Government To Tackle Encryption At Five-Eyes Meeting

Attorney-General George Brandis, and the Minister for Immigration and Border Protection, Peter Dutton are heading to Ottawa to meet with Australia's Five-Eyes counterparts. According to a statement made by Senator Brandis "...the use by terrorists of cyberspace is an issue of critical concern to intelligence and law enforcement agencies. Australia will lead the discussion of ways to address this issue; in particular the involvement of industry in thwarting the encryption of terrorist messaging". But, as usual, how they might do this is a mystery.

Over the last two decades a number of important technological and political changes have coalesced. In 1999, strong encryption was effectively legalised after bring previously defined as a weapon in the United States. Skype entered the market in 2003 and began to change how we communicate. Instant messaging has become a popular communications system.

In parallel, governments around he world have privatised and corporatised public infrastructure so ownership of communications networks is now in private hands.

All of this means governments have lost one of the things they most crave: control.

Once you transmit information across infrastructure over which you have limited control using encrypted systems it becomes almost impossible to intercept and read communications. This is a problem law enforcement faces.

Senator Brandis calls this Australia’s "priority issue", saying, "These discussions will focus on the need to cooperate with service providers to ensure reasonable assistance is provided to law enforcement and security agencies".

I am at a loss as to how Australia, or any of the Five Eyes countries (Canada, New Zealand, the United Kingdom, and the United States are the others) can do this without weakening the privacy of individuals. We already know Australia's government has no compunction in doing this - the mandatory retention of telecommunications metadata is evidence of this. But the the providers of encrypted communications services, who don't hold on to decryption keys, can only hand over encrypted data.

When I spoke with Peter Gutmann, one of the architects of PGP, a couple of years ago, he pointed out that many major hacks involved the theft of encrypted data. In those cases, the bad guys didn't bother breaking the encryption - even when it was weak and easily broken. They simply exploited end-point and user vulnerabilities. This seems to have been the primary method used by US intelligence agencies based on what we see from recent Wikileaks releases of the Vault 7 leaks.

And we can all see what happens when government agencies stockpile vulnerabilties. They get out and we are all put at risk.

Intelligence and law enforcement agencies always want more information. I've spoken to many people in these fields and I've never heard one say less data would be good. At the moment, what is really lacking is a capability to use the data they have. And perhaps if the Five Eyes focussed on using what they had rather than mis-using more data they might have more success at detecting and thwarting potential threats.


    Taking a punt at a solution... what if there was a way to offer a single use, duration-limited, single sender decryption key? Something like this:

    * All messages sent over a secure messaging system are stored, encrypted, with a different set of keys each day.
    * For each conversation, an additional, algorithmically slow, decryption key is generated.
    * If the additional key is applied, it decrypts all messages for one sender, for one day, but then irreversibly renders all the other additional decryption keys impotent.

    By court order or other national security decree, the key can be handed over and a targeted decryption applied, keeping all other conversations safe. Attempts to apply the key to compromised copies of the message log are rendered ineffective due to the time required to apply the decryption. The key is useless for the next day's conversations, and a new agreement must be made to hand over the next day's key. If the keys are compromised, then only one sender each day looses their security. If the keys and the message logs are compromised, then it's still algorithmically impractical to decrypt more than a few hundred sender's messages per day.

    It's got some lose ends that need tidying, but given the current impasse between government's (and concerned citizen's) demands for protection from bad parties, and citizen's demands for privacy, there might be significant motivation to flesh out such a solution.

Join the discussion!