Tuesday, 14 August 2018 09:33

Govt leaves door open to crack encrypted messages Featured

Govt leaves door open to crack encrypted messages Pixabay

ANALYSIS The Australian Government has left open the door for enforcement agencies to use specific cracks to gain access to encrypted communications on specific devices, given the language it has used in a draft of a new cyber law.

There has been much speculation over the last year about what Canberra would do with regard to encryption. The draft law issued on Tuesday indicates that no foolhardy attempt will be made to insert generic backdoors.

But there is some ambiguous language in the legislation when it comes to encryption:

"A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

There it is – that word "systemic". It does not rule out the possibility of a one-off crack in a specific case. Or even a few cases.

It will be interesting to see what the government intends to do in the case of an app like Signal. Open Whisper Systems, which produces the app, has designed it to generate the minimum logs possible.

In fact, when a subpoena was issued in October 2015 asking for email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, OWS owner Moxie Marlinspike could not provide anything. He had nothing to give: Signal does not store such details.

As per the draft law, the government will use the stick of big fines — up to $10 million — and the carrot of reimbursing any costs for co-operation to get data from companies when needed.

Access to data will be gained before it is encrypted — which could mean that a device maker will be asked to target specific devices with updates to make that device accessible to law enforcement — or read during transmission.

Agencies will have access to GPS data in order to conduct surveillance of suspects, or even delete material from a device if needed.

As usual, the government statements — mostly from Cyber Security Minister Angus Taylor — have been heavy on terrorism and child pornography.

From the wording of the bill, much of which has to be read side by side with the existing legislation in order to make sense, it appears that the increased financial penalties and jail terms will be the main means of scaring people and companies into submission.

The law also guards against having evidence presented in court that is not obtained by kosher methods. There have been two cases in the US where that government has dropped cases due to the methods by which information is obtained.

In March last year, government investigators in Washington state dropped all charges against a man charged with child pornography offences as they did not want to reveal the technological means they had used to locate him.

And in April 2017, the US Government dropped two child pornography cases against a man rather than reveal material available on WikiLeaks — which is still classified by the US Department of Justice — in court.

The law is bound to get through parliament with a few modifications. Labor will back it, because the party is afraid to be seen as weak on national security. That is the stick which the Liberals and Nationals will yield. And no Labor leader has ever shown the guts to stand up to such tactics.

The government has invited feedback on the draft bill which can be sent to assistancebill.consultation@homeaffairs.gov.au by 10 September.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments