Australia’s spies and cops want ‘accountable encryption’ - aka access to backdoors The director general of Australia’s lead intelligence agency and the commissioner of its Federal Police yesterday both called for social networks to offer more assistance to help their investigators work on cases involving terrorism, child exploitation, and racist nationalism. The two bosses yesterday appeared together at …
I don't even need a proof, they can leave the implementation to someone else. I just want them to provide a concept of how they think it could possibly work that encryption is end-to-end secure unless a judge decides it isn't.
As far as I can tell, if we had some sort of magic gate that only allowed the good guys through, we'd have no worries about this sort of thing anyway.
>Judges need evidence to make decisions.
Not in Australia.
We have a MASSIVE problem with activist judges.
Visible kickoff in the 90s when a huge case ruled on the basis that the British Empire in the 1700s had a time machine, for example, and even then they didn't bother reading the law they ruled on, instead relying on activist documents (which were wrong). Over 62% of Australia's real estate has compulsorily changed hands since then as a result.
More recently, a judge (upheld on first appeal) reversed the onus of proof in a criminal case: the defendant had to prove innocence beyond reasonable doubt (further, actually: that the accusations were IIRC "completely impossible").
Many many instances. Those are just 2 well-known ones.
And it has been _really_ picking up speed in the last few years.
>No, it hasn't. You've been down the rabbit hole of conspiracy theories for far too long.
Go argue with the Native Title Tribunal, child:
www.nntt.gov.au/Maps/Schedule_and_Determinations_map.jpg [or alt.fmt: PDF]
63.4% -- it's gone up since I last looked.
* 52.2% : Completed Fully
* 11.2% : Awarded but Documentation still WIP
The Tribunal now pre-filters all claims (since ~ late-90s) : refuses all claims which are NOT certain to be awarded, so any claims-made which make it onto the NNTT's books are a done deal, just working through the bureaucratic process.
"Amusingly", it's good honest PROPER socialism(feudalism), and the people in whose name the land is handed over, are not allowed to do anything with it themselves -- Aborigines are not even allowed to own a house on exclusive Native Title land. It all gets handed over to the control of a cadre elite. Who then get to play with YOOJ money and toys. (Likewise, the recent Voice referendum to overturn the Westminster System pledged to prevent Aborigines from being allowed to vote for Voice reps -- Aborigines being allowed democracy in 'their' Voice was deemed "a threat to the integrity of the National Voice" (pp112-114, Voice Policy Document, voice.gov.au) so voting was to be restricted to the cadre elite.)
All based on 1700s Britain having a time machine, courtesy of activist judges.
.
Bye the bye, shriek-flailing "right-wing conspiracy theory" at everyone who points out that facts puncture most current Narratives just writes you off as --as you Narrative acolytes say-- not a serious person.
You posted a falsehood, then ad hominem. I matched your ad hominem (render unto Caesar), then provided the canonical reference and number. Added some details normally hidden behind the façade.
Your response:
* HOW DARE people talk to you the way you talk to them.
* Facts are "unintelligible gibberish"
>your first and last resort is to start name calling
Suggest you read your first post and your last. You're hoist on your own petard.
>The level of self importance you have is truly mind boggling.
Hoist on your own petard again. How embarrassing.
>I'd love to see your evidence of the huge problem of activist judges in Australia
...The post you replied to with a lie and unilateral ad hominem. Then followed up with ad hominem. Then finished with ad hominem.
No substance at any point. In fact, the exact opposite: declaring third-party canonical fact "unintelligible".
Pretty standard for the syndrome.
This post has been deleted by its author
So to do this enable them to just lock up everyone who isn't law enforcement. Most of those locked up would be innocent but if all thse guilty were locked up it would be a success.
Is the above acceptable to you? I trust it isn't.
Starting from the position that it isn't acceptable where do we draw the line?
Would it be acceptable to you if, for instance, all your communications with your bank for your perfectly legitimate routine day-to-day transactions were monitored? And any online shopping you do? If it is then why don't you post here all your online credentials that would be included in those communications? Or would that be the wrong side of the line? Where do we draw the line?
