Australian Attorney General's new war on internet encryption and privacy

Forced compliance to unlock encrypted data on the way?

Buried deep within a 68 page proposal to the Australian Senate lies a hidden suggestion that the adoption of secure internet connections, such as SSL, has become a major problem because it's difficult to spy on. Even worse, the proposal mentions how some people go so far as to encrypt their data.. the same thing that terrorists do!

Masking itself as merely formalizing existing practices, this proposal actually introduces new powers such as

  • The ability to force individual suspects to unlock encrypted items (including turning over passwords for private services).
  • Making it a criminal offense not to comply with this.

It's worth noting that this is independent from laws that require a user to provide passwords for seized hard drives which already exist. Due to the vagueness of the proposal, this would extend well beyond that and into other avenues that have not historically been pressed for. Its also worth pointing out that, based on the language of the proposal, this applies to suspects as well rather than those who have been formally charged with a crime.

There are some rumors out there that suggest terrorists also breath air and shop at grocery stores. Maybe the Attorney General should look into that for a possible correlation?

But hey, we're not finished yet. Historically, a warrant would be required in order to snoop around other people's garbage, and there was a discussion about introducing this into areas that it doesn't currently cover. Apparently, the writers of the proposal believe that warrants are too big a hassle, and shouldn't be implemented for the future of cyber snooping. Sometimes these fishing expeditions investigations could "be seriously impacted, if not prevented entirely." Oh no! The law gets in the way!? But.. but.. how would the terrorists be caught if they have to follow the "law" and "legalities?" Privacy is clearly just an unnecessary burden that just gets in the way!

Online communication like Facebook, Gmail, Outlook, and so on, have taken to automatically encrypting their services. SSL is usually enabled by default, and it has much more to do with protecting our data from hackers than it has to do with frustrating law enforcement. These companies would already be willing to comply with law enforcement if pressed for the data, but it seems that the application process is too complicated for the Attorney General, and the Attorney General wants ISPs to essentially carry out man-in-the-middle attacks and force users to hand over their catalog of passwords upon request.

Terrorists are trolling law enforcement by being secretive, and someone in the police force has tattled to the Attorney General. Maybe they can prosecute them under anti-internet bullying laws?

The Attorney General believes that obtaining a court order to search your digital property is too difficult, resource wasting and time consuming. Which is true since, as the report details, some 319,000 authorizations for snooping were made in Australia over the 2012-2013 financial year. If they had to obtain a warrant for each and every act of invading someone's privacy, it would flood the courts. 

Here is a better solution: start limiting your requests for data. What's next? People should stop having curtains in their homes so that police could more effectively take a peek when they're walking past? Damn it! they might find the uranium enrichment facilities and Al Qaeda terrorist camps everyone has in their living rooms! Imagine they decide to take a look in our backyard and find out about the weekly pedophile committee meetings!? Hell, maybe the government would have even needed to justify why they were spying on the Indonesian president!? The horror!

Catching terrorists is great and all, but it kind of loses its edge when you have to fill out a mountain of paperwork in order to be allowed to do so :(

Simply put, the global community has reached a situation where the definition of what constitutes a crime is being distorted.  A point has been reached where things that were typically civil issues have become criminal issues, and where the law enforcement is over-dosing on the data we have stored on the internet to the point that they themselves believe it is unfeasible to have the individual requests reviewed in a court of law. There is a reason why there is a formal process that must be undertaken in order to invade someone's private life, and that formal process is by no means any less relevant in 2014 than it was in the years before.

The message is clear: encrypting our digital lives is causing a headache for those who want to monitor us... and those who want to monitor us want to make it useless for us to do so. In response, the best solution is for internet users to continue to encrypt things as much as they can, until proposals such as the one submitted by the Attorney General shift from "How can we stop people protecting their privacy?" into "How can we reduce unnecessary data interception and retention?"

Sources: APHitnews | Image via The Age

Report a problem with article
Previous Story

Microsoft releases Office Lens for Windows Phone to save text from photos

Next Story

Man who Newsweek says is Bitcoin's creator issues new denial, hints at legal action


Commenting is disabled on this article.

We have had this for years in the UK. Its that bad if you encrypt stuff you must be doing something bad. You dont want to do anything bad do you sonny! Better not encrypt anything.

This government doesn't understand the internet.

Turnball thinks he's a genius because here owned a dialup ISP and sold it back in the day.

A collective FU is long overdue. Of course, now that countries like this are largely disarmed, no one will listen to them. Get a clue U.S., gun owners protect a hell of a lot more than themselves by refusing to allow themselves to be disarmed. Without privacy, there is no real freedom.

So the 'Fear of Imaginary Bad Things' crap works everywhere. I thought it was just here.

On the bright side, at least the Australian government is telling you they don't trust you. In the United States, the government just lies about spying on us. And our Justice Department lies even to congress.

I thought about offering a quote about freedom and privacy, but they all fail to covey the severity of what humanity needs to realize. As much as I support personal privacy it very well be coming to an end.

Technology, even in modest progressions, has the potential to remove all forms of privacy in the very near future. It is in the removal of privacy that we need to focus our debates and attention as we may only have artificial rules of privacy and illusions of privacy by the end of this decade, if we have not crossed that line already.

This discussion must go beyond just computers and bit based security. Humankind has the theoretical technologies to monitor and record every action and thought of every human being on the planet.

