walsh.htm
0775a27402cb77b586ecd572ec6d199c8f0ed64a1464693134332e98197a0819<html>
<head>
<title>The Walsh Report</title>
</head>
<body bgcolor=#FFFFFF>
<center>
<h3>Review of Policy relating to Encryption Technologies</h3>
<h3>(The Walsh Report)</h3>
</center>
This file is the complete single-document version of the report. Original URL:<br>
<a href=http://www.efa.org.au/Issues/Crypto/Walsh/index.htm>http://www.efa.org.au/Issues/Crypto/Walsh/index.htm</a>
<h3>Update - December 1998</h3>
In December 1998, several uncensored copies of the Walsh Report were found
in public and university libraries in Australia. These are believed to
be deposit copies lodged by the <a href=http://www.agps.gov.au>Australian
Government Publishing Service (AGPS)</a> after the report was printed but
before the decision by the Attorney-General's Department to withhold it
from commercial sale. The report is not listed by AGPS, which is the normal channel for obtaining
government publications.
<P>
The missing sections have now been incorporated in the
online version and
<FONT COLOR=#FF0000>are highlighted in red</FONT>.
<P>
<h3>History of the Report and its release under FOI</h3>
In February 1997, the Australian
<a href=http://www.law.gov.au>Attorney-General's Department</a> put a
hold on the public release of the <B>Walsh Report</B>, an important review of
Australian cryptography policy.
<P>
The report, entitled <B><i>Review of policy relating to encryption
technologies</i></B>, is the outcome of a study
conducted in 1996 by Gerard Walsh, a former deputy director-general of
the Australian Security Intelligence Organisation (ASIO). Publication of the report was eagerly awaited by members of the
law enforcement community, other government departments, commerce, and
the online community. It was expected that the report would examine the
the various issues in the crypotography debate and encourage further
comment and consultation.
<P>
The report was listed for sale by the
<a href=http://www.agps.gov.au>
Australian Government Publishing Service</a> in January 1997, but was hurriedly withdrawn from
the list 3 weeks later, following an enquiry by
<a href=http://www.efa.org.au>Electronic Frontiers Australia (EFA)</a>
as to the reasons why it was not actually available for sale. The original intention
had apparently been to allow for a 3-month consultation period for public comment.
EFA then released a <a href=http://www.efa.org.au/Publish/PR970313.html>
Media Statement</a> calling for the release of the report.
<P>
In March 1997, EFA applied for release of the report under the Freedom of
Information Act. This request was denied, quoting various sections of the
Act relating to national security and law enforcement as justification for the denial.
EFA then submitted a request for review of the decision, and this request was
successful, resulting in the release of an edited photocopy of the report in
June 1997.
<P>
This is an important report and covers a number of issues of relevance to the
global cryptography debate.
<P>
A number of paragraphs were deleted from the copy supplied to EFA.
These have been identified in the report, together with an annotation
referring to the section of the report under which that paragraph was
claimed to be exempt from release.
<P>
<B>However, in December 1998, the missing sections were obtained.
The originally deleted paragraphs have been
<FONT COLOR=#FF0000>highlighted in red</FONT>.
</B>
<P>
Reproduced below are the 3 sections of the Act under which parts
of the report were deleted. The full text of the
<a href=http://www.austlii.edu.au/au/legis/cth/consol_act/foia1982222/>
Freedom of Information Act 1982</a> is available online from the
<a href=http://www.austlii.edu.au>Australian Legal Information Institute (AUSTLII)</a>.
<P>
<a name=foi33></a>
<B>Freedom of Information Act 1982 - Sect 33</B>
<P>
Documents affecting national security, defence or international relations
<P>
33. (1) A document is an exempt document if disclosure of the document under
this Act:
<ul>
<DL COMPACT>
<DT>(a)<DD>would, or could reasonably be expected to, cause damage to:
<P>
<DL COMPACT>
<DT>(i)<DD>the security of the Commonwealth;
<P>
<DT>(ii)<DD>the defence of the Commonwealth; or
<P>
<DT>(iii)<DD>the international relations of the Commonwealth; or
<P>
</DL>
<DT>(b)<DD>would divulge any information or matter communicated in confidence by
or on behalf of a foreign government, an authority of a foreign
government or an international organization to the Government of the
Commonwealth, to an authority of the Commonwealth or to a person
receiving the communication on behalf of the Commonwealth or of an
authority of the Commonwealth.
<P>
</DL>
</ul>
(2) Where a Minister is satisfied that a document is an exempt document for a
reason referred to in subsection (1), he or she may sign a certificate to that
effect (specifying that reason) and, subject to the operation of Part VI, such
a certificate, so long as it remains in force, establishes conclusively that
the document is an exempt document referred to in subsection (1).
<P>
(3) Where a Minister is satisfied as mentioned in subsection (2) by reason
only of matter contained in a particular part or particular parts of a
document, a certificate under that subsection in respect of the document shall
identify that part or those parts of the document as containing the matter by
reason of which the certificate is given.
<P>
(4) Where a Minister is satisfied that information as to the existence or
non-existence of a document as described in a request would, if contained in a
document of an agency, cause the last-mentioned document to be an exempt
document under this section for a reason referred to in subsection (1), he or
she may sign a certificate to that effect (specifying that reason).
<P>
(5) The responsible Minister of an agency may, either generally or as
otherwise provided by the instrument of delegation, by writing signed by him,
delegate to the principal officer of the agency his or her powers under this
section in respect of documents of the agency.
<P>
(6) A power delegated under subsection (5), when exercised by the delegate,
shall, for the purposes of this Act, be deemed to have been exercised by the
responsible Minister.
<P>
(7) A delegation under subsection (5) does not prevent the exercise of a power
by the responsible Minister.
<P>
.........
<P>
<a name=foi36></a>
<B>Freedom of Information Act 1982 - Sect 36</B>
<P>
Internal working documents
<P>
36. (1) Subject to this section, a document is an exempt document if it is a
document the disclosure of which under this Act:
<P>
(a) would disclose matter in the nature of, or relating to, opinion,
advice or recommendation obtained, prepared or recorded, or
consultation or deliberation that has taken place, in the course of,
or for the purposes of, the deliberative processes involved in the
functions of an agency or Minister or of the Government of the
Commonwealth; and
(b) would be contrary to the public interest.
(2) In the case of a document of the kind referred to in subsection 9 (1), the
matter referred to in paragraph (1) (a) of this section does not include
matter that is used or to be used for the purpose of the making of decisions
or recommendations referred to in subsection 9 (1).
<P>
(3) Where a Minister is satisfied, in relation to a document to which
paragraph (1) (a) applies, that the disclosure of the document would be
contrary to the public interest, he or she may sign a certificate to that
effect (specifying the ground of public interest in relation to which the
certificate is given) and, subject to the operation of Part VI, such a
certificate, so long as it remains in force, establishes conclusively that the
disclosure of that document would be contrary to the public interest.
<P>
(4) Where a Minister is satisfied as mentioned in subsection (3) by reason
only of matter contained in a particular part or particular parts of a
document, a certificate under that subsection in respect of the document shall
identify that part or those parts of the document as containing the matter by
reason of which the certificate is given.
<P>
(5) This section does not apply to a document by reason only of purely factual
material contained in the document.
<P>
(6) This section does not apply to:
<P>
<ul>
<DL COMPACT>
<DT>(a)<DD>reports (including reports concerning the results of studies, surveys
or tests) of scientific or technical experts, whether employed within
an agency or not, including reports expressing the opinions of such
experts on scientific or technical matters;
<P>
<DT>(b)<DD>reports of a prescribed body or organization established within an
agency; or
<P>
<DT>(c)<DD>the record of, or a formal statement of the reasons for, a final
decision given in the exercise of a power or of an adjudicative
function.
</DL>
</ul>
<P>
(7) Where a decision is made under Part III that an applicant is not entitled
to access to a document by reason of the application of this section, the
notice under section 26 shall state the ground of public interest on which the
decision is based.
<P>
(8) The responsible Minister of an agency may, either generally or as
otherwise provided by the instrument of delegation, by writing signed by him,
delegate to the principal officer of the agency his or her powers under this
section in respect of documents of the agency.
<P>
(9) A power delegated under subsection (8), when exercised by the delegate,
shall, for the purposes of this Act, be deemed to have been exercised by the
responsible Minister.
<P>
(10) A delegation under subsection (8) does not prevent the exercise of a
power by the responsible Minister.
<P>
..........
<P>
<a name=foi37></a>
<B>Freedom of Information Act 1982 - Sect 37</B>
<P>
Documents affecting enforcement of law and protection of public safety
<P>
37. (1) A document is an exempt document if its disclosure under this Act
would, or could reasonably be expected to:
<P>
<ul>
<DL COMPACT>
<DT>(a)<DD>prejudice the conduct of an investigation of a breach, or possible
breach, of the law, or a failure, or possible failure, to comply with
a law relating to taxation or prejudice the enforcement or proper
administration of the law in a particular instance;
<P>
<DT>(b)<DD>disclose, or enable a person to ascertain, the existence or identity
of a confidential source of information, or the non-existence of a
confidential source of information, in relation to the enforcement or
administration of the law; or
<P>
<DT>(c)<DD>endanger the life or physical safety of any person.
<P>
</DL>
</ul>
(2) A document is an exempt document if its disclosure under this Act would,
or could reasonably be expected to:
<P>
<ul>
<DL COMPACT>
<DT>(a)<DD>prejudice the fair trial of a person or the impartial adjudication of
a particular case;
<P>
<DT>(b)<DD>disclose lawful methods or procedures for preventing, detecting,
investigating, or dealing with matters arising out of, breaches or
evasions of the law the disclosure of which would, or would be
reasonably likely to, prejudice the effectiveness of those methods or
procedures; or
<P>
<DT>(c)<DD>prejudice the maintenance or enforcement of lawful methods for the
protection of public safety.
<P>
</DL>
</ul>
(2A) For the purposes of paragraph (1) (b), a person is taken to be a
confidential source of information in relation to the enforcement or
administration of the law if the person is receiving, or has received,
protection under a program conducted under the auspices of the Australian
Federal Police, or the police force of a State or Territory, for the
protection of:
<P>
<ul>
<DL COMPACT>
<DT>(a)<DD>witnesses; or
<P>
<DT>(b)<DD>people who, because of their relationship to, or association with, a
witness need, or may need, such protection; or
<P>
<DT>(c)<DD>any other people who, for any other reason, need or may need, such
protection.
</DL>
</ul>
<P>
(3) In this section, "law" means law of the Commonwealth or of a State or
Territory.
<P>
<hr>
<P>
<center>
<h3>
Review of Policy relating to Encryption Technologies
<P>
Table of Contents</h3>
</center>
<B>
<a href=#foreword>Foreword<P>
<a href=#terms>Terms and Abbreviations<P>
<a href=#chap1>Chapter 1. Conclusions and Findings</a>
<ul>
1.1 Conclusions<P>
1.2 Findings<P>
</ul>
<a href=#chap2>Chapter 2. Context and Approach of the Review</a><ul>
2.1. The context: Barrett's Obiter Dictum <P>
2.2. The Approach <P>
2.3. Creative Tension or Competition
</ul>
<a href=#chap3>Chapter 3 The Direction and Impact of Encryption</a> <ul>
3.1. The direction <P>
3.2. On law enforcement and national security <P>
3.3. The statistical vacuum <P>
3.4. Policy uncertainty <P>
3.5. Today's problems for the investigators <P>
3.6. The imminent challenge <P>
3.7. Towards response strategies </ul>
<a href=#chap4>Chapter 4. The consequence for government</a> <ul>
4.1. Law enforcement <P>
4.2. National security <P>
4.3. The cost of alternatives <P>
4.4. Decryption capability for law enforcement and
national security? <P>
4.5. Public key infrastructures <P>
4.6. International agreements <P>
4.7. Third party systems <P>
4.8. The Internet </ul>
<a href=#chap5>Chapter 5. Striking a balance</a> <ul>
5.1. A matter of proportion <P>
5.2. Export controls </ul>
<a href=#chap6>Chapter 6. Coordinating process and investigative capability</a> <ul>
6.1. Policy primacy and coordination <P>
6.2. Maintaining investigative capability <P>
6.3. Coordination of operational capacity <P>
6.4. A new legislative approach </ul>
<a href=#annex>Annexes</a><ul>
Annexe A. Terms of reference of the review <P>
Annexe B. Australia Online [extract] <P>
Annexe C. US Administration statement on commercial <br>
encryption, 12 July 1996 <P>
Annexe D. UK Government paper of regulatory intent <br>
concerning use of encryption on public <br>
networks, 11 June 1996 <P>
Annexe E. OECD guidelines governing the protection of<br>
privacy and transborder flows of personal
data<P>
Annexe F. US Administration statement on encryption issued <br>
by the Vice-President, 1 October 1996.
</ul>
</B>
<hr>
<P>
<a name=foreword></a>
<center>
<U><B>FOREWORD</B></U>
</center>
<P>
1. This report is in response to an invitation from the Secretary
of the Attorney-General's Department to review the policy relating to
encryption technologies and offer a view whether legislative or other actions
are indicated to cater for national security and law enforcement interests
in the face of the information and communications revolution and the continuing
need to safeguard privacy. Terms of reference of the Review are attached at
Annex A.
<P>
2. The structure of the report is set out in Chapter 2. Limited
resources precluded the Review inviting written submissions or conducting
public hearings. Instead, the strategy adopted was to consult directly
with as representative a sample of interested parties as time and resources
would permit. All were uniformly generous with their time. For that, and the
assistance given by the Security Division of the Department, I express my appreciation.
<P>
3. There is an immediate need for broad public discussion of
cryptography. The report's conclusion identifies the essential conundrum - strong
cryptography, imminently available to the mass market, will offer significant
enhancement of data security and personal and corporate privacy, but also
provide a powerful shield behind which criminals and others may operate.
Should government intervene and mandate conditions of use, intervene only
when disadvantage to the state is evident, provide the framework of principles
while legislative power addressing other but related powers of the state are
kept relevant, or do nothing? How the inherent tensions in this issue are
resolved will affect the whole community. Hence, the need for broad
discussion and contribution. This report is intended to contribute to that
process.
<P>
4. The Australian Government is seeking public comment on the
contents of this report. Comments should be directed to:
<ul>
Security Division<br>
Attorney-General's Department<br>
Robert Garran Offices<br>
BARTON ACT 2600
<P>
Facsimile: (06) 270 2254<br>
Email: security.division@ag.ausgovag.telememo.au<br>
</ul>
The closing date for comments is 16 February 1997
<P>
<br><br>
Gerard Walsh<br>
10 October 1996
<P>
<hr size=1>
<P>
<a name=terms></a>
<h3>
<center>
Terms and Abbreviations
</center></h3>
<P>
<table>
<tr><td nowrap valign=top><B>AFP<td><i><B>Australian Federal Police</i></tr>
<P>
<tr><td nowrap valign=top><B>algorithm<td><i><B> a mathematical operation or formulation performed to
calculate new values (of text) from old. Encryption is
done via an algorithm.. To disguise the information and
make it unintelligible, a key is fed into the algorithm,
along with the text to be converted into cyphertext. The
same key or its pair, fed into the decryption algorithm
returns the cyphertext into the original text.
</i></tr><P>
<tr><td nowrap valign=top><B>ASC<td><i><B> Australian Securities Commission
</i></tr><P>
<tr><td nowrap valign=top><B>ASIO<td><i><B> Australian Security Intelligence Organization
</i></tr><P>
<tr><td nowrap valign=top><B>asymmetric key<td><i><B> also referred to as public key or two key encryption. A
method of encryption in which different keys are used to
encrypt and decrypt. The keys are mathematically
related but it is not possible to infer one from the
other. One key may be made public and the other kept private,
allowing Smith to encrypt and send a message to Jones
using Jones' public key and Jones to decrypt it using her
private key. With RSA (see below) either key can be
used to encrypt as long as the other is used to decrypt,
but anyone with access to Jones' cyphertext can decrypt her
messages because her public key is known.
</i></tr><P>
<tr><td nowrap valign=top><B>AUSCERT<td><i><B> the Australian Computer Emergency Response Team
(AUSCERT), an independent Internet security body.
</i></tr><P>
<tr><td nowrap valign=top><B>AUSTEL<td><i><B> the Australian Telecommunications Authority
</i></tr><P>
<tr><td nowrap valign=top><B>AUSTRAC<td><i><B> Australian Transaction Reports and Analysis Centre
</i></tr><P>
<tr><td nowrap valign=top><B>authentication<td><i><B> (1) in computer security, the act of identifying or
verifying the eligibility of a station, originator or individual to
access specific categories of information; (2) in data
security, a measure designed to provide protection
against fraudulent transmissions by establishing the validity of
a transmission, message, station or originator; (3) in data
security, processes that ensure everything about a
teleprocessing transaction is genuine and that the
message has not been altered or corrupted in transmission; (4) in
computer security, the process that verifies the identity
of an individual as established by an identification
process; (5) in data security and data communications, both
the prevention of undetected alteration to data and peer
entity (mutual verification of each other's
identities by communicating parties) authentication.
</i></tr>
<P>
<tr><td nowrap valign=top><B>bit<td><i><B> binary digit - here either of the mathematical characters
zero or one
</i></tr><P>
<tr><td nowrap valign=top><B>certificate<td><i><B> a set of information which, at least, identifies the
certification authority issuing the information;
unambiguously names or identifies the owner;
contains the owner's public key; and is digitally signed by
the certification authority issuing the certificate.
</i></tr><P>
<tr><td nowrap valign=top><B>certifying authority<td><i><B> an entity that verifies the identity of another
entity, allocates a unique name to that entity and
verifies the correctness of information concerning that
entity by signing a public key certificate for
that entity.
</i></tr><P>
<tr><td nowrap valign=top><B>cryptography<td><i><B> the art or science that treats of the principles, means and
methods for rendering plaintext unintelligible and
for converting encrypted messages into intelligible
form.
</i></tr><P>
<tr><td nowrap valign=top><B>clipper chip<td><i><B> a hardware encryption device first sponsored by the United
States government in April 1993 and intended to be
the sole encryption system used on the Internet.
Legislation was prepared to back the proposal. It would have
had an enforced system of escrow built into it, permitting
law enforcement agencies armed with a warrant to decrypt
any clipper-encrypted messages. Each chip was
registered and pre-programmed with some numbers
issued by the two escrow agencies (both government
agencies). Knowledge of these two numbers,
available on production of a warrant, would allow the calculation
of the session key used and the identity of the sender,
but not the recipient. The proposal was abandoned in 1995.
</i></tr><P>
<tr><td nowrap valign=top><B>confidentiality<td><i><B> in computer security, a concept that applies to data that
must be held in confidence and that describes the
status and degree of protection that must be provided for
such data about individuals as well as organisations.
</i></tr><P>
<tr><td nowrap valign=top><B>cyberspace<td><i><B> the ether or medium through which messages are
transmitted - at least the Internet and the networks
connected to it.
</i></tr><P>
<tr><td nowrap valign=top><B>cyphertext<td><i><B> the text after encryption. It is sent by the user over an
insecure communication channel on the assumption that
the equivalent plain text will be unable to be inferred
by cryptanalysis and so is safe from a passive and an active
attack.
</i></tr><P>
<tr><td nowrap valign=top><B>data compression<td><i><B> in codes, reduction of the size of the data by techniques
which exploit redundancies in the data; in memory
systems, a technique that saves storage space by
eliminating gaps, empty fields and redundancies to
shorten the length of records or blocks.
</i></tr><P>
<tr><td nowrap valign=top><B>decryption<td><i><B> the conversion of cyphertext into its plaintext equivalent
by use of the appropriate key.
</i></tr><P>
<tr><td nowrap valign=top><B>DES<td><i><B> the Data Encryption Standard (DES) specifies an
algorithm to be implemented in electronic hardware
devices and used for the cryptographic protection of
computer data. It became mandatory for US Federal
agencies in June 1977. The algorithm is public but the
design principles remain classified. DES uses a 56-bit
key
and encodes text in 64-bit blocks.
</i></tr><P>
<tr><td nowrap valign=top><B>digital signature<td><i><B> a digital signature is a technique or procedure for the
sender of a message to attach additional data to that
message which forms a unique and unforgeable
identifier of the sender and the message.
</i></tr><P>
<tr><td nowrap valign=top><B>DSD<td><i><B> Defence Signals Directorate
</i></tr><P>
<tr><td nowrap valign=top><B>DSTO<td><i><B> Defence Science and Technology Organisation
</i></tr><P>
<tr><td nowrap valign=top><B>encryption<td><i><B> the transformation of data to an unintelligible form in
such a way that the original data either cannot be
obtained
(one-way encryption) or cannot be obtained without using
the inverse decryption process (two-way encryption).
</i></tr><P>
<tr><td nowrap valign=top><B>FBI<td><i><B> Federal Bureau of Investigation (USA)
</i></tr><P>
<tr><td nowrap valign=top><B>GII<td><i><B> Global Information Infrastructure - a worldwide 'network
of networks' creating a global information marketplace,
encouraging broad-based social discourse within and
among all countries. By interconnecting local, national,
regional and global networks, the GII can expand the
scope of benefits of advances in information and
telecommunications technologies on a global scale.
