Session app launch show risks Australia becoming ‘tech recession’

Victoria Police in late 2023 reportedly An employee of the encrypted messaging app Session paid an unexpected visit to his apartment. Police officers entered the apartment complex without a search warrant or advance warning and knocked on the employee’s front door.

During their visit, police reportedly asked a series of questions about the app, the company and the employee’s involvement in the project. They also questioned the employee about an ongoing investigation into a particular user of the app. 404 Media. Although no information about the investigation has been made public, the Australian Federal Police (AFP) told 404 it was aware “criminals are using Session when committing serious Commonwealth offences”.

The visit came after Session employees approached by the AFP and Victoria Police via help chat messages, letters and phone calls earlier that year.

Alex Linton from the session public He expressed disappointment that the AFP chose to visit the employee at his private home rather than organizing a meeting through the company’s official and public channels.

Session is an end-to-end encrypted messaging app developed in Australia in 2018 and designed to protect against certain types of metadata tracking. presenting “absolute privacy and freedom from all surveillance”. It allows users to sign up using their 66-character account ID without providing a phone number or email address, and operates on a decentralized network that ensures servers cannot determine the source or destination of a message.

On October 15, Session announced that it would be relocating and regulated to Switzerland, a known hub for encrypted services such as Proton, Threema, Nym, VyprVPN and Tresorit, given the current regulatory environment around privacy technology and encrypted messaging in Australia. by the newly formed Session Technology Foundation (STF).

“Switzerland offers some of the most robust digital privacy regulations in the world” and “has a long-standing tradition of respecting personal privacy and encouraging technological innovation,” the STF wrote in a post. blog post. The app has confirmed it will continue to operate in Australia.

Turning point for Session’s decision to come When the Australian eSafety commissioner is introduced new changes The July 2024 Core Online Security Expectations require all online services to collect “a phone number, email address, or other identifier” from users as part of their end-user registration guidelines.

In addition, anti-terrorism laws The law, passed in 2018, gives law enforcement the authority to issue notices compelling developers to assist in investigations. This assistance may include technical measures that may require companies to build capabilities that allow law enforcement to override service encryptions. However, these powers have rarely been invoked and, if they were, neither the AFP nor the targeted services would have the authority to explain what an organization must do under the law.

“Australia has a set of bad national security laws that need to be revised because they are hostile to technological innovation and will lead Australia into tech stagnation,” said Suelette Dreyfus, a senior lecturer at the University of Melbourne’s School of Computer and Information Systems. said cricket.

Dreyfus believes Session’s decision to move to Switzerland is a major milestone that demonstrates that innovative technology providers are being driven out of the country.

“These laws are really about overreach,” he said.

“They’re basically preventing innovative start-ups from operating in Australia and encouraging them to leave because they face such a tough regulatory barrage and can’t deliver on their customers’ privacy and security commitments.”

Another problem area is mandatory data retention regimeIt is a legal framework that requires telecommunications providers to retain metadata for at least two years and make it available to law enforcement and national security agencies without any authorization, introducing significant burdens and risks for applications such as Session.

according to 2022-23 data From the Australian Communications and Media Authority Australian government agencies have authorized themselves to make 710,918 disclosures of mobile phone account metadata.

“This is very large-scale surveillance conducted without judicial oversight,” says Dreyfus. “Law enforcement can do their job without this kind of mass surveillance. It requires them to really focus and put their energy into their goals, rather than having the free time to do a wide-scale drift-net hunt on people’s data without warrants overseen by a judge.”

Finally, another important issue is data sovereignty. Australia has a national interest in based and wholly owned certain cloud providers, including messaging services, and having all services and data stored in the country.

Dreyfus concludes: “If you think it’s important as a country to have the option of using services you produce for reasons of sovereignty, then you can’t just offshore them with bad laws.”

An AFP spokesman refused to make any comment on the matter. cricket. Victoria Police did not immediately respond Crikey’s There are also requests for comments. Linton did not respond Crikey’s Requests for comments at time of publication.