Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Australia's war on encryption: the sweeping new powers rushed into law

From: "Dave Farber" <farber () gmail com>
Date: Tue, 11 Dec 2018 04:05:00 +0900



Begin forwarded message:


From: Dewayne Hendricks <dewayne () warpspeed com>
Date: December 11, 2018 at 3:56:18 AM GMT+9
To: Multiple recipients of Dewayne-Net <dewayne-net () warpspeed com>
Subject: [Dewayne-Net] Australia's war on encryption: the sweeping new powers rushed into law
Reply-To: dewayne-net () warpspeed com

Australia's war on encryption: the sweeping new powers rushed into law
Australia has made itself a global guinea pig in testing a regime to crack encrypted communication
By Paul Karp
Dec 7 2018
<https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law>

In the hit US TV series The Wire police are initially baffled when the criminal suspects they are investigating begin 
to communicate through photographic messages of clock faces.

After several seasons of plots driven by the legalities and logistics of setting up telephone intercepts on suspected 
drug dealers, the police can’t keep up when overheard conversations are replaced by an inscrutable form of pictorial 
code.

The Wire cops eventually break the clock-face code but they’d have a great deal more difficulty in 2018 if they were 
chasing criminals using WhatsApp, Wicker, iMessage or other encrypted communications.

End-to-end encryption is a code so strong that only the communicating users can read the messages.

As a result, law enforcement agencies the world over are struggling with a wicked problem: what can they do when the 
suspect or target of investigation “goes dark”?

In Australia, the government claims to have found the solution to that problem in the form of a new law not 
necessarily to break encryption itself – as the equivalent United Kingdom legislation allows – but to co-opt 
technology companies, device manufacturers and service providers into building the functionality needed for police to 
do their spying.

The mind-bogglingly complex law, more than a year in the making, passed the Australian parliament on Thursday. The 
opposition Labor party shelved its plans to improve the scheme and waved it through in response to overwhelming 
pressure from the Liberal-National Coalition government, desperate to see it made law before Christmas.

But with digital rights and technology experts warning that government amendments are confusing or counterproductive, 
it’s questionable whether Australia has finally unscrambled the encryption omelette or set its law enforcement 
agencies and IT industry up to fail.

No back doors but a window into your digital life
The Telecommunications (Assistance and Access) Act starts with a golden rule about what law enforcement agencies 
cannot do: they cannot require technology companies to build a “systemic weakness”, or back door, into their products.

Instead, agencies gain new powers to issue notices for companies to render assistance, or build a new capability, to 
help them snoop on criminal suspects.

John Stanton, the chief executive of the Communications Alliance, said it was concerned about “the breadth and range 
of activities” law enforcement agencies could require companies to do.

The list of acts or things is long and includes: removing one or more forms of electronic protection, providing 
technical information, facilitating access to services and equipment, installing software, modifying technology, and 
concealing that the company has done any of the above.

With these compulsory notices subject to varying levels of safeguards police could, for example, send a suspect a 
notification to update software such as Facebook Messenger that in fact allows police access to their messages.

Agencies may not be able to directly decrypt messages, especially if they are located overseas such as the Russian 
app Telegram, a key weakness of the UK security architecture.

But using these notices, Australian agencies could install key logging software to enable them to see, keystroke by 
keystroke, what users type into a message. Similarly, software could take repeated screenshots that don’t break 
encryption but photograph everything going in and out of the communications app.

Other examples include: modifying a device such as an Apple Home or Amazon Alexa to record audio continuously; 
requiring a service provider to generate a false website that appears to be protected but isn’t, similar to a 
phishing email; or requiring companies to hand over more accurate phone geolocation data.

[snip]

Dewayne-Net RSS Feed: http://dewaynenet.wordpress.com/feed/
Twitter: https://twitter.com/wa8dzp






-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20181210140511:82A70E46-FCAE-11E8-84F9-9DE6EC40A128
Powered by Listbox: https://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: