The eSafety regulator has stressed in an associated discussion paper it “does not advocate building in weaknesses or back doors to undermine privacy and security on end-to-end encrypted services”.
But privacy and security groups argue the draft standards, as written, could allow the eSafety commissioner to force companies to compromise encryption to comply.
Andy Yen, the founder and chief executive of Proton, told Guardian Australia the proposed standards “would force online services, no matter whether they are end-to-end encrypted or not, to access, collect, and read their users’ private conversations”.
“These proposals could not only force companies to bypass their own encryption, but could put businesses and citizens at risk while doing little to protect people from the online harms they are intended to address,” he said.
A spokesperson for the eSafety commissioner said Inman Grant welcomed feedback on the draft standards – including on the technical feasibility exception.
“Having mandatory and enforceable codes in place, which put the onus back on industry to take meaningful action against the worst-of-the-worst content appearing on their products and services, is a tremendously important online safety milestone,” Inman Grant said.
The original article contains 468 words, the summary contains 187 words. Saved 60%. I'm a bot and I'm open source!
Technically maybe, but not necessarily. This is tactic that executives use all the time to force their employees to do illegal, or unethical actions, without ever telling them to.
For example, Wells Fargo executives didn't tell their bank employees to commit fraud, but they set their sales targets such that the ONLY way to reasonably achieve them was to defraud their customers.
However, I didn't read the actual white paper, so maybe it does explicitly say backdoors need to be built.