The Identify and Disrupt Bill was introduced at the end of 2020, adding three new classes of warrants for investigating online activity. While we staunchly oppose this expansion of the Australian government’s surveillance mandate, we don’t believe that the powers granted by this bill provide a threat to Session.
The bill has a focus on targeting individuals through their devices, accounts, and network activity. The dangers posed by this to Session are limited due to the following reasons:
-
Session allows individuals to encrypt their local Session database with a PIN code, dampening the danger of device access compromising their Session instance
-
The Session team has no ability to access the accounts of Session users, as well as no ability to provide that access to authorities if requested
-
Session is built to minimise metadata leakage. Monitoring the network activity of an individual using Session would provide almost no information to authorities
-
Session is and will always be open source. Any changes to these key defences would be public and visible to everyone
The Identify and Disrupt Bill provides no ability for the Australian government to force the Session team to modify Session to weaken the privacy and security of its users