WTF?
Australia:
10% of the Population, but 100% like US-Government certified-surveillance.
Think I'll skip traveling to the United-States-of-Auz after this. Go elsewhere!
The Australian government will press ahead with its not-a-backdoor anti-encryption plans and hinted that collaboration with tech companies is its approach to accessing encrypted messages. The latest attempt to pitch the counter-terrorism legislation came from Angus Taylor, the government's Minister for Law Enforcement and …
but 100% like US-Government certified-surveillance
Correct
As I have said a few times - our politicos are watching with extreme interest the events in Russia and their centralized escrow approach.
The difference, however is that in Russia, FSB and Co presently pretend (we do not know if this is true or not) that they do not collect any data real time and they rely on provider's complying with data retention regulation to keep copies of the data. Hence, while they (supposedly) have the keys, they cannot read the data until they have a court order to obtain it. At least that is the official line and this is why this passed their constitutional court.
In a 100% like US-Government certified-surveillance or 100% like UK-Government certified-surveillance or any 5 eyes for that matter all data on any of the main national trunks and all data on international interconnects is leached by the government realtime. So the result of copying the "Lonely Russian Boy without friends" homework is actually unchecked realtime government surveillance.
Once parliament passes the law that pi=3 then everything else falls into place. It's pretty hard to write working encryption when obeying mathematics laws like that.
As the law will no doubt include the magic words of Terrorism and Security in its title, both Labor and the Liberals will vote for it. And thus Australia will magically be made safe by the power of words and a really strong belief.
And those of us from the freer side of the ditch will continue to point and laugh at the western worlds 2nd biggest nanny state.
What is it about elected officials that they don't understand the term "secure communications" and why they are used? Seems every country wants a way to bypass encryption that anyone with half a brain would understand that it can't be done and still be secure. There's no magic bean that will let only law enforcement take a peek. Are these clowns really that stupid?
There's clueless and then there's political clueless which is a whole new level.
In fact, key escrow systems have been designed that would serve this purpose fairly well. Despite assertions to the contrary, it would be possible to make them reasonably secure against theft - at least as secure as could be done for any other data. And given a trustworthy government the risk of government misuse would be reasonable, in the sense of not significantly increasing the (now) existing risk.
There are problems with this, however. Governments, even if trustworthy at a given time, may not stay that way, so entrusting them with power always must be done based on the knowledge that their successors may be less trustworthy, possibly by a great deal. Moreover, those who engage in serious criminal activity will not, if they think about it, be reluctant to use widely and easily available cryptographic systems that do not participate in the key escrow procedure. So the government would have escrowed keys for the honest folk and the incompetent or slack criminals, who mostly can be found and convicted without accessing their communications. For the competent and highly motivated ones they would not have the escrowed keys and would have to collect the evidence by more traditional, and much more labor intensive and expensive, means. In the end, the most serious criminals will be as hard to get as they are now, and the only gain will be occasional conviction of a second rater who might not have been an overly large burden on society in the first place.
The law enforcers never will give up on this, but they probably know their gain will be marginal at best.
In fact, key escrow systems have been designed that would serve this purpose fairly well.
But that is NOT what they are talking about:
“There's been ideas around for decades that you should create some kind of key that law enforcement can get access to … that's not what we're proposing... "
Despite assertions to the contrary, it would be possible to make them reasonably secure against theft - at least as secure as could be done for any other data.
I stopped reading your comment at that point :)
Basically that an escrow system is open to abuse by a future untrustworthy government agency - and real criminals would avoid it anyway.
For some values of "real criminals." Yeah, if you're plotting a diamond robbery you avoid the escrowed crypto. OTOH, if you're planning on mass blackmail using people's secure messages to gain info, you attack the escrow key store. That escrow key store is going to be attacked by blackmailers, foreign gov'ts, employees with a grudge, etc. Anybody who thinks it will survive those attacks should remember where WannaCry originated.
"that an escrow system is open to abuse by a future untrustworthy government agency"
He didn't mention the other major problem with key escrow - competent criminals stealing the escrowed keys.
Yes he did, it was in the 'open to abuse by future untrustworthy government agency' bit.
What you missed was a short, well-stated summary of exactly what's wrong with key escrow or, indeed, any other form of back door..
You mean like "giving your private keys to someone else is not a good idea, and the baddies won't do it anyway"? The reason behind my "didn't bother reading this" comments is that I thought that every thinking person in the industry knew all that anyway.
Must be 20 or more years since I wrote my company's response to HMG's request for views on key escrow. I basically said what I said above, quoting the experts - mostly in the US - who had already said this.
I then went on a short holiday.
When I returned, the paper had been rewritten, by a salesman. It now said that we wholeheartedly welcomed HMG's proposal, and looked forward to the opportunity to work on their implementation, etc etc, ad nauseam.
