Forced compliance to unlock encrypted data on the way?
Buried deep within a 68 page proposal to the Australian Senate lies a hidden suggestion that the adoption of secure internet connections, such as SSL, has become a major problem because it's difficult to spy on. Even worse, the proposal mentions how some people go so far as to encrypt their data.. the same thing that terrorists do!
Masking itself as merely formalizing existing practices, this proposal actually introduces new powers such as
- The ability to force individual suspects to unlock encrypted items (including turning over passwords for private services).
- Making it a criminal offense not to comply with this.
It's worth noting that this is independent from laws that require a user to provide passwords for seized hard drives which already exist. Due to the vagueness of the proposal, this would extend well beyond that and into other avenues that have not historically been pressed for. Its also worth pointing out that, based on the language of the proposal, this applies to suspects as well rather than those who have been formally charged with a crime.
There are some rumors out there that suggest terrorists also breath air and shop at grocery stores. Maybe the Attorney General should look into that for a possible correlation?
But hey, we're not finished yet. Historically, a warrant would be required in order to snoop around other people's garbage, and there was a discussion about introducing this into areas that it doesn't currently cover. Apparently, the writers of the proposal believe that warrants are too big a hassle, and shouldn't be implemented for the future of cyber snooping. Sometimes these
fishing expeditions investigations could "be seriously impacted, if not prevented entirely." Oh no! The law gets in the way!? But.. but.. how would the terrorists be caught if they have to follow the "law" and "legalities?" Privacy is clearly just an unnecessary burden that just gets in the way!
Online communication like Facebook, Gmail, Outlook, and so on, have taken to automatically encrypting their services. SSL is usually enabled by default, and it has much more to do with protecting our data from hackers than it has to do with frustrating law enforcement. These companies would already be willing to comply with law enforcement if pressed for the data, but it seems that the application process is too complicated for the Attorney General, and the Attorney General wants ISPs to essentially carry out man-in-the-middle attacks and force users to hand over their catalog of passwords upon request.
Terrorists are trolling law enforcement by being secretive, and someone in the police force has tattled to the Attorney General. Maybe they can prosecute them under anti-internet bullying laws?
The Attorney General believes that obtaining a court order to search your digital property is too difficult, resource wasting and time consuming. Which is true since, as the report details, some 319,000 authorizations for snooping were made in Australia over the 2012-2013 financial year. If they had to obtain a warrant for each and every act of invading someone's privacy, it would flood the courts.
Here is a better solution: start limiting your requests for data. What's next? People should stop having curtains in their homes so that police could more effectively take a peek when they're walking past? Damn it! they might find the uranium enrichment facilities and Al Qaeda terrorist camps everyone has in their living rooms! Imagine they decide to take a look in our backyard and find out about the weekly pedophile committee meetings!? Hell, maybe the government would have even needed to justify why they were spying on the Indonesian president!? The horror!
Catching terrorists is great and all, but it kind of loses its edge when you have to fill out a mountain of paperwork in order to be allowed to do so :(
Simply put, the global community has reached a situation where the definition of what constitutes a crime is being distorted. A point has been reached where things that were typically civil issues have become criminal issues, and where the law enforcement is over-dosing on the data we have stored on the internet to the point that they themselves believe it is unfeasible to have the individual requests reviewed in a court of law. There is a reason why there is a formal process that must be undertaken in order to invade someone's private life, and that formal process is by no means any less relevant in 2014 than it was in the years before.
The message is clear: encrypting our digital lives is causing a headache for those who want to monitor us... and those who want to monitor us want to make it useless for us to do so. In response, the best solution is for internet users to continue to encrypt things as much as they can, until proposals such as the one submitted by the Attorney General shift from "How can we stop people protecting their privacy?" into "How can we reduce unnecessary data interception and retention?"