See also, the Internet and note that the GII is probably
a short-hand reference to what the OECD called in 1980
as transborder flows of information.
</i></tr><P>
<tr><td nowrap valign=top><B>hacking<td><i><B> the act of gaining unauthorised access to a computer
network by defeating the system's access controls.
The act is often compounded by one or more offences
relating to breaches of confidentiality, privacy, national
security, altering or erasing data, intellectual property and
commercial interests.
</i></tr><P>
<tr><td nowrap valign=top><B>Internet<td><i><B> a worldwide interconnection of individual networks
operated by government, industry, academia and
private parties. [The Internet originally served to connect
laboratories engaged in government research, and has
now been expanded to serve millions of users and a
multitude of purposes.]
</i></tr><P>
<tr><td nowrap valign=top><B>Jones<td><i><B> see Smith
</i></tr><P>
<tr><td nowrap valign=top><B>key<td><i><B> a key is a number, whose size is expressed as a number of
bits in binary arithmetic (eg 56-bit)
</i></tr><P>
<tr><td nowrap valign=top><B>key distribution<td><i><B> public keys can be distributed freely through listing on a
bulletin board or via a directory. Public key
encryption depends on confidence the public keys are correct.
Users need to be assured they have valid keys for other
people and keys need to be provided/copied by dependable
means.
</i></tr><P>
<tr><td nowrap valign=top><B>key escrow<td><i><B> a concept, principally advanced by the US Government,
under which keys for cryptographic systems would be
registered with government appointed agencies and be
accessible by law enforcement agencies on production
of a warrant.
</i></tr><P>
<tr><td nowrap valign=top><B>key length<td><i><B> the size of a key and measure of its strength. In
simplistic terms a 40/384-bit secret/public key system may be
classified as weak, a 56/512-bit system as
borderline: and an 80/1024-bit system as strong.
</i></tr><P>
<tr><td nowrap valign=top><B>LAN<td><i><B> Local Area Network
</i></tr><P>
<tr><td nowrap valign=top><B>LEAC<td><i><B> Law Enforcement Advisory Committee established by
the regulating agency, A USTEL.
</i></tr><P>
<tr><td nowrap valign=top><B>NCA<td><i><B> National Crime Authority.
</i></tr><P>
<tr><td nowrap valign=top><B>OECD<td><i><B> Organisation for Economic Cooperation and Development
</i></tr><P>
<tr><td nowrap valign=top><B>phreaking<td><i><B> the unauthorised use of telecommunications services or
equipment at the expense of another. This act not only
defrauds carriers and service providers of rightful
service charges but may also damage the integrity of the
switching and billing systems.
</i></tr><P>
<tr><td nowrap valign=top><B>PKAF<td><i><B> a Public Key Authentication Framework would allow for
the establishment of a trusted public key system,
allowing any entity to determine the trust and validity
of a public key certificate claimed to be associated with
another entity. The proposal was prepared by the PKAF
Task Group, formed by Standards Australia from
representatives of industry and government.
</i></tr><P>
<tr><td nowrap valign=top><B>plain text<td><i><B> data or a message in ordinary language or format, which
can be understood by a person or a computer.
</i></tr><P>
<tr><td nowrap valign=top><B>public key encryption<td><i><B> see assymetric system
</i></tr><P>
<tr><td nowrap valign=top><B>private key encryption<td><i><B> see symmetric system. Not to be confused with
the private key of a public key pair which is
used for confidentiality purposes.
</i></tr><P>
<tr><td nowrap valign=top><B>RSA<td><i><B> an algorithm for creating public key private key pairs and
algorithms for the subsequent encryption and decryption
of text. Designed by Rivest-Shamir-Adleman, after whom
it is named. This system is commonly used for public
key encryption and the only public key system which creates
key pairs which can be used for either role.
</i></tr><P>
<tr><td nowrap valign=top><B>Smith<td><i><B> a fictional identity, like Jones, thought preferable by the
author to colourless cyphers like A, B, C and a variant
from the A lice and Bob who habituate frequent such
texts. In a further attempt at verisimilitude, Smith is
of the male gender, while Jones is a female.
</i></tr><P>
<tr><td nowrap valign=top><B>steganography<td><i><B> in data security, the concealment of the existence of
messages, literally covered writing. This can take the
form of filling in inter-message gaps with padding
characters, thus although the existence of the
communication link is not concealed an attacker is
denied information on when messages are being transmitted.
</i></tr><P>
<tr><td nowrap valign=top><B>symmetric key<td><i><B> a method of encryption in which the same key is used to
encrypt as to decrypt. Also referred to as secret key or
single key encryption. This sort of encryption is used in
telephone scramblers. The key length can be varied for
different levels of protection. It is a much faster process
than using asymmetric keys.
</i></tr><P>
<tr><td nowrap valign=top><B>trusted third party<td><i><B> an entity providing user services ranging from the
provision of authentication services such as the
verification of a client's public key, time stamping
of documents, digital signatures and key retrieval
services.
</i></tr><P>
</table>
<P>
</center>
<P>
<hr>
<P>
<center>
<a name=chap1></a>
<h3>
CHAPTER 1
<P>
CONCLUSIONS AND FINDINGS
</h3>
</center>
<P>
<B>
1.1 <i>Conclusions</i>
</B>
<P>
1.1.1 The relationship of the individual to society is determined by an
elaborate series of structured and informal arrangements. That our society
should be an open, pluralist, democratic, ethnically diverse one, eschewing
discrimination on the grounds of age, gender, religion, race, physical or
intellectual handicap or any other discriminator which denies dignity is
universally agreed.
<P>
1.1.2 Individuals living in community cede certain rights and privileges
to ensure order, equity and good government, even if sometimes reluctantly. To
this end, a lawful right to conduct intrusive investigations has been given to
law enforcement and national security agencies and to ensure the exercise of
those intrusive powers is properly controlled, various forms of oversight and a
package of administrative law measures have been instituted.
These have produced a significant increase in public accountability, but our
time is characterised by a mistrust of all powerful institutions which seek to
limit the freedoms of ordinary citizens.
<P>
1.1.3 The general availability to the individual of data security, whether
for storage or communications, will alter the relationship between the citizen
and the state. It will mark a rare opportunity, in the second half of this
century, when advantage moves in the citizen's favour. In recent years the
balance has shifted markedly to the advantage of the state and to law
enforcement and national security, as technology and computing power have
provided powerful investigative tools to trace or profile individual subjects.
<a href=#foot1><sup>1</sup></a>
As long ago as 1890 the Harvard Law Review decried the threat to privacy which
'recent inventions and business methods' posed - the invention was black and
white photography and the methods invasive investigations by brash newspapers!
<a href=#foot2><sup>2</sup></a>
The Review accepts the considerable and necessary benefit which cryptography
will bring to the citizen, not only for confidentiality but also for
authenticity, integrity and non-repudiation. It is, however, only
confidentiality services with which this Review is concerned.
<P>
<P>
1.1.4 The point is strenuously made by law enforcement and national
security representatives that loss of access to real-time communications and to
data stored electronically would have a significant and deleterious effect on
investigative capability. That effect would be the loss of tactical
intelligence by which their investigations are directed, the denial of evidence
which may secure the prosecution of serious criminals, significant on-costs and
increased risk.
<P>
1.1.5 This Review was commissioned by the Commonwealth and is directed to
Commonwealth requirements. The terms law enforcement and national security
have, therefore, a clearly intended Commonwealth application when specific
matters are addressed. Law enforcement is primarily taken by
the Review to embrace the Australian Federal Police (AFP) and the National
Crime Authority (NCA). In a secondary sense, it includes the Australian
Customs Service (ACS), the Australian Transaction Reports and Analysis
Centre (AUSTRAC) and the Commonwealth Law Enforcement Board (CLEB).
National security is taken to refer specifically to the Australian Security
Intelligence Organization (ASIO). But these matters, law enforcement in
particular, cannot be isolated in a federal sense. The Review consulted with
the police services of New South Wales and Victoria as major representatives of
State and Territory police services. The conclusions at which the Review
arrived have equal application for the States and Territories and the nature of
the challenge of encryption dictates that responses and solutions be nationally
based. There will be a need for complementary, coherent and consistent action
by the Commonwealth, the States and Territories in this matter.
<P>
1.1.6 The public availability of encryption has drawn differing responses
from governments. This review has confined its study to cryptography, of
which encryption is the process by which data is transformed into an
unintelligible form, so the original data cannot be obtained or cannot be
obtained without using the inverse decryption process. It has not concerned it
self with other forms of data manipulation, such as steganography or data
compression, which may cause difficulty in understanding the meaning of the
data. Some countries, such as France, Israel, Belgium and China, have limited
the importation of encryption systems and products and effectively mandated
the escrowing of keys. Burma, in late September 1996, banned connections to
the Internet. In days of cyberspace access, any attempt hermetically to seal
borders seems an exercise in futility. Other countries, such as the United
States and the United Kingdom, while proposing voluntary national arrangements
which place conditions on the use of encryption, have not excluded the prospect
of mandatory arrangements.
<P>
1.1.7 Recognising the importance of the information and communications
revolution to Australia's development and to the needs of electronic commerce,
successive Governments have favoured a process of self-regulation to deal with
encryption policy, believing competition and consumer demand will ensure the
interests of all sectors are addressed.
<P>
1.1.8 While the needs of electronic commerce, intellectual property and the
protection of safety-critical industrial 'processes may be attended by self-
regulation, the requirements of law enforcement, security and privacy stand
somewhat apart. It is a paradox that the purposes for which cryptographic
methods may be used can be mutually conflicting - providing the security
needed to move vast streams of commercial, financial and medical data across
open networks and providing impregnable communications security for
terrorists and organised crime to wreak their havoc on society. The challenge
for all governments is to secure a balanced policy outcome.
<P>
1.1.9 Law enforcement and national security need to be able to collect the
tactical intelligence and evidence critical to the effective prosecution and
coordination of their inquiries. There was an understandable concern
mentioned by some that government may be seeking to enhance the powers of
law enforcement and security under the guise of a paradigm shift in technology.
That is not so. The objective of the review was to ensure investigative
capability was maintained, while privacy and civil liberties were preserved.
The Review was satisfied the availability of real-time decrypted
communications is central to the investigative capability of law enforcement
agencies and the national security service.
<P>
1.1.10 It was not clear, at the time the Review concluded, what public form
of key management infrastructure would be required in Australia. There was a
period, not so much earlier, when it was automatically accepted that
independent entities would generate and archive keys. Developments
in technology see individuals capable of generating their own keys reliably, but it
remains likely that many will rely on a commercial independent entity to assist
in data retrieval. The notion of 'trust' will be central to any system of
electronic commerce or third parties. It is difficult to imagine all
individuals will be able or inclined to establish themselves the networks of trust necessary
to engage in business with confidence. In view of the premium to be placed on
trust and the high potential for corruption in the third party service provider
area, a system of integrity screening and registration for providers is
indicated.
The process adopted by casino authorities should prove a useful model.
<P>
1.1.11 The need for certification facilities (affording a level of
authentication
or confidence in a person's private key) is clear and the sort of structural and
procedural model provided in the Public Key Authentication Framework
(PKAF) seems widely to be accepted. Clear indication of government support
by, for instance, an announcement of intended usage of the system, would be
timely and provide an urgently required planning base. For the
purposes of
electronic commerce, there will be a need for legislation to give digital
signatures the equivalent force and effect of a witnessed hand-written
signature.
As in the case of third party service providers, a form of vetting and
registration of those who would offer certification authority services is indicated.
<P>
1.1.12 A certification authority is neither an escrow agency nor a trusted
third party; it will not retain or archive key materials unless specifically
requested by customers to do so and then only under contractual conditions that
remove any liability which may flow from compliance with lawful orders to
produce such materials to instrumentalities of the state. Its function relates to
certifying to the integrity or personal ownership for both authentication and
confidentiality purposes, to authenticating digital signatures for commercial,
legal, evidentiary and similar purposes.
<P>
1.1.13 Some may argue the more organised, or 'professional', criminal
elements would be unlikely to rely on any service providers, too easily risking
becoming hostages to fortune - a view recited by all law enforcement agencies
consulted by the Review. But convenience, lethargy and a lack of discipline
repeatedly prove themselves capable of overcoming such caution, at least
among the less professional strata. In such circumstances, they may be few or
many, government agencies could seek search warrants to obtain 'keys' where
these were held either by the subject of the investigation or the registered third
party service provider.
<P>
<ul>
[<i>para 1.1.14 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)</i>]
</ul>
<P>
<FONT COLOR=#FF0000>
1.1.14 Criminal enterprises, like normal businesses, may be expected to
generate their own key materials. There will be the capacity to generate a
staggering number of keys, to use a computer randomly to choose the algorithm,
to change the key randomly with every transaction or to change the key
automatically at intervals set at seconds rather than minutes, while transactions
proceed. In such instances, there is no third party or service provider to be
approached. Either voluntary or coercive attempts to require production of the
'key' are unlikely to prove successful and the user would likely be unaware of
the key being employed. The invocation of the principle of non self-incrimination
may well represent the polite end of the possible range of responses.
</FONT>
<P>
1.1.15 In light of this situation, the Review does not recommend mandatory
third party arrangements. Some form of voluntary third party service seems an
inevitable development, however, for electronic commerce and intellectual
property reasons, as well as interoperability and international agreements. It is
likely to prove of limited assistance to law enforcement and national security
investigations.
<P>
1.1.16 Any attempt to prohibit the importation of cryptographic materials
would be misguided and harsh to the privacy rights of all citizens. Strong
commercial encryption is in the national interest and a role can be argued for
government to advise the community about the integrity/vulnerability of
systems and products. On this note, the national interest strongly suggests
Australia should not be dependent on products originating in one country. The
risk of national dependence on the United States, which manufactures the
majority of the world's software, would at least be reduced by diversification of
supply and there is scope for government to take a lead here.
There is, of
course, some hope that the technology which passes through generations in the
blink of an eye [a Web year was described to the Review as 90 days and going
down!] may provide some comfort to law enforcement and national security. In
the meantime, some practical suggestions are made.
<P>
1.1.17 Changes should be made to strengthen focussed investigations of
the AFP, the NCA and ASIO, to review the sanctions for non-compliance with
directions to produce and to protect more effectively sensitive operational
methods used by these agencies to acquire access to encryption keys or systems.
There should be no change to the tests to be satisfied before warrant requests
are approved - they should remain as stringent as they are today. Nor should there
be any change to oversight arrangements.
<P>
1.1.18 The wide and easy availability of cryptography will enhance the
privacy of citizens, where they have control over the use to which data is being
put. It should allow some protection against the data-matching, profiling and
peddling of personal information for commercial gain which have become
endemic, through ignorance or obfuscation of the need for informed consent.
<a href=#foot3><sup>3</sup></a>
It will adversely impact on the capability and investigative approach of law
enforcement agencies and the security service and may, consequently, provoke
some redefinition of that fundamental relationship between citizen and state.
To presage the imminent end to civilisation, however, which some foreign law
enforcement advocates assert will ensue should their favoured approach not be
adopted, is neither a novel prophecy nor lends substantial assistance to the
debate.
<P>
1.1.19 The work of the sub-group of the Organisation for Economic
Cooperation and Development (OECD), tasked with developing draft guidelines
on cryptography, is important. The aim is a framework of principles addressing
the needs of the global village.
<a href=#foot4><sup>4</sup></a>
Electronic commerce requirements, if nothing
else, will likely dictate some common infrastructure to guarantee
interoperability. If the European Union, the United States or Japan,
for example, or any combination of these, was to muster sufficient support for a
particular model, Australia would be foolish not to follow suit. At this stage,
however, there is no such agreement and, hence, no need to take an independent
policy position on this issue.
<P>
1.1.20 The conundrum for government is the encryption genie is out of the
bottle: a genie with the potential to enhance data security and personal and
corporate privacy but also to provide a shield of invisibility for criminals and
others. While the pace of change continues relentlessly, the most appropriate
policy response remains to watch developments closely, to reinforce and protect
the investigative capacity of law enforcement and the security service, to
maintain the requirement that telecommunications services provided by carriers
be susceptible to interception, to progress the development of the OECD
guidelines on cryptography, to ensure appropriate arrangements for the
screening, performance standards and registration of third party service
providers and certifying authorities are put in place, to coordinate policy and
technical development which may provide a solution to public safety needs and
to stimulate public discussion of and involvement in the search for a truly
balanced solution.
<P>
1.1.21 The implications for law enforcement and national security of
encryption, though significant, appear dwarfed by the potential fiscal
consequences, particularly when allied to more powerful processing and the
progressively increasing capacity for individuals to engage in anonymous
transactions. They are matters, however, outside the Terms of Reference.
<P>
<B>1.2 <i>Findings</B></i>
<P>
1.2.1 The main finding of the Review is that major legislative action is
not
advised at this time to safeguard national security and law enforcement
interests
in the face of the challenge presented by cryptography, though a range of minor
legislative and other actions are indicated.
<ul>
[<i>remainder of para 1.2.1 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<P>
<FONT COLOR=#FF0000>
The 1994 judgement, that
encryption was a looming problem which warranted close monitoring, remains
substantially valid. The problem, in a substantive sense, still lies ahead of law
enforcement and national security agencies but the distance is shortening
rapidly.
</FONT>
<P>
1.2.2 The option recommended by the Review to cater for national security
and law enforcement interests in the face of the encryption challenge is to
strengthen and further protect the investigative capability of those agencies,
to recast the relevant statutory provisions in clear purpose terms to prevent
premature aging and to consider the introduction of a new statute (the Aid to
Public Safety Act is proposed) which would aggregate the various intrusive
investigative powers, or at least those in the Attorney-General's portfolio,
into one place. This would facilitate the process of review, as indicated by changes
in technology or circumstance, and likely engender a more controlled public
discussion.
<P>
1.2.3 Australia has not been disadvantaged by the absence of policy
decisions on the issue of key management infrastructure. Many
foreign governments have moved early, but not necessarily to advantage. The rate of
technological change, developing public knowledge and expectation of the
Global Information Infrastructure and the reaction to the control mechanisms
attempted by some governments suggest, generally, a continuation of this
course. The immediate exception, on public administration grounds rather than
anything else, would be the introduction of screening and registration
procedures for third party service providers and certifying authorities. The
third quarter of 1996 saw more intensive global engagement on this issue than any
comparable earlier period. The greater risk for Australia, in the short term,
is the lack of certainty about who is directing government policy and who,
therefore, is coordinating the work progressing across a range of fronts. That
is an issue which needs urgently to be addressed.
<P>
1.2.4 The Review's findings are set out against each term of reference.
Those of a broader nature, which do not specifically relate to a particular term
of reference, have been aggregated under term number 2.
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 1.<td><B><i>The Review is to examine whether legislative or other
action should be taken to safeguard national security
and law enforcement interests in the light of the
rapid development of the Global Information
Infrastructure and the continuing need to safeguard individual
privacy.</i></B></tr>
</table>
<P>
Findings:
<P>
1.2.5 The Review does not support legislative action at this stage to
prescribe a form of key management infrastructure accessible by government for
purposes of national safety, but overseas proposals and developments will need
to be kept under close watch. The effort within the OECD to develop draft
guidelines on cryptography is worthwhile and should provide a useful
framework for national and international approach to this issue. A
further Review is recommended late in 1997, when technology will have advanced
further, any early impact of deregulated communications will be apparent, the
position of other countries such as Britain and the United States will be
clearer (both plan to introduce legislative measures), the OECD work will be largely
concluded and the position Australia might best adopt to balance its national
security and law enforcement interests with its support for electronic commerce,
privacy and continuing access to the communications and information
revolution, might be clearer. (paragraphs 3.4.1-3; 3.7.1-7; 4.5.11-16; 4.6.1-2;
5.1.5-9 refer)
<P>
1.2.6 The Review found a lack of clarity as to which Minister and which
department had responsibility for cryptography policy and the consequent
danger of a lack of coordination in policy development. These deficiencies
need to be overcome. (paragraphs 2.3.1-2; 3.4.3-5; 6.1.1-4 refer)
<P>
1.2.7 The Review identified a number of areas where legislative action
might be taken to ensure Australia's national security and law enforcement
interests. These are set out at term 3(c).
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 2.<td><B><i>The objective of the Review will be to present
options for encryption policies and legislation which
adequately address national security, law
enforcement and privacy needs while taking account
of policy options being developed to address
commercial needs.
</i></B></tr>
</table>
<P>
Findings:
<P>
1.2.8 The Review does not recommend specific options for encryption
legislation at this time. The policy options being developed to address
commercial needs are as yet inchoate. The process of developing guidelines on
the use of cryptography by the OECD Ad Hoc Group of Experts is still 6
months from conclusion and international agreements based on such a
framework would seem to represent the only basis for trusted third party
encryption of telecommunications.
<a href=#foot5><sup>5</sup></a>
(paragraph references as per 1.2.5)
<P>
1.2.9 There is no draft proposal at large which meets well the competing
demands of law enforcement/national security, privacy and commercial needs.
