Securing Australia’s Place in Cyberspace- Encryption Policy and Cyber Threats

Joe Andrew

Technological advances often change the dynamics of international relations. When the telegram offered people the first means of near instantaneous transmissions, humanity in all our wisdom quickly utilised it for espionage. The telegram led to rampant misinformation during WWI with even real messages such as the infamous Zimmermann Telegram being doubted and used by all sides as propaganda. Much like the telegram before it, our increasing immersion in cyberspace offers new communication possibilities alongside new risks. Australia is struggling to find a coherent strategic encryption policy for the future.


Communication frameworks often reflect a nation’s political ideology. Democracies tend to emphasise freedom of speech and commerce online, with the U.S. in particular offering its safe harbour doctrine and fair use right in intellectual property. On the opposite end of the spectrum, China severely restricts communications through its ‘Great Firewall’. A nation’s approach to communication and technology can also shape the way they interact with the world. The Open Skies Treaty only exists to facilitate United States and Russian spy plane movements, and with spy satellites surpassing spy planes, neither nation sees the treaty fit for purpose. The rising concern about encryption in particular poses an important question for all people, but little commentary exists on its international implications.


Australia is fully aware of the risk posed to national security by foreign actors, as leaders are quick to remind the media and public about. Despite pleas from cyber security leaders and experts across the country, Australia continues to fumble its response. The federal government forced the CSIRO’s Data61 to disband its seL4 encryption project, passing the world leading research over to a smaller team with less funding. The same government are waging a war on civilian encryption with the Australian Criminal Intelligence Commission, falsely claiming encrypted communications are used ‘almost exclusively’ by criminals, almost implying everyone that uses Facebook is a criminal. Australia’s encryption policies fail to match up to international standards or our own cyber security vision resulting in a confused and incoherent strategy.


Coherent international cyber security policies are developing in the European Union with the 2019 EU Cybersecurity Act. The Act’s framework encourages encryption among other good cyber security practices aimed at government and private entities while understanding challenges faced by law enforcement. Over in the States, President Biden enacted an Executive Order mandating an array of cyber security and encryption measures including the formation of a cyber-attack review board. The order is consistent with an earlier guidance emphasising leadership in reforming the international rules based order to protect democracies from cyber-attacks.


Meanwhile Australia wishes to have its cake and eat it too. The Department of Home Affairs Cyber Security Strategy 2020 acknowledges the importance of encryption for businesses and consumers alike. The recommendations of said strategy however, involve the same vague platitudes about protecting Australia from sophisticated threats to justify invasions of privacy that make our data more vulnerable.


Australian leaders understand the inherently international nature of cyberspace, yet assume solutions can only be found through increasing domestic police powers. This is not a problem that can be solved by following China and making Australia a cyber police state. Rather than fighting encryption, making it pointless through back doors, the embrace of encryption offers the strongest protection from cyber-attacks. Instead of working with the tech industry and encryption experts however, the current government relies on gut reactions culminating in short-sighted solutions such as the flawed Assistance and Access Act 2018.


If Australia is going to continue its role as a middle power in the Indo-Pacific, it must enact internationally focused encryption policy rather than alienate Australia through incompetent encryption policies that sabotage commerce. There is no reason to doubt Australia’s capabilities to meet domestic security needs and fulfil international obligations to democracy and human rights. Challenges facing cyberspace globally are immense. Australia has made progress over the past five years, but there is far more work to be done. Without a unified vision involving government, industry, and civil society alike, Australia cannot hope to fulfil even its domestic cyber security goals.


Much like older technologies, Australia needs to see encryption as a technology to adapt to, not a problem to fight off. Australia must strive to be at the forefront of cyberspace commercially and securely to better shape the next generation of international norms. The telegram cannot be uninvented; nations were forced to adapt. Spy planes could not be stopped; nations agreed to regulate activities. Cyberspace fuels economies, infrastructure, and society; all facilitated by encryption. It is about time Australia takes its security seriously by working towards not only a coherent national encryption policy, but one that encourages an international cyber rules based order.

Joe Andrew is a soon-to-be Law and International Relations graduate with a focus on international technology and security policy