Australia on the cusp of showing the world how to break encryption

You just pass a law, apparently

By Richard Chirgwin


The Australian government has scheduled its “not-a-backdoor” crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it.

The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December.

All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session:

Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies.

What's worrying to Vulture South is not so much the government sticking to the idea that there are magical powers to be had to decrypt strongly end-to-end encrypted messages.

It’s that there’s a persistent strain of authoritarian magical thinking that keeps looking for some kind of reality-hack that gives law enforcement what it wants without somehow breaking encryption. For example, defenders of the government’s position argues that you can keep encryption intact if you only attack end-user devices (say, a rootkit with screen-capture powers), and that proves that the government doesn’t want to break into networks.

Australia wants tech companies to let cops 'n' snoops see messages without backdoors


In effect, it is argued, the government wants to force companies to push rootkits onto users to read received and sent messages without decrypting network traffic.

Apart from the dodgy technological sophistry involved, this belief contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind).

“We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so,” he said (emphasis added).

If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the “government wants a backdoor” problem.

And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of “greater assistance to agencies”.

Telcos (although not companies like Apple or Google) already provide plenty of assistance – lawful intercept, metadata, and the like – but the “greater assistance” is specifically in the context of access to encrypted communications.

It's nothing more than a legislatively-encoded rehash of FBI Director Chris Wray's plaintive call that since the technology existed to put a man on the Moon, technology must exist to decrypt communications.

Perhaps, like loonies who think someone's hiding the secret of burning water to power cars, governments believe the technology they want already exists, but telcos and tech platforms are hiding the fact. Stupidity or conspiracy: it's hard to know which is worse. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Rights group launches legal challenge over London cops' use of facial recognition tech

Court asked to grant permission for judicial review of 'inaccurate' snooping tech

Facial recognition tech to be used on Olympians and staff at Tokyo 2020

NEC to provide NeoFace kit to 40-plus venues for the games

Need a facial recognition auto-doxxx tool? Social Mapper has you covered

Use this to match profiles to names of people at an organization. Nothing could possibly go wrong here

US judge won't budge over Facebook's last-minute bid to 'derail' facial biometrics trial

Updated 'Concerns' about cost and embarrassment fall flat

London's Met Police: We won't use facial recognition at Notting Hill Carnival

But cops' trial of controversial tech will continue

Boffins craft perfect 'head generator' to beat facial recognition

Think Face/Off, in software, plus some digital touchup

South Wales cops crow about facial recognition arrests on social media

Cams on in Cardiff as activists decry 'infringement' of rights

Oz telcos' club asks: Why the hell do Australia Post, rando councils, or Taxi Services Commission want comms metadata?

Tells There's your scope creep

US judge to Facebook: Nope, facial recognition lawsuit has to go to jury

Too many disputes over how the tech and law work

Apple’s facial recognition: Well, it is more secure for the, er, sleeping user

iPhone X feature receives stony-faced reaction from security buffs