(paragraphs 4.5.1 1; 4.6.2; 4.7.1-6 refer)
<P>
1.2.10 The conceptual difficulty in resolving those tensions in one set of
arrangements is exacerbated by the requirements of law enforcement and
national security being predicated on access, while privacy and commercial
needs are predicated on protection.
<P>
1.2.11 There seems no compelling reason or virtue to move early on
regulation or legislation concerning cryptography. Law enforcement
and national security agencies have certainly experienced difficulty where subjects
of investigation have refused access to encrypted stored data and it has not
been possible for them or other agencies to decrypt this material. It is
questionable, though, whether any range of policy decisions concerning key management
would have altered this situation materially. For the present, the
investigative
capability of the agencies is not significantly affected. (paragraphs 3.2.1-4;
3.5.3-4; 4.1.2 refer)
<P>
1.2.12 To ensure policy positions are properly coordinated and reflect the
interests of the different parts of government, it would be preferable if these
followed decisions by Ministers on policy responsibility, were coordinated by a
standing inter-departmental committee and that the committee was constituted at
an appropriate level. (paragraphs 3.4.2-5 refer)
<P>
1.2.13 For reasons of electronic commerce and international cooperation in
the law enforcement and national security areas, Australia's policy positions
must mesh with those of her major trading and cooperating partners. While a
few countries have made public policy commitments, these are likely further to
change. International acceptance of the OECD draft guidelines on
cryptography, the drafting of which is due to conclude early in 1997, may
provide a basis for that consistency in national approach essential for the GII.
(paragraphs 4.6.1-4 refer)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>
Term of Reference 3(a).<td><B><i>Key factors to be addressed include Australia's
national security and defense interests;
</i></B></tr>
</table>
<P>
Findings:
<P>
1.2.14 While national security and defense interests provided the framework
within which the other terms of reference in paragraph 3 were examined, the
injunction in the first term of reference of the Review to have regard for the
continuing need to safeguard individual privacy and a reminder of that at term
3(d) provided some tension when different requirements were to be served.
The approach of the Review was to seek to strike a balance, leaving the privacy
advantage with the community as a whole when the security or defense
interests, taken at their broadest, were unable to demonstrate an impediment to
the performance of their functions and model mechanisms of control either
failed or were oppressive.
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>
Term of Reference 3(b).<td><B><i> an assessment of the present state of encryption
technology and prospective developments in encryption technology over the next few years
likely to impact on Australia's national security and law enforcement interests;
</i></B></tr>
</table>
<P>
Findings:
<P>
<ul>
[<i>paras 1.2.15 and 1.2.16 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.15 Strong encryption, which cannot be defeated by law enforcement and
national security agencies, is already available commercially or in the public
domain. (paragraphs 3.2.4; 3.5.1-4 refer)
<P>
1.2.16 Data is being stored securely on computer systems or being sent over
the telephone system beyond the reach or visibility of the investigative agencies.
(paragraphs 3.5.1-4 refer)
</FONT>
<P>
1.2.17 The likely trend will be from software encryption applications with
separate keys generated by the individual's computer system or an independent
entity to primarily hardware solutions where random keys are rapidly generated
and changed by the equipment itself and recognized and understood by those to
whom data transmissions are directed (paragraphs 3.6.1-7 refer)
<P>
<ul>
[<i>para 1.2.18 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.18 The AFP, NCA and ASIO consider access in real time to the
communications of subjects of investigation an essential capability for the
performance of their functions. There has been negligible indication of
encryption being used in voice communications, but a strong belief it is
employed in computer to computer communications. A reliable statistical base
is required to underpin a further and more comprehensive assessment of the
impact which loss of real-time access to the voice and data communications of
the subjects of investigation would pose. (paragraphs 3.3.1-4; 4.1.1-3; 4.2.1-2
refer)
</FONT>
<P>
1.2.19 The AFP should chair an inter-agency group tasked with the
preparation of an assessment of the impact which the loss of real-time access
to voice and data communications would have for law enforcement and national
security. The assessment should be submitted to the Secretary of the Attorney-General's
Department for presentation to the Secretaries Committee on National
Security. (paragraph 4.1.3 refers)
<P>
1.2.20 The future direction of encryption technology depends largely on
advances in the field of pure mathematics and computing power which
increases, on average, by the power of 10 every five years. We will likely see
dedicated microchips able to work faster and process more complex algorithms.
at reasonable speed. Secure faxes will become more common. Remote
banking facilities will become available. Local area computer networks
(LANs) will use encryption for communication between workstation and file
server or mail server. This encryption will be transparent to the user. Each
computer or user on the network will have its own public/private key pair, used
to generate random session keys. Further ahead, quantum computing and,
perhaps, quantum cryptography are mentioned, as are molecular memories, but
none is predicted to cause major change to the projected trend line of
development. (paragraphs 3.1.1-4 refer)
<P>
1.2.21 The availability of an encryption function on major software
applications or as a service to telecommunications users would likely be taken
up quickly by the community, but particularly the more significant targets of
law enforcement and national security agencies. Microsoft, for example,
recently indicated it would soon offer such an application. (paragraph 3.4.6 refers)
<ul>
[<i>para 1.2.22 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.22 The loss of access to real-time communications of their targets, and
the inability to access seized stored data, will necessitate a range of activities by
law enforcement and national security agencies which carry greater operational,
personal and political risk, involve larger financial outlays and staff allocations
and will require some legislative amendments. (paragraphs 4.3.1-6 refer)
</FONT>
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>
Term of Reference 3(c)<td><B><i> whether Australia's present laws are adequate
to ensure Australia's security and law
enforcement interests in an environment of
rapidly emerging new technologies;
</i></B></tr>
</table>
<P>
Findings:
<P>
1.2.23 The Telecommunications (Interception) Act 1979 is considered
adequate by national security and law enforcement agencies, though a range of
issues such as the continuing capacity to trace calls; the test of reasonableness
(as applied) under which law enforcement and national security agencies may
seek such action; access to call record information and caller identification from
carriers and service providers; the legal status and, therefore, obligations of
service providers after 1 July 1997; the impact of satellites (eg systems are
being launched by Asian countries which will cover significant parts of
Australia); and some jurisdictional matters in relation to the Internet loom as
issues which the Law Enforcement Advisory Committee (LEAC) and the
Attorney-General's Department will need to pursue. (paragraphs 3.4.1-2;
3.6.7; 4.8.4; 6.2.4 refer)
<P>
1.2.24 The Telecommunications Act 1991 would become inadequate if the
license condition on carriers first to obtain approval from the Minister for
Communications and the Arts, who is required to consult with the Attorney-General,
before marketing any telecommunications service not susceptible to
interception should be varied.
<a href=#foot6><sup>6</sup></a>
(Paragraph 6.2.18 refers)
<P>
1.2.25 The Telecommunications Act 1991 should establish a requirement for
all communications service providers to be registered, which would facilitate
the service of warrants and access to customer data bases by law enforcement and
national security agencies. The purpose is not to restrict entry to the sector
but to meet these requirements and ensure service providers may be kept informed
of changes affecting their functions. (paragraphs 6.2.4-5; 6.2.18; 6.2.21 refer)
<P>
1.2.26 The ability to trace calls will continue to be of major importance
to the AFP, NCA and ASIO (and the State police services), even in situations where
interception or access to communication content is denied. The application of
the 'reasonableness' principle by communications carriers or service providers
will need to extend beyond life-threatening situations. The containment of
consequential costs might best be managed by limiting, more than currently,
those agencies authorised to make such requests.
(paragraphs 3.6.7; 6.2.4 refer)
<P>
1.2.27 Invocation of the principle of non self-incrimination is likely to
prove an obstacle to efforts by law enforcement agencies to obtain encryption keys by
search warrants or orders made by courts and tribunals.
(paragraphs 3.2.4; 3.5.1-4; 3.7.10-11 refer)
<P>
<ul>
[<i>para 1.2.28 not provided under FOI, by reason of
<a href=index.htm#foi36>Section 36 of the FOI Act</a>
(Internal working documents)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.28 The Crimes Act 1914 should be amended to permit the AFP, NCA
and ASIO to 'hack' into a nominated computer system to secure access to that
system or evidence of an electronic attack on a computer system. (paragraphs
6.2.3; 6.2.22 refer)
</FONT>
<P>
1.2.29 Consideration should be given to establishing a further and more
serious category of offence where encryption is used to obstruct investigation
by law enforcement or national security agencies into the preparation for or
commission of a criminal offence and to give the Commissioner of the AFP
authority, analogous to the ss. 28/29 powers provision available to the Chairman
of the NCA, to require production of information or material which would
render seized encrypted data intelligible. (paragraphs 3.7.10; 3.7.11; 6.2.22
refer)
<P>
1.2.30 The narrow definition of a listening device in the Australian
Federal Police Act 1979 should be amended to reflect the purpose of such devices,
namely to transmit data. The current wording restricts transmission to voice
only. (paragraphs 4.3.5; 6.2.1; 6.2.20; 6.4.4 refer)
<P>
<P>
1.2.31 The criteria of Class 2 offences as set out in section 12(B) of the AFP
Act should be widened so that listening devices might be deployed in the
investigation of computer and information crime. The use of computers as
communications devices is much more common than when the Act was drafted
and that trend is only likely to become more prevalent. (paragraphs 6.2.2;
6.2.20 refer)
<P>
1.2.32 Authority needs to be created in the AFP Act, subject to the normal
warranting processes for the exercise of intrusive powers, for the agency to
install tracing or tracking devices which transmit data, to enter premises or
perform this remotely, to do so without seeking or obtaining the permission of
the owner or user of the equipment or premises, to transit other premises
necessary to reach the nominated premise and to re-enter such premises as are
necessary to maintain, replace or remove devices. Removal of devices, under
the same warrant conditions, would be permitted after the expiration of the
warrant, if secure circumstances do not obtain in the term of the warrant.
Call-tracing should not be a facility confined in its application to life-
threatening situations but available for the investigation of serious crime or
security, intelligence subjects. (paragraphs 6.2.6; 6.2.9; 6.2.20 refer)
<P>
<ul>
[<i>para 1.2.33 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.33 Authority should be created for the AFP, the NCA and ASIO to alter
proprietary software so that it performs additional functions to those specified
by the manufacturer. Such an authority, which clearly should be subject to
warranting provisions, would, for example, enable passive access to a computer
work station of a LAN and link investigative capability more effectively to
current technology. While there are issues of liability, the Review is convinced
the effort should be made to accommodate these so that a target computer may
be converted to a listening device. This capacity may represent one of the
important avenues of accessing plain text. (paragraphs 6.2.10-11; 6.2.20 refer)
</FONT>
<P>
1.2.34 All amendments and suggestions made in relation to the AFP Act
should be mirrored by amendment to the ASIO Act, both for its security
intelligence and its foreign intelligence investigation obligations.
<P>
1.2.35 There will need to be integration between federal, state and territory
law enforcement agencies as Commonwealth investigations frequently cover
several jurisdictions, the State and Territory police forces operate in the same
areas of criminal investigation and the latter police forces employ the same
core technology and encounter the same problems. These issues might usefully be
explored at a meeting of the Standing Committee of Attorneys-General and the
Australian Police Ministers Conference. (paragraph 6.2.28 refers)
<P>
1.2.36 Statutory protection needs to be afforded those sensitive operational
and technical methods employed by law enforcement agencies in the course of
their investigations. The process of establishing a public interest immunity
claim may implicitly reveal sufficient of a conceptual and operational approach
as to destroy the integrity of such a method. Where high personal risk and
damage to the investigative capability of the agency may result, should
protection of the operational methods employed in a particular investigation not
be absolute, agency heads should be empowered to issue a certificate, pursuant
to the proposed provision, identifying the operationally sensitive information
protected from disclosure, discovery by legal process or access under the FOI
Act. (paragraphs 6.2.12-17; 6.2.20 refer)
<P>
1.2.37 Consideration be given to incorporating all intrusive investigative
powers, or at least those of the agencies in the Attorney-General's portfolio
such as the AFP, ASIO, AUSTRAC and the NCA, into one statute with an aim and
title like 'the Aid to Public Safety Act'. The various powers should be
expressed in terms of their purpose, not the means by which those purposes may
be achieved. The benefit would rest in common approaches across
Commonwealth agencies, a clearer over-arching purpose, a positive
encouragement to inter-agency cooperation and the greater speed and political
ease with which necessary amendments may be effected to ensure the statute
remains relevant to developing technology and practice. (paragraphs 6.4.1-8
refer)
<P>
1.2.38 Instead of the current four or more types of warrant for intrusive
investigative activities by law enforcement and national security agencies, to
which further types are proposed at 1.2.28, 1.2.32 and 1.2.33, all warrant types
should be reduced to one of two: the interception of communications or entry
into property. (paragraph 6.4.8 refers)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>
Term of Reference 3(d)<td><B><i>measures to safeguard individual privacy
including an examination of the warranting
provisions that may be required to enable law
enforcement and national security authorities
to gain access to encrypted material, whether
in the form of stored data or a message
transmitted over a telecommunications network;
</i></B></tr></table>
<P>
Findings:
<P>
1.2.39 The ready availability of strong encryption, with no requirement to
escrow or register keys, nor to entrust them to any independent entity, is the
most effective safeguard of individual privacy. (paragraphs 3.4.8; 4.5.7;
4.5.10; 4.6.3; 4.8.4 refer)
<P>
1.2.40 The current regime of stringent warranting provisions for the exercise
of intrusive investigative powers should continue and apply to any change to the
range of those powers. (paragraphs 2.2.6; 5.1.7; 5.1.9 refer)
<P>
1.2.41 To ensure the privacy rights and civil liberties of those subjects of
investigation by law enforcement and national security agencies are preserved,
where a court or tribunal is prevented from examining any circumstances
surrounding covert investigations because a statutory protection against
involuntary disclosure has been invoked by an agency, such cases or a sample of
these cases should be examined by a senior, independent official experienced in
the conduct and handling protocols of sensitive matters. As the Inspector-
General of Intelligence and Security has the function to inquire into matters
referred to the Inspector-General by the Human Rights and Equal Opportunity
Commission in respect of the intelligence community, the sole aspect to be
reviewed here, this function would be caught within existing responsibilities.
In the case of Commonwealth law enforcement agencies, the function might be
given to the proposed National Integrity and Investigations Commission.
(paragraphs 6.2.24-27 refer)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 3(e)
<td><B><i> an assessment and evidence of the benefits of
access by law enforcement and national
security agencies to encrypted data;
</i></B></tr></table>
<P>
Findings-
<P>
<ul>
[<i>part para 1.2.42 and para 1.2.43 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.42 The value of intercepted communications, as cited to <i>the Review of the
Long-Term Cost Effectiveness of Telephone Interception</i>, has not diminished
and additional material is available since that review.
</FONT>
Law enforcement
agencies and ASIO made a cogent case for access to data concerning subjects of
investigation, whether voice or data communication, computer communication
or stored data, whether concealed by speed, compression or encryption. The
assessed benefits are the capacity to conduct investigations effectively and the
performance of their statutory functions. (paragraphs 4.1.1-2; 4.2.1-2; 4.3.1
refer)
<P>
<FONT COLOR=#FF0000>
1.2.43 There are indications, more frequently seen by law enforcement
agencies than ASIO, that the subjects of investigation are making significant use
of encryption to store data securely. It is already a frequent experience that this
data cannot be decrypted. (paragraphs 3.2.4; 3.5.1; 3.5.3; 4.1.2; 4.4.1 refer)
</FONT>
<P>
1.2.44 Real-time access by law enforcement and national security agencies to
the voice and data communications of their subjects of investigation is
essential to core capability. The loss of that access would seriously impair
capability, increase the risk factor in their operations and entail a range of
staffing, budgetary, legislative and political consequences. (paragraphs 4.3.1-6
refer)
<P>
1.2.45 The lack of reliable national statistics on attacks on computer and
communications systems will hamper policy development in areas such as
electronic commerce and cryptography. The proposed IDC on Cryptography
should consider the matter in the light of the review of AUSCERT
commissioned by DOCA and its impact. (paragraphs 3.3.4-5)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 3(f)
<td><B><i> an assessment of the most appropriate means
offending the development, implementation
and maintenance of a decrypting capability for
existing and emerging technologies;
</i></B></tr></table>
<P>
Findings:
<P>
1.2.46 No cogent reason was presented to the Review which suggested an
independent cryptanalytical capability should be established for law
enforcement and national security interests. (paragraphs 4.4.1-5 refer)
<P>
1.2.47 While general support for an independent decryption capability was
evident among law enforcement agencies, the limited opportunities and
expectations with which decryption would be approached would not justify the
significant establishment and recurrent budgetary allocation required.
(paragraphs 4.4.6-7 refer)
<P>
1.2.48 A 'closed' forum at a senior technical and operational level involving
law enforcement, national security and the Defence Signals Directorate should
be established to discuss and share attack methodologies against encryption, the
covert acquisition of keys, agree possible research projects and review
cooperation arrangements. Such a forum would provide a means for keeping
the Secretaries Committee on National Security informed of any significant
change to the investigative capability of law enforcement or national security
agencies as a result of encryption.
<a href=#foot8><sup>8</sup></a>
Because of the protocols surrounding this
field, it would be sensible for such a forum to be covered by memoranda of
understanding agreed by the heads of the various agencies. (paragraphs 4.4.7-
12; 6.3.2 refer)
<P>
1.2.49 The cost of enhancing in-house facilities to produce a modest
decryption capability should not necessitate New Policy Proposals, but the
Commissioner of the AFP, the Chairman of the NCA and the Director-General
of ASIO should ensure investment in staff training, development and
secondments and minor capital expenditure on decryption facilities are planned
and implemented in a coordinated fashion. The proposed inter-agency forum
may provide the vehicle to coordinate that investment and development.
(paragraphs 4.4.7; 6.3.1-3; 6.3.5 refer)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 3(g)<td><B><i>whether Australia should seek to negotiate
agreements with any other country or
countries governing access to encrypted data
where public keys (under a 'Commercial key
Escrow' or 'Trusted Third Party' system of
encryption) are held outside Australia;
</i></B></tr></table>
<P>
Findings:
<P>
1.2.50 It would be premature to enter formal negotiations with other
countries on access to encrypted data, where public keys are held in those
countries, until there is some certainty as to likely key management
infrastructures. Reciprocity is a standard feature of such access agreements.
Caution against entering formal negotiations is not intended to preclude
substantive discussions on the issues. Indeed, the US has intimated that a
condition of easing export controls may be the existence of a form of certified
key management. (paragraphs 4.6.1-2 refer)
<P>
1.2.51 Such agreements should reflect the arrangements which national
security and law enforcement agencies have in place to handle the exchange of
sensitive tracing and operational matters. Those arrangements, properly, have
regard for the legal, political and human rights record of the requesting
country
and the likely use which may be made of the information sought. (paragraph
4.6.4 refer)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 3(h)<td><B><i>whether legislation is desirable to:<br><br>
(i) regulate the availability of 'Commercial
Key Escrow' or 'Trusted Third Party'
encryption; or
<br><br>
(ii) facilitate the development of 'Commercial
Key Escrow' or 'Trusted Third Party'
systems of encryption;
</i></B></tr></table>
<P>
<ul>
[<i>para 1.2.52 not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.52 The models of 'Commercial Key Escrow' and 'Trusted Third Party'
systems variously proposed by the United States and Britain contain some
(inevitable?) design flaws which will leave subjects of law enforcement and
national security investigations outside their arrangements. The market may
well identify, for normal commercial reasons, the need for trusted third party
services in Australia. (paragraphs 4.5.4-11; 4.7.1-6 refer)
</FONT>
<P>
1.2.53 There is a high risk of corruption in the third party service provider
sector and the Government would be prudent to require integrity screening and
registration of those who seek to offer such services to the public. The
testing
process employed by casino authorities should prove a useful model.
(paragraphs 4.7.6-7 refer)
<P>
1.2.54 Some licensing or registration arrangement, together with a
requirement to meet minimum performance standards (as proposed by Standards
Australia) is indicated for Certifying Authorities providing authentication
services. This may depend on the outcome of the Wallis Inquiry into the effects
of deregulation of the finance system
<a href=#foot9><sup>9</sup></a>
or government may wish to consider it
cognately with the recommendations from the working groups of officials
examining a range of electronic commerce issues. The separation of the
authentication from the confidentiality key is a matter where clear and early
statement of government's position would assist. (paragraph 4.5.15 refers)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 3(i)<td><B><i>the impact of overseas initiatives associated
with encryption technology, particularly in
relation to the extent to which international
cooperation and proactive specification of
desirable characteristics for encryption
products and 'Commercial Key Escrow' or
'Trusted Third Party' services is desirable
and recommendations as to how such international
cooperation might best be achieved,.
</i></B></tr></table>
<P>
Findings:
<P>
1.2.55 Considerable variation exists in the approach of foreign governments
to cryptography policy issues, ranging from banning, to registration, to the
promotion of voluntary systems of key management which may meet some of
the needs of law enforcement and security, to the deliberate decision not to
take decisions on these matters while the technology continues to develop at a
rapid rate and offers new approaches for dealing with the issue. (paragraphs
4.5.1-13 refer)
<P>
1.2.56 There seems to be little popular support in or outside the United
States for a 'Commercial Key Escrow' system involving government agencies
creating as it would significant vulnerability outside of the control of the
person or corporation.