Going just a bit further into the future, based on sound principles of physics, we will eventually have the ability to access information from any point in space and time, which will be the end of any personal privacy as access to this technology becomes available to everyone.

The questions we should be dealing with now revolve around how we deal with the loss of privacy, and what artificial rules or counter technologies can we establish to maintain some level of privacy as technology continues to remove the barriers we currently have.

As for encryption technologies, they only hold up at the layman level. Knowing this, we must consider what happens in ten years when quantum code breaking is available to anyone and instead of 14 billion years to crack a 256bit key, it can be revealed instantly. We need to be working towards far more advanced technologies that need the security of quantum entanglement encryption, or digital protection completely disappears.

There are already US intelligence organizations that are getting lucky with quantum encryption breaking, and it won't be long before this technology becomes available to everyone.

We do have some privacy today, but we must remember that it is through obscurity and effort that it exists at all. If the NSA 'really truly' needs to break encryption, they can even without a backdoor key; however, it needs to be worth their time.

Mobius Enigma said,
.... As for encryption technologies, they only hold up at the layman level. Knowing this, we must consider what happens .....[if] code breaking is available to anyone ... instead of 14 billion years to crack a 256bit key [with a common home or business computer system], it can be revealed instantly. If the NSA [or other agency] 'really truly' needs to break encryption, they can ....

I've edited your quote some. :) A Marvin Minsky clone (AI computer) costs about US$230 Million of which the price has gone down significantly to about US$188 Million per machine. This marvelous number cruncher is publicly available if you can come up with the cash. The average persons, businesses, local governments, and poorly managed countries can't afford this. Additional costs not mentioned here would include a competent staff to program, run, and operate the machine (etcetera).

U.S. Intel Average Crack (around 2002 A.D.; 1998 - 2005 Era)
256 bit encryption = 12.3 seconds.
512 bit encryption = 6 hours to 3 days.
512 bit compressed triple encryption = 3 days to 2 weeks.

*This is only using one Minsky machine (by one U.S. Agency). The U.S. Congressional College of Electronic Warfare has three (a lot more by now I'm sure; You need 3 Masters degrees just to get into this college). With an annual Federal budget of US$6 Trillion to over US$9 Trillion per year, the U.S. Government could probably afford to buy a couple of these machines per year. I've no clue how many Minsky machines are in the U.S. Intel Agencies.

Encryption is no better than the lock and key to the front door of your residence. It only keeps the honest thief out...as it doesn't take much to smash a window. The frustrated thief would probably try to pass a rule outlawing the use of locks and keys altogether. Stating, knocking on the door and waiting for someone to respond takes too much time and resources, as they might not be there to answer, and having knocked for over an hour, realize there isn't even a car in the driveway. Then leaving a message, not knowing how many hours it would take for a response. A few days later a neighbor mentions that they're on a two week vacation.

The only questions in the U.S. Government is: What information Intel Agencies are allowed to have access to with or without a warrant. So far, the only undisputed agreement is all incoming and outgoing international calls (which is over 90% of global communication traffic). Interception of all other types of communication methods and types are covered under other Special Rules or Codes of Laws (ie. Patriot Act, etc.). It should be noted that this is for Intelligence Agencies only, and not for State or Local governments, or other government uses.

The Australian Attorney General should have no rights whatsoever to private citizen information at large (as the Attorney General is clearly "Not An Intelligent" agent). Especially since he's stuck on something as simple as SSL (which still has a middle-man vulnerability in a commonly used browser).

The UK Bobbies can bite me -- they shouldn't have access to private citizen information either.

Everyone should Compress and Encrypt all of their data using 512 bit cyphers. The common ATM III bank machines and newer use 512-bit cyphers, so should you. It might not protect you against a first world government, but it'll protect you against a majority of criminals at large.

And yes, everyone has something to hide -- their identity. Identity theft is huge and still rising. With enough basic information on your identity (just partial is sufficient, name/address, or just an electric bill) anyone can open a credit card account and spend your identity debt into oblivion.

Another form of identity theft is an illegal alien working in the next county or another state/province under your name and/or social number in a company you've never seen before. Or how about buying several homes and cars with your credit identity -- if they succeed in flipping the properties, you never hear about it -- but if they fail, it drops on your tab.

You can always google Cypher Source Codes, PGP Source code, Pictography Source Codes, etc., and tweak your own cypher to any strength level. Most are complete working apps with original source codes. If it doesn't come with compilable source codes, skip it.

*Note: Dictionary Attacks - Don't use a plain word you can find in a dictionary. Compressing before encrypting thwarts brute force attacks as it is messing with the compression algorithm. Zip files are not an effective compression scheme for cypher use as programs and documents contained in a .zip compression scheme do not have to be decompressed to be launched or readily used.

Attempting to crack a compressed cypher with an off the shelf computer is a waste of time. Though innovatively stacking a ton of Nvidia GPUs in a couple of large cases is cheaper than buying a super computer and has a very good probability of cracking in a shorter amount of time. About four Nvidia GPU stacks can compete with four to six super computers at a huge fraction of the cost.

Q1: Is the Australian Attorney General a member of the Chinese Communist Diet? Based on this article, he wants Australia to conform to the Communist China model.

P.S. Warrants in the U.S. generally only takes about 5 to 15 minutes (simple phone call) to obtain one. If the Australian Government's technical capabilities are so far behind, I wouldn't be surprised if they simply dropped the Proposal and hired the U.S. Government to crack the cyphers for them.