Slashdot Mirror
Australian Law Enforcement Pushes Against Encryption, Advocates Data Retention
angry tapir (1463043) writes "Australia is in the middle of a parliamentary inquiry examining telecommunications interception laws. Law enforcement organisations are using this to resurrect the idea of a scheme for mandatory data retention by telcos and ISPs. In addition, an Australian law enforcement body is pushing for rules that would force telcos help with decryption of communications."
Add this as reason #2'175 on the long list of why one should definitely use end-to-end encryption.
If you use a well designed end-to-end encryption, that has been validated by cryptologist (think OTR for chat, ZRTP for voice), I doesn't matter what the quality of the underlying link is or if telcos are helping breaking the link.
Best part? These technology can work over your already existing systems (though ZRTP can't work over Skype's voice and video. It only works over SIP or XMPP/Jingle - i.e.: the standards that the whole rest of the internet is using).
So you can OTR encrypt your chats over your Google Talk's XMPP session.
And there are clients supporting them either out-of-the-box (jitsi, adium) or with a plugin (pidgin), over your existing accounts (XMPP like Google Talk, or any random SIP provider).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
When will common people realize that invading privacy is a crime? Instead there seems to be an acceptance of it being just collateral damage in the war against child porn and terrorists.
Don't come with "if you have nothing to hide you don't need privacy" tantrum because I think privacy is an emotional necessity for the development of a healthy brain. Too bad so much will have been lost before before the general public realizes what has been lost.
Content industry probably behind this.
Tried to post a comment on their site without having an account. Got an error 403 (forbidden). In other words, the guys creating their website and/or server software are clueless twats.
And every company wanting to avoid the fate of Lavabit must just make sure that they don't have the capability to decrypt customers' data. That way, the company and the customer are safe from law enforcement. (Hiring a lawyer at the right time also helps, and sending keys to a court in a 4 point font doesn't).
These sorts of discussions are nothing new. Debates about how to handle modern cryptography have been running since its invention. The police are judged exclusively by their ability to catch criminals. They are not judged on how eloquently they argue for civil rights. Plus, they are exposed to the pointy end of criminal behaviour and its impact on people every single day, so of course they tend to get frustrated when they can't stop it. They are rarely if ever exposed to the pointy end of government abuses of power, partly because it's often them or their colleagues in the national security state doing it.
All the above has been true ever since the modern concept of a police force was created back in Victorian England. The police ask for more powers so they can catch more criminals. The job of the politicians who can give them that power is to weigh the costs and benefits, and try to ascertain the mood of their voters. Sometimes they say yes and other times they say no.
So just because in Australia the police are asking for more powers does not imply anything is wrong or unusual. The real thing to pay attention to is the final outcome.
The real reason these sorts of discussions cause widespread concern, especially on sites like Slashdot, is not the inherent push/pull compromise-based process of making and enforcing law, but rather trust in the whole process has broken down to such an extent that nobody believes the outcomes will be fair or properly enforced.
If I know Tony Abbot and co, there are government law drafters who have been given the task of taking the UK RIP act (the one that lets them send you to jail for refusing to hand over encryption keys) and invent a similar law that fits the Australian system.
To be "jailed for refusing to reveal keys" requires that there ARE EXISTING keys in the first place.
Modern encryption like OTR and similar are based around "perfect forward secrecy". They DO NOT use stable cryptographic key on purpose, instead they rely on "ephemeral keys" (in the case of OTR, that's DHE).
There's no real key to be handed over.
(Also because there's no real key to be handed over, DHE needs to be paired with something else to authenticate guarantee against MITM attacks.
The web use public keys for that (RSA is a popular thing). In the case of OTR, instead of keys they use "Socialist Millionaire, it doesn't rely on any actual key)
(That's part of the discussion around Lavabit, had they used PFS, they would be able to simply handle their key and switch to newer. The NSA wouldn't be able to decrypt anything with the old keys (if DHE or ECDHE was used instead) and they wouldn't be able to further impersonate Lavabit if the revealed keys was revoked/updated. Saddly Lavabit used classical public key crypto and all communication would have been retro-actively hosed by revealing the key.
It's also part of the discussion around Heartbleed. If heartbleed has been used to retrieve keys, sites using classical PK would be more compromised than sites using DHE/ECDHE : the former had all they communication retro-actively hosed, the latter can only be impersonated in the future until they leak is discovered and the key revoked/changed)
Of course, as mentioned by the parent-poster, this is all shiny and nice in the math/crypto world, but...
it works right up to the moment when it is a crime if you use non-government approved encryption methods.
The Australian government could make a future law making mandatory to use special forms of crypto, that DO use keys (say bye-bye to DHE/ECDHE or at least ECDHE with a secure elliptic curve) and that require the key to be deposited in a government-accessible escrow (like requiring the password to be transmitted crypted with a government-own public key, or requiring ECDHE with government-compromised curve).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
No your honour, it is not encrypted data. My friends and I send random data to each other just for fun... z"dy`e"DG"NkOV83,N:
Excuse me, but please get off my Pennisetum Clandestinum, eh!
and steal data so they can help their criminal friends on wallstreet to get richer
Politics is Treachery, Religion is Brainwashing
nobody believes the outcomes will be fair or properly enforced.
Over time, they won't be. Power corrupts. That's why it should be forcibly limited on those who have it.
Brave Sir Robin ran away. ("No!") Bravely ran away away. ("I didn't!")
Using software that explicitly makes it impossible for you to comply with the law is not defense against the law.
It's not that the software doesn't comply with the law. It's just that the things that your are asked to provide in the first place simply DOESN'T EXIST (provably, per math and crypto science).
Like said by gnasher719 somewhere else among the comments on this /. entry :
It's like two shops, one with a video camera running and one without. The shop with the video camera must hand recordings over to the police if there was a crime in front of the camera. The shop without the video camera doesn't need to do anything, and doesn't have to install a camera just in case someone gets stabbed in front of the shop.
The second doesn't have any record to disclose if ordered by the court. There just don't exist any recording that they could hand over. There security relies on some completely different scheme (say, a heavily armed bouncer/guard) which doesn't involve any camera nor any recording that could be handed over.
OTR relies on a completely different form of encryption (perfect forward secrecy, powered by ephemeral diffie-hellman) that doesn't involve permanently stored passwords. So there's nothing that you could hand over, even if asked by court.
It can potentially be defense against revealing your secrets in the face of "rubber-hose" decryption attempts, but unless your secrets are *really* important you're unlikely to appreciate being unable to reveal them under duress.
The goons who are going to beat you, to obtain a password, even if no password exists, are probably going the same goons who are beating you into revealing a password to get access to your huge stash of monney, even if you're actually broke. You know, just beat you in case there's a slight chance to get some money. Don't listen that you don't have a password, or that you don't have money. Maybe they should beat you a bit more. You know, in case you're bluffin and you actually have a password, or actually have money (hidden by another password that you haven't caugh up yet). Or maybe you gave them money, and they'll beat a bit more just to see if you don't have more of it. Who knows what they are going to get if they keep beating you? More money? Or plain more fun while beating you ?
There's no point of anything. Brutal goons who have decided to beat are going to beat your poor soul out, no matter what. Either you have a password or not. Either you already gave a couple of passwords or not. Either you have money or not. Either you already gave some money or not. They'll make you miserable even a bit more just in case.
Cryptography is only a defence against lawful individual. Who follow law and have to follow due process. They can't require you to provide something that provably doesn't exist. And modern day cryptography helps you bring irrefutable proof that the password doesn't exist.
(gnasher719's camera doesn't exist, so you provably don't have any records to bring to court).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]