Labor and the government have come to an agreement over new laws that will make it easier for police and Australia's spy agencies to bypass encrypted communications apps like WhatsApp and iMessage to intercept messages.
The legislation would require tech companies to help law enforcement access the encrypted communications people are making on their platforms or devices, if those people are being investigated for serious crimes, including but not limited to terrorism offences.
Last week Labor told the government it was not prepared to pass the legislation in its current form, due to widespread concern from the tech companies, civil liberties groups, lawyers and others that it would weaken security for everyone using encrypted communications in Australia.
Shadow attorney-general Mark Dreyfus has spent this week in negotiations with attorney-general Christian Porter to have the bill passed before parliament finishes for the year on Thursday.
BuzzFeed News understands that on Tuesday afternoon, Labor agreed to support the legislation with amendments, and the laws will pass the parliament later this week.
Among the amendments will be limiting when law enforcement can force tech companies to help develop methods to get past encryption to just those cases involving serious crime including drug, homicide and child sex offences. Under the current legislation, it is much broader, including crimes above three years in jail. This could include the recently-passed strawberry spiking crime.
One of the major issues that tech companies and legal experts raised is that the legislation in its current form doesn't want companies to create what is called a "systemic weakness". The problem is, "systemic weakness" isn't defined in the legislation, so it isn't clear what that would be, exactly.
For instance, the Department of Home Affairs said in submissions to parliament that a weakness that would affect every user of an app (like, for example, something that made everyone's password visible, or gave the key to everyone's encrypted chats) would be a systemic weakness, but a function that allowed law enforcement access to one person's phone would not be considered a "systemic weakness", even if that function could then be applied to every other device and have the same effect.
"So long as the capability is held in reserve it does not jeopardise the security of other users and is not a systemic weakness," the department stated.
BuzzFeed News understands the government has agreed to explicitly define "systemic weakness" in the legislation.
The notices issued to companies to force them help law enforcement would also need the approval of both the attorney-general and the minister for communications, under the changes, whereas only the attorney-general had to sign off before.
And in situations where tech companies argue that what they're being asked to do would create a systemic weakness, a judge and a technical expert would both need to sign off on it.
Dreyfus said in a statement there were still issues with the legislation, even with Labor's agreed changes.
"Let me be clear – this bill is far from perfect and there are likely to be significant outstanding issues. But this compromise will deliver security and enforcement agencies the powers they say they need over the Christmas period, and ensure adequate oversight and safeguards to prevent unintended consequences while ongoing work continues – just as Labor proposed," he said.
The legislation will continue to be examined by a parliamentary committee next year.
Josh Taylor is a Senior Reporter for BuzzFeed News and is based in Sydney.
Contact Josh Taylor at email@example.com.
Got a confidential tip? Submit it here.