My daughter works from home in clinical trials. Her online communications and, of course, her PC, will certainly include commercial-in-confidence stuff but I'd also expect them to include share price sensitive data which is subject to financial regulation. It may well include medical data of trial subjects which will be subject to privacy protocols over and above GDPR. Would it be acceptable for law enforcement to be able to pry into that? If not would she and her comapny have to get some special dispensation. Or would this be the wrong side of the line? Where do we draw the line?
But let me make a wild guess: you have never, in any part of your career, been part of what you describe as law enforcement.
>Would it be acceptable to you if, for instance, all your communications with your bank for your perfectly legitimate routine day-to-day transactions were monitored? And any online shopping you do? If it is then why don't you post here all your online credentials that would be included in those communications?
Legislation to do precisely this is currently before the House of Lords in the UK.
It's for your own good.
It's for your protection from baddies.
Please present yourself to the nearest prison immediately. There's a non-zero chance you are a criminal and, by your own standards, you should have no issue with being locked up, as due process can hamper attempts to prosecute. We could even throw in a little torture, just in case you're holding back anything that might help prosecute other criminals.
Might as well add, "If you're innocent, you have nothing to hide" to that.
Do we want a safe world? Yes. But believe that the good guys are "all good", because the bad guys are "all bad"? Nope, not with the "good guys" history of twisting things when it suits their purposes. IF, and that would be a big IF, they had behaved in a trusted manner for, oh let's say, the last CENTURY then *maybe* I would consider trusting them.
But exactly how many innocent people were railroaded into prison because the prosecution wanted another 'guilty' notch on their belt? How many minorities / repressed peoples have suffered under the "gracious" hand of "enthusiastic" law enforcement?
Nope. Simply, we can't allow it. We wished we lived in a world where either (a) it wouldn't be needed in the first place, or (b) we could trust their actions and motives unequivocally. Too bad we end up living in the real world and have learned hard lessons about "Trust me, I'm here to help".
Might as well add, "If you're innocent, you have nothing to hide" to that.
To which, of course, there is stuff that you're contractually obliged to hide. On a personal level it's part of the contractual terms for many web-sites that require log-in access. In a work-related context it includes any commercial-in-confidence material you handle and material subject to regulatory or statutory control.
"Either we support law enforcement in their efforts to prosecute the vilest criminals on the planet, or we don't"
When we get accountable security services, police, government etc. then I'll consider your argument.
Hell will freeze over first and when it does freeze over I still won't agree with giving up my privacy and security
The concept of "vilest criminals" is relative! Especially when religion gets involved. Just look at what is going on in the US with abortion, consider being female in Saudi Arabia.
Here in Australia the law enforcement services do not have a particularly good record in terms of being honest. Who will protect us from the crooked cop?
Coming up with bullshit new phrases doesn't make the impossible possible. Either end-to-end encryption is secure, or it isn't.
My mum who is getting on a bit now, understands that backdooring end to end encryption is a dumb thing/impossible. I had to explain why, but even she understands it’s really not a good idea, Conversely I asked someone much younger at a party at Christmas a few years ago what he had against end to end encryption. The topic came up because my invite had arrived by WhatsApp. He said something similar to the Australians and that people can use it to hide their dodgy stuff, financial dealings etc. Then out came the classic “I have nothing to hide” I asked him if he had curtains in his house and he said “obviously” so I said he therefore did have something to hide.
Did he bank online, well yes he did and seemed oblivious to the fact that used it, until I told him. Did he shop online, yes and again was amazed that this too used e2ee. Oddly though he thought all email did and I told him the oft repeated phrase “Don’t write anything in an email that you wouldn’t write and send on a postcard”. He had no idea and said he sent his card details CVV address and all, via email to companies he bought from.
People need education because yes you could get rid of e2ee (which is virtually what you are doing with backdoors) but you also get rid of so many other things that rely on it.
Thank you for sharing your memories. I'm sorry if I go off topic here, but your story reflects on another common topic here on El Reg: Linux. If Average Joe still doesn't understand that their emails aren't encrypted, but their online commerce is, what is the hope of making said Average Joe computer literate enough to tackle a comfortable switch plus personally-responsible upkeep of a Linux desktop? It seems a pipe dream to expect most users to understand the compute boxes they use, never-you-mind how to sudo yourself into a console.
I keep making this point but people here don't want to hear it - being "Unix-like" is NOT a benefit to the average computer user. Your exposure to "modern Average Joe computer user" shows that these are considered appliance boxes, nothing more.
Everybody makes mistakes, if there were no police in UK or AU, there would be far more innocent killings.
No idea why you expect perfection given you already know the world has a lot of arseholes everywhere, overall the police of both countries do a good job 99% of the world would be proud to live in either for its peace and well being.
We don't expect perfection, but we limit the powers because they aren't perfect. I am not perfect, so it would be a bad idea to let me do whatever I want without limit. A police organization is expected to do two things to try to improve how good they are:
1. Check on the people they hire and try to remove those who are consistently worse. People will have different ideas about how well they do this, but they clearly do not do it perfectly.
2. Limit themselves to conduct, reviewed by others afterward and, when important enough, before actions are taken. That way, bad ideas can be prevented and abuses can be detected.
Unlimited surveillance goes against the goals of point number 2.
Read up on the killing of Charles de Menzes. What happened was a system failure. The system was devised by Cressida Dick. On the day in question, it was operated by her. It involved a misidentification, failure of surveillance officers to notice that a tube station was closed. Cressida Dick did not resign. She was not dismissed She was promoted to become the head of the Met.
It's not only about killing people. It is also about imprisoning them. Or even charging them if they haven't actually done anything worth charging. Moreover, it's about accessing the communications they shouldn't need, whether that results in imprisonment or charges or not. For example, if a police officer with access chooses to look up someone they know just because they're curious, that person is not likely to be charged or imprisoned, but they have been harmed.
If the police don't kill innocent people ever, that is not sufficient. What you need to be certain of to make this in any way justifiable is that the police are infallible and will never commit any abuse, no matter how small, and will never commit any error that permits someone else to commit an abuse. Are you that certain of them? I'm not that certain of anything.
Stop talking bullshit. YOu have too be a real arsehole to goto jail in AU or UK. Almost nobody goes to jail the very first time they do a bad thing.
doublelayer: For example, if a police officer with access chooses to look up someone they know just because they're curious, that person is not likely to be charged or imprisoned, but they have been harmed.
cow: Stop bitching about nonsense and look at the big arseholes who spy on everyone everyday, aka the big american corporations whose spying does real physical and mental harm.
Almost nobody goes to jail the very first time they do a bad thing.
There was a fairly high profile news report a few months ago of an innocent man whose conviction and life sentence were recently overturned after he'd spent 19 years, IIRC, in prison for an offence he didn't commit. The most recent report I read was that he was homeless & living rough which, in my book, still doesn't add up to having been freed. That's a hell of an experience to justify your use of the word "almost".
if a police officer with access chooses to look up someone they know just because they're curious, that person is not likely to be charged or imprisoned, but they have been harmed.
Again, a report from recent months in the UK. A police civilian worker, not an officer, had access to confidential information about an operation and passed it on, the information eventually ending up alerting a criminal.
How is someone hanging themselves a police mistake ?
Those people are scum of the earth, they rape and beat their family and kids. Its unfortunate they didnt hang themselves earlier , they are nothing but criminals on a daily basis - thats a fact, every single one of them has a record with many many offences .
YOu wouldnt want those aresholes living in your street.
You idiot!
They were in police custody and had not been tried. All of "Those people" were innocent until proven guilty. In many cases they were only in because they were picked up drunk or appeared drunk because the were sick!
These did NOT hang themselves, they died because they needed medical attention that never arrived!
... even if it was fully implemented.
