Attorney General's new war on encrypted web services

Powered by SC Magazine
 

How you might be forced to unlock seized packets.

Australia's Attorney-General's department wants new laws to force users and providers of encrypted internet communications services to decode any data intercepted by authorities.

The proposal is buried in a submission (pdf) by the department to a Senate inquiry on revision of the Telecommunications Interception Act.

The Attorney General's submission makes it clear that its proposal is a "preliminary view" that may not align with that of the broader Australian Government, which it says has made "no decision" on any TIA-related revision.

The department argues the rise of over-the-top communications (OTT) makes it more difficult to guarantee that intercepted communications will be in an "intelligible" format. The rising adoption of encryption to thwart mass surveillance attempts is irking authorities.

"Sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions," the submission noted.

Though it does not name its key targets, Yahoo!, Google and Microsoft already enable encryption by default for their respective web-based email services. BlackBerry's messaging encryption has also previously been raised as a law enforcement issue.

Under the department's plan, "law enforcement, anti-corruption and national security agencies … [would be able] to apply to an independent issuing authority for a warrant authorising the agency to issue 'intelligibility assistance notices' to service providers and other persons".

The department argues the obligation on service providers would merely "formalise" existing arrangements. However, forcing individual suspects to unlock encrypted messages would be a new power for authorities.

The department sees the scheme acting in a similar way to section 3LA of the Crimes Act, under which authorities can get a warrant that compels an individual to turn over passwords to seized hard drives.

Under 3LA, the individual is compelled to "'provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form", the department said.

The department isn't specific about what it believes individual users could provide authorities that would aid in making sense of encrypted data from internet communication services.

It appeared to acknowledge that it could not "compel a person to do something which they are not reasonably capable of doing". Users would also not simply be told to turn over unencrypted content to authorities.

However, the department wants failure to comply with a notice to "constitute a criminal offence, consistent with the Crimes Act." It does not suggest what types of penalties it would seek if users did not help unlock their encrypted communications.

Encryption has been high on the agenda since revelations that the US National Security Agency (NSA) and its British counterparts were surreptitiously targeting encrypted communications on the internet.

Even before those revelations, agencies were known to be hitting up providers of web services to obtain master encryption keys in order to aid interception.

Copyright © iTnews.com.au . All rights reserved.


Attorney General's new war on encrypted web services
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 339

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  58%
 
No
  42%
TOTAL VOTES: 143

Vote