Australia To Compel Technology Firms To Provide Access To Encrypted Missives

Australia on Friday proposed new laws to compel companies such as U.S. social media giant Facebook and device manufacturer Apple to provide security agencies access to encrypted messages. From a report: The measures will be the first in an expected wave of global legislation as pressure mounts on technology companies to provide such access after several terror suspects used encrypted applications ahead of attacks. Australia, a staunch U.S. ally, is on heightened alert for attacks by home-grown radicals since 2014 and authorities have said they have thwarted several plots, although Prime Minister Malcolm Turnbull said law enforcement needed more help. "We need to ensure the internet is not used as a dark place for bad people to hide their criminal activities from the law," Turnbull told reporters in Sydney. "The reality is, however, that these encrypted messaging applications and voice applications are being used obviously by all of us, but they're also being used by people who seek to do us harm."

Re:Here's a thought....

[haruchai]

Quit letting people from terrorist prone countries or parts of the world into YOUR country...where they refuse to assimilate and become pots of festering terrorist ideology waiting to unleash itself into the host country.

Someone should have told the Aboriginals & Native Americans that a long time ago

Obvious response of technology firms

[swillden]

The obvious response of technology firms is to structure their encryption so that it becomes impossible for them to decrypt the content because they don't have the keys themselves. The security guys at pretty much every such company would prefer to build such systems anyway. They generally don't because doing so adds some additional layers of complexity. It's simpler and more cost-effective to instead build a key management system that is secure against compromise even by internal attackers, relying on the typical tools (secure hardware, affirmative control, responsibility splitting, etc.).

But... it's not *that* much harder to build a system in which no one but the parties communicating have the keys. Compared to the legal and administrative costs involved in having to deal with an unending stream of government requests for data (which governments almost always expect companies to comply with at their own expense, as a cost of doing business), it's a no-brainer. Much cheaper to build the more complicated decentralized security model, enabling the company to respond to government requests with "Can't. Here's our security design. You can see that we have no access to the decryption keys."

Of course, the obvious response of legislators is then to mandate government-accessible backdoors. That, however, creates an entirely new public perception of the request, making it a very different game, politically.

Re:Here's a thought....

[gnick]

Quit letting people from terrorist prone countries or parts of the world into YOUR country...where they refuse to assimilate and become pots of festering terrorist ideology waiting to unleash itself into the host country.

Someone should have told the Aboriginals & Native Americans that a long time ago

It wasn't until I read this that it occurred to me that handing out smallpox infected blankets was an act of terrorism.