Australian attorney general wants the power to launch man-in-the-middle attacks on secure Internet connections


The Australian attorney general has mooted a proposal to require service providers to compromise their cryptographic security in order to assist in wiretaps. The proposal is given passing mention in a senate submission from the AG's office, where it is referenced as "intelligibility orders" that would allow "law enforcement, anti-corruption and national security agencies" to secure orders under which providers like Google, Facebook and Yahoo would have to escrow their cryptographic keys with the state in order to facilitate mass surveillance.

Edward Snowden referenced this possibility in his SXSW remarks, pointing out that any communications that are decrypted by service providers are vulnerable to government surveillance, because governments can order providers to reveal their keys. This is why Snowden recommended the use of "end-to-end" security, where only the parties in the discussion — and not the software vendor — have the ability to spy on users.

The "intelligibility order" is the same kind of order that led to the shutdown of Lavabit, the secure email provider used by Snowden, whose creator shut the service down rather than compromising his users' security.

"Sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions," the submission noted.

Though it does not name its key targets, Yahoo!, Google and Microsoft already enable encryption by default for their respective web-based email services. BlackBerry's messaging encryption has also previously been raised as a law enforcement issue.

Under the department's plan, "law enforcement, anti-corruption and national security agencies … [would be able] to apply to an independent issuing authority for a warrant authorising the agency to issue 'intelligibility assistance notices' to service providers and other persons".

Attorney General's new war on encrypted web services [IT News]

(via /.)