Wednesday, 19 December 2018 05:22

I don't think it's going to end well: Bruce Schneier on encryption law Featured

Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Courtesy YouTube

Australian law enforcement agencies have pushed for the encryption law which passed on 6 December because they don't know that there is no need for access to encrypted content in order to solve crimes, world-renowned security technologist Bruce Schneier says.

He told iTWire that the reason why these agencies were continuously asking for access to encrypted content was, "because I think they don't know better. I think they are not trained in computer forensics. I think they've gotten soft and they need to be taught how to investigate crimes in the computer age. They've just gotten sloppy".

Last month, during hearings on what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a number of law enforcement agencies — ASIO, the Australian Signals Directorate, the Australian Federal Police and Victoria Police — said the law needed to be passed as quickly as possible, and before Christmas, though no concrete justification was offered for this.

Later, Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton told the media that they would be asking the Parliamentary Joint Committee on Intelligence and Security, which was holding hearings into the bill, to speed up the process and send the bill back to Parliament as soon as possible.

Schneier said he was aware of the law coming into effect. "I know [Australia passed an encryption law]," he said. "It's crazy. Companies aren't going to follow it. Some data which companies have they can hand over – that will involve no change. That's just a warrant.

"But the point that companies have to break their encryption to satisfy the demands of law enforcement – companies are not going to do that. They are not going to do it so I don't know what Australia thinks they are getting out of this."

In his latest book, Click Here to Kill Everybody, Schneier, a prolific author, outlined three reasons why there was no need for access to the content of encrypted messages.

For one, metadata cannot be encrypted – and that very metadata tells an investigator much more about a message than the actual content. Secondly, when third parties are used for data storage and processing, that data cannot be encrypted. And thirdly, since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.

"When data is stored with a third party and is made to do work, then it cannot be encrypted," Schneier said. "If Google is going to delete spam, how can they encrypt your email? That's just one example.

"There are ways to get data which is useful for solving crimes. Sometimes it is metadata which is useful, sometimes it is data that third parties are storing because they are using it, and sometimes it is data that is collected by some of these IoT gadgets, and together they are all very valuable."

It was pointed out to him that those who refused to fall in line with the law would face heavy penalties.

His response was: "Right. So you can imagine programmers not wanting to work for a company [that would do that kind of thing]. Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that.

"The law shows a fundamental misunderstanding of how software development works. So it would be really interesting to see how this whole thing comes together. I don't think it's going to end well."

Schneier did not disagree with the theory that law enforcement agencies had sought this type of law because until now technology companies have always held the upper hand in any tussles over gaining access to encrypted data.

"I think Australia is not going to get what they want," he said. "Many companies will pull out of the market, it's not worth it. Companies work on reputation."

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News