[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Australia, EU crypto ill news, crypto wars



Just read this on comp.risks, by Ross Anderson (via a couple of people).

A crypto relevant forward if any is relavent IMO, especially this bit:

Ross Anderson <[email protected]> writes:
> ... While at the conference, I found out that a classified meeting
> took place this March in Germany between the signals intelligence
> agencies of the developed countries, plus Australia and South Africa,
> at which the assembled spooks agreed to press their governments to
> bring in escrow and/or weak crypto.

You realise, of course, that this means war,

Tatical replies?

a) Lobbying - hopeless IMO, they aren't interested in listening, the
   politicos are just too easy to manipulate and the "masses" aren't
   clueful enough of what crypto means to understand the implications,
   or even notice.

b) pretty good stego - possible technical solution

c) independant states of cyberspace :-)  declaration of independence


c) enforced or "enabled" by b) looks good to me.

Perhaps some literary skilled cpunk would care to compose a suitable
reply for PGN to add to risks.

Adam

----------------------------------------------------------------------
Date: Tue, 1 Aug 1995 20:36:29 -0400 (EDT)
From: "Lance J. Hoffman" <[email protected]>
Subject: Australia next to ban PGP

Date: Tue, 01 Aug 1995 15:29:05 -0400
From: Dave Farber <[email protected]>
Subject: Australia next to ban PGP [unverified info ...]

From: [email protected] (Ross Anderson)

Australia's proposed crypto policy:

(1)	Banks will get key escrow
(2)	Other Australian residents will be forced to use weak crypto

Source: talk by Steve Orlowski, Assistant Director, Australian attorney 
general's department, given at the Cryptography Policy and Algorithms 
Conference, Queensland University of Technology, last month.

p 34: `the needs of the majority of users of the infrastructure for
      privacy and smaller financial transactions can be met by lower 
      level encryption which could withstand a normal but not 
      sophisticated attack against it. Law enforcement agencies could 
      develop the capability to mount such sophisticated attacks. 
      Criminals who purchased the higher level encryption products 
      would immediately attract attention to themselves.'

He mentioned that his department considered itself a suitable repository
for the government central decrypting unit, which would decrypt traffic 
for local police forces. He also wants to escrowed keys for banks and 
other organisations allowed to use strong crypto. 

Centralising the wiretap capability with the AG is represented as a useful
safeguard against abuse of power by local police forces. It would be
presented as a `data recovery' facility in order to reassure the voters.

Centralisation will enable the AG to acquire the capability to use ``more 
sophisticated techniques in circumstances where the key cannot, for 
whatever reason, be recovered from escrow''.

So the technical parameters would appear to be: 40 bit keys for the 
masses, 56-bit escrowed keys for the banks, and a Wiener machine sitting
in Orlowski's office. Belt, braces and string.

Curiously enough, he quotes a `Review of long Term Cost Effectiveness
of Telecommunications Interception' as saying that ``Encryption by 
targets of their communications (both voice and data) is not considered
as a problem for TI at present in Australia'' and goes on to say that
``there has been comparatively little market for voice encryption 
products, although they have been readily available''. 

He even produces some good arguments for the EFF, such as that much of
the intelligence comes from the call log data and from calls to third 
parties such as airlines and hotels which are not encrypted.

He also says that the OECD countries will hold a meeting on National 
Cryptography Policies later this year. While at the conference, I found
out that a classified meeting took place this March in Germany between 
the signals intelligence agencies of the developed countries, plus
Australia and South Africa, at which the assembled spooks agreed to
press their governments to bring in escrow and/or weak crypto.

Australia seems rather eager to lick Uncle Sam's boots on this issue. 
I wonder what the payoff was?