Australians who won’t unlock their phones could face 10 years in jail

The Australian government wants to force companies to help it get at suspected criminals’ data. If they can’t, it would jail
people for up to a decade if they refuse to unlock their phones.

The country’s Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people
who refuse to unlock their phones for the police. Under Australia’s existing Crimes Act, judges could jail a person for two
years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn’
t strong enough.
The Bill takes a multi-pronged approach to accessing a suspect’s data by co-opting third parties to help the authorities. New
rules apply to “communication service providers”, which is a definition with a broad scope. It covers not only telcos, but
also device vendors and application publishers, as long as they have “a nexus to Australia”.

These companies would be subject to two kinds of government order that would compel them to help retrieve a suspect’s
information.

The first of these is a ‘technical assistance notice’ that requires telcos to hand over any decryption keys they hold. This
notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own
encryption keys.

But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second
kind of order called a technical capability notice. It forces communications providers to build new capabilities that would
help the government access a target’s information where possible.

In short, the government asks companies whether they can access the data. If they can’t, then the second order asks them
to figure out a way. Here’s a flowchart explaining how it works.