Trusting a provider's encryption is an open invitation for state agencies to read your comms.
Only independent public-private key crypto is safe (PGP being the most well known implementation).
Though using that through a service that also then does end-to-end crypto on top (ie doubly-encrypted) is obviously the cherry on the cake
"Sophisticated actors" know about stuff like steganography and one time pads as well as PGP and it's like and don't use things like X for Facebook to pass information.
This is for trawling the general population, no matter what they say and how noble their intentions might be, it'll be abused by law enforcement and criminals to the detriment of everybody else.
"tech companies should respect the rule of law and the order of a court, or independent judicial authority, and provide that information"
Obey the rule of law, no problem. Obey the order of a court, obviously. But just what exactly is an "independant judicial authority" ? Is that your nephew's office with a nice sign on the door saying "Warrant Delivery" and no questions asked ?
Because I would not agree with that. Get yourself a proper warrant from a proper judge and stop trying to use children as an excuse yet again.
>just what exactly is an "independant judicial authority"?
Australia, currently: the eSafety Commission.
Currently seeking global censorship of X (but not the other social media sites still hosting a video of a non-white's failed attempted stabbing of a non-white bishop (who (the bishop) has stated he wants the video left up)). Nominal/specious reason: violence. Worse is routinely seen on the evening TV news.
Led by a censorship activist who's on record stating formally that we need a new definition of Truth, Information, etc.
- "China-backed hacking group had stolen a cryptographic key from [Microsoft's] systems."
- "Researchers at security vendor Bitdefender have uncovered the FiveSys rootkit, which is the second rootkit they’ve run into that has managed to make its way through Microsoft’s driver certification process."
- The NSA thought it had a monopoly on CVE-2022-38028, but Russia had been using it for years to install malware.
- Australian Cops are clammoring, again, for holes in encryption that they swear only they will ever know about -- many thousands of them will have access, and not one will ever leak it to an adversary.
Backdoors in encryption are holes in security. Even if you think you're the only ones with the key, you won't be -- and probably you won't know that until your secrets are out. Calling for known-breakage in encryption is calling for systems to be insecure. It's always cops that are calling for this, just like the American cops are shouting, "If you require we get a warrant before we search a home, then as-needed home searches will be impossible!" "If you're saying we need to get a warrant before we can search or gather data on a citizen, then we won't be able to search historically gathered citizens' data from before we had cause!" Wait. Wut?
It's incredible. That anyone even considers granting these suggestions. How do they not understand that they are not special? That everything they do to weaken themselves will _hurt_ themselves.
Surely they know that this will only allow them to spy on normal folk, businesses and thick crims?
Surely they understand that since criminals break the law they are unlikely to have much of a problem using an unlawful end-to-end encryption service that doesn't have 'accountable encryption'.
Surely they know that since the internet is global and largely without borders it will be trivial to obtain very good (or good enough) unlawful encryption software.
And surely they understand that punching ANY holes in security mechanisms makes thing insecure, and there is no magic encryption that opens its doors only for the 'good guys'. After all we've been having this same conversation for 15yr
So that in mind, WTF are they actually trying to do?
>Surely they know that this will only allow them to spy on normal folk, businesses and thick crims?
No it will only be used against terrorists, organised crime and (checks notes) child porn
It won't be used against fly-tippers, school catchment area shoppers, dog-shit not-picker-up or the families of murdered children where you didn't bother to investigate cos the victim was black
"It won't be used against fly-tippers, school catchment area shoppers, dog-shit not-picker-up..."
Bollocks! PC Cryptoplod will come after them to (a) boost their crime detection numbers; (b) use the resulting number of prosecutions to "prove" crypto backdoors "work".
>So that in mind, WTF are they actually trying to do?
Careful. Pointing out necessary logical implications triggers some people's defence mechanism and you will get launched at en masse by people screaming "Right-wing extremist conspiracy theory!"
Absolutely routine.
But as you point out, since even a moment's thought demonstrates these powers CANNOT achieve the stated purpose, and since the sheer amount of effort going into pushing them implies they're very important to those pushing them despite this, then this necessarily implies another purpose.
