Australia recently passed the so-called Assistance and Access Act. This law (correctly) has many digital security and privacy experts worried. We'd like to offer some preliminary remarks on how it may impact the privacy and security of 1Password customers and how it may affect the way we work.
Even at this early stage we can remind everyone that we do not currently, and will not introduce back doors into our products, and we will continue to operate in a way that would make it difficult for a back door to be inserted.
Our remarks on the Assistance and Access Act (discussed under the hashtag #aaBill) must be preliminary at this point. There is a great deal of vagueness in the law in its current form, and we do not know how it will be interpreted and used when it goes into effect into effect. Nonetheless there are a number of things that we can clearly (re)state now.
We don't like back doors
A back door is a deliberate and hidden weakness in a system that is designed to allow certain people to bypass the security of the system. We have argued on multiple occasions that not only do back doors weaken security for everyone, but that a system in which a back door can (easily) be inserted is inherently weaker than a system in which a back door cannot (easily) be inserted.
This fact plays an important role in the design of 1Password and in how we build it. It is not that we are particularly worried about government-compelled back doors in practice. Instead, it is just a consequence of good security practices. The goal is not to specifically deny government lawful access; instead the goal is to protect people from criminal access, malicious insiders, accidental information disclosure, and a host of other things people have the right to be protected from. We are not trying to protect criminals from prosecution; we are trying to protect our customers from criminals.
It is impossible to offer 100% guarantees against insider attacks, but as we wrote five years ago (and recently updated), we do a number of things that make it substantially harder for back doors to be inserted into 1Password without detection. There is always room for improvement, and that improvement is an ongoing process.
Compelled insider attackers
Correction 14 December, 2018: My commentary below appears to be based on a misunderstanding of the law. The law, as passed, does not appear to authorize the government to compel an employee to surreptitiously work against our interests and without our knowledge. As always, the precise interpretation of the law will be determined by practice and courts, and so no one truly knows what it will mean. However, my error was large enough that it does need correction. Stilgherrian has written a good discussion clarifying #aaBill.
One of the most disturbing things about the Assistance and Access Act is that it apparently
authorizes the Australian government to compel someone subject to its laws to surreptitiously take actions that harm our customers’ privacy and security without revealing that to us. Would an Australian employee of 1Password be forced to lie to us and do something that we would definitely object to?
We do not, at this point, know whether it will be necessary or useful to place extra monitoring on people working for 1Password who may be subject to Australian laws. Our existing security and privacy design and internal controls may well be sufficient without adding additional controls on our people in Australia. Nor do we yet know to what extent we should consider Australian nationality in hiring decisions. It may be a long time before any such internal policies and practices go into place, if they ever do, but these are discussions we have been forced to have.
Despite those considerations and discussions, our primary response and tactic is to continue to make it hard for anyone, whether inside or outside of 1Password, to harm customers’ security and privacy. That is what we do to protect our customers from any adversary, and that is what we will continue to do.