McDonald's and Westfield's customers in Australia might be targeted for surveillance by authorities in accordance with the new encryption legislation.
A briefing by the Australian home affairs department, obtained under freedom of information, reveals that the Telecommunication Access and Assistance Act empowers the police to compel users' information from a wide range of companies including tech giants, manufacturers, and providers of free wifi.
The bill passed parliament in December. It immediately raised concerns of legislative overreach due to a large number of offenses punishable with three years in prison, and the tech sector warned it could harm the Australian economy. Despite warnings and the promise from Labour to amend the law, Morrison's re-election means it will continue as it is at least for this term of parliament.
In a report from The Guardian: The home affairs department's briefing mentions some examples of potential targets for technical assistance and capability notices. Law enforcement can request cooperation from many “designated communications providers”, among which there are social media giants like Facebook, Google's search engine, device providers like the Apple store, cloud computing providers, and providers of free wifi including McDonald's and Westfield. Retailers offering mobile phone apps for shopping or mobile viewing are also mentioned as possible targets.
John Stanton, chief executive of the Communications Alliance LTD, said that it wasn't a surprise to see the “enormously broad range of players” that the act classifies as communications providers.
“It's been a concern from day one. The only thing consumers will know is if there is a weakness introduced into the system, their provider won't be able to tell them about it. It's not something that would readily engender trust,” he said.
The briefing also mentions some rather disturbing details on what type of ‘assistance' law enforcement can require, including: creation of fake accounts from social media companies, increased data allowances on specific devices from mobile carriers – to spy the device without using its data allowance, messages decryption, and access to a customer's computer rack to ‘wiretap' it.
The Act doesn't allow agencies to require built-in “systemic weaknesses”. However, Stanton noted, the law suggests if agencies “require installation on every iPhone in NSW – that wouldn't be a backdoor. But by any sensible construction it would be.”