<a href=#foot10><sup>10</sup></a>
<ul>
[<i>para 1.2.57 not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.57 The British Government's 'Trusted Third Party' scheme carries some
of the same weaknesses.<a href=#foot11><sup>11</sup></a>
The university proposal on which it is based does
provide for separation of the authentication and confidentiality functions but
again, surprisingly, this was not address in the official government statement.
It is not yet known if the mooted European Union variation of the British
proposal will improve on the design (paragraphs 4.5.8-11; 4.6.3; 4.7.1-6
refer)
</FONT>
<P>
1.2.58 The issue of international cooperation would best be addressed
frommid-1997 when there has been more developmental work, the position of a
number of countries will be clearer, legislative proposals will have been
introduced by some and the work. of the OECD Ad Hoc Group of Experts will
have concluded. (paragraphs 4.6.1-4 refer)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 3(j)<td><B><i>the effectiveness of Australia's export controls
on encryption technology.
</i></B></tr></table>
<P>
Findings:
<P>
1.2.59 Any judgement as to effectiveness depends on the aspect from which
the issue is approached. As the Review was enjoined to consider Australia's
national security and defence interests as key factors, it may be argued
Australia's export controls were effective, though American export controls may
have had greater influence on the limited proliferation of 'strong' forms of
encryption in the region. (paragraphs 5.2.1-4 refer)
<P>
<ul>
[<i>para 1.2.60 not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
</i>]
</ul>
<FONT COLOR=#FF0000>
1.2.60 The continuing efficacy of export controls as a defensive strategy is
dubious when no import controls exist and firms are able to evade the export
controls of the United States, far and away the major software supplier, and
purchase their requirements in Europe or Asia. As well, the Internet offers a
market-place without borders. (paragraphs 5.2.6-7 refer)
</FONT>
<P>
1.2.61 From a commercial perspective, the purpose and impact of those
export controls was questioned. There was criticism that
Australian cryptographic products did not always meet customer requirements and suffered
in comparison with American products on the counts of convenience,
comparability and cost. (paragraph 5.2.6 refers)
<P>
1.2.62 The abolition, or even an amelioration, of United States export
controls will likely prompt a rapid extension of key lengths as an argued
talisman of data security. (paragraph 5.2.11 refers)
<P>
<table cellspacing=5>
<tr><td nowrap valign=top><B>Term of Reference 4.<td><B><i> The Review is to have regard to the
Government's existing encryption policies, the work of the OECD Committee of Experts on Security,
Privacy and Intellectual Property Protection in the Global Information Infrastructure on the
development of international cryptography guidelines and the work of the Information Policy Task Force on
the implementation of open encryption standards which address commercial needs.
</i></B></tr></table>
<P>
Findings:
<P>
1.2.63 The Review examined and took account of the Government's
approach outlined in <i>Australia Online</i>
<a href=#foot12><sup>12</sup></a>
and by officials of the Department of
Communications and the Arts. It examined the 1980 OECD Guidelines on
Trans-Border Flows of Personal Data
<a href=#foot13><sup>13</sup></a>
and the 1992 OECD Guidelines on
Information Systems Security and informed itself of their antecedents. It had
the benefit of many discussions and meetings with representatives of all
interested agencies on the draft guidelines on cryptography currently being
developed and was invited to participate in inter-departmental discussions
chaired by the Attorney-General's Department. The Information Policy Task
Force had not been established in the period of this Review but a retitled
Information Policy Advisory Council was due shortly to meet.
<a href=#foot14><sup>14</sup></a>
<P>
<B>Footnotes:</B><P>
<font size=2>
<a name=foot1><sup>1</sup></a>
Technologies include DNA analysis, fibre analysis, improved electronic
surveillance methods across public agencies such as Immigration, Social
Security, Taxation, Customs, financial institutions, communications
camera, transport companies and regulators, etc.<P>
<a name=foot2><sup>2</sup></a>
Samuel D Warren & Louis D Brandeis, The Right To Privacy, 4 Harv. L Rev. 193,
195 (1890)<P>
<a name=foot3><sup>3</sup></a>
Prof Greg Tucker notes the possibility that an unregulated GII environment
could lead to a loss of control by
individuals over their personal data, running the risk of creating a
surveillance society. From his paper titled
'Security, Privacy and Intellectual Property Rights in the Information
Infrastructure' presented to the OECD,
May 1996, p 143.<P>
<a name=foot4><sup>4</sup></a>
Not only is the relationship between the individual and the state likely to he
affected by cryptography and its
consequences but Michael Nelson argues we will see less powerful governments in
relation to trans-national
criminal organisations because traditional notions of sovereignty, national
security and warfare will be
undermined by 2020 when the whole world will be 'wired' and e-cash is the norm.
Michael Nelson, Special
Assistant, Information Security, Executive Office of the President, quoted in
BNA Daily Report for Executives,
6 September 1996, Washington, DC. A view offered also in a Technology Issue
Note published by the
National Security Agency titled 'NSA and the Cyberpunk Future', 3 June 1966, pp
4-5.<P>
<a name=foot5><sup>5</sup></a>
This group is Co-chaired by a Deputy Secretary of the Attorney-General's
Department and is scheduled to complete its work by February 1997.
<P>
<a name=foot6><sup>6</sup></a>
The US Administration is proposing legislation requiring each telecommunications carrier to increase its
capacity to meet assistance capability requirements (the capacity simultaneously to undertake call tracing and
communications interceptions) equal to 0.5% - 1% of the engineered capacity of
the equipment, facilities or services that provide a customer or subscriber with the ability to originate,
terminate or direct communications.
The Congress has enacted the Communications Assistance for Law Enforcement Act
(CALEA) and authorised funding support of $500 ml. Under the Omnibus Consolidated Appropriations Bill
signed by President Clinton on September 30, 1996, the permanent Telecommunications Compliance Fund may
receive money from any US Government agency with law enforcement or intelligence responsibilities.
Carriers have raised significantly the charges levied on law enforcement agencies for special assistance.
<P>
<a name=foot7><sup>7</sup></a>
Inspector-General of Intelligence and Security Act 1986. s.8 (1)(a)(v).
<P>
<a name=foot8><sup>8</sup></a>
Both the Commissioner of the AFP and the Director-General of ASIO may be
invited to attend meetings of the Committee and the Secretaries of the Defence and the Attorney-General's
Department, which embrace the portfolio interests, are members.
<P>
<a name=foot9><sup>9</sup></a>
The Financial Systems Inquiry, commissioned by the Treasurer under the
chairmanship of Mr Stan Wallis, is due to report to the Australian Government by
May 1997.
<P>
<a name=foot10><sup>10</sup></a>
The US Administration issued two statements on July 12, 1996, one entitled
Administration Statement on Commercial Encryption Policy (shown at Annex C); the
other, US Cryptography Policy: Why We Are Taking the Current Approach.
<P>
<FONT COLOR=#FF0000>
<a name=foot11><sup>11</sup></a>
A Paper on Regulatory Intent Concerning Use of Encryption on Public
Networks was issued by the British Department of Trade and Industry on 11
June 1996.
</FONT>
<P>
<a name=foot12><sup>12</sup></a>
Policy statement on media issues published by the Coalition parties prior to
the 1996 federal election. The
section immediately relevant to this Review (personal Privacy and Commercial
Security) is shown at Annex B.<P>
<a name=foot13><sup>13</sup></a>
Attached at Annex F of this report.<P>
<a name=foot14><sup>14</sup></a>
The Information Policy Task Force was a specific proposal in <i>Australia
Online</i>. p 10 et seq and is specified as a relevant parameter for this Review. See Terms of Reference, attached as
Annex A to this report, para 4.
</font></ul>
<P>
<hr>
<P>
<center>
<a name=chap2></a>
<h3>
CHAPTER 2
<P>
CONTEXT AND APPROACH OF THE REVIEW
<P>
2.1 <i>The Context - Barrett's Obiter Dictum</i>
</h3>
</center>
<P>
2.1.1 This review occurred in concert with a range of similar reviews
initiated by different parts of government. Some overlap was indicated, and the
coordination arrangements remain something of a mystery. Topics as broad as
electronic commerce or on-line services understandably attract the attention of
a number of major policy departments and operational agencies, while encryption
is addressed simply as an element of their broader studies. The focus of this
review of encryption policy is to address law enforcement and national security
interests, while ensuring individual privacy needs are safeguarded.
<P>
2.1.2 The review took as a reference point an observation made in the
Barrett report on Telephone Interception in 1994 that<P>
<ul>
<i>
If the international user requirements approach [a guideline
developed by
a number of countries that carriers and suppliers taking into
account law
enforcement's requirements in tire development of new technology and
new services] can be made to work, the next question is whether the
advent
of more powerful and widespread encryption is likely to defeat
interception
at some point in the future.
<a href=#foot15><sup> 15 </sup></a>
</i>
</ul>
and the conclusion:
<ul>
<i>
While Australian agencies all report that encryption has not been a
problem to date, it is likely to become one in the future.
<a href=#foot16><sup> 16 </sup></a>
</i>
</ul>
<P>
2.1.3 The question which obviously presents itself is whether the 1994
conclusion still stands or how it should be revised.
<P>
2.1.4 Barrett recommended the Law Enforcement Advisory Committee
(LEAC) should keep the use of encryption under review and provide annual
reports on its effect.
<a href=#foot17><sup>17</sup></a>
That task was assigned to Sub-Committee E of LEAC.
It has submitted four reports to date
<a href=#foot18><sup>18</sup></a>.
They note evidence of encryption
being used in stored data (primarily hard disk) but none as far as communications are
concerned. This view is qualified by the fact that the equipment used to
intercept digitised signals transmitted over high-speed modems is forced to
operate at the limit of capacity and some encrypted communications may not be
captured. The bottom line judgement has to be that Barrett's conclusion stands
intact but the time-frame is likely to be compressed. The problem is no longer
a future one - the operational and investigative problem will be with law
enforcement and the national security authority tomorrow.
<P>
<h3>2.2 <i>The Approach</i></h3>
<P>
2.2.1 Working alone on such a review, it was clearly impractical to invite
written submissions or conduct public hearings. Related standing
reviews
already existed and others were established in the brief life of this Review.
The
primary issue was how law enforcement agencies and the national security
service might retain their current investigative capability in a world where
encryption may be generally used. The second issue was to establish if what
was hidden from investigative agencies behind the veil of encryption would
affect their effectiveness. Thirdly, if the impact was deleterious, should
Australia be looking at emulating the type of response adopted by some foreign
governments or do something else. And fourthly, should a decrypting
capability for law enforcement be established and, if so, how might it be funded
and maintained.
<P>
2.2.2 The structure of the Report reflects the major themes of the Review.
There were some other issues and by keeping a constant eye on the Terms of
Reference, these are addressed either separately or cognately.
<P>
2.2.3 The key constituencies for the review were easily identified: privacy
guardians and those academics or experts who had revealed a close interest in
this aspect of the debate; Commonwealth, State and Territory law enforcement
agencies and the national security service; policy departments with an interest
in the area; users; carriers and service providers; the information technology
industry itself; and the banking or finance sector. Within quite severe
resource
limitations, the Review attempted to consult with a representative sample of all
these sectors and expresses its appreciation for the time and thoughtful
contributions which were made.
<P>
2.2.4 There were some areas of the Terms of Reference where it was not
possible to make a satisfactory response or the limitations imposed on a single
reviewer precluded the elicitation of the material on which a response may have
been based. In instances where I was aware this occurred, I have identified
areas which require further examination. Indeed, the situation in a number of
these is far from settled and continuing close attention to developments in
Australia and overseas is indicated. For the same reason, there are many
instances where findings have not prompted recommendations but warrant close
consideration. I believe Australia has suffered no damage from its
disinclination to commit to a legislative or regulatory regime in the
cryptography field and has had time to learn from or reflect on the early
initiatives of other countries.
<P>
2.2.5 The Review addressed its terms of reference from a public policy
perspective. Some understanding of the core elements of cryptography is
necessary for informed discussion, but the Review did not seek to acquire, far
less claim, technical expertise. To those who found themselves occasionally
cast in the role of tutor and were then impelled to make over-simplifications to
achieve even nodding comprehension, grateful appreciation is expressed.
<P>
2.2.6 As the Privacy Act does not apply to the private sector and the
privacy
impact of the issues raised in the Terms of Reference exclusively impact on the
private sector, I thought it important to consult with both formal privacy
protection bodies on the one hand and academics and industry experts on the
other to gamer views in an area of uncertainty. I found much commonality.
There is broad acceptance of the checks and balances at the Commonwealth
level on intrusive investigations by law enforcement and the security service.
While some changes to the scope of warranting provisions were seen as likely,
these should be accepted by the community if the same level of stringency in the
securing, execution and oversight of warrants is maintained.
<P>
<h3>2.3 <i> Creative Tension or Competition?</i></h3>
<P>
2.3.1 Between the key constituencies mentioned above, some degree of
tension was to be expected. What also became apparent was the differing
philosophical position taken by various elements within each sector. This is
illustrated simply by the government sector, where four separate policy
departments represent the following discrete purposes:
<P>
<ul>
<dl COMPACT>
<DT>i)<DD>privacy, intellectual property, international agreements, law
enforcement policy, national security policy, telecommunications
interception, protective security policy, law, evidence and justice;
<P>
<DT>ii)<DD>the defence of the Commonwealth, support for the armed
forces, the collection and production of foreign signals
intelligence, communications security policy, computer security
policy;
<P>
<DT>iii)<DD>science and technology policy, trade and investment
facilitation, government assistance to enterprise development and innovation
support, trade and export finance policy advice; and
<P>
<DT>iv)<DD>policy advice on multimedia, trade and industry development
aspects of telecommunications, regulatory aspects of
telecommunications, policy concerning broadband services.
</DL>
</ul>
<P>
Across such a spectrum of government interests, the fact of different
philosophical approaches is not surprising. What is of concern ,however, is the
lack of any coordination mechanism to bring together the disparate policy
interests and review bodies. The policy outline with which the Government
went to the 1996 federal election, Australia Online, elevates the protection of
personal privacy above other considerations and eschews legislative action in
the area of encryption.
<a href=#foot19><sup>19</sup></a>
The Review was advised these elements reflect the
Minister's current thinking. It is not clear, though, how they and other
elements infuse the policy development process throughout government.
<P>
2.3.2 Proposals for coordination arrangements are advanced in Chapter 6.
The comments raised here are mentioned to understand the somewhat
fragmented context in which the Review occurred.
<P>
<B>Footnotes:</B><P>
<font size=2>
<a name=foot15><sup>15</sup></a>
Report of the Review of the Long Term Cost Effectiveness of
Telecommunications Interception conducted
by Mr Pat Barrett, March 1994, paragraph 5.3.19, p 98. Commonly referred to as
the Barrett Report.
<P>
<a name=foot16><sup>16</sup></a>
Ibid, p 99.
<P>
<a name=foot17><sup>17</sup></a>
Ibid, Recommendation 5, p 16. The LEAC was established by the regulating
agency, the Australian Telecommunications Authority (AUSTEL).
<P>
<a name=foot18><sup>18</sup></a>
Reports of December 1994, June 1995, December 1995 and June 1996.
<P>
</font>
<P>
<a name=foot19><sup>19</sup></a>
Australia Online, op cit. See relevant section at Annex B of this report.
</font>
<P>
<hr>
<P>
<center>
<a name=chap3></a>
<h3>
CHAPTER 3
<P>
<P>
THE DIRECTION AND IMPACT OF ENCRYPTION
<P>
</center>
3.1 <i>The direction</i>
</h3>
</center>
<P>
3.1.1 The ability to sketch confidently the direction of encryption would be
a very marketable talent in the IT industry. Few are prepared to be expansive
in their predictions, but some trends or tendencies have emerged. On one point all
seem agreed - when personal computers are sold with standard software
packages which offer a pull-down encryption facility, there will be wide use of
encryption. There are plenty of encryption systems and applications available
commercially and in the public domain. The volume has increased
significantly over the past three years but not the variety. Commercial
and private interest has principally been in the data storage area, with limited
incursion into computer to computer communications. Criminal intelligence
from law enforcement agencies overseas indicates the larger narcotics suppliers
are using such encrypted links.
<P>
3.1.2 Likely developments over the next few years? Cryptography
in modems, currently restricted by export restrictions; financial smart-cards
with complete encryption which will defy transaction tracking; a continuing trend
from encryption software programs to hardware-based systems; and always
more speed. In the same period, communications will continue to become
faster and cheaper. Relaxation of United States export controls would see
systems with quality algorithms and long keys surge on to the market. There is
little doubt the combination of these developments will see a major slow-down
in the 'reading' capacity of the Sigint community for a period. How long that
period may be and how it may be overcome are issues to be discussed in a
framework of more sensitivity than the nature of this review permits.
<P>
3.1.3 And then there is quantum cryptography. Some argue it is the next
wave, others dismiss it as fantasy. Gilles Brassard spoke on the subject at a
cryptanalytical conference organised by the Queensland University of
Technology in July 1995. He said quantum cryptography harnesses
Heisenberg's uncertainty principle from quantum mechanics to allow two
parties who have never met and who share no secret information beforehand to
communicate in absolute secrecy under the nose of an adversary, regardless of
her computing power. This is achieved by the exchange of very tenuous signals
that consist on the average of one-tenth of one photon per pulse. Prototypes
have been built that work over a distance of ten kilometres of optical fibre.
<a href=#foot20><sup>20</sup></a>
The optimists suggest commercial application is 15-20 years away, the sceptics
argue it is light years
<P>
3.1.4 The short judgement of likely encryption developments
may be summed up in three words which are an unintended parody of the Olympic
motto: stronger, faster, cheaper.
<P>
<h3>3.2 <i>On Law enforcement and national security</i></h3>
<P>
3.2.1 There is already considerable evidence of encryption being used in
the areas of organised crime, narcotics, pornography, illegal gaming for storing
data. Criminal intelligence indicates the larger narcotics syndicates overseas
already employ encrypted computer links (e-mail and telnet), but very few
communications applications have been detected in Australia.
<ul>
[<i>para 3.2.2 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
3.2.2 'Serious' criminal elements are reported to have moved rapidly from
analogue to digital mobile systems as soon as GSM became available.
<a href=#foot21><sup>21</sup></a> Prior
to that time, there is considerable anecdotal evidence that analogue telephones
were being purchased, used once and discarded as a countering tactic to law
enforcement. More recent practice is for criminals to carry a supply of SIM
cards which, when changed, alter the characteristics or signature of the
telephone. Examples were given to the Review of suspects having 30-40 SIM
cards on their person when arrested, the highest figure quoted was 140, and of a
firm in Sydney which will post SIM cards on request, providing only a credit
card reference is given.
</FONT>
<P>
3.2.3 The telephone system is being used by criminal elements to send data
from point to point and these exchanges are sometimes encrypted.
The Review was given virtually no indication of voice communications being encrypted,
though as early as 1991, an Australian company was importing voice encryption
for PSTN circuits.
<a href=#foot22><sup>22</sup></a>
Considerable concern about hacking and phreaking was
evinced, and evidence to support that concern, including attacks on law
enforcement agencies own data bases. While the expected security rules that
there should be no PSTN connection with the data bases apply, the reality is
back-doors can be engineered by those with intimate knowledge of the
systems. These activities are, however, outside the Terms of Reference of this
Review.
<P>
<ul>
[<i>para 3.2.4 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
3.2.4 Australian law enforcement agencies have not experienced difficulty
in securing warrants to search and seize the stored data of suspects, but have
found increasing difficulty in accessing this material in readable form. They
advised no statutory or other power exists to compel people to disclose
information against the principle of non self-incrimination. Some possibilities
will be discussed later in the report.
<a href=#foot23><sup>23</sup></a>
</FONT>
<P>
3.2.5 In a speech in early February, 1996 an American academic,
prominent on law and order issues, said:
<P>
<ul>
<i>The widespread availability of unbreakable encryption coupled
with anonymous services could lead to a situation where practically
all communications are immune from lawful interception and documents
from lawful search and seizure, and where all electronic transactions
are beyond the reach of any government regulation or oversight. The
consequences of this to public safety and social and economic
stability could be devastating.
<a href=#foot24><sup>24</sup></a>
</i>
</ul>
<P>
3.2.6 Such an analysis of the medium-term future could be seen as
much advocacy of the American model of key escrow as a depiction of an
environment where such a model would offer attraction.
<P>
3.2.7 As the assessment is likely to be recycled, because of the
weight accorded Dr Denning's views in the encryption debate, it has to be said
it reflects either sudden and unreported change in the American scene or
an exuberant use of the subjunctive tense. Only eight months earlier, in
April 1994, Vice Admiral John M McConnell, Director of the National Security
Agency, told the United States Senate's Judiciary Committee's Sub-Committee
on Technology and the Law his agency's continuous monitoring of
communications worldwide showed little was being encrypted.
