Malcolm Turnbull's Favourite Encryption App Doesn't Think His New Legislation Can Be Enforced

    The company behind the app Turnbull used to message Kevin Rudd doesn't think his new encryption legislation will be enforceable on tech companies not based in Australia.

    Plans to force tech companies to build software for Australian law enforcement to get past encryption on communications would not be enforceable on companies based overseas, according to Wickr.

    On Tuesday, the federal government called for comment on proposed legislation that would force tech companies to help law enforcement get past the encryption in a number of ways without explicitly building a backdoor that would undermine encryption.

    That might include helping to install software over the top that would capture messages before they are encrypted, or help law enforcement agencies to build their own systems to beat encryption.

    But Wickr, which operates an end-to-end encryption app, doesn't think the government will be able to force companies outside of Australia such as Wickr to comply with the proposed legislation.

    "At this point, it’s difficult to see how this can be implemented and enforced, particularly for providers outside of the country," CEO Joel Wallenstrom told BuzzFeed News.

    "We have grave concerns about the weakening of strong encryption and the mandate that technology companies comply in yet to be determined manners to open up access to user information."

    In 2016 former prime minister Kevin Rudd revealed he had been using Wickr to speak to prime minister Malcolm Turnbull about Australia supporting his bid for the top job at the United Nations. BuzzFeed News attempted to obtain those communications using Freedom of Information law, but Turnbull's office said the communications no longer existed.

    Wallenstrom said the company was also concerned that there was a lack of judicial oversight over the proposed procedures. Under the proposed legislation judges or Administrative Appeal Tribunal members would sign off on "technical assistance notices" to force tech companies to comply and supply law enforcement with required information. But the defined list of what agencies can ask for is generic enough that judges might not know in full what is being sought.

    The "list of things" companies could be required to do:

    Wallenstrom said Wickr would comply with proper legal process but reiterated that the design of Wickr means that only the users, not Wickr, hold the keys to the encrypted communications. So the government would not be able to get hold of them.

    "We appreciate the challenges facing law enforcement in utilising digital evidence and we welcome the opportunity provided to the public and the industry to offer our input on this legislative proposal," Wallenstrom said.

    The government is consulting on the legislation until mid-September.