Dark Web Consequences Increase from Global Rise of Police-Friendly Laws
… grow unchecked unless a global force intercedes as international cooperatives have in the past. In the event Russia were to sabotage the global internet – such as cutting underwater cables or some other large-scale interference – Russia could still operate unaffected on its own internet. However, cutting off the rest of the world could have global consequences.
CFMI: And now Australia, which sounds like the odd man out given it’s a Western democracy. What’s happening there?
CW: Australia is basically doing what Vietnam is doing. Many Americans are shocked at that because Australia is a member of the “5 Eyes” alliance, which seeks to counter China and other foreign interference and influence. The assumption is that none of the members of that alliance would do anything to jeopardize user privacy. Yet Australia now has a strict and dangerous new cybersecurity law that provides on-demand access to encrypted data via a backdoor for law enforcement.
The risks: One of the scariest things in that law is that officials can make demands for data on individuals within a company rather than on the institution. They can force the engineer or IT administrator in charge of vetting and pushing out a product’s updates to undermine its security. Companies that fail or refuse to comply with these orders will face fines of up to about $7.3 million. Individuals who resist could face prison time.
Australia’s new law compels a company to weaken its product security for law enforcement, and in so doing creates a backdoor that will exist universally and be vulnerable to exploitation by criminals and governments outside of Australia. It’s just a matter of time before threat actors figure out how to exploit those backdoors.
Companies that are asked to provide exceptional access might turn off end-to-end encryption, deactivate “encryption on by default,” disable smartphone “kill switches” or take away users’ sole ability to decrypt their smartphones. These are the very features that have vastly improved security and privacy for millions of users throughout the Asia-Pacific region.
CFMI: What are the global implications of these trends combined?
CW: Here are a few global implications and risks that companies and their security providers must take into consideration because of the passing of all these new laws:
- The possibility that you are effectively handing over your data and your customers’ data to a foreign government.
- That you could be handing over the crown jewels as well — details about deals in progress, trade secrets, intellectual property, pending patent applications and so on.
- You may have to make damaging disclosures to clients and customers; you’ll need to disclose all these risks to customers and even vendors that may not want to work with you because of these risks.
- There could be expensive new requirements burdening your physical infrastructure — such as complying with the demands that data be stored in the county/countries where users live.
- The loss of information and knowledge of consumer behavior as more users dive underground (dark web, cryptocurrencies and so on) to avoid detection, tracking, and even arrests.
For further information from Wright’s presentation, take a look at her slide deck.