Wednesday, 19 December 2018 05:22

I don't think it's going to end well: Bruce Schneier on encryption law Featured

Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Courtesy YouTube

Australian law enforcement agencies have pushed for the encryption law which passed on 6 December because they don't know that there is no need for access to encrypted content in order to solve crimes, world-renowned security technologist Bruce Schneier says.

He told iTWire that the reason why these agencies were continuously asking for access to encrypted content was, "because I think they don't know better. I think they are not trained in computer forensics. I think they've gotten soft and they need to be taught how to investigate crimes in the computer age. They've just gotten sloppy".

Last month, during hearings on what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a number of law enforcement agencies — ASIO, the Australian Signals Directorate, the Australian Federal Police and Victoria Police — said the law needed to be passed as quickly as possible, and before Christmas, though no concrete justification was offered for this.

Later, Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton told the media that they would be asking the Parliamentary Joint Committee on Intelligence and Security, which was holding hearings into the bill, to speed up the process and send the bill back to Parliament as soon as possible.

Schneier said he was aware of the law coming into effect. "I know [Australia passed an encryption law]," he said. "It's crazy. Companies aren't going to follow it. Some data which companies have they can hand over – that will involve no change. That's just a warrant.

"But the point that companies have to break their encryption to satisfy the demands of law enforcement – companies are not going to do that. They are not going to do it so I don't know what Australia thinks they are getting out of this."

In his latest book, Click Here to Kill Everybody, Schneier, a prolific author, outlined three reasons why there was no need for access to the content of encrypted messages.

For one, metadata cannot be encrypted – and that very metadata tells an investigator much more about a message than the actual content. Secondly, when third parties are used for data storage and processing, that data cannot be encrypted. And thirdly, since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.

"When data is stored with a third party and is made to do work, then it cannot be encrypted," Schneier said. "If Google is going to delete spam, how can they encrypt your email? That's just one example.

"There are ways to get data which is useful for solving crimes. Sometimes it is metadata which is useful, sometimes it is data that third parties are storing because they are using it, and sometimes it is data that is collected by some of these IoT gadgets, and together they are all very valuable."

It was pointed out to him that those who refused to fall in line with the law would face heavy penalties.

His response was: "Right. So you can imagine programmers not wanting to work for a company [that would do that kind of thing]. Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that.

"The law shows a fundamental misunderstanding of how software development works. So it would be really interesting to see how this whole thing comes together. I don't think it's going to end well."

Schneier did not disagree with the theory that law enforcement agencies had sought this type of law because until now technology companies have always held the upper hand in any tussles over gaining access to encrypted data.

"I think Australia is not going to get what they want," he said. "Many companies will pull out of the market, it's not worth it. Companies work on reputation."

Read 3997 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Thoughtworks presents XConf Australia, back in-person in three cities, bringing together people who care deeply about software and its impact on the world.

In its fifth year, XConf is our annual technology event created by technologists for technologists.

Participate in a robust agenda of talks as local thought leaders and Thoughtworks technologists share first-hand experiences and exchange new ways to empower teams, deliver quality software and drive innovation for responsible tech.

Explore how at Thoughtworks, we are making tech better, together.

Tickets are now available and all proceeds will be donated to Indigitek, a not-for-profit organisation that aims to create technology employment pathways for First Nations Peoples.

Click the button below to register and get your ticket for the Melbourne, Sydney or Brisbane event



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News