Apple is hardly the only tech company that could feel the impact of the Australian law. Anyone with a website is considered a communications provider, subject to the law. Any company that “provides an electronic service that has one or more end-users in Australia” is required to comply.
A long list of companies meets that description, such as smartphone makers and Facebook and its WhatsApp messaging service.
“Once WhatsApp, for example, builds a system at the behest of the Australians, everyone gets to use it,” said Nate Cardozo, the senior information security counsel on the Electronic Frontier Foundation’s legal team, who has studied the new law.
The law allows government agencies like the Australian Secret Intelligence Service or the Australian Federal Police to compel tech companies to install software on a user’s device to get around encryption. It can also compel the company not to alert the user.
“So if WhatsApp gets one of these notices and does not comply, they’re subject to asset seizure and even hypothetically having executives hauled into jail for contempt if they refuse to do so,” Mr. Cardozo said.
There is confusion about other secrecy requirements of the law. For example, would it require employees who received requests to keep them secret from their employers? The Australian Department of Home Affairs, which coordinates strategy and leadership of the country’s national security policy, says it would not. But security experts at the Electronic Frontier Foundation and at companies like the password manager 1Password say it is actually unclear.