Australia on the cusp of showing the world how to break encryption
You just pass a law, apparently
The Australian government has scheduled its “not-a-backdoor” crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it.
The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December.
All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session:
Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies.
What's worrying to Vulture South is not so much the government sticking to the idea that there are magical powers to be had to decrypt strongly end-to-end encrypted messages.
It’s that there’s a persistent strain of authoritarian magical thinking that keeps looking for some kind of reality-hack that gives law enforcement what it wants without somehow breaking encryption. For example, defenders of the government’s position argues that you can keep encryption intact if you only attack end-user devices (say, a rootkit with screen-capture powers), and that proves that the government doesn’t want to break into networks.
Australia wants tech companies to let cops 'n' snoops see messages without backdoorsREAD MORE
In effect, it is argued, the government wants to force companies to push rootkits onto users to read received and sent messages without decrypting network traffic.
Apart from the dodgy technological sophistry involved, this belief contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind).
“We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so,” he said (emphasis added).
If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the “government wants a backdoor” problem.
And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of “greater assistance to agencies”.
Telcos (although not companies like Apple or Google) already provide plenty of assistance – lawful intercept, metadata, and the like – but the “greater assistance” is specifically in the context of access to encrypted communications.
It's nothing more than a legislatively-encoded rehash of FBI Director Chris Wray's plaintive call that since the technology existed to put a man on the Moon, technology must exist to decrypt communications.
Perhaps, like loonies who think someone's hiding the secret of burning water to power cars, governments believe the technology they want already exists, but telcos and tech platforms are hiding the fact. Stupidity or conspiracy: it's hard to know which is worse. ®
Sponsored: Becoming a Pragmatic Security Leader