Wednesday, 19 December 2018 05:22

I don't think it's going to end well: Bruce Schneier on encryption law Featured

By
Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Bruce Schneier: "Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that." Courtesy YouTube

Australian law enforcement agencies have pushed for the encryption law which passed on 6 December because they don't know that there is no need for access to encrypted content in order to solve crimes, world-renowned security technologist Bruce Schneier says.

He told iTWire that the reason why these agencies were continuously asking for access to encrypted content was, "because I think they don't know better. I think they are not trained in computer forensics. I think they've gotten soft and they need to be taught how to investigate crimes in the computer age. They've just gotten sloppy".

Last month, during hearings on what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, a number of law enforcement agencies — ASIO, the Australian Signals Directorate, the Australian Federal Police and Victoria Police — said the law needed to be passed as quickly as possible, and before Christmas, though no concrete justification was offered for this.

Later, Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton told the media that they would be asking the Parliamentary Joint Committee on Intelligence and Security, which was holding hearings into the bill, to speed up the process and send the bill back to Parliament as soon as possible.

Schneier said he was aware of the law coming into effect. "I know [Australia passed an encryption law]," he said. "It's crazy. Companies aren't going to follow it. Some data which companies have they can hand over – that will involve no change. That's just a warrant.

"But the point that companies have to break their encryption to satisfy the demands of law enforcement – companies are not going to do that. They are not going to do it so I don't know what Australia thinks they are getting out of this."

In his latest book, Click Here to Kill Everybody, Schneier, a prolific author, outlined three reasons why there was no need for access to the content of encrypted messages.

For one, metadata cannot be encrypted – and that very metadata tells an investigator much more about a message than the actual content. Secondly, when third parties are used for data storage and processing, that data cannot be encrypted. And thirdly, since every device is becoming a little computer and therefore a surveillance device, law enforcement has a myriad more new data streams that will not be encrypted to look for evidence of this or that.

"When data is stored with a third party and is made to do work, then it cannot be encrypted," Schneier said. "If Google is going to delete spam, how can they encrypt your email? That's just one example.

"There are ways to get data which is useful for solving crimes. Sometimes it is metadata which is useful, sometimes it is data that third parties are storing because they are using it, and sometimes it is data that is collected by some of these IoT gadgets, and together they are all very valuable."

It was pointed out to him that those who refused to fall in line with the law would face heavy penalties.

His response was: "Right. So you can imagine programmers not wanting to work for a company [that would do that kind of thing]. Some of the things you have to do — create a backdoor and keep it a secret — that's not how companies work. You can't do that.

"The law shows a fundamental misunderstanding of how software development works. So it would be really interesting to see how this whole thing comes together. I don't think it's going to end well."

Schneier did not disagree with the theory that law enforcement agencies had sought this type of law because until now technology companies have always held the upper hand in any tussles over gaining access to encrypted data.

"I think Australia is not going to get what they want," he said. "Many companies will pull out of the market, it's not worth it. Companies work on reputation."


Subscribe to Newsletter here

NEW OFFER - ITWIRE LAUNCHES PROMOTIONAL NEWS & CONTENT

Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.

POST YOUR NEWS ON ITWIRE NOW!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

BACK TO HOME PAGE

ZOOM WEBINARS & ONLINE EVENTS

Channel News

VENDOR NEWS & VIEWS

REVIEWS

Comments

Guest Opinion