<a href=#foot25><sup> 25 </sup></a>
<P>
3.2.8 A speech given by Louis Freeh, Director of the FBI, in late
1995 has been relied on by American conservative advocates to buttress their
point of view.
<a href=#foot26><sup> 26 </sup></a>
He argued encryption should be viewed as a public safety issue,
noting the Bureau was 'increasingly' being 'impeded' in its mission, not just
in communications but data storage as well. He cited a terrorist case
based in the Philippines which involved a plan to blow up a United States airliner as well as
a plan to assassinate the Pope, a computer hacker and a child pornographer.
There has been no public reference to new cases - surprising if 12 months ago
the FBI was being impeded from performing its functions.
<ul>
[<i>para 3.2.9 not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
</i>]
</ul>
<FONT COLOR=#FF0000>
3.2.9 Despite an understandable concern at what might be, the indications
are that the current United States experience is not significantly different to
Australia's - a small proportionate incidence of personal computers and
associated digital storage utilising encryption or password protection but the
trend line moving upward in only a slight way from a low base. The encryption
involved ranging from the relatively unsophisticated through to DES.
</FONT>
<P>
3.2.10 National statistics are not available for Australia but partial
figures
and the impression of those work-in. in the technical areas of law enforcement
indicate we remain, fortunately, yet some distance from Denning's vision of
Armageddon.
<P>
<h3>3.3 <i>The Statistical Vacuum</i></h3>
<P>
3.3.1 Regrettably, many judgements in a Review such as this must rely on
anecdotal evidence. There is no reliable statistical data and the same
privation will limit future related inquiries and affect, if not flaw, policy development.
There is no requirement on carriers to report the take-up rate of services they
market, the shift from one sector to another and the obligations of service
providers are unclear. Similarly with suspected computer and communications
offences, where reporting is patently uneven and often deliberately avoided.
<P>
3.3.2 Consequently, whether addressing the take-up rate of a service, the
incidence of hacking or phreaking, or extortion on the threat of disabling
computer systems, opinion can only be based on inference, anecdote and
intuition. There is no central repository of reliable statistical information,
a situation not improved by the reduction, through budgetary constraints in some
areas, of the resources available for law enforcement to play a proactive role
in this area.
<P>
3.3.3 The London <i>Sunday Times</i> articles detailing 'sting' attacks on
financial institutions appeared early in this Review process.
<a href=#foot27><sup> 27 </sup></a>
They prompted a range of observations, albeit mostly anecdotal or hearsay, suggesting such
attacks may not be as rare or geographically distant as the Australian community
might wish. Law enforcement agencies acknowledged that institutions and
corporations do not believe those responsible will be identified, let alone
their assets recovered. The experience of the Sumitomo Corporation in Japan
early in the Review period was a salutary reminder of the accuracy of this
perception. Sumitomo admitted to its shareholders major fraud had taken place but
had been stopped. The shareholders and the stock exchange exacted savage
retribution for the confession.
<P>
3.3.4 The potential loss of public confidence, with the
consequent perception of possible inability to meet commercial obligations, is
central to financial institutions' reluctance to report major criminal activity.
It was apparent to the Review that financial institutions are as restrictive
in their internal communication as they are tacitum externally.
An independent statutory body, funded by government, with a legislated code of
confidentiality covering mandatory reporting to it and its own reporting arrangements
to the parliament, operating under oversight of the Auditor-General, and
independent of any external influences would be a sensible repository for the
statistical data required by government and a source of advice and guidance to the
corporate and commercial world. It would be able to undertake
analysis of the data received, alert public and private sectors to activity trends and act
as an expert witness in court proceedings.
<P>
3.3.5 Such a role would fit a body like AUSCERT, were it to be
funded by the Commonwealth, placed under a strict regime of confidentiality,
vouchsafed by the Auditor-General and guaranteed independence.
<a href=#foot28><sup>28</sup></a>
Its American equivalent is funded by the Department of Defense.
The Department of Communications and the Arts commissioned a consultant to look at
AUSCERT and the recommendations have now been enacted. The impact of that
review on its functions should be able to be evaluated by mid-1997 when the
envisaged role for AUSCERT or a similar body should be addressed by the proposed
inter-departmental committee on cryptography.
<P>
<h3>3.4 <i>Policy Uncertainty</i></h3>
<P>
3.4.1 While normally unhelpful to meet a question with a
question, to address encryption technologies from a public policy point of view one
first has to answer a question that is both philosophical and practical. As we
develop the Global Information Infrastructure (GII) who should control it?
The carriers, service providers, government, the people who use it or some amalgam
of a number of these? Put another way, the question asks who should
control data in the GII. Without data protection legislation in place, is the
carrier prevented from acting at will with the data entrusted to networks. A
traditional public policy view would argue government regulation and restraint of
processes affecting civil rights and privacy produce more equitable outcomes. When
governments fail in that role or, the people, at least in democracies, may
proceed to remove those governments. To vest the responsibility with the
carriers or service providers, those participating for profit, would expose a novel dilemma
for the citizen - how does one 'throw out' a carrier or service provider judged
to be abusing one's privacy or civil rights? The answer that one should shift
to an alternate presumes availability and suitability, neither of which may be
provided. The 'amalgam proposal' envisages governments picking up citizens'
concerns, providing a framework of some sort within which carriers and
providers would operate and regulate themselves.
<P>
3.4.2 At the international level, Australia is playing a significant role in
the development of draft guidelines on cryptography, which will complement earlier
guidelines on privacy and security of information. These should provide the
international framework, to the central tenets of which it is hoped member
countries would commit themselves. The process of guideline development has
been measured, as the issue of cryptography policy opens for redefinition the
citizen's relationship to the state and the role to be accorded governments
within that relationship. National experience and expectations are very different and
time is required to focus on trans-national principles. That the eye of some
has been turned more to international arrangements they would wish to see in place
has not helped a process which must work from first principles, formulate
national policy on that basis and then move to bilateral and multilateral
agreements.
<P>
3.4.3 The Australian Government's online industry election statement
identified private commerce as the driver of innovation and investment in new
online services. It proposed the establishment of an Information Policy Task
Force (IPTF) to examine various policy issues and report to the Goveniment.
<a href=#foot29><sup>29</sup></a>
Meantime, many different committees and working groups are tasked with
examining aspects of on-line services, electronic commerce, encryption, smart-
cards and electronic cash and the daughter of Campbell
<a href=#foot30><sup>30</sup></a>
inquiry will pick up all of these and many more besides. These various bodies embrace, among
others, the Attorney-General's Department, the Department of Communication
and the Arts, the Department of Defence, the Department of Finance, the
Department of Industry, Science and Tourism and a number of agencies. That
is not surprising as elements of cryptography touch their functions. What is
surprising is the uneven level of representation which some of those review
groups attract. A formally established inter-departmental committee (IDC)
would seem a more sensible and effective means of policy coordination and
development than current arrangements. If established, the appropriate IDC
representation would be at Branch Head level.
<P>
3.4.4 There is a need for one department to have the clear
responsibility for cryptography policy and to coordinate the multi-faceted development of
government policies which involve cryptographic applications. It would
not seem sensible for the Department of Defence to assume this policy
function.
One of its portfolio organisations, the Defence Signals Directorate
(DSD), is already tasked by government with the collection, production and
dissemination of signals intelligence and 'to advise the Government on all matters
pertaining to communications security and computer security'.
<a href=#foot31><sup> 31 </sup></a>
A role not confined solely to situations where national security could be adversely
affected but also embracing sensitive official information requiring protection for
privacy, financial or other reasons.
<a href=#foot32><sup> 32 </sup></a>
Defence's framework, however, is inextricably linked with sensitive and classified applications, primarily for its
own and diplomatic purposes - instanced by its required alertness to dual use
applications and global proliferation of cryptography. This would appear to make
Defence a less than obvious choice for the role in question.
<P>
3.4.5 The Treasury and the Department of Finance have obvious
interests in the whole field of electronic commerce, but cryptography is a discrete
element of that issue and not a principal policy interest.
The Department of Communications and the Arts has policy responsibility for broadband
services, telecommunications and multimedia, but again cryptography stands a
little apart from these. The Department of Industry, Science and Tourism approaches
the issue from a developmental and export point of view, rather than a
policy one. Embracing the interests of law enforcement, security, privacy,
commercial law, intellectual property and protective security policy, the Attorney-General's
Department may be seen as a preferred option to house the policy responsibility
and chair the IDC. There is a need for Ministers urgently to address
this issue and for it to be determined.
<P>
3.4.6 There would seem little doubt that when the major software
manufacturers make available encryption applications, a majority of the
world's computer users will access them. That time was not announced when this
Review commenced and yet Microsoft presaged such a development in July 1996.
<P>
3.4.7 The most obvious implication for governments facing the
astonishing pace of development in the communications and information sectors and
the easy private availability of strong encryption is the fiscal one: such
a proportion of financial transactions and movements may take place via virtual
banking arrangements in cyberspace that governments may face progressive
revenue starvation. Only slightly behind is the implication for the delicate
balance our society has reached between privacy, law enforcement and security
interests. Firstly, there is some inherent tension when these issues are
conjoined.
<P>
Secondly, it is not simply a question of setting an individual's right against
society's rights, for we do not face here a static balance. All who live in
community accept there has to be some trade-off, but that trade-off is not an
unqualified one. There must be limits. It is a flawed approach to assume a
small or episodic interest of the state should necessarily predominate over the
privacy interests of the individual.
<P>
3.4.8 From a privacy point of view, cryptography offers welcome security
to the individual (person or corporation) and the opportunity to place data,
stored or in transmission, beyond the reach of those who may seek to ascertain
their private or commercial affairs. The Government's online election policy
supported the availability of strong encryption, the principle of informed
consent and the centrality of personal privacy in our society. It recognised
not all would use encryption for honest purposes but placed the onus on law
enforcement and security agencies to justify any measures which should
outweigh the social and economic consequences of the loss of personal privacy
and commercial security.
<a href=#foot33><sup>33</sup></a>
<P>
3.4.9 The range of situations likely to confront law enforcement and
security agencies is as wide as their statutory mandates, but particular focus
has to be given to crimes such as kidnapping or other threats of violence
directed against VIPs or internationally protected persons, terrorist
situations, extortion involving significant threats to public safety and attacks
on the institutions of the state.
<P>
<h3>3.5 <i>Today's Problems for the Investigators</i></h3>
<P>
<ul>
[<i>para 3.5.1 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
3.5.1 Encrypted stored data and packets of information wrapped in
encryption applications before they are sent over the telephone already
pose a problem for law enforcement. The power of complex algorithms is
available at the click of a computer 'mouse', In short, 56-bit DES is
commercially available and will not be decrypted by any law enforcement
agency without the key being available. Even a cryptanalytical agency would
find the process difficult and slow without the key.
</FONT>
<P>
3.5.2 There have been major advances in cryptography in recent years and
significant increases in commercial involvement. Cryptanalysis, however, does
not necessarily maintain a constant distance behind cryptography. The interval
will vary and, without moving into any sensitive detail, it cannot be expected -
on budgetary, personnel and capital equipment alone - that cryptanalytical
facilities will always be able to 'crack' commercial and public domain forms of
encryption.
<P>
3.5.3 Law enforcement agencies noted, with some chagrin, it is not the
seizure of property which poses difficulty for them. The problem arises from
an inability to force disclosure of encryption 'keys' where a person invokes the
principle of non self-incrimination. This problem of information being put out
of reach of other than specified persons has resource implications for ASIO,
where accessing plans for acts of politically motivated violence or terrorist
incidents is a central part of that agency's function. It will make both human
source and technical targeting a more difficult exercise - and increased
difficulty impacts on flexibility, responsiveness and financial outlays.
<P>
<ul>
[<i>para 3.5.4 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
3.5.4 Law enforcement agencies recognise that to seek a password of those
from whom property has been seized may, or will, be taken as an admission the
particular encryption application has not or cannot be broken. They also accept
many forms of encryption will not be broken or reverse engineered. The
selection of which investigations deserve concentration will depend on
intelligence and the availability of the requisite IT competence in the relevant
agency. The Review was struck by the knowledge and expertise of specialists
in the law enforcement agencies and in ASIO, but it was also palpably obvious
their numbers are few. Investment in and retention of a corps of such people is
an unavoidable choice for the management of those agencies. This is a matter
which might, in structured and coordinated fashion, usefully come within the
purview of the Inter-Agency Cryptography Forum discussed at paragraph 4.4.8.
</FONT>
<P>
<h3>3.6 <i>The Imminent Challenge</i></h3>
<P>
<ul>
[<i>para 3.6.1 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
{Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
3.6.1 Little evidence emerges of encrypted voice communications being
employed by criminal elements, although ASIO noted foreign intelligence
services had long adopted the practice. Great weight was placed by those law
enforcement agencies consulted and ASIO on the tactical importance of real-time
access to voice and data communications for the conduct of investigations
and the collection of evidence. It was said, and examples were advanced to
support the contention, that loss of this access would seriously impact on their
investigative capability. The unique advantages of interception of
communications are passivity, flexibility and the low risk of the endeavour,
combined with immediacy of intelligence flow. Denied this tool, agencies
would be forced to engage in a wider range of human source activities, for
which the preparatory planning stage is quite long, which may entail
considerable financial outlays and about which there would be a high degree of
operational, bureaucratic and political risk.
</FONT>
<P>
3.6.2 It is clear secure encrypted communications are available now to the
ordinary citizen with some computer literacy, the motivation to acquire the
capability and the wish to communicate securely with like-minded and like-
equipped people. Today, 'Smith' could use a commercial symmetric algorithm
like IDEA, together with a 56-bit key producing strong cyphertext, to
communicate with 'Jones', who, possessing the same algorithm and using a 56-bit
key, would decrypt the message. Such a system is fast, a single key
performs both the encryption and decryption function and any key number from
a randomly generated pool may be used.
<P>
3.6.3 The exchange of the symmetrical keys discussed above might be
performed with an asymmetrical algorithm using a pair of related but dissimilar
keys, one of which is referred to as the private key and the other as the public
key. The public key is then exchanged with all other parties with whom one
wishes to communicate. Potentially such a key could be notified in a public
directory and be accessed by all. To send a message to Jones, Smith uses a
two stage process. In the first stage, he encrypts the symmetric key for the
IDEA algorithm with Jones' public key (which is publicly available). In the
second stage, Smith encrypts his message using IDEA with the symmetric key.
Smith then sends the encrypted key and the encrypted message to Jones. On
receipt of the two files, Jones performs the two-stage process in reverse.
Firstly, she decrypts the symmetric key using her private key (which she alone
knows) and uses this symmetric key with the IDEA algorithm to decrypt
Smith's message.
<P>
3.6.4 Another level of strength is achieved by using separate 'session' keys
for every message or series of messages. Automatic teller machines employs
session keys which change with every transaction. A random source is used to
generate, let us say, a 128-bit key which combined with IDEA produces a
session key. That key is used to convert a message into cyphertext. But the
key is also combined with RSA to produce an encrypted session key.
<a href=#foot34><sup>34</sup></a>
This is separately and first communicated to Jones and received in the 'start'
compartment of the output file of her computer. When Smith sends his
cyphertext message to Jones, she can decrypt it by using the specially encrypted
session key which is now available to her. Such a system employs both RSA
and IDEA and separate sessional keys.
<P>
3.6.5 Even if a law enforcement agency was to execute a search warrant
against premises where Smith's computer was located and already had a copy of
his public key, it would be extremely unlikely to be able to obtain a copy of
the session key. Ibis would not be retained in Smith's computer. Unless Smith
volunteered to whom communication from his computer was directed or Jones
was known to be the addressee of that communication and law enforcement was
able to await receipt and decryption, little prospect exists to intercept
satisfactorily such communications.
<P>
3.6.6 It is perfectly feasible, today, to incorporate all the features of
the system outlined here into a 'black box' arrangement which, may be programmed
to change the key, say, every 10-15 seconds or more often. Among a group
drawn together in common purpose (such as a bunch of criminals or a terrorist
cell) it would be relatively simple to have a personal computer function as the
central processor, directing and forwarding traffic, incorporating a tamper-free
heart to prevent interference by investigative agencies with its functions and a
self-destruct feature which would erase all memory if tampering was detected.
<P>
3.6.7 Law enforcement and national security agencies assess the ability to
trace calls (including call record information), with the assistance of carriers
or service providers, to be of crucial importance to the performance of their
functions and this capacity will become even more important if the ability to
intercept calls should be lost or the content of communications was denied by
use of an encryption application. These issues are currently being considered
by Sub-Committee B of LEAC, as well as: the legislative authority on which
requests for assistance by investigative agencies are based; the appropriate
scope of the 'reasonableness' test to be applied (ie is it reasonable to confine
the application of special call tracing measures to life-threatening situations);
the criteria to be applied when seeking call tracing or call record information and
issues of cost.
<P>
<h3>3.7 <i>Towards Response Strategies</i></h3>
<P>
3.7.1 The above examples illustrate what may be done today and which
may already be happening. That agencies have not reported wholesale
examples is no comfort such practices are not being employed. Where the
targets of law enforcement and national security observe strict communication
security, the prospect of capturing communications at source or the point of
dispatch may be made even more difficult.
<P>
3.7.2 The prospect of collecting data at point of receipt is reduced by the
availability of services such as anonymous remailing, which can cause a
message to bounce around the ether like a ball in a pin-ball machine.
In Internet communications, random paths are taken by message packets and there
is no guarantee constituent packets of the same message will travel by similar
routes. Indeed, directions may be given to diverge the packets and some may
be repeated. All that is certain is that they will arrive at their address
and arrange themselves into correct order. The random routing of packets will not,
of itself, cause a problem where a more conventional attack at, say, an Internet
Service Providers' premises is possible. If the packets are encrypted, however,
the problem remains.
<P>
3.7.3 So should one pray for a miracle? If patience is in short
supply, perhaps so. Stephanie Perrin, a Canadian privacy specialist, made two telling
points in her address to an OECD conference in Canberra early in 1996.
<a href=#foot35><sup>35</sup></a>
She publicly reaffirmed her faith in encryption technology but expressed concern at
the people who may be driving it at any time. Her second point reflected the
inherent tension in the public cryptographic debate - the available technology
is of a kind and capacity unable to accommodate simultaneously both privacy and
public safety needs, so striking a balance is like 'squaring the circle'.
<P>
3.7.4 There would appear to be no particular comfort to be gained by
investing hope in a cryptanalytical breakthrough, to pole vault law enforcement
and national security over the mounting obstacle of public and private
cryptography. Such events occur at something like 15 year intervals, which
would exclude them as a relevant factor in this Review, and the diversity and
scale of the volume likely to be faced would daunt even wishful capacity.
<P>
3.7.5 As interception on the network proves progressively difficult and
intractable to decryption and capture at the point of receipt is denied because
direction and intention are both obscured, areas of encouraging research will
require the coordinated resource commitment by the relevant agencies and
cooperative dialogue with the IT industry, carriers and service providers. In
fields where the level of cooperation bears a direct relationship to the trust
felt, it would scarcely be sensible for the Commonwealth, the States and Territories
all separately to approach these groups.
<P>
3.7.6 No argument for government to take public policy decisions on key
management infrastructure, such as the US and UK have done, was put to the
Review. In fact, the reverse was argued. There is a risk of marginalisation if
actions are perceived as premature or ill-conceived.
<ul>
[<i>remainder of para 3.7.6 not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
and
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
Scanning through the
measures of those countries whose governments have decided to 'do something'
about cryptography, one is drawn to the conclusion that most efforts have
already proved nugatory. The flexibility of encryption systems and
applications, let alone the greater advantages which hardware based systems
will offer, and the pace of technological development, will sideline the
remainder.
</FONT>
<P>
3.7.7 There are matters of privacy, authentication, warranting provisions
and the need to protect law enforcement and national security access and
decryption methods which need to be addressed. Some are discussed elsewhere
in the report. Others are outside the terms of this Review. The extension of
the Privacy Act to the private sector is likely to prove a significant bulwark
for personal data protection. Authentication has being addressed by the
group brought together by Standards Australia to develop a draft Australian
Standard for Public Key Authentication.
<P>
3.7.8 The banks, of course, have a long history, at least 15 years, of
dealing with keys, of separating the purpose of different keys and of using
them. There are Australian Standards for electronic interchanges which address
encryption keys, authentication keys and privacy keys. Some interesting
conceptual and technical work is being done by Professor Bill Caelli and some of his colleagues
on the separation of signing and privacy keys, on notarising the purpose of keys
and linking the certification and notarising processes to a form of registration
which would permit access by law enforcement and security to the
confidentiality key. While it is too early to determine if the proposal is
viable from the technical and public acceptance points of view, there seems some basis
for encouragement.