Ask yourself what the most likely outcome of the powers will be.
That's most likely the purpose.
The printing press "is a transformative information source… and the world’s most potent incubator of extremism.”
The arguments of entrenched authority have never changed.
Arguably the printing press led to the Reformation which, even by 20th and 21st century standards, a proper shit fight and as is usual, with plenty of extremists on both (every) side.
The presses in Philadelphia were almost certainly thought of and spoken of in the same vein by the British authorities and loyalist americans. Leaflets or pamphlets were typically pseudonymous or anonymous as were the later Federalist Papers.
Anyone that has had anything to do with "cybersecurity" or the actual dark lantern spooks would guess from the bollocks they think, the codswallop they talk, that their trowser legs are soaked through from pissing into the wind.
Professional spies or criminals are never going to be caught by intercepted encrypted social media traffic. The mob that marketed modified Blackberry phones several years ago, must have cleverer successors. Only the low hanging fruit of the gormless and foolish will ever likely to be caught.
I personally find the Director's denigration of traditional investigation and policework rather disturbing even chilling. The very low S/N ratio and veracity typical of social media could be tragically misleading. Lazy policing is dangerous on every level.
Burgess labelled encryption “clearly a good thing, a positive for our democracy and our economy” because it “protects privacy, it enables communications and transactions.”
But he noted it also provides criminals with anonymity, which is why Australia has laws that make it possible to access encrypted messages. Burgess said those laws aren’t working well because tech companies aren’t helping.
Technology of all types, in and of itself, is agnostic; it is neither good or bad. The various use cases could be seen to be somewhere in that scale, though. This is not news
Hint to all the authoritarians out there; Pandora's box is officially open.
On the subject of encryption; if anyone other than the sender and recipient know the key, it is, by definition, insecure. It is not a matter of 'tech companies aren't helping' - a properly crafted encryption system means they cannot help.
@Electronics'R'Us
Quote: "...encryption ... also provides criminals with anonymity...."
No....it provides users with privacy......."anonymity" requires that identities and end-points are obfuscated.
Exanples:
(1) Identity: see mail.com for a useful way of hiding behind an anonymous email address.
(2) End-Point: make sure that your communications are sent and received on a burner (or in an internet cafe).
@Electronics'R'Us
Quote: "....if anyone other than the sender and recipient know the key, it is, by definition, insecure...."
In fact, if the protocol uses a Diffie/Hellman process, the encryption keys are calculated at encrypt/decrypy time......AND THEN THEY ARE THROWN AWAY.
Of course users have to agree secret tokens ahead of time, but the actual encryption keys:
(1) are random ... and might be much larger than 16,000 bits
(2) are never seen by users
(3) are never stored anywhere
(4) ...and only exist for fractions of a second
Why does this drumbeat about E2EE always ASSUME that the only encryption which needs a backdoor is supplied by huge wealthy interweb service providers??
ASSUMPTION #1
Do the people wanting backdoors not know that groups of individuals are perfectly capable of implementing private encryption within the group?
....especially if the group has a) money and b) a significant taste for privacy
ASSUMPTION #2
A private encryption scheme can be used in various ways:
(1) Using normal email (you know, gmail, hotmail, yahoo.......)
(2) Using services like SIgnal
(3) ....and that's before users deploy anonymising tools to hide both identities and end points.......
So.......more useless noise from lawmakers and police organisations.....because those who CAN protect their privacy (like me) will do so......
.....without help from Meta, Signal, Telegraph, Apple or anyone else!!!!!
ASSUMPTION #3
When the spooks break an interweb service E2EE (signal, Meta, etc) they will read the exact (human readable) content of the message........
......unless of course people like me have applied private encryption BEFORE the message entered the interweb service!
In which case the spooks will have fun READING MORE ENCRYPTION. How hard is this to understand?
P.S. Savvy users of private encryption use multiple pass encryption (so that Assumption #3 is actually recursive!).
