Australian Attorney General Wants To Make It A Criminal Offense To Not Turn Over Private Encryption Keys
from the a-disaster-waiting-to-happen dept
The Attorney-General’s department in Australia is apparently pushing for new laws down under that would force anyone who’s asked to hand over their private encryption keys — and that covers both end users and service providers. Buried in the middle of a submission concerning revising Australia’s wiretapping laws, the AG’s office notes:
The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions.
The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.
Under this approach, the person receiving a notice would be required to provide ‘information or assistance’ to place information obtained under the warrant into an intelligible form. The person would not be required to hand over copies of the communication in an intelligible form, and, a notice would not compel a person to do something which they are not reasonably capable of doing. Failure to comply with a notice would constitute a criminal offence, consistent with the Crimes Act.
The above approach is consistent with the approach taken by the United Kingdom, which permits officials of law enforcement and national security agencies to, where authorised under a warrant, issue a notice requiring a person to provide assistance in connection with accessing encrypted communications. Similarly, South African law permits agencies to apply to a judicial officer for a direction requiring a person to provide information to the agency to enable the agency to decrypt lawfully intercepted communications.
The Orwellian nature of “intelligibility assistance notices” is fairly striking. Basically, this says if you don’t make encrypted communication “intelligible” upon request, you would have violated criminal law. It’s kind of funny how it claims this doesn’t require anyone to hand over communication in an intelligible form… because it just asks for the encrypted content and the key to decrypt them. Which, you know, is basically the same damn thing.
Meanwhile, at the same time as part of the same discussion over wiretapping laws, there’s an effort under way in Australia to force service providers into a big data retention scheme, forcing them to hold onto all sorts of data for law enforcement purposes. Incredibly, Australian officials seem to be using the NSA/Snowden leaks as the impetus for this.
Intelligence agency ASIO is using the Snowden leaks to bolster its case for laws forcing Australian telecommunications companies to store certain types of customers’ internet and telephone data for a period of what some law enforcement agencies would like to be two years.
ASIO also, like the AG’s office, seems quite concerned about you damn kids and all your encrypting:
“Since the Snowden leaks, public reporting suggests the level of encryption on the internet has increased substantially,” ASIO said.
“In direct response to these leaks, the technology industry is driving the development of new internet standards with the goal of having all web activity encrypted, which will make the challenges of traditional telecommunications interception for necessary national security purposes far more complex.”
So, even if everything’s getting encrypted, certain law enforcement interests seem hell-bent on having everything collected and easy (forced) availability of private keys. If you happen to live in Australia, you might want to speak up about what’s about to happen to what you thought were your private communications and browsing activity.