroneously characterises end-to-end encryption as an obstacle to online safety and law enforcement, instead of recognising that it is essential for online security and weakening it reduces safety for all.

The Online Safety Act risks becoming forever known as the Online ‘Un-safety’ Act if strong protections for communications and storage secured by end-to-end encryption are not included in the Act. Without clear protections, the eSafety Commissioner may soon issue industry standards under the Australian Online Safety Act that effectively force service providers to weaken or circumvent end-to-end encryption to monitor and intercept communications.

These measures would weaken the security, confidentiality and integrity of communications while they are transmitted or in storage. A failure to safeguard end-to-end encryption will make all Australians and people around the world less safe, not more.

Further, the addition of a general duty of care to the Act, without safeguarding encryption, suggests compelling service providers to remove or circumvent the confidentiality of end-to-end encryption in order to meet their duty of care obligations. This would pave the way for pervasive surveillance and damage online safety as well as the human rights to privacy and free expression.

End-to-end encryption not only protects children from bad actors harvesting their personal data or intercepting and taking over their communications – it also protects children by preventing their personal data from being used for profiling and advertising.

We urge the Australian government to utilise the Online Safety Act review process to course correct and actively protect and encourage the use of end-to-end encryption. Doing so would benefit people, businesses, and governments and would be crucial to achieving the goal of the Online Safety Act.

Signatories:

Access Now

ARTICLE 19

Assembly Four

Bangladesh NGOs Network for Radio and Communication

Betapersei S.C.

Big Brother Watch

Blacknight Internet Solutions Ltd (Blacknight)

Center for Democracy & Technology

Collaboration on International ICT Policy for East and Southern Africa (CIPESA)

Connect Rurals

Cybersecurity Advisors Network (CyAN)

cyberstorm.mu

Digispace Africa

Digital Rights Watch

Electronic Frontier Finland

Electronic Frontiers Australia

Encryption Europe

Fight for the Future

Gate 15

Global Partners Digital

Human Rights Journalists Network Nigeria

Inclusive Design Institute / WebQ

Internet Australia

Internet Freedom Foundation

Internet Governance Project

Internet Society

Internet Society Ethiopia Chapter

Internet Society Guatemala Chapter

Internet Society Tanzania Chapter

Internet Society UK England Chapter

JCA-NET(Japan)

Keexle

LGBT Tech Mozilla

Myntex

New America’s Open Technology Institute

OpenMedia

Organization for Digital Africa

Parsec

Phoenix R&D GmbH

Privacy & Access Council of Canada

Proton

Quilibrium, Inc.

SecureCrypt

SeeZam S.A.

Software Freedom Law Center India (SFLC.in)

Surfshark

Tech for Good Asia

The Tor Project

Three Steps Data

Tuta

West Africa ICT Action Network

West African Digital Rights Defenders coalition