<P>
3.7.9 It is worth recalling, when expressions of grave anxiety are
ventilated over any prospect the state, or its agencies, may be able to access one's
signing key (authentication) that people already submit their biometric signature
(fingerprints) to the state in certain circumstances. The community accepts
that as reasonable. There is no doubt fingerprints are a unique means of
identification, as personal as one's handwritten and witnessed signature, as
specific as one's digital signature. The state enforces a process of
fingerprinting in specific circumstances, it requires considerable numbers of
the community to trust the third party with whom those fingerprints are lodged and
the community interests itself very little in the terms under which they are
held or the access which may be gained. Such a level of trust is given to that third
party, the police service, that few believe copies may be made, printed on to
latex gloves and one's biometric identity compromised in the commission of a
criminal offence. The community appears to trust the integrity of the process
and grievance mechanisms such as the Ombudsman's office which stand outside
the process, though one suspects the particular sensitivity over possible access
to digital signatures derives as much from ignorance and apprehension about the
technology as lack of confidence in the integrity of the proposed custody
system.
<P>
3.7.10 Strong argument was put to the Review, and accepted by many of
those especially concerned with privacy, that those who employ encryption in
connection with the planning for or execution of major criminal offences should
be required to disclose the decryption key when lawful demand was made and
failure to do so should incur significant penalty. There is attraction in
the analogy between encryption used in the planning for or commission of a
criminal offence and the use of a firearm in the commission of a criminal
offence. For the use of a deadly weapon in connection with a criminal offence,
the state normally seeks to exact a penalty proportionately greater than if the
perpetrator had been unarmed. That the use of encryption in connection with a
criminal offence be similarly viewed, where the intention to frustrate any
lawful investigation would be assumed to be the primary motivation in such
circumstances and any claimed preservation of confidentiality considered a
secondary motive, is worthy of considerations The legislation and experience
of those American states which have legislated in this manner might be
instructive.
<a href=#foot37><sup>37</sup></a>
<P>
3.7.11 The standard instruments of search, discovery or demand should
continue to prove useful for law enforcement agencies and the security service,
but they may not always be adequate. Sometimes those served with requests
may not be inclined to comply. Where they consider they risk incriminating
themselves by doing so is an obvious example. Claims that the key is lost, held
by another or simply not known may appear among the range of replies. Faced
with non-compliance and the risk that delay may result in the alteration or
destruction of data, little recourse is currently available to law enforcement
agencies or prosecution authorities save seeking to have the person charged with
contempt or the obstruction of justice. These avenues are likely to offer
little satisfaction to the pursuit of the investigation. In the case of strong
physical methods of storage, the application of effort and technology will normally
overcome protective levels or barriers in relatively short order.
Faced with unintelligible data, the absence of prospective access to the key through any
independent entity, but actual and circumstantial evidence that persuades the
encrypted data relates to the commission of serious criminal offence, the
community is likely to support a case for forcing a criminal suspect or
terrorist from behind the shield of encryption.
<P>
3.7.12 The National Crime Authority (NCA) and the Australian Securities
Commission (ASC) both have powers requiring persons to answer questions or
produce material. In the case of the NCA, the Chairman can, for instance, issue
an instrument under the Act's section 28/29 powers provision requiring
production of material or information where he/she considers such relates
directly to the resolution of an investigation under reference.
There would seem to be merit in affording the same power to the Commissioner of the AFP
to require the production of the decryption key, information or material which
would render intelligible data which has been intercepted or seized and cannot
be 'read'.
<P>
3.7.13 A process of periodic review, stimulated also by operational
circumstance or indications from the courts of actual or potential deficiency,
would seem indicated.
<P>
<B>Footnotes:</B><P>
<font size=2>
<a name=foot20><sup>20</sup></a>
Gilles Brassard of Universite de Montreal and the University of Wollongong.
'Quantum Cryptography' from the proceedings of the Cryptography Policy and Algorithms Conference.
Queensland University of Technology, 3-5 July 1995, p 59.
<P>
<FONT COLOR=#FF0000>
<a name=foot21><sup>21</sup></a>
This view of agencies consulted is supported by a report published by
Sub-Committee C of LEAC in August 1996 on The Use of GSM Services by Persons
of Interest to Law Enforcement and Intelligence Agencies.
</FONT>
<P>
<a name=foot22><sup>22</sup></a>
PSTN - Public Switched Telecommunications Network
<P>
<FONT COLOR=#FF0000>
<a name=foot23><sup>23</sup></a>
Cf. paragraphs 3.7.10-11.
</FONT>
<P>
<a name=foot24><sup>24</sup></a>
Dr Dorothy Denning, Professor of Computer Science, Faculty of
Computer Science, Georgetown University, Washington DC, 'The Future of Cryptography' a presentation
to the Joint Australian/OECD conference on Security, Privacy and Intellectual Property Protection in
the Global Information Infrastructure, Canberra, 7-8 February, 1996<P>
<a name=foot25><sup>25</sup></a>
Reported in CQ magazine, issue of April 13, 1996, p 987.<P>
<a name=foot26><sup>26</sup></a>
Louis J Freeh, Director of the FBI, speech given to the
International Cryptography Institute, Washington, DC, September 21, 1995. Available on the FBI Home Page.
<P>
<a name=foot27><sup>27</sup></a>
<i>The Sunday Times</i>, London. June 2 and June 9, 1996.
<P>
<a name=foot28><sup>28</sup></a>
The Australian Computer Emergency Response Team (AUSCERT) is an
independent Internet security body based at Queensland University. Funded for a time by Telstra, when
the latter assumed management control of the Internet from the Australian Vice Chancellors Committee, it
survived for a period on the basis of temporary
and emergency funding but is now moving (reaching?) to self-sufficiency.
<P>
<a name=foot29><sup>29</sup></a>
Australia Online, op cit, pl0 et seq. See Annex B<P>
<a name=foot30><sup>30</sup></a>
A commonly used 'colloquial' title of the Financial Systems Inquiry.
mentioned because one of its central terms of reference is to examine the impact of the implementation of many of the
recommendations of the seminal Campbell committee which looked at deregulation of the financial
markets.<P>
<a name=foot31><sup>31</sup></a>
Defence Signals Directorate, November 1986, Part I.<P>
<a name=foot32><sup>32</sup></a>
Ibid, Part iv(a) and IV(b).
<P>
<a name=foot33><sup>33</sup></a>
Australia Online, op cit, p 16. Repeated at Annex B of this report.
<P>
<a name=foot34><sup>34</sup></a>
RSA is one of two commonly used proprietary algorithms, the other being
Diffie-Hellman. It is named after its designers, Rivest-Shamir-Adleman.
<P>
<a name=foot35><sup>35</sup></a>
Ms Stephanie Perrin, Special Policy Advisor, Technology Impact Assessment,
Industry Canada, from an
address titled 'A Canadian Perspective' given to the Joint Australian/OECD
Conference on Security, Privacy and Intellectual Property Protection in the
Global Information Infrastructure, 7-8 February 1996, Canberra.
<P>
<a name=foot36><sup>36</sup></a>
The National Research Council of the US recommended in its study of US
cryptography policy at 5.4
'Congress should seriously consider legislation that would impose criminal
penalties on the use of encrypted
communications in interstate commerce with the intent to commit a federal
crime.'<P>
<a name=foot37><sup>37</sup></a>
The bill introduced into the US Senate by Senator Leahy in March 1996 (and
supported by [then] Senator
Robert Dole, is cited as the 'Encrypted Communications Privacy Act of 1996'. It
contained the following
provisions: "s. 2804 Unlawful use of encryption to obstruct justice. Whoever
wilfully endeavours by means of
encryption to obstruct, impede or prevent the communication of information in
furtherance of a felony which
may be prosecuted in a court of the United States, to an investigative or law
enforcement officer shall - (1) in the
case of a first conviction, be sentenced to imprisonment for not more than 5
years, fined under this title, or both,
or (2) in the case of a second or subsequent conviction, be sentenced to
imprisonment for not more than 10
years, funded under this title or both. The 104th Congress passed in its
last days HR 3723, the National
Information Infrastructure Protection Act of 1996. A section of the bill
entitled "Use of Certain Technology to
Facilitate Criminal Conduct' requires presentencing reports to include a
statement whether the defendant used
encryption which use could result in an 'obstruction of justice' increase in
jail time under Federal Sentencing
Guidelines.
</font>
<P>
<hr>
<P>
<center>
<a name=chap4></a>
<h3>
CHAPTER 4
<P>
THE CONSEQUENCES FOR GOVERNMENT
<P>
</center>
4.1 <i>Law Enforcement</i></h3>
</h3>
<P>
<P>
4.1.1 Law enforcement agencies have no doubt the loss of real-time access
to the communications of their targets would represent a body-blow to their
investigative capacity. The cost-effectiveness of this means of investigation
is reported comprehensively in of the Report of the Review of the Long Term Cost
Effectiveness of Telecommunications Interception.
<a href=#foot38><sup>38</sup></a>
Agencies reiterated the
key role which the interception of voice and data communication continues to
play in their investigations, illustrated this by the number of cases brought to
prosecution which relied on intercepted communications to a significant degree
and the proportion of these where no alternative means of generating critical
tactical intelligence was available. The routine use of strong encryption to
protect telecommunications would reduce that role to a simple indication that
someone was using the service and, perhaps, the person with whom the speaker
or sender was communicating. Ways may become available to generate a
constant stream of traffic and limit even that conclusion.
<P>
4.1.2 Less concern was expressed at the encryption of stored data, though
numerous examples have already been encountered where law enforcement
agencies were unable to access the data and have had to return it unread. The
interval between search and seizure and the need then to produce material in
court or incorporate it into a brief of evidence would normally allow sufficient
time to decrypt if the encryption application was a soft one or the key/password
was available. In other instances, the only solution would be a cryptanalytical
one and there is no guarantee such would be forthcoming - assuming the
resources were available to try.
<P>
4.1.3 The issue of loss of real-time access to intercepted communications
is very different from the issue of cost-effectiveness of interception, though
there is a relationship. Because of the argued impact which loss of real-time
access to voice and data communications would produce in tactical intelligence
terms and in the security of evidence, there is need for Ministers and senior
officials to
have a reliable assessment of the operational, staffing, financial and
legislative
implications for law enforcement and the protection of national security. On
the basis of those elements, an assessment of the risk exposure of agencies and
the Commonwealth in attempting to pursue similar law enforcement and
national security ends by alternative means should be prepared. The document
will clearly be sensitive and I propose it be submitted to the Secretary of the
Attorney-General's Department for presentation to the Secretaries Committee
on National Security. The submission should be completed by the end of 1997
and be available to the further review of cryptographic policy recommended for
that time.
<P>
<h3>4.2 <i> National Security </i></h3>
<P>
4.2.1 ASIO expressed similar views and just as strongly, particularly where
they affected investigations of a counter-terrorist, counter-espionage or
politically motivated violence kind. It is the flexibility, low risk,
relatively low
cost, immediacy and guaranteed information stream which commends
telecommunications interception to ASIO and to law enforcement agencies. It
is not only the substance of a communication between two people, but whom
the subject of the interception contacts, if and how the person behaves
differently with one from others, the circle of contacts and services revealed,
the presence of a person at the premises where a fixed service (telephone or
computer) is located is made clear at various intervals, and where more than one
service used by the same person is intercepted, further and useful comparisons
may be made. All these matters constitute useful tactical intelligence,
affecting
the implementation or withholding of a range of other investigative actions, the
coordination and timing of an investigation and affording the investigator the
opportunity both to be forewarned and to monitor reactions once he/she has
taken a decisive or recognisable action.
<P>
4.2.2 The loss of such a flexible, immediate and low-cost source of
information would be likely to have a substantial impact on ASIO's threat
assessment capacity. The intelligence requirements generated by this program
frequently arise at short notice and often in fields not routinely covered by
ASIO or law enforcement. If Australia was to receive information from a cooperating
foreign agency of a threat to an overseas visitor or Australian dignitary and
the probable source of that threat within Australia, it is unlikely such a matter
could be investigated immediately without real-time access to the source's
communications.
<P>
<h3>4.3 <i> The Cost of alternatives </i></h3>
<P>
<ul>
[<i>paras 4.3.1 and 4.3.2 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
4.3.1 The loss of real-time access to communications would require the
AFP the NCA and ASIO (and all State and Territory police services) to rely
more heavily on human sources of information, on the use of listening devices,
on tracking devices, on video surveillance, and on physical surveillance - all
more invasive intrusions on a person's privacy. It takes a long time to recruit,
train and position human sources and their flexibility of deployment is limited,
As a rule of thumb, the minimum period of time to address the functions of
recruitment, some basic training and then targeting a source to access particular
information, could not be achieved in less than a period of months. Frequently
it takes much longer. The nature of some target areas is such that only a person
of a particular type of background, interests, culture and habits will survive the
scrutiny of the group or organisation against which the person is targeted. The
price of failure can be chillingly brutal. Even when success is achieved, rarely
a quick commodity, there are considerable labour, financial and privacy costs.
It will be the case for any agency engaged in the covert collection of information
from human sources. Where the route to the desired information is by way of a
technical computer attack, the financial costs is likely to be high.
<P>
4.3.2 Listening devices most often necessitate covert entry to a premises or
place, a high-risk exposure for the integrity of the investigation which can never
be completely managed and an intrusion into privacy graver than incurred by
communications interception. While the prime risk occurs on approach, during
entry/installation and leaving the target premises (a risk which rises almost
exponentially when the process is repeated), there is the constant risk of
technical detection through the use of a commercially available and proliferating
range of techniques to identify various forms of listening device. As not all
features or characteristics of a listening-device can be masked, one or more may
provide sufficient of a recognisable signature to detection equipment that the
device may be located - thereby establishing the fact of unwelcome interest and
affecting subsequent behaviour and security practice of the target. Once a
listening device is installed, its positioning is fixed so that should the target not
communicate in its field of capture or only when there is high ambient noise, the
result is likely to be without value.
</FONT>
<P>
4.3.3 Listening devices offer immediacy only when they are monitored in
real-time, a practice not always possible or affordable. There are also far
longer processing times involved in evaluating listening device product than something
like telephone interception, where the calls are immediately accessible and each
is date/timed. Legal authority to deploy tracking devices, whose installation
may involve a trespass onto property, remains under consideration so this type
of aid long used by overseas law enforcement agencies and security services is
not generally available in Australia. Video surveillance of particular premises
carries all the attendant risks mentioned in relation to listening devices and
video surveillance of public areas raises a number of significant privacy
issues.
Physical surveillance is an expensive form of coverage to mount, with
substantial overheads and a high risk of exposure - and the further risk of
contaminating the investigation itself.
<P>
4.3.4 From disclosures made in courts and inferences to be reasonably
drawn from briefs of evidence and prosecutions, from information in the public
domain and on the Internet, criminals, terrorists and foreign intelligence
officers know law enforcement agencies are able to decrypt a variety of commercial or
'soft' forms of encryption.
<P>
<ul>
[<i>part of this paragraph not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
There is an observable pattern of changed
encryption behaviour following arrests and even searches of property. Either
the power of the encryption being employed is increased or the encryption
practice, which may have been flawed because of poor password protection or
similar, is enhanced.
</FONT>
There is ample guidance material available on the Internet
and elsewhere to judge which forms of encryption are secure against law
enforcement agencies' efforts.
<P>
4.3.5 The listening device provisions in the Australian Federal Police Act
1979, confined as they are to the capture of voice (rather than sounds, signals,
images, pictures, etc) limit that service's investigative capability. As
computer
and communications crimes are not currently categorised as Class 2 offences
under the AFP Act, listening devices are not able to be deployed against these
classes of activity. The original rationale for the drafting of the listening
device
provisions and those activity categorisations has been superseded by the
changing faces of technology and crime. The lack of any overriding authority
between the States, Territories and the Commonwealth in the areas of
computing, and communications crime is probably not helpful.
<P>
4.3.6 The investigative impact on law enforcement agencies and national
security would be substantial if real-time access to the communications of
subjects of investigation was to be lost. There would be a
consequent
budgetary impact as the alternate sources of information are labour-intensive,
less flexible, involve long lead-times, incur substantial financial outlays and
sometimes produce after-care problems. The effect would, therefore, be on
capability.
<P>
<h3>4.4 <i> Decryption capability for law enforcement and
national security?</i></h3>
<P>
4.4.1 The encryption of stored data ranges from relatively crude forms
incorporated by manufacturers in pocket organisers through to strong forms
such as PGP
<a href=#foot39><sup>39</sup></a>.
The task facing law enforcement is increasingly a
cryptanalytical one, not one of decryption. The Terms of reference of this
Review seek at term (f)
<P>
<ul><i>an assessment of the most appropriate means offending the development,
implementation and maintenance of a decrypting capability for existing
and emerging technologies;
</i></ul>
<ul>
[<i>para 4.4.2 not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
4.4.2 The use of the term 'decrypting capability' here is deliberate. If
posed in terms of cryptanalysis, the question would be whether the government
should entertain establishing another agency to parallel the Defence Signals
Directorate (DSD). The cost of such an initiative would approach half a billion
dollars. On cost alone, this could not be contemplated. It would be an
unreasonable budget outlay not simply because it would be unaffordable in
today's economic climate, but also because the likely rate of return on the
investment would be too meagre to warrant it. Also, the principal source from
which experienced cryptanalytical personnel and technical expertise might be
drawn is DSD itself. In a field where technology and methods are very
sensitive, it would not be a simple matter to interpolate a quite different function
with the attendant risk of disclosure of sensitive information in court
proceedings.
</FONT>
<P>
4.4.3 Should a greater proportion of DSD's efforts be directed to support
the work of law enforcement agencies? There would be sensitivity about such a
proposal at the best of times. When Defence spending has been quarantined
against the reduction of budget outlays elsewhere in the public sector, a
political dimension is added to the issue. It would require the construction of fire-
walls and special protocols to ensure security and the issue of evidentiary
requirements would always be a vexed one. On its face, it is not a course which
obviously commends itself. On the other hand, there will need to be some
cryptanalytical capacity in the Commonwealth on which law enforcement or
national security may call when the need arises. Need, in these circumstances,
will be dictated by the immediacy and gravity of the contextual information.
There is no sound basis, as I have indicated, for proposing a second
cryptanalytical facility in the Commonwealth. It follows necessarily that
whatever cryptanalytical needs law enforcement and national security agencies
experience will have to be met from within DSD's capacity.
<P>
4.4.4 If the level of demand should become significant, there would be a
need to look at the mechanics of cooperative arrangements, turnaround times
on requests, charging arrangements and the prioritising and channelling of
requests on a national basis. That task should be picked up in the further
review recommended for late 1997.
<P>
4.4.5 There was strong support from the AFP, some state police forces and
ASIO for a separate decryption capability directed primarily to law enforcement
purposes. Currently, many law enforcement requests, including a significant
number from overseas agencies, are directed to universities and institutes of
higher learning which have developed reputations for IT excellence and seminal
research. Cases were cited to the Review where European law enforcement
agencies have contacted institutes in Australia seeking help. The dilemma they
faced was clear - bring cases to court without encrypted information which they
believed was critical to their investigation or postpone cases in the hope the
encryption may one day be broken. Neither course affords any comfort. Many
appeals for decryption assistance explicitly presume the universities will
supply this without cost, because of their percentage of public funding in their
budgets. Not surprisingly, the universities see it otherwise.
<P>
4.4.6 If a decryption facility was to be established, both state and federal
agencies consulted thought it should be located in a Commonwealth agency,
funded jointly by the Commonwealth and the states, operating on a cost
recovery basis, and function under the technical aegis of DSD and the specialist
IT components of the law enforcement agencies. The Review was not
persuaded, however, such a facility would achieve more than the individual
agencies are now managing. Unless a key was obtained from the owner of the
data or the manufacturer agreed to provide critical information, there is little
prospect that other than very basic or crude forms of encryption would be
decrypted. Certainly commercially available strong encryption will defy such
an approach and will likely resist cryptanalytical attack.
<P>
4.4.7 No distinct or quantifiable benefit would seem to flow from
developing an independent decryption facility for law enforcement. The better
tactic would be to enhance the computer crime and technical investigation areas
of the various agencies, to have a small budget slice reserved for training and
minor capital expenditure and to ensure the separate efforts of agencies are
coordinated so the sum produces enhanced capability. These are essentially
matters for agency management. Of them, the critical factors are the technical
or computer competence of the people and effective coordination across agency
lines. The Review sensed impressive capability existed among computer crime
specialists, but the number of investigators dedicated to this area is small
both in actual terms and in proportion to the whole field of criminal investigation.
The view was also gained that there has been little migration of expertise and
operating familiarity to the larger body of criminal investigators. If the AFP,
NCA and ASIO are to achieve requisite investigative and analytical capability in
a field growing much faster than the pattern of staff or capital investment by
those agencies in the past 3-5 years, the respective managements will need to
accord these objectives a greater call on available resources.
<P>
4.4.8 There would be value in formalising periodic exchanges between
DSD, ASIO, AFP and NCA at a senior technical level, so that information may
be shared in a 'closed' forum, sterile areas of exploration avoided, attack
techniques discussed and some measure of cooperative research agreed. This
sort of inter-agency forum would provide an opportunity to review the
arrangements by which requests for cooperation may be channelled from State
and Territory police forces to DSD. Because of their compliance functions and
their close investigative and functional roles, both the ACS and AUSTRAC
would sensibly be included. The national and trans-national nature of criminal
and security issues and the considerable challenge which wide-spread
encryption will pose to law enforcement and national security agencies strongly
suggests a State or Territory police force representative should be coopted to
the forum. The manner of selection or rotation is something which could be left
respectively to the forum itself and the Police Commissioners' conference,
though a suggestion is offered at 6.3.2.
