Oz government says UK's backdoor will be its not-a-backdoor model
Investigatory Powers Act suggested as good model for local crypto workaround
The issue of lawful access to encrypted communications featured in Australia's news over the long weekend, but we're none the wiser to what our government has in mind beyond it being based on the UK Investigatory Powers Act.
Both prime minister Malcolm Turnbull and attorney-general George Brandis took to the media to reiterate their argument that pervasive encryption is problematic for law enforcement.
Brandis has said again that the government doesn't want a backdoor (as in, a weakness planted in cryptosystems to make them government-crackable).
Fairfax Media reported he wants new warrant arrangements between Australia and the USA, so that if he signs a warrant the Australian Security Intelligence Organisation can present it to US authorities to get access to communications conducted through US platforms.
On the rise of encryption, he said as it approaches 100 percent of inline communications, it will “degrade if not destroy our capacity to gather and act upon intelligence unless it's addressed”.
In response, he wants to force companies providing communications platforms to “assist in response to a warrant”.
According to The Australian, what Brandis has in mind is something modelled on the UK's Investigatory Powers Act (IPA), which he says allows device makers and social media companies to comply with technical capability notices.
This appears well at odds with attempts to claim there's no demand for a backdoor: as The Register reported in November 2016, the UK law clearly enables government-mandated backdoors.
As we reported in November, the obligations in the UK's IPA include “the removal by a relevant operator of electronic protection provided by or on behalf of that operator to any communications or data”.
Comment: While Australia's government was pitching it's not-a-backdoor ideas, it was also wringing its hands over the nation's lack of infosec capability.
In Radio National's Background Briefing on Sunday, both the prime minister's cyber-advisor Alastair MacGibbon, Craig Davies of the Cyber-Security Growth Network, and assistant minister Dan Tehan emphasised the need for Australia to ramp-up infosec skills here.
Davies said Australia has to develop a network of skills here, and Tehan joined in with predictions of a skills shortage.
The message that “we want security experts, but not if they reverse-engineer buggy anonymisation protocols, nor if they design encryption we can't crack” makes it hard to imagine Australia as an attractive career destination for infosec experts. ®
Sponsored: Becoming a Pragmatic Security Leader