Sunday, August 12, 2018

Australia on the cusp of showing the world how to break encryption | The Register

The Australian government has scheduled its “not-a-backdoor” crypto-busting bill to land in parliament in the spring session, but we still don't know what will be in it.

The legislation is included in the Department of Prime Minister and Cabinet's schedule of legislation proposed to be brought to parliament in the session, which starts today (13 August) but stretches into December, so there's plenty of leeway there.

All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session:

“Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies”.

What's worrying to Vulture South is not that the government is sticking to the idea that there's magic to be had in there somewhere – it's that there's a persistent strain of authoritarian magical thinking that keeps looking for some kind of reality-hack that gives law enforcement what it wants without somehow breaking encryption.

For example, there's an oft-repeated assertion that you can get out of the utter stupidity involved in mandating a backdoor, by focussing on cracking into devices.

Encryption word cloud

Australia wants tech companies to let cops 'n' snoops see messages without backdoors


“Forcing companies to help push rootkits onto users gives access to messages without decrypting network traffic” is one summary of that argument.

Apart from the dodgy technological sophistry involved, this belief directly contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind).

“We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so”, he said (emphasis added).

If this accurately reflects the purpose of the legislation, then the government wants access to the networks – not just the devices – and we can dismiss the “government just wants rootkits” argument. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the “government wants a backdoor” problem.

And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of “greater assistance to agencies”.

Telcos (although not companies like Apple or Google) already provide plenty of assistance – lawful intercept, metadata, and the like – but the “greater assistance” is specifically in the context of access to encrypted communications.

It's nothing more than a legislatively-encoded rehash of FBI Director Chris Wray's plaintive call that since the technology existed to put a man on the moon, technology must exist to decrypt communications.

Perhaps, like loonies who think someone's hiding the secret of burning water to power cars, governments believe the technology they want already exists, but telcos and tech platforms are hiding the fact. Stupidity or conspiracy: it's hard to know which is worse. ®


No comments: