Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The CEO of secure messaging app Signal has said the company would withdraw from Australia if the government was to continue its push towards backdoor access to encrypted social media user data.
As originally reported by The Australian, Signal CEO Meredith Whittaker said that if the government forces it to become a “gangrenous foot” by demanding it hand over the encrypted data of its users to government authorities, she is prepared to withdraw the app from Australia.
The director general of the Australian Security Intelligence Organisation (ASIO), Mike Burgess, has pushed for tech giants to allow law enforcement access to encrypted messages to assist in investigations into national security matters, adding that secure platforms like these are used by extremists.
Last year, Burgess and AFP Commissioner Reece Kershaw accused social media giants of refusing to out extremists, claiming that social media “is not above the rule of law”.
However, speaking with The Australian, Whittaker said that a government gateway to private encrypted data undermines the very reason for Signal’s existence, which is minimal collection of user data and a prioritisation of security and privacy.
“You could come to my house, put a gun to my head, saying, ‘give me the data’. I could not give you the data. You would have to shoot because I don’t have it. I don’t have access to it,” Whittaker said.
“Our commitment to end-to-end encryption, maintaining robust, technically guaranteed privacy for everyone who uses Signal, never wavers. That’s the reason we exist.
“Our ability to make good on that commitment, for the people of Australia who depend on our services – often for very high-stakes communication where there is real risk involved – does face threats from legislation.”
Whittaker also highlighted a case in which a similar law enforcement backdoor violated the human rights of one individual – Jessica Burgess.
Burgess, who is based in Nebraska in the US, was sentenced to two years in jail in 2023 after she assisted her 17-year-old daughter in getting an illegal abortion. The prosecution used Facebook messages that were handed over by Meta as evidence.
“She helped her daughter obtain and deal with the aftermath of abortion care … after the Supreme Court’s Dobbs ruling allowed Nebraska to criminalise access to reproductive care,” Whittaker said.
“And why was she convicted? Because Meta turned over her Facebook DMs that were used as key evidence.”
Whittaker also said that, as communication through apps like Signal does not have geographical and legislative borders, the backdoor would create security risks for those in other jurisdictions speaking with Australians.
“It is very serious, because a back door in one part of a network that is interconnected across the world undermines the entire network that becomes the vector through which the privacy of people’s communications can be attacked.
“And for many people, private communication is the difference between life and death. A regime that has power over you and can see what you’re talking about – can see what you’re co-ordinating with your fellow dissidents, can see materials that you are planning to blow the whistle about, the stakes could not be higher,” Whittaker said.
However, if Australia goes ahead with the backdoor, Whittaker said that she will have no choice but to take the extreme measure of withdrawing Signal from the Australian market.
“Let’s hope Australia doesn’t become a gangrenous foot. Ultimately, we would hurt the people who rely on us if we leave a market – we don’t do that lightly. There are hundreds of thousands, millions, of people in Australia who rely on Signal,” she said.
“So we would only do that as a last resort. But again, we must do it because if you let the gangrene spread, you poison the body.”
In March, the UK government ordered Apple to allow it access to encrypted user data to assist in investigations, leading to Apple removing its Advanced Data Protection (ADP) from its secure cloud storage.
While Apple’s standard level of encryption allows access with a warrant, ADP is its most secure privacy measure and prevents even Apple from accessing, using the opt-in security feature for encryption.
The UK demanded access to the data of Apple users for cases of national security threats.
Rather than comply with the order, Apple created a “backdoor” tool to allow the UK to access it. The tech giant said it was disappointed in having to remove ADP for the UK and that it maintains it is against compromising user security.
However, Apple then appealed the order to the Investigatory Powers Tribunal. The appeal, despite the requests of the US and its lawmakers, was held privately.
The US was concerned that a backdoor into Apple’s encrypted data storage would allow UK law enforcement to access US data. It was also critiqued for potentially breaching a US/UK data agreement.
Jim Jordan, US House Judiciary chair, and Brian Mast, Foreign Affairs chair, warned in a joint letter that the backdoor could create security risks.
“Creating a backdoor into end-to-end encrypted systems, as the [UK backdoor order] does, introduces systemic vulnerabilities that can be exploited by malicious actors, including cyber criminals and authoritarian regimes,” the two wrote to UK Home Secretary Yvette Cooper.
“These vulnerabilities would not only affect UK users but also American citizens and others worldwide, given the global nature of Apple’s services.”
Jordan and Mast also requested that the US Department of Justice be made privy to the order so that they can determine whether it breaches a CLOUD Act agreement between the two nations that blocks the two nations from requesting data be decrypted. This would mean that Apple would be committing a criminal offence by following the order.
“We urge the Home Office to reconsider the issuance of TCNs that require the weakening of encryption, as such measures conflict with international human rights standards, including the European Court of Human Rights’ ruling that undermining encryption violates privacy rights,” said Jordan and Mast.
Be the first to hear the latest developments in the cyber industry.
