Thu, Jun 15, 2017 - Page 9 News List

Brandis’ proposal could blow a hole in the Internet’s architecture

By Paul Farrell  /  The Guardian

In 1993, then-US president Bill Clinton’s administration introduced the “Clipper chip” into the US’ digital and consumer electronics. It was one of the earliest attempts to enforce a back door into digital products, and the first in what is known as the “Crypto Wars,” when the US government fought to control and regulate strong encryption.

The Clipper chip was a catastrophic failure. It was a failure that Australian Attorney General George Brandis might find instructive as he places Australia on the front line of a new crypto war.

Last weekend, Brandis sought to revive a debate that has continued for several years about granting governments greater access to encrypted messaging communication to aid criminal investigations.

In an interview with Sky News, Brandis said he would approach the Five Eyes intelligence network — made up of the US, Britain, Canada, New Zealand and Australia — to ask them to consider imposing greater legal obligations on device makers and social media companies “to cooperate with authorities in decrypting communications.”

He looked favorably at laws passed in Britain that require device makers and messaging providers to provide greater assistance to authorities in decrypting messages.

Brandis has stressed this is not about creating a “back door,” but it is hard to see how what he is proposing could be possibly be achieved without this.

What he appears to be suggesting is creating a cross-jurisdictional system that would compel different providers and services to provide law enforcement agencies with greater access to communications.

This would only be possible with a vast data retention regime scheme imposed on devices and messaging services, and a system by which the app companies and providers have access to the keys that encrypted communications.

That is not just a back door — that is more like a giant sinkhole that your back door fell into. It is a gaping, cavernous hole in the architecture of the Internet, and that is a big problem for a number of reasons.

To start with, strong encryption is vital to national security. If you “impose an obligation” on a company to make sure they can give access to it, you risk making those tools less secure.

Undermining these protections would undermine all kinds of important cryptography.

Apps including Signal and WhatsApp, which uses Signal’s protocols, are designed so providers cannot decrypt messages, because they know that if they could, they would be far more vulnerable to attacks and exploitation.

Australian Prime Minister Malcolm Turnbull, a more tech savvy leader than most, uses Signal and Wickr because they are designed to be more secure.

There is precedent for this.

Phil Zimmerman, founder of encryption program Pretty Good Privacy, has outlined that the Crypto Wars of the 1990s actually weakened US cyberdefenses.

“You don’t have to distrust the government to want to use cryptography,” he wrote in a 1999 essay. “Your business can be wiretapped by business rivals, organized crime, or foreign governments. Several foreign governments, for example, admit to using their signals intelligence against companies from other countries to give their own corporations a competitive edge.”

Brandis’ proposal envisages a vast regime of surveillance that hugely increases the risk of government and non-governmental intrusions into privacy in order to combat a very specific threat.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top