Australia’s decision to rush in laws designed to weaken encryption has drawn ridicule from international cryptographic experts at the annual RSA security conference.
Public-key cryptography pioneer Whitfield Diffie, also a panel regular at the conference, said that Australia’s laws would not be “productive”.
“I think the problem is roughly this: that it's actually easy to disrupt the use of cryptography by legitimate large scale commercial organisations to make them a lot of trouble, but it's not clear whether those techniques are going to be the same amount of trouble to, for example, terrorists,” Diffie said.
“So I think this is a step that is not going to be productive.”
Diffie ridiculed the basis for the laws, in particular referencing former Prime Minister Malcolm Turnbull’s immortal quote that “the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."
“I think he hasn't seen the possibilities,” Diffie told the conference.
“I mean, if you extend his view to cover the laws of physics and the laws of chemistry, then if he outlawed high energy reactions and uranium and plutonium, they can protect themselves from nuclear weapons.
“And I think with the right chemical laws, they can protect themselves from global warming,” he said, to laughter and applause from the audience.
Independent security researcher and fellow regular Paul Kocher joined Diffie in panning the laws.
Kocher, in particular, criticised the laws for making it possible for law enforcement to target individual employees to secretly weaken systems and then not tell anyone, including their own employer, under threat of significant jail time.
“Australia's new law can put developers in prison if they refuse to put backdoors in their products or they tell anybody that they've done it,” Kocher said.
“To me, this is 100 percent backwards.
“If anybody should be going to prison, it's developers who sneak backdoors into products and then don't tell their managers and their customers that they've done it.”
Kocher was also critical of Australia’s ability to keep introduced weaknesses out of the hands of bad actors.
“Secret backdoors are kind of like pathogens, and governments have done a terrible job of managing them,” Kocher said.
“For anybody who had to deal with the NotPetya situation that cost companies somewhere around $10 billion, it was basically the weaponisation of exploits that were leaked from the US National Security Agency.
“I don't think Australia can do a better job than the NSA, so this is not going to end well for really any of us to have this kind of policy being enacted, whether it's in Australia or anywhere else in the world.”