back to article Surrender your crypto keys or you're off to chokey, says Australia

Australia's Attorney-General's department has floated a plan that would allow national security agencies to seize citizens' crypto keys. The AG's submission to the Senate inquiry into telecommunications interception outlines the plan, saying that the moves are necessary because new telecommunications technologies are " …

COMMENTS

This topic is closed for new posts.
  1. Jonathan Richards 1

    For information

    The UK analogue of the proposal is Section 49 of the Regulation of Investigatory Powers Act 2000.

    The main difference I see with the Australian proposal is that in Oz an application will be made to "an independent issuing authority" for a warrant. Under RIPA, anyone exercising a UK statutory duty who comes across encrypted information is entitled to issue a S.49 notice if he believes that it is necessary and proportionate (see subsections (1) and (2) at link above). So the Australian proposal has a check and/or balance that the UK RIPA does not have.

    1. Mark 65

      Re: For information

      Independent and yet established by Government. We'll see how independent that ends up.

  2. GrumpyOldBloke

    Increasingly opaque public service demands ever greater transparency from the serfs. The Snowden revelations mentioned instructions from the US to its sycophants to view their citizens as the enemy. Do our public servants loose face before other public servants if they can't sell out their own populations or demonstrate their influence over the elected fools and cowards?

    Perhaps the AG's department could occupy themselves, while waiting for the Australian public to see things their way, by following up on those WMD's that we went to war for. A million dead Iraqis. Who knew it was all lies and when? Another good one might be why the legislation governing the full body scanners at the Oz international airports mentions nothing about the need for the devices to be effective or safe. What or who was the real driver behind the rollout of these devices, why don't they need to be safe and whose decision was that. Is it a criminal matter?

    Maybe ask ASIO why the spying on East Timor seemed to be more about corporate advantage than national security. Could it be the same story when we used a warship to intimidate the Solomon Islands and accused their leader of child porn/abuse offences? Does Bougainville have our sticky fingerprints on it as well?

    There is a whole bunch of useful things the AG's office could be doing in their own backyard before straying even further into ours. That is of course if the law means anything to them other than as a tool of empire. Though whose empire might be another interesting question if they have a moment.

  3. Anonymous Coward
    Anonymous Coward

    WARNING

    The Australian LNP government is as mad as a cut snake.

    Right-wing libertarian religious whack-a-doos.

    1. ewozza
      1. Sorry that handle is already taken. Silver badge

        Re: WARNING

        Those left wing whackadoos tend not to form government

        1. Fluffy Bunny
          Holmes

          Re: WARNING

          Unfortunately that isn't right. The left wing wackos conspire with even more left wing wackos.

          1. Sorry that handle is already taken. Silver badge

            Re: WARNING

            To make more signs?

    2. borkbork

      Re: WARNING

      Sounds more authoritarian than libertarian.

  4. ewozza
    Thumb Down

    Missing the target...

    I'm an Abbott supporter, but this is a stupid idea.

    Criminals can easily circumvent this law using steganography - concealing a hidden message inside another message.

    So they could surrender the "fake" keys, without compromising their real message.

    1. Anonymous Coward
      Anonymous Coward

      Re: Missing the target...

      My sympathies.

  5. This post has been deleted by its author

  6. Sampler

    Shadow moves

    One thing that struck me is recently we had to overhaul our privacy laws to notify our customers we store their data overseas (as our company is based out of the UK it's cheaper for us to borrow their infrastructure than to plant local servers - if albeit a little laggy).

    So one week they make it so it's better for businesses to host data within the country (as you need to inform a customer data is going overseas which may alarm the weak minded) and the next they're saying we have to hand it over in a legible format if they ask for it.

    Well, bravo.

    Second thing, I've just been reading this sad news:

    http://www.theregister.co.uk/2014/03/18/romania_ransomware_murder_suicide/

    I wonder if there's call for a fake CryptoLocker ransomware actual encryption, so you can claim your hacked and can't access the data yourself =)

    1. Michael Thibault
      Flame

      Re: Shadow moves

      Was wondering about the same possibility: suppose there's a entirely-new-to-you encrypted object on/in your (suddenly apparently compromised) system, and you're then asked by the investigative darker powers of occupation for a key that you (obviously) don't have... you are automatically and ever-afterward silently FUCT.

      At least there's someone out there thinking of the children.

  7. Miek
    Linux

    Pointless law: the spooks probably have your encryption keys already.

  8. Denarius
    Unhappy

    even more pointless

    Oz inhabitants can be kidnapped for 14 days without being able to notifying anyone. When thrown back on the street, it is illegal to tell anyone who kidnapped you or why. Just like the various 3rd world hell holes we go to war in. So it is just adding " give us your keys" to the other demands from the faceless process droids. It has become clear spooks and their sycophants are just fronts for USSA business glove puppets.

  9. cortland

    I'm not a cryptographer, but it seems to me this is not as good a tool as it appears. From "How PGP works":

    " As you use PGP, you will typically add the public keys of your recipients to your public keyring. Your private keys are stored on your private keyring. If you lose your private keyring, you will be unable to decrypt any information encrypted to keys on that ring. ". (Emphasis added.)

    Ensuring one's private keyring is destroyed (not just erased) when one is picked up denies anyone the ability to decrypt the messages you've sent and a duress password will do to trigger that; it's possible to fuse the silicon in which the private keys are stored. No amount of threats or after the silicon has melted will recover the passwords needed.

    Surely any criminals competent enough to use strong encryption will be able -- and willing -- to arrange that.

This topic is closed for new posts.