<P>
4.4.9 I mention such a forum should be 'closed' because information of
great sensitivity would inevitably be discussed.
<P>
<ul>
[<i>part of this paragraph not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
That means specific clearances
would need to be given by Heads of Agency and Police Commissioners, a
procedure for the State Police Commissioners to do this now exists, and the full
range of indoctrination protocols applied.
</FONT>
The purpose is not to prevent any
derived knowledge from ever being gainfully used but to ensure conditions
attaching to compartmented knowledge are observed, security is protected and
inhibitions about the level of candour which might apply largely removed.
<P>
4.4.10 Because they relate to the forum's effectiveness, the issues of who
should chair it and to whom it should report might briefly be canvassed here.
DSD possesses the cryptanalytical expertise. The AFP possesses the
operational management expertise, the experience of progressing cases from
investigation to prosecution, of supporting prosecutions and has an appreciation
of counter-terrorist requirements through its involvement in the National Anti-
Terrorist Plan and its participation in various standing committees. ASIO
works closely with DSD, and also with the AFP. It does not have executive
powers and only occasionally becomes involved, as a party, to litigation. Like
DSD, it has an overwhelming need to protect its targeting, sources and methods.
The NCA shares the operational imperatives of the AFP and ASIO, but works to
a narrower investigative last. All agencies have a need to preserve their
covert collection and investigative capability. On this analysis, I consider ASIO
should be the initial chair of the inter-agency cryptographic forum and the
situation should be reviewed after 18 months. That interval should ensure
judgement is made on the basis of solid work, not simply issues of
establishment.
<P>
4.4.11 To whom should such a body report? Because of the importance and
the sensitivity of the matters to be addressed by the forum and the need for
Ministers to be kept informed, the appropriate authority would seem to be the
Secretaries Committee on National Security and then to Cabinet. 1
gave consideration to the Heads of Commonwealth Law Enforcement Agencies
(HOCOLEA) but the national security interest takes the matter beyond the remit
of that body.
<P>
4.4.12 Knowledge of cyphertext which cannot be decrypted is more valuable
information to a criminal, terrorist or foreign intelligence officer than
knowledge of systems and applications which can be decrypted. DSD may feel
understandably vulnerable in entering such an arrangement where such
judgements are likely to emerge or be required. The current degree of feeling
and suspicion seems born of ignorance or matters not stated rather than from
any adverse experience. A more positive approach by both sides should assist
to break down those barriers.
<P>
4.4.13 At paragraph 3.5.4, it was concluded areas of expertise in computer
crime investigations will likely determine the priority with which certain
criminal investigations are initiated and a particular challenge for agency
managements will be to maintain and develop the number of staff with the
requisite skills. The inter-agency forum could play a useful role in
coordinating capital investment and personnel development plans for this area in the member
agencies.
<P>
4.4.14 The need for law enforcement and national security to initiate a
dialogue with the IT industry, carriers and service providers was mentioned at
paragraph 3.7.5. Such a task would logically be undertaken by forum
representatives.
<P>
4.4.15 It may be that some memoranda of understanding would be required
to protect technology transferred between agencies and sensitive operational
methods against disclosure in court proceedings or discovery processes.
If indicated, such devices should reinforce the special compartment in which this
information is located.
<P>
<h3>4.5 <i> Public Key Infrastructures</i></h3>
<P>
4.5.1 The reactions of foreign governments to the availability of stronger
forms of encryption has varied. Some require import licenses. Russia, India,
France, China and Israel are among those and Russia and France require those
who wish to use encryption to obtain state licences. The Belgians discovered
they had passed a law in December 1994 which might prohibit the use of
unescrowed encryption. At the time it went unnoticed as part of a larger law.
The law adds a condition under which telecommunications equipment may be
seized, namely in case of end equipment which renders interception ineffective.
It has not been enforced as the Belgian Institute for Posts and
Telecommunications remains unclear of its consequences.
<a href=#foot40><sup>40</sup></a>
The example is cited as a salutary warning of the fate which may befall premature policy
initiatives.
<P>
4.5.2 The efficacy of legislative measures to limit or control importation,
let alone the political and public policy wisdom of pursuing them when the Internet
offers a range of encryption applications, seems doubtful in the extreme.
<P>
4.5.3 Export controls on cryptography and cryptographic products have
long been in place in Australia. They interlock with controls imposed by a
number of countries, principal among them the United Kingdom, Germany,
France and the United States - generally thought to produce more than 70% of
the world's software. Contemporaneous with calls for government not
to interfere with the availability of cryptography for the privacy protection of
citizens have been calls for export controls to be ameliorated.
<P>
4.5.4 The lack of enthusiasm with which American commentators greeted
the series of United States government proposals, culminating in the formal
Administration statements on 11 July 1996, to establish a key management
infrastructure, under which the needs of quality assurance, integrity, data
retrieval and public safety would be accommodated, broadly reflects the
reaction of those consulted by this Review.
<a href=#foot41><sup>41</sup></a>
Few felt key escrow arrangements could be argued as secure and less considered government ever
acting as an escrow agent to be appropriate.
<P>
4.5.5 The American proposal for a commercial encryption policy is based
on a global key management infrastructure that supports digital signatures and
confidentiality. Independent entities, key escrow agencies, would verify
digital
signatures and also hold spare keys to confidential data. Those keys could only
be obtained by persons or businesses that have lost the key to their own
encrypted data, or by law enforcement officials acting under proper authority.
<P>
4.5.6 Pressure created by the United States' computer industry and users
eventually caused three Bills dealing with cryptography to come before the US
Senate, two of which propose the abolition of export controls. The Republican
candidate for the Presidency, Mr Robert Dole, was a co-sponsor of one of the
bills. The Commerce Committee of the Senate scheduled a vote on one
measure for September 12, 1996, but this was delayed because of other
business. With the conclusion of the final session of the 104th Congress before
the November elections, the measure will have to be revived by the returned
Administration and the next Congress. The White House
was originally expected to introduce its own legislation around mid-September, offering
special arrangements for industry segments such as finance, health care and
insurance. In turn, those sectors were expected to support government key
escrow systems, which would have the effect of making them mandatory.
<a href=#foot42><sup>42</sup></a>
The July 1996 United States Administration statement foreshadowing the
liberalisation of export controls for certain commercial encryption products
seemed, also, an attempt to dispel Clipper suspicions.
<a href=#foot43><sup>43</sup></a>
The terms and conditions attaching to that forecast liberalisation of export controls were
eventually set out in the Vice-President's statement of 1 October 1996.
<a href=#foot44><sup>44</sup></a>
<P>
4.5.7 While performance standards and key recovery, alone with some
relaxation of export controls are noted as the main features of the July 1996
American proposal, there was no attempt to hide the principal drivers - on the
one hand, the requirements of national security and law enforcement; on the
other, the export interests of the United States.
<P>
<ul>
[<i>remainder of this paragraph not provided under FOI, by reason of
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
Ignored are four detracting
considerations: the first is the added vulnerability which escrowing
requirements introduce; the second is the increased risk of repudiation as the
escrow agency could impersonate an individual; the third is that those to whom
the proposal is directed (organised crime, terrorists, foreign intelligence
services) may not use such a service; and the fourth is the likelihood criminals
who wish to appear to be engaging in normal commerce may encrypt their data
with another encryption application before wrapping it with the escrowed key.
<a href=#foot45><sup>45</sup></a>
United States commentators, but not they alone, are concerned government
access to authentication keys could result in the fabrication of evidence and
significant complication for the administration of justice. US Government
sources are reported to say informally there was and is no intention to see
authentication keys escrowed and the point was not made explicit because it was
regarded as self-evident. It seems extraordinary that so unnecessary a hostage
should have been risked.
<a href=#foot46><sup>46</sup></a>
</FONT>
<P>
4.5.8 The United Kingdom government has taken a similar path. On the 11
June 1996, a policy paper was issued publicly.
<a href=#foot47><sup>47</sup></a>
This announced the adoption
of licensed and regulated Trusted Third Party (TTP) services as the core of its
arrangements.
<a href=#foot48><sup>48</sup></a>
Without giving a binding commitment, it noted licensing
might be predicated on an examination of applicants' fiduciary responsibility,
competence to provide services in this sector and commitment to modern
management principles! The purpose of the licensing policy is to preserve the
ability of the intelligence and law enforcement agencies to fight serious crime
and terrorism by establishing procedures for disclosure to them of encryption
keys under warrant. The UK Government announced legislative proposals
would be brought forward after further consultation on detailed policy elements.
<P>
4.5.9 The British paper did not distinguish between authentication and
confidentiality keys, though the Royal Holloway proposal on which it is
founded did, and foresees some relaxation of export controls. For a time it
offered the advantage over the early Clipper schemes of an offer of key back-up
for data retrieval purposes, but the July 1996 American key management
infrastructure proposal also included that element.
<P>
4.5.10 At its essence, the TTP proposal provides users with key management
services and law enforcement agencies with warranted access to a particular
user's communications. Like the American proposal, the scheme would be
voluntary but creates new points of vulnerability where the keys of participants
may be attacked. The cost would be borne by the individual.
<P>
4.5.11 Trusted third party encryption is much more problematical in relation
to telecommunications than for stored data. It is difficult to imagine trusted
third party encryption becoming the norm unless governments put substantial
sanctions in place. For those to be meaningful will require close coordination
and global agreements to cover a global market. The importance of the efforts
by the Australian government and OECD partners to reach an acceptable draft
of cryptography guidelines is underlined here as global agreements will only be
secured on the basis of internationally accepted principles.
<P>
4.5.12 The French government has adopted a mandatory third party scheme
which will result in some relaxation of the earlier ban on cryptography. Like
the others, it does not distinguish between authentication and confidentiality
keys. One is tempted to say it poses the same problem for criminal prosecutions
but the French approach to these matters necessitates more specialist
information than is available to this Review. The government, of course, picks
up lawful access to the key under the scheme.
<P>
4.5.13 While a number of governments have taken legislative or regulatory
action, more seem to have been monitoring developments and turning their
minds to data protection and privacy legislation. Within the European Union
and the OECD, significant effort is being devoted to international draft
principles covering the use of cryptography, for which a target date of February
1997 has been set. The OECD is considering undertaking a review of the 1980
privacy guidelines and intends to review the 1992 IT security guidelines next
year. Some work on intellectual property requirements remains outstanding.
<P>
4.5.14 In Australia, a group representing government, industry and users
produced several iterations of a public key authentication framework (PKAF)
proposal.
<a href=#foot49><sup>49</sup></a>
This scheme would be voluntary, not subject to government licence
and would deal only with authentication. The PKAF function is that of a
certifying authority, not a trusted third party or escrow agency. Keys would
have to be generated in accordance with the scheme to ensure integrity and
security, no key would be retained by PKAF and no government access to the
scheme is proposed. The proposal was developed under the aegis of Standards
Australia and conforms to both management and technical standards.
Its adoption will require amendment to the Evidence Act or the Acts
Interpretation Act to provide for a digital signature to have the same force and
effect as a hand-written signature.
<P>
4.5.15 It is unclear how the Australian market will develop, though electronic
commerce and the trans-national nature of so many commercial operations
suggest the lead of major trading partners will likely be followed. For
the moment, the PKAF project appears to have lost some momentum and the
expected launch of products by potential service providers have been delayed.
There will almost certainly be a public requirement for agencies which provide
third party, data recovery and, possibly, key generation facilities. Some form
of registration of these service providers, as in the telecommunications field,
would seems sensible to ensure public confidence and operating integrity and
would be helpful to law enforcement agencies and the protection of national security. It
would be in the national interest, given the community's future reliance on the
integrity of digital signatures, for the bona-fides of these providers to be
vetted as a condition of registration. The framework for that registration process
should be put in place promptly.
<P>
4.5.16 The United Kingdom intends to bring forward legislative proposals to
address the licensing of trusted third parties.
<a href=#foot50><sup>50</sup></a>
The statement issued by United
States Vice-President AI Gore on 1 October 1996, addressing the liberalisation
of export controls, advised these would be conditional upon industry
commitments to build and market future products that support key recovery.
<a href=#foot51><sup>51</sup></a>
The proposal 'presumes' trusted parties will be designated by users, but does
not address or exclude the issue of licensing. The statement makes clear that law
enforcement access, under proper authority, would only be to the user's
confidentiality key. A condition of registration, which might carry benefits
such as inclusion in public directories and approval for products/services to be
used in government and financial sector dealings, could be that keys would be
made available to the AFP, NCA or ASIO on production of a lawful instrument.
<P>
<h3>4.6 <i> International Agreements </i></h3>
<P>
4.6.1 There may be some requirement for the Australian Government, for
electronic commerce or similar purpose, to put in place systems which interlink
with the American, the British or some other proposal which wins sufficient
global support.
<a href=#foot52><sup>52</sup></a>
This will depend, in part, on the specific features of the
arrangements implemented by those governments and their interoperability with
the requirements for a Public Key Authentication Framework outlined in the
Miscellaneous Publication released by Standards Australia in November 1996.
The British Government paper of 11 June 1996 spoke of the need for common
architectural framework in different countries to support the provision of
integrity and confidentiality and saw encryption algorithms on the International
Standards Organisation register as a sensible benchmark. Agreement on
international, and therefore interoperable, standards is a core objective of the
OECD group developing guidelines on cryptography.
<P>
4.6.2 Until broad agreement on standards and architecture is secured, it
would seem premature to enter any bilateral negotiations, though clearly
substantive discussions on the issues must proceed.
<P>
4.6.3 The review encountered significant scepticism about mandated key
escrow or TTP systems. The national sovereignty of the agencies providing
these services could not be guaranteed, with consequent implications for the
national interest. There is the strong likelihood that these agencies would
become the major targets of foreign intelligence services. When an agency
owner provides a key, under lawful authority, to a law enforcement agency
questions of integrity about that key would arise. The PKAF proposal outlines
a precise set of obligations and actions where a private key is known or
suspected to be compromised. Certainly the key has to be replaced, the
certificate containing the associated public key revoked and the fact notified
promptly on a Certificate Revocation List. Where a key is surrendered to a law
enforcement authority in response to a search warrant, the question arises how
the compromised nature of the key would be advised to the owner and what
liability may be carried by the law enforcement agency or the service provider?
While separation of the authentication key pair from the confidentiality key
pair would go a long way to reduce this problem, the need for clear policy definition
is clear. An early and clear statement from government that it has decided the
issues of authentication and confidentiality are to be separated would be of
significant benefit.
<P>
4.6.4 Law enforcement agencies and ASIO will need to address the
reciprocal arrangements for the acquisition of keys which they would seek of
others and will be sought of them. The sensible course would be to cover such
exchanges by memoranda of understanding, after normal agency and Ministerial
processes of approval.
<P>
<h3>4.7 <i> Third Party Systems </i></h3>
<P>
4.7.1 If there is a single lesson to emerge from the ill-fated 'Clipper'
debate in the United States, it is that attempts by government to mandate any
cryptographic technology solution or the use of government escrow or recovery
agents are doomed to failure. Whether and how private citizens or corporations
choose to recover data or protect themselves against a shut-out is for them
alone to decide. It is interesting to note a recent IT industry paper builds a
proposal around a key recovery system rather than an escrow System.
<a href=#foot53><sup> 53</sup></a>
No user key would be held by the key recovery agency or agencies.
The algorithm/s employed would be publicly available, there would be no limit on key lengths
and the self-escrowing of keys would be permitted. On production of a court
order or warrant, and with the presentation of some intercepted traffic between
the party in question and another, the key recovery agency would be able to
reconstitute the message without recovering the key. While this proposal may
meet data retrieval requirements, it is likely to lack evidential value for a
prosecution.
<P>
4.7.2 The proposal overcomes many of the deficiencies of the escrow
system, but two seem to linger: the first is the vulnerability which attaches to
the operation of the key recovery agencies. The system's developers envisage a
number of large agencies in a variety of countries, with users deliberately
spreading some of their data vulnerability off-shore. They then ask the
question could agencies in a variety of countries be equally susceptible to inducement
whether from a drug cartel or a particular government. The second residual
problem is the extent to which 'serious' criminals will avail themselves of such
a system without suspecting they are buying a Trojan horse. There is ample
evidence law-breakers continue to use means of communication when they
believe them possibly to be compromised and this tendency is advanced by
some to argue that criminals will not take extraordinary measures to secure
their data. IT industry representatives, the AFP, the NCA, ASIO and state police
forces consulted all considered encryption would routinely be employed when it
was generally available, simple to use and effective. Those conditions will
imminently be met.
<P>
4.7.3 The Review formed the opinion that some form of third party system
would commend itself as the best option for government and a sales pitch based
on data recovery and public safety would be more likely to gain community
acceptance than one founded on law and order, or even less, for essential tax
collection purposes! No person consulted disputed the need for the state to be
able to move quickly when confronted with kidnapping, the threat of terrorism
or the abuse of children. At a level of principle, that consensus, wrapped in
the delivery of a useful service such as data retrieval, offers the best 'hearts and
minds' approach. The appeal of each of the three 'Clipper' versions was based
on the needs of law enforcement and national security - those appeals were
greeted with some cynicism. This is not to say that high-flown principle does
not carry some weight but third party service providers will be in business to
make a profit.
<P>
4.7.4 The assumption that encryption users would require some form of
third party system rested hitherto on the premise that software based methods
would be employed to generate encryption materials. While the software
approach still predominates, a shift towards primarily hardware based solutions
is starting to revise thinking. The need for emergency data recovery, date/time
stamping and non-repudiation facilities is certain to be felt and that means
trusted third parties will have a place. As a passing comment, use of the
Internet seems to have increased the community's level of data security
consciousness. The realisation that using the Internet in open mode to buy
tickets for a function on a particular date may be to risk advertising one's
house may be empty on that evening would be disquieting!
<P>
4.7.5 While the American and British proposals both envisage law
enforcement and national security agencies serving legal instruments on TTPs or
escrow agencies and obtaining the specified keys, the confidentiality of such
arrangements is not guaranteed and the integrity of investigations is sometimes
put at risk. Problems of leakage of information from telecommunications
carriers and companies providing pager services to the subjects of law
enforcement investigations are currently experienced in Australia and may be
expected to continue. The post 1 July 1997 deregulated climate is unlikely to
temper this pattern.
<P>
4.7.6 Users of TTPs, escrow arrangements or key recovery agencies will
need to ask themselves to what extent those service providers should be trusted.
The British Government has formally proposed a licensing system and a Federal
Bureau of Investigation/Department of Justice proposal outlined the US
Administration's views of the characteristics it considered should attach to the
service provided and those providing the services. Licensing systems, or their
equivalents, do not guarantee ownership of such agencies will remain in the
national interest, nor that those involved would remain immune to inducements
or coercion, but they do provide a measure of public confidence. In that fabled
New World Order of which public commentators are wont to speak, key
recovery agencies, escrow agencies and TTPs will become major intelligence
targets for all countries with a capability to match their desire. It will
be possible for the risk factor to be reduced, where users have the wit and
resources to spread it across jurisdictions and different control interests, to
have some objective testing of the 'trust quotient' of service providers, but
not finally to eliminate it.
<P>
4.7.7 How then to address the question of trust? Users cannot be expected
to presume the bona fades of those providing third party services and the
integrity of commercial and personal transactions will rest on that of the
service providers. This dictates, in view of the potential for corruption in this
industry sector, a form of screening and registration will be essential. The procedures
used in several States and Territories to assess potential casino operators
would be a useful initial model for the integrity checking process. In view of the
pace at which technology has been developing and the cost and consequences of
leaving the process of regulation too late, it would be prudent for government
to indicate early its intention to apply a system of registration and take the
administrative steps to implement it.
<P>
<h3>4.8 <i> The Internet </i></h3>
<P>
4.8.1 Cryptography today can scarcely be discussed or viewed outside the
context of the Internet. Designed originally by the United States Department of
Defense to be a centre-less anarchic system and then taken over by the academic
community, it continues to defy attempts to regulate it. In the course of the
1996 US presidential election campaign, President Clinton promised to build a
new network. It was not clear if this would be a second Internet, if it was
intended to incorporate some form of central control or key nodes or the extent
of its relationship with the existing Internet. What is clear is the problem
will remain as long as the current net exists and many will defend its right to
longevity.
<P>
4.8.2 In such a fluid context, to mandate processes is a questionable course
as it will not automatically direct or prevent the conduct to which they are
directed. Professor Dennis Longley observed, 'the Internet can always refigure
itself around restrictions or regulations'.
<a href=#foot54><sup>54</sup></a>
There have already been knee-jerk
reactions in various parts of the world to developments on the Internet but
reasonably clear indication that few, if any, of those proposals will work and
the dangers they are intended to avert or contain may sometimes have been over-
stated.
<P>
4.8.3 The anarchic nature of the Internet may have conditioned the United
States Administration's approach to cryptography policy. As recently as
25
July, FBI Director Louis Freeh said if the current 'voluntary' policy failed, he
would seek mandatory domestic controls on cryptography, while conceding
these too may not work - they were simply the logical progression of his
thinking.
<a href=#foot55><sup>55</sup></a>
If one had to pick a single characteristic which epitomised public
policy, pragmatism would beat logic every time. Dorothy Denning, a
staunch advocate of the American 'law and order position', argued in a web
debate that an encrypted Global Information Infrastructure is without precedent
in world history. That is right , and so is the GII itself. The public
discussion needs to offer more than the prospect of losing one's encryption keys and/or
facing the depredations of organised crime and terrorism before general support
for government arranged key management infrastructure wills be elicited. It is
a question of balance.
<P>
4.8.4 There are powerful benefits to be reaped by our citizens and our
community from the ready availability of encryption in terms of privacy,
commerce, the range of on-line services which might be accessed from home,
inquiries which may be initiated discreetly, payments made and a range of
others. There remain, for law enforcement agencies, concerns about the legally
unclear (in terms of the TI Act) role of Internet service providers,
jurisdictional confusion as to service of warrants, uncertainty about the telecommunications
market in Australia after 1 July 1997, the potential for people to use satellite
telephones which transmit and receive directly from satellites located over
South-east Asia and other matters. LEAC, supported by an annual
telecommunications interception conference, should provide the avenue for
meeting these concerns or feeding them into other established channels.
<P>
<B>Footnotes:</B><P>
<font size=2>
<a name=foot38><sup>38</sup></a>
See Attachment 6 of the Barrett Report.
<P>
<a name=foot39><sup>39</sup></a>
PGP - Pretty Good Privacy - a strong encryption package that utilises RSA,
designed by Paul Zimmerman and published on the Internet. The US Government charged Zimmerman with
breaching export controls but dropped the suit after more than two years when it could not establish if
Zimmerman placed PGP on a server or someone stole it.
<P>
<a name=foot40><sup>40</sup></a>
Crypto Law Survey, Version 4.2, July l996, available
<a href=http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm>
http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm</a>
<P>
<a name=foot41><sup>41</sup></a>
The first of two statements released by the White House on 12 July 1996,
titled Administration Statement
on Commercial Encryption Policy July 12 1996, is shown at Annex C of this
report. The second statement
issued on the same date was titled US Cryptography Policy: Why We Are Taking the
Current Approach.<P>
<a name=foot42><sup>42</sup></a>
EPIC Alert, Vol. 3.16, September 12, 1996, item 4. p 4.
(<a href=http://www.epic.org/>http://www.epic.org/</a>)
<P>
<a name=foot43><sup>43</sup></a>
The first use of key escrow, dubbed Clipper. was in 1993. Clipper was a
hardware chip that allowed digital
telephone users to make secure calls but also allowed the government. under
lawful authority, to intercept calls.
<P>
<a name=foot44><sup>44</sup></a>
The full text of the Vice-President's statement is shown at Annex F of this
report.<P>
<a name=foot45><sup>45</sup></a>
The only way of finding out if Smith or Jones is using double encryption
(with a non-escrowed key) would
be by decrypting their files/communications with their escrowed keys and
observing the decrypted data is still
unintelligible. Warrants would have to be obtained to verify people are playing
by the rules or else their privacy would be violated.
<P>
<FONT COLOR=#FF0000>
<a name=foot46><sup>46</sup></a>
Annex F, which contains the statement issued by US Vice-President Al
Gore on 1 October 1996, states that access to confidentiality keys alone
will be sought/authorised.
</FONT>
<P>
<a name=foot47><sup>47</sup></a>
Paper on Regulatory Intent Concerning Use of Encryption on Public
Networks, issued by the Department of Trade and Industry, 11 June 1996. This
paper is repeated at Annex D.<P>
<a name=foot48><sup>48</sup></a>
A solution first advanced by the Royal Holloway group of the University of
London.
<P>
<a name=foot49><sup>49</sup></a>
A draft Australian Standard on Strategies for the Implementation of a Public
Key Authentication Framework
in Australia was issued for comment by Standards Australia on 1 April 1996 and
was released as a Miscellaneous Publication (MP75) on 5 November 1996.
<P>
<a name=foot50><sup>50</sup></a>
See Annex D<P>
<a name=foot51><sup>51</sup></a>
Statement of the Vice-President, AI Gore, released by the White House on 1
October 1996. Copy attached at Annex F.
<P>
<a name=foot52><sup>52</sup></a>
cf conclusion at 1.1.19 of this report.
<P>
<a name=foot53><sup>53</sup></a>
The Need for a Global Cryptographic Policy Framework - An IBM Position Paper,
August 1996.
<P>
<a name=foot54><sup>54</sup></a>
Professor Dennis Longley, Director Information Security Research Centre,
Queensland University of Technology, in a presentation to the Joint Australian/OECD conference on
Security Privacy and Intellectual Property Protection in the Global Information Infrastructure, 7-8 February 1996,
Canberra.
<P>
<a name=foot55><sup>55</sup></a>
Louis J Freeh, Director of the FBI, testimony before the Commerce Committee
of the Senate of the United
States Congress. 25 July 1996, quoted in Epic Alert, Volume 3.14 of August 1,
1996.
</font>
<P>
<hr>
<P>
<center>
<a name=chap5></a>
<h3>
CHAPTER 5
<P>
STRIKING A BALANCE
<P>
</h3>
</center>
<P>
<P>
<h3>5.1 <i> A Matter of Proportion</i></h3>
<P>
5.1.1 There is a broad split among the advanced industrialised countries of
the world between those where governments have taken policy initiatives
concerning cryptography and those who have simply watched developments.
Even at this stage, it is an instructive question to ask whether the latter have
suffered any disadvantage from a law enforcement, national security or privacy
point of view. The answer seems to be an emphatic negative.
<P>
5.1.2 The moral authority of government is easily exhausted in treating such
a public policy issue and more quickly if this is done in less than candid and
even-handed fashion. As this report noted at its commencement, the issues
touch on the central relationship between the individual and the state and there
is need to ensure government is not substituted for state in that context. To
attempt to play a modern-day Canute, as those who seek to ban unrestricted
access to the Internet and restrict imports of encryption materials have done,
is simply futile in an age of seamless communication and electronic
marketplaces.
Those like the United States and Great Britain who have urged so strongly their
preferred positions on the international stage, eventually announcing them in
the middle of 1996 as official policy, appear to have viewed the issue as
primarily a security and law enforcement issue and secondarily a privacy issue.
The British Government, curiously, stated early in its paper that the policy had
been decided on after detailed discussion between Government departments, adding
in the final paragraph that formal consultation will be undertaken prior to the
introduction of legislative proposals.
<a href=#foot56><sup>56</sup></a>
<P>
<ul>
[<i>para 5.1.3 not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
</i>]
</ul>
<FONT COLOR=#FF0000>
5.1.3 In the United States, the Department of Justice and the FBI early
moved into the van and never retired from that position. Whatever may have
been their original intention, the impression given is they have sought to
dominate public discussion of the issue. The British Government showed a
little more finesse in its campaign strategy with the Department of Trade and
Industry formally picking up the torch.
</FONT>
<P>
5.1.4 The consequence of these 'transparent' efforts by the law enforcement
and security communities in those countries, supported by some academics and
advocates who have argued the cause of data retrieval or sketched images of
unbridled terrorism and organised crime, is the sizeable suspicion that the key
management proposals are intended primarily to benefit their sponsors. Privacy
advocates and guardians, electronic commerce, offices of budget and
management within government, the IT industry itself have not been as effective
in their advocacy though, arguably, they have more at stake.
<P>
5.1.5 Strong support for the broad policy position taken by the present
Australian Government, and its predecessor, was evident through the Review
consultations. In view of the continuous rate of change, technology
development and changing cost structures, there is much to be said for watching
developments. None argued prescription, much less the mandating of
requirements, was a useful approach. And while one or two might see
cryptography as a rare opportunity to cock a snook at the state, there was
general recognition that as a community we must address the looming problem
in the law enforcement and national security areas. What can we do?
<P>
5.1.6 It would be sensible now to generate a more informed and broader
discussion of the situation in the Australian community. Those consulted
almost universally presumed the outcome of this Review would be used as a
trigger in that process. While the tax evaders and black economy participants
may rub their hands in glee at the comfort encryption may afford them, the
majority are likely to treat the matter seriously, recognising the loss of the
law enforcement function across a range of fields such as narcotics and counter-
terrorism and further restriction of the funds available for public works,
community services and health care will affect the type of society we enjoy and
hope to leave to our children. In today's context, any ideal outcome based on a
key management system advocated elsewhere or an amalgam of various systems
could too easily be circumvented by organised crime or terrorists with
reasonable capability and the intention to shield their plans from the
investigative agencies of the state. As such systems are primarily intended to
meet the needs of public safety, it would be futile to impose requirements which
are costly and/or which have a harmful privacy impact but which fail to address
their fundamental purpose.
<P>
5.1.7 The approach of this Review is to strike a balance: to ensure the
extant powers of law enforcement and national security agencies to access and
intercept are relevant, to recommend a modest increase to those investigative
powers, to afford some greater protection to their high risk activities and to
acknowledge the benefit which encryption will bring to people and corporations
in securing their data. The Commonwealth Privacy Act 1988 remains the only
information privacy law in Australia with legally binding rules.
<a href=#foot57><sup>57</sup></a>
This statute implemented Australia's commitment to take the 1980 OECD Guidelines
Governing the Protection of Privacy and Transborder Flows of Personal Data
into account in domestic legislation.
<a href=#foot58><sup>58</sup></a>
The Government has stated its intention
of extending the application of the Privacy Act, which regulates Commonwealth
government agencies and all users of consumer credit information and tax file
numbers, to the private sector.
<a href=#foot59><sup>59</sup></a>
There would be much sense in avoiding,
particularly during the period until legislation is introduced into the
parliament, a perception that the privacy of the whole community was to be constrained to
address a small sector need. This would leave the government better placed to
act or intervene legislatively, if that should later be required.
<P>
5.1.8 As at October 1996, no 'magic' solution to this problem was in
prospect. There is yet a short time available. The impact of encryption on the
totality of law enforcement and national security interests in Australia remains
fairly negligible, though the problem is only as far away as tomorrow. What
should be done in the interval? Government should continue to monitor the
situation and study the experience of others, as the practices eventually
adopted by major players such as the European Union, the United States and the OECD
will have trans-national impact. There are some practical steps both to
strengthen and maintain the investigative capability of law enforcement and
national security which should be undertaken and some greater protection given
to the covert operational methods of law enforcement and national security
agencies. These are discussed in more detail in Chapter 6.
<P>
5.1.9 The Privacy Commissioner, the New South Wales Anti-
Discrimination Board and various lawyers and academics with a strong interest
in privacy issues were concerned there should be no diminution of the stringent
program of oversight and accountability where intrusive powers were
exercised.
<a href=#foot60><sup>60</sup></a>
I concur entirely with that attitude. A view seemed to emerge that
the Commonwealth's oversight and accountability arrangements were more
effective than those of the States. The Review found general support for the
approach of increasing, to some small degree, the warranted intrusive powers
directed against persons the subject of serious investigations, rather than
imposing a penalty on the whole community by attempting, in vain fashion, to
limit or control the use of encryption.
<P>
5.1.10 Some consideration was given to the idea that the department vested
with the driving and coordination function on cryptography policy might ensure
Ministers were kept abreast of developments overseas and the changing
situation and requirements for Australia. On reflection, it was felt this
function would more effectively be discharged by a further review, on terms similar to
this one. There is need for that degree of detachment in the conduct of a
review so that all views may be garnered and synthesised into policy options. This is
more readily extended to a reviewer than an official with daily responsibility
for elements of the policy. A time of late 1997 would allow for the passage of 12
months since this review, a significant period of technological development,
some experience of a deregulated telecommunications market and any impact on
law enforcement and national security, the preparation by the AFP of the
proposed submission on the impact of the loss of real-time access to voice and
data communications
<a href=#foot61><sup>61</sup></a>,
the conclusion of the OECD drafting exercise and
legislative proposals being brought forward in Britain and the United States.
<P>
<h3>5.2 <i> Export Controls</i></h3>
<P>
5.2.1 The Review was invited to examine the effectiveness of Australia's
export controls on encryption technology. How this issue might be addressed
depends very much on the interest being espoused. As the Review moved
among its primary catchment area, parties representing privacy, law
enforcement or national security interests, it was apparent no uniform judgement
could be made. Few who spoke to the Review thought the issue of Australia's
export controls could be divorced from the export controls of the United States.
That the United States was but one of a number of signatory countries, first to
COCOM and more recently to the Wassenaar agreement, seems generally to be
ignored. Its super-power status and position as the principal global software
manufacturer prompt an identification of those agreements with the national
interest of the United States
<P>
5.2.2 The Australian government effects controls on the export of defence
and related goods through the Customs Act 1901, the Customs (prohibited
Exports) Regulations and, the guidelines Australian Controls on tile Export of
Defence and related Goods - Guidelines for Exporters. issued in March 1994
and the Australian Controls on the Export of Technology With Civil and
Military Applications - A Guide for Exporters and Importers issued in
November 1994. The controls specify a range of cryptography products, such
as cryptographic equipment, software controlling the function of cryptographic
equipment, computers performing such functions, mechanical bits and pieces
used in these processes and applications software for such purposes.
<P>
5.2.3 The context of the controls make it clear the government encourages
the export of defence and related goods where these do not conflict with the
national interest or Australia's external obligations. The Strategic Trade
Policy and Operations Section of the Department of Defence considers export
applications and makes recommendations on them. It also works closely with
manufacturers, where possible, to advise on products and applications eligible
for export.
<P>
5.2.4 From the vantage point of the Defence Department, and the Review's
terms of reference require particular regard be paid to national security and
defence interests, the principal defensive goal of export controls is the
prevention of the proliferation of 'strong' encryption. Various commentators
thought Australia's export controls may have had some effect in this regard
though they suspected American export controls have much the greater impact.
A claimed by-product or secondary benefit is that export controls may have
aided the Australian cryptographic industry, enabling it to export and market
more competitively in the region. This claim, couched in the subjunctive tense,
was disputed by many but does not bear on the primary defensive goal of export
controls.
<P>
5.2.5 From a strategic perspective of the IT industry in Australia, changes
to United States export controls, certainly changes of the order advocated in the
Republican bills before the Congress, were considered deleterious by sections of
industry. This view was based on the premise that all strategic decisions of
the industry have been predicated on the expectation that export controls,
Australian and American, would not significantly vary. The more controlled relaxation of
export controls announced by the United States Vice-President on 1 October
1996 mark a departure from that planning base but are less extreme than some
have advocated.
<a href=#foot62><sup>62</sup></a>
<P>
5.2.6 There were, however, more particular indications of a negative side to
export controls. Software and hardware manufacture is dominated by the
United States, so business, IT or otherwise, has to ensure product compatibility
when buying products. It was said, almost uniformly, Australian products
tended to be more expensive (from small amounts to some thousands of dollars),
less convenient (US software applications may be purchased in thousands of
shops but hunting is often required to find the Australian equivalent) and
problems of compatibility frequently arise with systems geared to American
products and applications. Major banks have the capacity to step around this
problem and purchase off-shore.
<P>
5.2.7 When particular judgements were offered about the impact of United
States export controls, the point was always made that the United States was one
of a considerable number of countries linked first under COCOM and more
recently under the Wassenaar agreement and should not, therefore, be viewed as
acting alone. This was uniformly countered with the view that the United
States position as a military and economic super-power, combined with its
dominant position in the software production market, gave it the critical voice
in any grouping to which it belonged or sponsored.
<ul>
[<i>part of this paragraph not provided under FOI, by reason of
<a href=index.htm#foi33>Section 33(1)(a) of the FOI Act</a>
(Documents affecting national security, defence or international relations)
and
<a href=index.htm#foi37>Section 37(2) (b) and (c) of the FOI Act</a>
(Documents affecting enforcement of law and protection of public safety)
</i>]
</ul>
<FONT COLOR=#FF0000>
It has to be said the
continuing validity of export controls as a defensive strategy is open to question
when import controls do not exist in most countries, where firms in countries
covered by multi-lateral agreements on the proliferation of cryptography are
able to circumvent United States' or Australia's export controls and buy the
software of their choice in Asia or Europe and when easy access to the Internet
is available to all.
</FONT>
<P>
5.2.8 Some irritation was expressed with the export licence system.
Certainly, there was appreciation that 'continuing licences' had been introduced
by DSD, enabling manufacturers to export to foreign countries or specified
companies for a 12 month period, without reference back to the Directorate.
<P>
5.2.9 It is a truism to note that research and development take time. A
strong view was put to the Review by the IT industry that incentives to
undertake R&D in Australia are diminishing and likely to continue to do so.
Even without the pressure which a relaxation of US export controls would
cause, a migration of both technology and the research and development effort
from Australia is likely. Any amelioration of the export control regime would
likely hasten that trend.
<P>
5.2.10 A common banking industry view was that while Australian
encryption products were always available, they did not always meet business
needs. American products normally offered functionality, but their availability
was frequently uncertain. End user licensing is seen as a problem for banks
as the purpose is often wider than the commercial transaction and any part-
escrowing of keys would render the system insecure. Consequently, banks are
sometimes forced to rewrite software or undertake substantial work to link or
cause to interface two separate products. Because some of these couplings are
'unnatural', the expected productivity benefits are reduced.
<P>
5.2.11 One consequence of the abolition of US export controls or substantial
contraction of them is likely to be an outbreak of a condition which might be
termed 'key length envy' - the assumption that by simply lengthening the key a
greater degree of security is obtained. Of itself this contention is
simplistic.
What matters is the key space, or the pool from which keys are drawn, the
soundness of the operating system and the operator's procedures.
Providing the algorithm is sound, the operating standards are high and
functionality is not
adversely affected, a longer key will offer more security than a shorter one.
Key length estimates are normally geared to what is required in 20 years' time
and that is considered adequate protection against concerted efforts to discover
them. There is a general wariness in some business circles of the enormous
amount of idle time which exists for the computing power of large-scale
corporations and the purposes to which that power might be put, but that, as
they say, is another story.
<P>
<P>
<B>Footnotes:</B><P>
<font size=2>
<a name=foot56><sup>56</sup></a>
Paper on Regulatory Intent Concerning Use of Encryption on Public Networks,
issued by the Department of Trade and Industry. London. 11 June 1996, paragraph 2 and paragraph 16. See
Annex D.
<P>
<a name=foot57><sup>57</sup></a>
Nigel Waters, 'Street Surveillance and Privacy" in Privacy Law & Policy
Reporter, Vol 3, No 3, June 1996,
p 49.
<P>
<a name=foot58><sup>58</sup></a>
The OECD Guidelines are attached as Annex E to this report.
<P>
<a name=foot59><sup>59</sup></a>
A discussion paper to this effect was issued by the Attorney-General in
September 1996.
<P>
<a name=foot60><sup>60</sup></a>
While these views have been made clear in publications and writings, they
were repeated to the Review during discussions in Sydney on 10-11 July 19%.
<P>
<a name=foot61><sup>61</sup></a>
See finding 1.2.19.
<P>
<a name=foot62><sup>62</sup></a>
The United states Vice President's statement on encryption is set out in Annex F
<P>
</font>
<P>
<hr>
<P>
<center>
<a name=chap6></a>
<h3>
CHAPTER 6
<P>
COORDINATING PROCESSES AND INVESTIGATIVE CAPABILITY
<P>
</h3>
</center>
<P>
<P>
<h3>6.1 <i> Policy Primacy and Coordination</i></h3>
<P>
6.1.1 Many departments and agencies have an interest in cryptography
policy. Some of the range was outlined in Chapter 1. The issue of policy
primacy now needs to be established so Ministers and departments are aware of
whom with which they need to consult when policy issues overlapping the
cryptographic area surface and so one Minister and department is viewing the
issue of cryptography policy from a holistic point of view. There
is fair indication that neither of these functions is currently being performed. Inside
and outside the bureaucracy there is some bemusement that no department has
or is even claiming ownership of this policy area. That diffidence, should it
be that, can only confuse. Because of the pervasive impact of cryptography policy
issues on every sphere of activity, not least the way commerce and government
will engage in business, the matter should be taken to Cabinet promptly for a
decision on policy ownership.
<P>
6.1.2 It has become self-evident that decisions taken in the areas of IT
industry development, export schemes, broadband communication policy,
intellectual property, criminal justice or law enforcement. each bear on policy
issues associated with encryption, so it is only sensible that one Minister and
one Department coordinate those issues while several may have responsibility
for particular areas. The mystification within government and in the private
sector at the apparent lack of policy coordination is accentuated by the
plethora of committees, working groups and other forms of review looking at policy
issues which embrace or impact upon cryptography policy issues. Clearly the
questions of policy primacy and coordination go together and, when settled,
need to be advised widely.
<P>
6.1.3 Which department should have the policy responsibility is an issue
for decision by Ministers. Some of the issues are mentioned at paragraphs 3.4.3-5.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed