- Encryption technologies have fundamentally changed the way people transmit data, reducing the capacity of law enforcement and intelligence agencies to access information.
- Relying on the private sector to provide agencies with plain text information is no longer productive, yet legislation and frameworks have not caught up.
- Undermining the integrity and security of encryption by mandating the creation of access points in software creates an unacceptable risk to all information security.
- Due to the incompatibility of current technologies and legislation, Australian law enforcement and intelligence agencies may need to operate in a grey area which lacks legislative direction. Regardless of their professionalism, this introduces risks for information security and human rights.
- The fundamental legal and moral approaches to collection of encrypted information need to be reconsidered to balance community trust and public confidence with the ability to deploy sophisticated decryption technologies.
- Governments should transparently review the principles behind collection of encrypted information to ensure community trust and ethics are balanced with agency capability needs.
- Legal changes are required to codify the powers and thresholds under which law enforcement and intelligence agencies can circumvent strongly encrypted devices.
- Relevant legislated oversight mechanisms should be put in place, modelled upon currently applicable intelligence oversight.