I asked for only one change - removal of my name from the paper. Otherwise my reputation, amongst my peers, would have been shredded.
"those who engage in serious criminal activity will not, if they think about it, be reluctant to use widely and easily available cryptographic systems that do not participate in the key escrow procedure."
Not just criminals. I'm a law-abiding citizen, but I would absolutely do this. Actually, I already do. I don't trust crypto schemes that are included with my machines and services by default.
"What is it about elected officials that they don't understand "
Oh no; they understand alright. They understand it well enough indeed.
What they are relying on is that 90% of the population doesn't understand it, which means they can subvert it easily and use it for their own ends. It means the veneer of an excuse, a dismissive handwave at "experts", a few bespoke scary words and some technomumble will be enough for them to reach their goal of a universal panopticon.
Why do they want such a thing? Because they know that their methods of social control are out of date and threatened by the speed of direct modern communication. In order to retain power they must control the internet and all digital communication must be monitored.
"Oh no; they understand alright."
Not if they're in the Amber Rudd class of elected official (remember hashtags?) - whether this guy is in that class I don't know.
What you have to remember is that behind the elected officials are a group of unelected officials who do understand. They prefer their politician front not understanding. That way the front don't know they're talking bollocks and are so much more convincing because they actually believe what they're saying. Could you have spouted such stuff and kept a straight face?
Nah, they will use catching pedophiles too. In truth it will be used to find tax cheats and general purpose spying and every government body will have access. If memory serves, until it became public the RSPCA could access saved meta data so our government clearly doesn't have the brains to be trustworthy. To be honest, I would rather the russians read my messages than my own government. I've never said or done anything interesting to the russians, but I suppose it's possible my own government could one day misinterpret a joke or something and get all in my face about it. I'd rather not go though that for what would likely have been me trying to get a laugh from a mate.
agreed. As an Aussie living in NZ i just laugh now about what happens in Oz. I'm currently in Oz for family reasons but can't wait to get back to my gigabit fibre internet connection instead of the crap NBN we have in Oz. (i'm back tomorrow)
http://www.speedtest.net/result/6823071443 on a 2014 router. Not bad hey? and on an NZ public holiday at peak time too.
> As an Aussie living in NZ i just laugh now about what happens in Oz.
Yeah NZ is perfect.
Not like they'd ever use the GCSB (NZ equivalent of NSA) to illegally spy on a NZ resident. Or send in 76 police including their anti-terrorist squad, and 2 helicopters, to arrest 3 or 4 people in their home in an illegal raid. That'd never happen.
Given that the PM himself has admitted to using end-to-end encryption services, then what right do they have to demand to see anyone else's messages?
Surely corrupt politicians are a greater threat to national security than your bog average bloke, they should start off sending all of their communications in clear text, before demanding ever more invasive measures into our personal lives.
Really? The PM truly amazes me - I had thought that his only competency was to preen himself in front of a mirror. Perhaps he just thinks that he is using end-to-end encryption based on that famous cipher ROT-13.
When he was a minister for telecommunications he demonstrated that he had no knowledge or feel for job, so I take any statement about technology from him or his sycophantic cabinet colleagues with much salt. The man makes his predecessor look incredibly competent.
Under nearly all regimes, if not all, law enforcement officers can obtain legal authority to examine communications and other materials that are not encrypted. It would be interesting to see a justification for the claim that encrypted material should be treated differently because it is encrypted. Australia and the other five eyes countries have significant and usually effective constraints on government access to, and use of, private material. It is not obvious that they would operate differently on encrypted material if they could than they now do on unencrypted data, or why.
I suppose for files that aren't too huge you could find a way to stick them in a Word format file - there's space that's basically binary in them, you could take an innocuous file and add some binary content to it somewhere that doesn't impact its ability to be loaded into Word. That way if the spooks decrypt it, they'll see the innocuous Word file, and you just hope their software isn't smart enough to notice all the "garbage" contained within.
The same could be done with video files, PDF files, etc. I imagine...
Steganography (/ˌstɛɡəˈnɒɡrəfi/ (About this sound listen) STEG-ə-NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning "covered, concealed, or protected," and graphein (γράφειν) meaning "writing".
This post has been deleted by its author
The encryption of the message in transit will remain secure, without escrow or other back doors.
They will however mandate that it cannot be "end to end", and that the message service provider must have the message available at both ends of the communication to be inspected by someone with a warrant to access the device or central store.
The encryption of the message in transit will remain secure, without escrow or other back doors.
They will however mandate that it cannot be "end to end"...
leaving one hole in the end to end encryption for the government means the crime can also use that one hole to steal stuff. Which is the definition of not secured. Which is the point everyone who knows a little bit of how computer works is trying to say.