Tuesday, 14 August 2018 09:33

Govt leaves door open to crack encrypted messages Featured

By
Govt leaves door open to crack encrypted messages Pixabay

ANALYSIS The Australian Government has left open the door for enforcement agencies to use specific cracks to gain access to encrypted communications on specific devices, given the language it has used in a draft of a new cyber law.

There has been much speculation over the last year about what Canberra would do with regard to encryption. The draft law issued on Tuesday indicates that no foolhardy attempt will be made to insert generic backdoors.

But there is some ambiguous language in the legislation when it comes to encryption:

"A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

There it is – that word "systemic". It does not rule out the possibility of a one-off crack in a specific case. Or even a few cases.

It will be interesting to see what the government intends to do in the case of an app like Signal. Open Whisper Systems, which produces the app, has designed it to generate the minimum logs possible.

In fact, when a subpoena was issued in October 2015 asking for email addresses, history logs, browser cookie data and other information associated with two phone numbers as part of a grand jury probe, OWS owner Moxie Marlinspike could not provide anything. He had nothing to give: Signal does not store such details.

As per the draft law, the government will use the stick of big fines — up to $10 million — and the carrot of reimbursing any costs for co-operation to get data from companies when needed.

Access to data will be gained before it is encrypted — which could mean that a device maker will be asked to target specific devices with updates to make that device accessible to law enforcement — or read during transmission.

Agencies will have access to GPS data in order to conduct surveillance of suspects, or even delete material from a device if needed.

As usual, the government statements — mostly from Cyber Security Minister Angus Taylor — have been heavy on terrorism and child pornography.

From the wording of the bill, much of which has to be read side by side with the existing legislation in order to make sense, it appears that the increased financial penalties and jail terms will be the main means of scaring people and companies into submission.

The law also guards against having evidence presented in court that is not obtained by kosher methods. There have been two cases in the US where that government has dropped cases due to the methods by which information is obtained.

In March last year, government investigators in Washington state dropped all charges against a man charged with child pornography offences as they did not want to reveal the technological means they had used to locate him.

And in April 2017, the US Government dropped two child pornography cases against a man rather than reveal material available on WikiLeaks — which is still classified by the US Department of Justice — in court.

The law is bound to get through parliament with a few modifications. Labor will back it, because the party is afraid to be seen as weak on national security. That is the stick which the Liberals and Nationals will yield. And no Labor leader has ever shown the guts to stand up to such tactics.

The government has invited feedback on the draft bill which can be sent to [email protected] by 10 September.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments