The CEO of the "preferred" encrypted communications app used by Australian prime minister Malcolm Turnbull has warned that if legislation takes away Wickr's ability to keep communications encrypted in Australia, just so law enforcement can keep catching bad guys, then other services will move in to replace it.
The Australian government is planning on introducing legislation in the near future that would force technology companies to comply with law enforcement requests to facilitate access to encrypted communications.
The detail around how exactly this would work is almost non-existent, save for home affairs minister Peter Dutton and the Department of Home Affairs insisting it would not be a "back door" that would put at risk all encrypted communications.
Popular US-based encrypted messaging app Wickr would likely be in the crosshairs of any legislation. BuzzFeed News can reveal Wickr received one request for access to user information held by Wickr, from an Australian law enforcement agency in the second half of 2017.
It was one of only four requests received from law enforcement agencies based outside the US in that time period, according to Wickr's transparency report.
The nature of the app, however, means that what Wickr actually hands over to law enforcement is limited, CEO Joel Wallenstrom told BuzzFeed News. The information Wickr retains is just the date of account creation, the date of last use, the number of messages sent or received, and the type of device that the account was created on.
Wickr has no access to the messages, he said.
"We’re really spectacularly committed to being cooperative with law enforcement," he said. "The key thing is that there is a mutual understanding of the limits of how we can help.
"We get requests, we process them. We have no access to the actual messaging, so we are not technically capable of going beyond a certain boundary ... We do what we can, and we do that with speed. I think speed is the key thing."
He said if companies reconfigured how they operated so that law enforcement could access the content of messages when required, then people would just flock to other apps that didn't compromise their encryption in the same way.
"You squish the balloon and everything goes to the other end."
Regardless, Wallenstrom doesn't think the Australian government will push hard on encrypted communications companies.
"I don’t anticipate any real iron fist being dropped on [us]," he said. "The tension will create a reasonable conversation."
Dutton has indicated that the government is in discussion with the companies about how best to tackle the issue, but indicated that legislation was still on the cards.
One idea often raised by security experts to bypass encryption without breaking it is for law enforcement to push malicious software updates on the phone itself, and log the keys a user presses as they're typing in to an app like Wickr. This would enable it to capture one side of the conversation before it ever gets encrypted.
Wallenstrom said that to go down this path would be a game of "whack-a-mole" with the more technically savvy users working out what a legitimate update to their phone looks like versus one that is not.
The PM's "preferred" app.
Wallenstrom noted that Turnbull had been relatively open about his use of encrypted communications apps, including Wickr, in the past.
In 2015, before he usurped Tony Abbott as prime minister, it was reported that Turnbull had used Wickr to plot with other ministers.
This was publicly confirmed when shortly after the 2016 election, it was revealed that Turnbull had been using Wickr to communicate with former PM Kevin Rudd about his – ultimately failed – bid to become the UN secretary-general.
"You in fact sent me a message on your preferred Wickr system where you stated that you and the [foreign minister] were ‘as one’ in your support for my candidature," Rudd said in a letter to Turnbull in May, 2016.
Since then, BuzzFeed News has been attempting to get a hold of the Wickr conversation using Australia's freedom of information law. The prime minister's office rejected the request, saying no record of the conversation existed, in line with how Wickr functions.
BuzzFeed News appealed to the Office of the Information Commissioner. In October last year, an advisor to the PM, Alistair Campbell, reported that back in February he attempted to examine the PM's phone for five minutes after Question Time, where he opened the Wickr app, found Kevin Rudd's username, and found no messages stored.
This demonstrates what Wallenstrom calls "data ephemerality", where Wickr can't access the messages, and ultimately the messages are not stored on the user's device if the user decides to let the messages expire.
It raises challenges for governments, particularly around compliance with Commonwealth archives law and freedom of information law, where documents related to the business of government – such as the discussion around Australia's support for Rudd's bid for the UN secretary-general – should be retained.
The information commissioner, Timothy Pilgrim, is expected to make a decision on the case in the near future.