Wednesday, 19 December 2018 05:22

I don't think it's going to end well: Bruce Schneier on encryption law Featured

By
Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Courtesy YouTube

Australian law enforcement agencies have pushed for the encryption law which passed on 6 December because they don't know that there is no need for access to encrypted content in order to solve crimes, world-renowned security technologist Bruce Schneier says.

He told iTWire that the reason why these agencies were continuously asking for access to encrypted content was, "because I think they don't know better. I think they are not trained in computer forensics. I think they've gotten soft and they need to be taught how to investigate crimes in the computer age. They've just gotten sloppy".

Last month, during hearings on what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a number of law enforcement agencies — ASIO, the Australian Signals Directorate, the Australian Federal Police and Victoria Police — said the law needed to be passed as quickly as possible, and before Christmas, though no concrete justification was offered for this.

Later, Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton told the media that they would be asking the Parliamentary Joint Committee on Intelligence and Security, which was holding hearings into the bill, to speed up the process and send the bill back to Parliament as soon as possible.

Schneier said he was aware of the law coming into effect. "I know [Australia passed an encryption law]," he said. "It's crazy. Companies aren't going to follow it. Some data which companies have they can hand over – that will involve no change. That's just a warrant.

"But the point that companies have to break their encryption to satisfy the demands of law enforcement – companies are not going to do that. They are not going to do it so I don't know what Australia thinks they are getting out of this."

In his latest book, Click Here to Kill Everybody, Schneier, a prolific author, outlined three reasons why there was no need for access to the content of encrypted messages.

For one, metadata cannot be encrypted – and that very metadata tells an investigator much more about a message than the actual content. Secondly, when third parties are used for data storage and processing, that data cannot be encrypted. And thirdly, since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.

"When data is stored with a third party and is made to do work, then it cannot be encrypted," Schneier said. "If Google is going to delete spam, how can they encrypt your email? That's just one example.

"There are ways to get data which is useful for solving crimes. Sometimes it is metadata which is useful, sometimes it is data that third parties are storing because they are using it, and sometimes it is data that is collected by some of these IoT gadgets, and together they are all very valuable."

It was pointed out to him that those who refused to fall in line with the law would face heavy penalties.

His response was: "Right. So you can imagine programmers not wanting to work for a company [that would do that kind of thing]. Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that.

"The law shows a fundamental misunderstanding of how software development works. So it would be really interesting to see how this whole thing comes together. I don't think it's going to end well."

Schneier did not disagree with the theory that law enforcement agencies had sought this type of law because until now technology companies have always held the upper hand in any tussles over gaining access to encrypted data.

"I think Australia is not going to get what they want," he said. "Many companies will pull out of the market, it's not worth it. Companies work on reputation."

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments