The new law, which has been pushed for since at least 2017, requires that companies provide a way to get at encrypted communications and data via a warrant process. It also imposes fines of up to A$10 million for companies that do not comply and A$50,000 for individuals who do not comply. In short, the law thwarts (or at least tries to thwart) strong encryption.
Companies who receive one of these warrants have the option of either complying with the government or waiting for a court order. However, by default, the orders are secret, so companies would not be able to tell the public that they had received one.
“It’s a big deal,” Adam Molnar, a lecturer in criminology at Deakin University in Australia, told Ars.
However, the law as currently written seems to contain what some view as a loophole. The statute says that companies cannot be compelled to introduce a “systemic weakness” or a “systemic vulnerability” into their software or hardware to satisfy government demands.
In other words, the new law is just as confused as the notion of having a “safe” backdoor past encryption.