ACSC pinged by spy watchdog over encryption certification complaint

By on
ACSC pinged by spy watchdog over encryption certification complaint

IGIS offers lessons on "appropriate management of unreasonable conduct".

Australia’s highly controversial new encryption-busting laws have plenty of high profile critics, but when it comes to lodging formal complaints against security agencies, it’s cryptography developers who've been throwing grenades over official certification.

And, well, that hasn’t been going so well.

The annual report of Australia’s spy watchdog, the Inspector General of Intelligence and Security, has revealed the Australian Cyber Security Centre was the subject of a complaint over its “lack of response” to an application “for certification of encryption software” from an angry developer.

Very angry.

While the specifics have been shielded in the IGIS’ (unclassified) annual catalogue of spy misdemeanours, the event was significant enough to warrant a small case study from the watcher of watchers.

And it's rather a salutary lesson on how not to deal with difficult and irascible people over electronic channels: because just because you block them out, that doesn't mean they'll actually go away.

The IGIS has standing Royal Commission-grade powers to unilaterally launch 'own motion' investigations if it doesn't like the smell of the wind. And predictably, it has seen many florid and mundane accusations levelled at spies over the years. 

They range from inaccurate and unfair adverse assessments affecting security clearances, citizenship and visa applications to tin-foil hat grade claims of subliminal mind control through television sets.

In the case of the ACSC, which scored its own special breakout box under the heading of “improving agency procedures”, the lesson dished out is that there’s an established process for dealing with people who don’t like to take no for an answer, especially when anger management isn’t great.

The IGIS wrote that after it received the complaint, “the ACSC informed IGIS staff of their prior contact with the individual; the person’s emails had been blocked permanently due to their offensive language and threatening conduct towards ACSC staff.”

But as staff at agencies like the Tax Office, Centrelink and the Child Support Agency will attest, there are well worn ways of de-escalating and managing punters who go off-piste – and it’s a skillset the ACSC and ASD will need as they head into more public and contentious territory.

And only an unkind person would suggest that the craft of cryptography has for decades relied on the application of somewhat fixated minds to solve problems. We'll be the person and circle back to that point in a moment.

Here's what the IGIS had to say. 

“The ACSC, which provides a range of services requiring public engagement, was unfamiliar with strategies for managing such problems. IGIS staff provided advice (and resources available from the Office of the Commonwealth Ombudsman) about appropriate management of unreasonable conduct to ASD,” the IGIS annual report said.

“As a result, the ACSC wrote to the individual formally advising the communication restrictions, the timeframe during which the restrictions would be imposed, and conditions to be met in regard to any future contact.

“The ACSC expressed appreciation for the guidance IGIS staff provided and indicated an intention to incorporate it in staff training.”

That may well be a prudent move, especially as law enforcement bodies like the FBI lift caution levels around the violent potential of people influenced by conspiracy theories and the Australian Federal Police bolster resources around "fixated threats".

The AFP's annual report reveals its Fixated Threat Assessment Team "assessed over 150 referrals, working collaboratively with international threat assessment networks as well as domestic and international fixated threat assessment centres."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?