Aust Defence wont disclose stance on encryption

[InfoSec News <isn () c4i org>]

http://www.zdnet.com.au/newstech/security/story/0,2000024985,20260593,00.htm?chkpt=zdnn_nbs_h

By Rachel Lebihan, 
ZDNet Australia
20 September 2001

Australias Department of Defence wont disclose if it will answer the
US governments call to arms in restricting encryption technologies,
and despite widespread support in the States for a ban on
cryptography, experts say its unlikely to happen.

ZDNet previously reported that the question of restricting the use of
encryption tools is a matter of serious debate in the US, where
officials have been quick to blame the use of cryptography for the
surveillance breakdown that failed to detect signs of the recent
US-focused terrorist attacks.

The US has called for international support in its encryption
crackdown but Australian government departments have been quick to
pass the buck or keep their mouths shut as to whether or not the
country will rally to support its US counterpart.

Minister for communications Senator Richard Alstons office didnt
return phone calls to ZDNet Australia and the Attorney Generals
department referred the matter to the Department of Defence, which
said: It goes into the realms of defence and we dont comment on that.

According to reports from the US, there is widespread support for a
ban on "uncrackable" encryption products, with 72 percent of Americans
agreeing that anti-encryption laws would be "somewhat" or "very"
helpful in preventing a repeat of the September 11 terrorist attacks.

However, according to Laura Chappell of US-based Protocol Analysis
Institute, a ban is unlikely to happen. Although over-the-counter
decryption tools are readily available over the Internet we use the
same tools for troubleshooting on our own networksto not allow vendors
to distribute them is impossible, she told ZDNet Australia.

The encryption issue is a double-edged sword...in the US we want to
vote electronically so encryption must be tremendously advanced and
secure. Alternately, we don't want the terrorists to have encryption
better than our government, she said.

Chappell believes that although a ban on cryptography wont happen,
those who write encryption technology will probably cooperate more
with the government to help them detect when terrorist communication
is going occurring.

This is the first time ISPs have really cooperatedthe government
usually has to bend over backwards until its nose bleeds to get even a
little cooperation, Chappell said.

According to Grant Bayley, founder of 2600 Australia (
www.2600.org.au/), a hub of information on computer security, if there
are serious moves in the United States to crack down on encryption,
the Australian Government will surely following suit.

However, such a privacy-restrictive move isn't likely to be a quick
one, given that additional laws would need to be created, debated,
presumably senate-examined and passed, according to Bayley. A sudden
backflip on privacy enhancements to a position of restricting
cryptography and allowing much greater government surveillance of
citizens isn't likely to go down well with an election looming, Bayley
added.

Bayley said it wouldnt surprise him if developers were asked by the
government for decryption assistance, however, In my opinion, there's
more problems associated with putting the genie back in the bottle
than there have been with letting the genie out.

I think the non-technical pollies in Washington are looking for every
reason to avoid pointing the finger at the reduced human capabilities
of their surveillance and intelligence organisations, he said.

Alex Shiels, who runs a Web site relating to cryptography, censorship
and free speech, agrees that no Western government is likely to outlaw
cryptography because it's essential to the finance and e-commerce
industry.

What we might see though is mandatory key escrow, where users are
required to lodge their decryption keys with a government agency, to
be made accessible to law enforcement when a warrant is granted,
Shiels said, bringing into the debate the fact that corrupt or
incompetent escrow agency officials could release keys to the wrong
person.

US corporations are bracing themselves for cyberterrorism attacks.
Australia needs to do the same. Encryption forms a critical part of
online security and internet defences. Any government moves to limit
the use of encryption, including key escrow schemes, will weaken those
defences, Shiels said.

At the end of the day, Chappell believes that corporate America will
win out.

Corporate America is not going to break down the walls and allow a
government state.

What happens in Australia remains to be seen.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.