Stilgherrian is a long time IT journalist in Australia and trustworthy source for news. This article details the laws that Australia has passed.
Link: What’s actually in Australia’s encryption laws? Everything you need to know | ZDNet – https://www.zdnet.com/article/whats-actually-in-australias-encryption-laws-everything-you-need-to-know/
In some ways, these laws are reasonable as they attempt to extend the existing legal privileges a government has to maintain order in a society. Principles of legal interception as approved by judges have been around for decades and are key to practical and cost effective law enforcement.
The most controversial part is the “frameworks for voluntary and mandatory industry assistance to law enforcement and intelligence agencies” to help government access the content of encrypted communications.
Media technology companies like Facebook, Twitter & Google have strenuously resisted engaging with governments. It’s true that encryption must be protected and once broken is damaged beyond use but its also true that data is often stored on servers or law enforcement could be silently added to a chat session and so on.
So the law accepts this and specifies that is not required and nor is it acceptable to weaken encryption:
They cannot ask a provider to “implement or build a new decryption capability”, or “render systemic methods of authentication or encryption less effective”, or introduce a “selective” vulnerability or weakness that would “jeopardise the security of any information held by any other person”, or create “a material risk that otherwise secure information can be accessed by an unauthorised third party”.
I’ve always wondered if the tech media companies resisted this because of the costs. They do so enjoy their oversized profits with the least amount of effort.
The principles of the legislation are reasonable. But like everything in technology particularly, the devil is in the details.