READING LIST:
(i) Applied Cryptography, Bruce Schneier
(ii) Cryptography Engineering, Ferguson, Schneier, Kohno
(iii) samba20, chacha20, Daniel Bernstein
(iv) Curve25519, Daniel Bernstein
(v) Diffie/Hellman (endless sources on the interweb, used because it ABSOLUTELY eliminates published encryption keys anywhere)
====
what about "Innocent Until Proven Guilty"
Not a problem from the point of view of police calling for real encryption to be banned. They simply get the local government to pass a law saying that only a certain encryption algorithm (the one that doesn't work) is permitted. Now the people who use something else are guilty and can be treated as such. Various countries go through a cycle of proposing this every few years. Australia and the UK are frequent culprits. The US seems to ignore this particular pathway, having tried it back in the 1990s, and instead just allow their law enforcement to do whatever they want with people's data with very few limits. Either way, they don't see this as a big hurdle.
Most crime impacting on the general population has human victims. Its essence rests not in Internet interactions per se, but in their use as preparation for some kinds of crime. What truly matters are tangible adverse outcomes on people, and the prospect of averting them.
Internet eavesdropping by 'authorities' has equivalence to tapping landline phones and intercepting correspondence via postal services. In the days when abstracted surveillance, and physical observation of movements and 'planting' specific spying devices, was costly in manpower, these tools were deployed sparingly. Even when used, initial suspicion generally arose from ordinary members of the community or from nurtured police informants. This approach necessitated police forces on the streets keeping their eyes and ears open, and interacting with honest citizens who, by and large, trusted the police, especially those members of the force they were used to seeing around the neighbourhood.
With the onset of the Internet and cheap computing power, a movement arose which extols trawling through routinely recorded 'big data' on the off chance of finding patterns of criminality. Institutions such as GCHQ and the NSA place considerable reliance upon this kind of serendipity. Obviously, they do assist police enquiries on targeted individuals and organisations. However, by being kept under a veil of secrecy it is impossible for outsiders to assess their worth, and to argue things could be done differently. In fact, 'secrecy' gives operators of surveillance a sense of undue personal importance; by extension this carries to such political figures as are entrusted with partial understanding of the processes.
The advent of so-called 'AI' is 'manna from Heaven' for individuals and industries centred upon surveillance. AI carries mystique, conferring ineffability. Playing with computers is much more fun than pounding the streets and interacting with the joys and sorrows of ordinary folk.
Here in London, we have experience of "street policing" from:
(1) Cressida Dick: Jean Charles de Menezes shot to death by the Met
(2) Wayne Couzins: Sarah Everard kidnapped, raped and murdered
(3) David Carrick: serial rapist
These three are former members of the Metropolitan Police force in London.
Please........how much more "street policing" like this do we need?
But only cos the police have been forced out onto the street by encryption
If they were allowed to sit in the office and go through your phone messages to find things you had done wrong, or stories to sell tot he tabloids, they wouldn't' be out on the street endangering innocent members of the public.
quote: surveillance, human intelligence and other capabilities.
Or 'police work' as we used to call it, back in the day. I guess they want a point-and-click option for nicking people.
The authorities will just keep pushing to emulate China in the West.
We could use Australia as a test bed. Ban encryption there. Because you either have it or you don't. Remove all services that don't want to operate in an insecure digital environment (social media, online banking, online retail, messaging). And see how it goes.
We could use Australia as a test bed. Ban encryption there. Because you either have it or you don't. Remove all services that don't want to operate in an insecure digital environment (social media, online banking, online retail, messaging). And see how it goes.
Why inflict it on everyone? Just limit it to anyone supporting deliberately weakening encryption. Force them to use it for all communication, professional and private for a decade to prove it's safe. If even a single supporter makes use of strong encryption for any reason at all, the clock resets. To make sure they're playing by the rules, a randomly selected member of the pubic will have the right to inspect all of their electronic devices at any time, day or night.
"The authorities will just keep pushing to emulate China in the West."
