Thu, Dec 13, 2018 - Page 9 News List

Australia’s war on encryption: sweeping new powers rushed into law

Australia has made itself a global guinea pig in testing a regime to crack encrypted communications

By Paul Karp  /  The Guardian

Illustration: Mountain People

In the hit US TV series The Wire, police are initially baffled when the criminal suspects they are investigating begin to communicate through photographic messages of clockfaces.

After several seasons of plots driven by the legalities and logistics of setting up telephone intercepts on suspected drug dealers, the police cannot keep up when overheard conversations are replaced by an inscrutable form of pictorial code.

The Wire cops eventually break the clockface code, but they would have a great deal more difficulty in the present if they were chasing criminals using WhatsApp, Wicker, iMessage or other encrypted communications.

End-to-end encryption is a code so strong that only the communicating users can read the messages.

As a result, law enforcement agencies the world over are struggling with a wicked problem: what can they do when the suspect or target of investigation “goes dark?”

In Australia, the government claims to have found the solution to that problem in the form of a new law not necessarily to break encryption itself — as an equivalent UK legislation allows — but to co-opt technology companies, device manufacturers and service providers into building the functionality needed for police to do their spying.

The mind-bogglingly complex law, more than a year in the making, passed the Australian parliament on Thursday last week.

The opposition Australian Labor Party shelved its plans to improve the scheme and waved it through in response to overwhelming pressure from the Liberal-National Coalition government, desperate to see it made law before Christmas.

However, with digital rights and technology experts warning that government amendments are confusing or counterproductive, it is questionable whether Australia has finally unscrambled the encryption omelet or set its law enforcement agencies and information technology industry up to fail.

The Telecommunications (Assistance and Access) Act starts with a golden rule about what law enforcement agencies cannot do: they cannot require technology companies to build a “systemic weakness,” or back door, into their products.

Instead, agencies gain new powers to issue notices for companies to render assistance, or build a new capability, to help them snoop on criminal suspects.

Communications Alliance chief executive John Stanton said that his group was concerned about “the breadth and range of activities” law enforcement agencies could require companies to do.

The list of acts or things is long and includes removing one or more forms of electronic protection; providing technical information; facilitating access to services and equipment; installing software; modifying technology; and concealing that the company has done any of the above.

With these compulsory notices subject to varying levels of safeguards police could, for example, send a suspect a notification to update software such as Facebook Messenger that in fact allows police access to their messages.

Agencies might not be able to directly decrypt messages, especially if they are located overseas, such as in the case of Russian app Telegram, a key weakness of the UK security architecture.

However, using these notices, Australian agencies could install keylogger software to enable them to see, keystroke by keystroke, what users type into a message.

Comments will be moderated. Keep comments relevant to the article. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned. Final decision will be at the discretion of the Taipei Times.

TOP top