The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.
Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion -- and not the software vendor -- have the ability to spy on users.
The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.
"Sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions," the submission noted.
Though it does not name its key targets, Yahoo!, Google and Microsoft already enable encryption by default for their respective web-based email services. BlackBerry's messaging encryption has also previously been raised as a law enforcement issue.
Under the department's plan, "law enforcement, anti-corruption and national security agencies … [would be able] to apply to an independent issuing authority for a warrant authorising the agency to issue 'intelligibility assistance notices' to service providers and other persons".
Attorney General's new war on encrypted web services [IT News]
Help wanted: Operations Manager (personable, resourceful, and demonstrates outstanding attention to detail); Civil Liberties Legislative Counsel (advocacy, public speaking, blogging and other social media, media appearances and legislative and regulatory matters related to a variety of high technology public interest legal issues); 2017-19 Frank Stanton Fellowship (recent law school graduates or law students who will […]
M. David Weisman, a magistrate judge in Illinois’s Eastern Division, denied a federal warrant application that would have allowed law enforcement officers to force suspects to unlock their mobile devices with a fingerprint, ruling that the suspects’ Fourth Amendment (undue search and seizure) and Fifth Amendment (self-incrimination) rights protected them from being forced to unlock […]
Texas and Chile have remarkably similar flags (though Chile got theirs first, by a matter of decades) and Texas doesn’t have a Unicode-defined emoji for its flag (just a sprinkling of proprietary ones that do not cross platforms gracefully), so Texans have taken to using the Chilean flag emoji as a shorthand for the longhorn […]
Although there will never be a consensus about the best way to make coffee, any coffee connoisseur will agree that controlling the grind of your beans and balancing water temperature are the keys to a tasty cup. Since your plastic coffee pot doesn’t really allow for that kind of customization, going back to the French […]
Not all hackers are malicious information thieves—white-hat ethical hackers work with technology companies to ensure the security of their computer systems and user data. With all of today’s high-profile data breaches, ethical hackers are in considerable demand. To learn these critical skills and break into the high-paying cyber security field, try taking the courses in this […]
Making people aware of goods and services in the digital age requires an array of new strategies from social media and email to number-crunching tools like Google Analytics. To get a handle on the techniques used to capture attention and convert traffic into dollars in a crowded online environment, the Full-Stack Marketer Bundle offers 22 hours of training to get […]