Australian attorney general wants the power to launch man-in-the-middle attacks on secure Internet connections


The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.

Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.

The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.

"Sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions," the submission noted.

Though it does not name its key targets, Yahoo!, Google and Microsoft already enable encryption by default for their respective web-based email services. BlackBerry's messaging encryption has also previously been raised as a law enforcement issue.

Under the department's plan, "law enforcement, anti-corruption and national security agencies … [would be able] to apply to an independent issuing authority for a warrant authorising the agency to issue 'intelligibility assistance notices' to service providers and other persons".

Attorney General's new war on encrypted web services [IT News]

(via /.)

Notable Replies

  1. We're sorry, we're so, so sorry. We marched, we leafleted, we told our friends and neighbors about the important stories that the Murdoch-dominated press refused to cover (Murdoch's papers sell 70% of Australia's newsprint), and it wasn't enough. The Left was too disorganised and just couldn't sell themselves well enough, couldn't explain clearly enough. And now we've got a new national government with no real policies except to rip down whatever the previous government built, no matter how good it was.

    The only solace I can offer the world is that our young people may well be our salvation. The Year 9 students (High School Freshman in the USA) from Newton High School (a performing arts-focused institution) were on a tour of the national capitol, and our Prime Minister (leader of the party that holds the most seats in our lower house) decided to answer a few questions. They zinged him, over and over. He begged for a guy's question, like what his favourite sporting team was, and a guy piped up.

    He asked him why he had made himself the Minister for Women... My generation may have dropped the ball, but hopefully the next one will know how to scoop it up and change everything for the better.

  2. Impressive--here in 'merica when we do these things (they are happening at a seemingly rapid pace nowadays) we just say, "Yeah? And what are you gonna do about it?"

    Let's hope your AG fails in his mission. However, the more common these sorts of pleas become, and given the backlash against companies seen as colluding, or at the very least remaining passive, towards government requests, it seems to me that end-to-end encryption will be getting baked in to a larger and larger share of computer tools. At least, that's my hope.
    For that matter, I think that any legislator who moves to legalize such surveillance ought to be placed under the very surveillance they are requesting for a 180 day period with the results released to the public. We can call it the Feinstein effect.

  3. There are still a few of us who remember the "crypto wars" of the 80s and 90s, when the US Federal Government was doing its best to keep useful cryptography from the general public. One of the proposals was "key escrow," where copies of cryptographic keys would be held by the Government (the purported reasons varied, the solution remained the same.)

    In the end, the fact that the USA couldn't keep the rest of the world from discovering mathematics -- especially when the maths in question actually originated outside of the USA to begin with -- put an end to the authoritarian push for key escrow.

    Then 9/11 and a whole new excuse came along, the Powers that Be got a little less heavy-handed, and the public got more complacent.

    And here we are.

Continue the discussion bbs.boingboing.net

4 more replies

Participants