Mozilla fears encryption law could turn its employees into insider threats

Mozilla has told the Australian government that its anti-encryption laws could turn its own employees into insider threats.

The Mozilla Corporation, which is the arm of the Mozilla Foundation that develops and maintains its software, made the striking warnings in a letter to the country’s government last week.

The letter, written to the Parliamentary Joint Committee on Intelligence and Security, criticises the country’s controversial Telecommunication & Other Legislation Amendment (Assistance & Access) Act of 2018 (TOLA).

TOLA is Australia’s attempt to provide the government with access to encrypted communications. It enables the authorities to ask technology companies nicely for help decrypting a user’s communications, using an order called a technical assistant request (TAR). If they are technically able to help but don’t want to, the government can force them to with an order called a technical assistance notice (TAN).

What about companies that don’t want to help and say that they couldn’t anyway because their own technology stops them from giving up customer communications? In this case, the law allows the government to issue a technical capability notice (TCN). This forces the company to alter its systems to make them more, um, co-operative.

In its letter, Mozilla frets that TOLA’s language allows authorities to make these requests of individuals rather than of the companies they work for (otherwise known as designated communications providers, or DCPs). It says:

It is easy to imagine how Australian authorities could abuse their powers and the penalties of this law to coerce an employee of a DCP to compromise the security of the systems and products they develop or maintain.

It also warned that this would effectively force companies to treat Australian employees as potential saboteurs:

This potential would force DCP’s [sic] to treat Australia-based employees as potential insider threats, introducing another vector for compromise…

This problem is exacerbated by the fact that employees targeted with TOLA orders aren’t allowed to tell anyone, Mozilla added. It worries that this could enable the government to force an Australian employee to introduce weaknesses in code and then keep those changes secret.

According to Mozilla, TOLA’s danger is compounded by the fact that TCNs don’t require review from a judge, or from ministries outside the Attorney General’s office. TOLA powers can be delegated to relatively low-level government employees, the company warned:

Providing these powers to any police officer in Australia is irresponsible, risks the dangerous overuse of TOLA’s powers, and in doing so demonstrates a cavalier attitude toward the privacy and security of users in Australia and abroad.

TOLA powers can be delegated to foreign governments too, with what Mozilla calls “utterly insignificant safeguards”.

Mozilla raised its concerns and recommended ways to mitigate them but prefers another option. It said:

We do not believe that this law should have been passed in the first place, and we believe the best possible path is to repeal this legislation in its entirety and begin afresh with a proper, public consultation.

The software company wasn’t the only one to raise concerns. FastMail, an Australian email provider that prides itself on secure email services, worried in its own letter that government access to encrypted communication would damage consumer trust.

FastMail also argued that keeping a TCN secret wasn’t technically possible anyway. Weaknesses introduced via TCN would be detectable and would have to be understood by the whole team to avoid them being accidentally neutralised, it pointed out, adding:

TOLA’s requirements for secrecy put all companies which are built on a trusted relationship with their customers at risk. To conclude that additional capabilities built under TCN can be kept a secret, whether from staff or customers, is naive at best.

Of the 343 submissions that the Australian government received during the public comment period before it passed TOLA, only one was favourable, according to the Economist. The director general of the Australian Signals Directorate responded with a rare public statement supporting the law.