But when the West does it, it'll be in support of truth, democracy, justice and the rule of law - unless you're exposing what the elite of Western countries are doing and they don't want you doing that - in which case FAFO
As long as Western countries never act like China (?!) it'll all be ok
>We could use Australia as a test bed. Ban encryption there.
Trialled that already. Albeit through incompetence rather than strategy.
my.gov.au is the Australian single-point-of-access to all govt services, eg Tax, Medical, Social Security, etc. It went Live (and compulsory) ~8yrs ago with pre-populated access to all of the above & more for 100% of Australia's population.
It was HTTP only, no HTTPS access, for ~ the first 2-3 days...
Burgess said that after a “difficult, dangerous, time-consuming and resource-intensive” operation that involved “surveillance, human intelligence and other capabilities,” ASIO determined the individual “possessed the intent and capability to conduct an attack.”
The spy boss argued that accountable encryption would have meant ASIO could more quickly and easily reached that conclusion.
There: you just admitted that you didn't need to break encryption, when police legwork was quite able to do the job; and secondly, that you want a dragnet across the whole of society because it's easier and cheaper for you. That doesn't sound like a good argument to me.
But I guess it's the foundation of a potential discussion. How much would taxes go down if this were implemented? (I would guess: little if any). And would the complete loss of privacy to society be worth it?
We already have scope creep. Originally being "think of the children", it's now "racist nationalists". How much further is it from there to "foreign agents"? Ask the people of Georgia what they think of that.
... they will note the error of their ways when someone also finds out what the backdoor key is to the algorithm :)
They do say the best teacher in life is experience :)
Also - to whoever is downvoting all my posts - may I suggest signing up with multiple accounts so you can downvote from each of them? Either way - I'm glad you're expressing an opinion on the content of my posts and I hope you're enjoying reading them as much as I am posting them :)
But he noted it also provides criminals with anonymity, which is why Australia has laws that make it possible to access encrypted messages.
In much the same way that Arkansas almost had a law which made pi equal to three? As someone said, Australia is best understood when you realise that it is not a country built by criminals; it's a country build by prison warders.
The arguments against encryption resemble Buffy the Vampire Slayer episodes. You have a revolving cast of villains, such as domestic terrorists, criminal gangs, mobsters, etc. You also have villains that make regular appearances, such as pedophiles. Thank goodness that Buffy, played by backdoored encryption, saves the day.
To be blunt, doing investigations the hard way is Law Enforcement's job. I know there is the fantasy where they can have an army of agents sitting in a tower somewhere, listening in to suspects so they can rapidly charge them or rule them out. If law enforcement can listen in, so can the villains. Any vulnerabilities introduced, such as a master key, invisible global admin "friend" account, etc, will be found and used by miscreants. It is not a question of "if" but "when".
I think government officials should forego encryption first, to demonstrate just how safe it would be, and how pure and white they are
That way we wouldn't have to worry about them 'losing' their WhatsApp password when the next public enquiry comes up as we could just dive in and read them
I'm sure criminals will be kind enough to use snoopable encryption instead of, say, the huge number of secure options available to them in the pub(l)ic domain.
It's like a Yes, Minister episode.
"Minister, simply tell them that if they don't agree, paedophiles will use secure cryptography to share images of naked children. When that stops having an impact, say terrorists are conspiring using cyphers. Just keep alternating the two: it never fails."
"Humphrey, you're a genius!"
"Yes, Minister."
Backdooring encryption is fools gold. Criminals will move to one-time pads, custom encryption algorithms, alternate forms of communication. There are already an abundance of hacks, thefts and leaks from criminals due to over automation, IoT and shoddy security practices, intentionally introducing a weakness into main stream encryption is plain stupid!!
Then why haven't they already? Clearly they aren't exactly geniuses in this regard and you only have to look at this situation where they thought they were using uncrackable encryption and it was anything but that with the police monitoring every single communication sent. https://en.wikipedia.org/wiki/Operation_Trojan_Shield
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
