Session and Australia’s Laws to Circumvent Secure Communications

Governments around the world are seeking backdoors to access encrypted communications, and building secure tech infrastructure and tools, such as the Session messaging app, has meant that we have kept a very close eye on the evolving laws that aim to govern the work we do and the products and services we are creating. 

Rest assured – the Session messenger and the underlying Loki Network is secure. There are no backdoors. The code is open-source, so anyone can see how it works and make sure there’s no malicious surveillance happening. 

Australia’s controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 does give authority to a number of government agencies to provide ‘designated communications providers’ with ‘technical assistance requests’ or ‘technical assistance notices’. 

What this means for example, is that Australia’s intelligence services can compel Loki to develop tools that can be used to investigate specific targets. However, what is most important is that the request or notice cannot force Loki to build or install “a systemic weakness or systemic vulnerability” in to our network or our products. 

The Session messenger is permissionless. There is no immediate way for us or anyone else to know the identity of our users. Because of the network’s open nature, any party can easily gain access to it and request all kinds of information. This includes us, intelligence agencies, or any other curious party. However, because it is all end-to-end encrypted, and uses onion routing to store and retrieve messages, no one is able to piece together who is talking to who or what is actually being said.  Technical assistance notices don’t make a lot of sense in the context of Session or the Loki Network, as we, nor anyone else has the ability to identify users and decrypt their messages.The only way requests or notices would be useful to anyone is if we were to introduce a systemic weakness, which we can not legally be compelled to under current law. 

Session has access to lawyers and works closely with industry partners and digital rights groups to ensure we are on top of the law and also working with our peers to advocate for laws that protect users and give confidence to the tech industry in relation to data encryption and digital privacy. 

We understand the double-edged nature of the secure communications tools we are building, but as many others have argued and pointed out, the right to freedom of expression and privacy is vital for a healthy democracy, and it is something we will continue to promote and defend.