Tuesday, 14 August 2018 09:33

Govt leaves door open to crack encrypted messages Featured

By
Govt leaves door open to crack encrypted messages Pixabay

ANALYSIS The Australian Government has left open the door for enforcement agencies to use specific cracks to gain access to encrypted communications on specific devices, given the language it has used in a draft of a new cyber law.

There has been much speculation over the last year about what Canberra would do with regard to encryption. The draft law issued on Tuesday indicates that no foolhardy attempt will be made to insert generic backdoors.

But there is some ambiguous language in the legislation when it comes to encryption:

"A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

There it is – that word "systemic". It does not rule out the possibility of a one-off crack in a specific case. Or even a few cases.

It will be interesting to see what the government intends to do in the case of an app like Signal. Open Whisper Systems, which produces the app, has designed it to generate the minimum logs possible.

In fact, when a subpoena was issued in October 2015 asking for email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, OWS owner Moxie Marlinspike could not provide anything. He had nothing to give: Signal does not store such details.

As per the draft law, the government will use the stick of big fines — up to $10 million — and the carrot of reimbursing any costs for co-operation to get data from companies when needed.

Access to data will be gained before it is encrypted — which could mean that a device maker will be asked to target specific devices with updates to make that device accessible to law enforcement — or read during transmission.

Agencies will have access to GPS data in order to conduct surveillance of suspects, or even delete material from a device if needed.

As usual, the government statements — mostly from Cyber Security Minister Angus Taylor — have been heavy on terrorism and child pornography.

From the wording of the bill, much of which has to be read side by side with the existing legislation in order to make sense, it appears that the increased financial penalties and jail terms will be the main means of scaring people and companies into submission.

The law also guards against having evidence presented in court that is not obtained by kosher methods. There have been two cases in the US where that government has dropped cases due to the methods by which information is obtained.

In March last year, government investigators in Washington state dropped all charges against a man charged with child pornography offences as they did not want to reveal the technological means they had used to locate him.

And in April 2017, the US Government dropped two child pornography cases against a man rather than reveal material available on WikiLeaks — which is still classified by the US Department of Justice — in court.

The law is bound to get through parliament with a few modifications. Labor will back it, because the party is afraid to be seen as weak on national security. That is the stick which the Liberals and Nationals will yield. And no Labor leader has ever shown the guts to stand up to such tactics.

The government has invited feedback on the draft bill which can be sent to [email protected] by 10 September.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments