Tuesday, 14 August 2018 09:33

Govt leaves door open to crack encrypted messages Featured

Govt leaves door open to crack encrypted messages Pixabay

ANALYSIS The Australian Government has left open the door for enforcement agencies to use specific cracks to gain access to encrypted communications on specific devices, given the language it has used in a draft of a new cyber law.

There has been much speculation over the last year about what Canberra would do with regard to encryption. The draft law issued on Tuesday indicates that no foolhardy attempt will be made to insert generic backdoors.

But there is some ambiguous language in the legislation when it comes to encryption:

"A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

There it is – that word "systemic". It does not rule out the possibility of a one-off crack in a specific case. Or even a few cases.

It will be interesting to see what the government intends to do in the case of an app like Signal. Open Whisper Systems, which produces the app, has designed it to generate the minimum logs possible.

In fact, when a subpoena was issued in October 2015 asking for email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, OWS owner Moxie Marlinspike could not provide anything. He had nothing to give: Signal does not store such details.

As per the draft law, the government will use the stick of big fines — up to $10 million — and the carrot of reimbursing any costs for co-operation to get data from companies when needed.

Access to data will be gained before it is encrypted — which could mean that a device maker will be asked to target specific devices with updates to make that device accessible to law enforcement — or read during transmission.

Agencies will have access to GPS data in order to conduct surveillance of suspects, or even delete material from a device if needed.

As usual, the government statements — mostly from Cyber Security Minister Angus Taylor — have been heavy on terrorism and child pornography.

From the wording of the bill, much of which has to be read side by side with the existing legislation in order to make sense, it appears that the increased financial penalties and jail terms will be the main means of scaring people and companies into submission.

The law also guards against having evidence presented in court that is not obtained by kosher methods. There have been two cases in the US where that government has dropped cases due to the methods by which information is obtained.

In March last year, government investigators in Washington state dropped all charges against a man charged with child pornography offences as they did not want to reveal the technological means they had used to locate him.

And in April 2017, the US Government dropped two child pornography cases against a man rather than reveal material available on WikiLeaks — which is still classified by the US Department of Justice — in court.

The law is bound to get through parliament with a few modifications. Labor will back it, because the party is afraid to be seen as weak on national security. That is the stick which the Liberals and Nationals will yield. And no Labor leader has ever shown the guts to stand up to such tactics.

The government has invited feedback on the draft bill which can be sent to assistancebill.consultation@homeaffairs.gov.au by 10 September.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email andrew.matler@itwire.com



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments