Encryption crackdown: The government doesn’t much care for your terroristic maths

The government has provided the greatest detail so far on its plan to tackle the use of encrypted communications by criminal groups, though it is yet to spell out much of the nitty-gritty of how its proposed regime would function.

Over the last few months, the government has hyped up the threat posed by criminals’ and terrorists’ use of services that provide end-to-end encryption such as WhatsApp and Telegram.

This morning, Prime Minister Malcolm Turnbull and Attorney-General George Brandis went on a media offensive as the government prepares to later this year unveil new legislation that will compel companies to cooperate with law enforcement agencies seeking to obtain the contents of encrypted messages.

We finally know what the government thinks a “backdoor” is

The government has repeatedly denied that it wants to force the introduction of backdoors in encrypted services. The assertion has caused more than its fair share of head-scratching because the government has also confirmed it wants law enforcement access to encrypted messages.

This morning Turnbull finally outlined what the government considers a backdoor to be mdash; essentially a security vulnerability in a service or piece of software that the operator or developer is unaware of.

A backdoor “is typically a flaw in a software program that perhaps the... developer of the software program is not aware of and that somebody who knows about it can exploit,” Turnbull told a press conference at the headquarters of the Australian Federal Police.

The government appears keen to leave responsibility for undermining end-to-end encryption in the hands of service providers

Many of the services that are in the government’s crosshairs are those where currently the service provider is itself unable to access the contents of a message. The government has so far declined to give much detail on how these services would be affected by the new laws.

The legislation will require tech companies to “provide assistance to the police to enable them to have access to the information pursuant to a warrant,” Turnbull said this morning.

“The bottom line is we got a situation where you have gone from the law enforcement agencies, police, the security services being able lawfully to intercept communications and lawfully have access to communications, and no-one’s argued about that,” Turnbull said.

“That’s been the case forever. And now, because of this end-to-end encryption, all of that information, all of that data... [is] effectively dark to the reach of the law. And that’s not acceptable. We are a society, a democracy, under the rule of law, and the law must prevail online as well as off-line.”

The implication would appear to be that the government doesn’t care how it happens, but the operator of a communications service needs to be in a position to hand over the contents of a message if faced with an appropriate warrant.

The government cites the UK’s Investigatory Powers Act as a model it will seek to emulate

The UK Investigatory Powers Act became law late last year. The legislation can compel cooperation from tech companies with investigations, but after a government concession companies won’t be obliged to strip encryption if it’s not technically feasible. What form the obligation to cooperate will take in Australian law is yet to be detailed.

Hardware manufacturers will be subject to the new rules

Brandis said that in the spring sittings of parliament the government will propose legislation “which will, in particular, impose an obligation upon device manufacturers and upon service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis where it is necessary to interdict or, in the case of a crime that may have been committed, it is necessary to investigate and prosecute serious crime”.

The messaging is very similar to that used in the lead-up to data retention

Key targets of the new regime will be terrorists, paedophiles and drug traffickers, according to the government. In the lead-up to Australia’s data retention regime being legislated, very similar messaging was used.

The new legislation will be necessary “to investigate and prosecute serious crime whether it be counter terrorism, whether it be serious organised crime, whether it be, for example, the operation of paedophile networks,” Brandis said.

Australian law overrides the laws of mathematics

“Well the laws of Australia prevail in Australia, I can assure you of that... the laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia,” Turnbull said. Okay.

Malcolm Turnbull is not a cryptographer

“I’m not a cryptographer,” the PM told the AFP press conference.

Copyright © 2017 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon