[ISN] Australian Crypto Laws (Walsh)

From: mea culpa (jerichoat_private)
Date: Sun Jan 17 1999 - 17:01:11 PST

  • Next message: mea culpa: "[ISN] NT 4.0 flunks cryptography test"

    Forwarded From: Paul Boehm <typoat_private>
    Originally from: gtaylorat_private, tomat_private & www.quintessenz.at
    
    
    EFA has obtained access to an uncensored copy of the "Review of Policy
    relating to Encryption Technologies" (the Walsh Report) and this has now
    been released online at:
    http://www.efa.org.au/Issues/Crypto/Walsh/index.htm The originally
    censored parts are highlighted in red. 
    
    The story behind this is a rather comical example of bureaucratic
    incompetence.  Revisiting a little history, the report was prepared in
    late 1996 by Gerard Walsh, former deputy director of the Australian
    Security Intelligence Organisation (ASIO).  The report had been
    commissioned by the Attorney-General's Department in an attempt to open up
    the cryptography debate in Australia.  It was intended to be released
    publicly and was sent to the government printer early in 1997.  However,
    distribution was stopped, allegedly at a very high (i.e. political) level. 
    
     EFA got wind of this and applied for its release under FOI in March 1997. 
    This was rejected for law enforcement, public safety and national security
    reasons.  We persisted, and eventually obtained a censored copy in June
    1997, with the allegedly sensitive portions whited out.  The report was
    released on the EFA website, and in the subsequent media coverage the
    department claimed that the report was never intended to be made public, a
    claim that is clearly at odds with Gerard Walsh's understanding of the
    objectives, as is obvious from his foreword to the report.
    
    It has now come to light that the Australian Government Publishing
    Service, which printed the report, lodged "deposit copies" with certain
    major libraries.  This is a standard practice with all Australian
    government reports that are intended for public distribution.  ....  To
    this day, the report remains officially unreleased, except for the
    censored FOI version.  Interestingly, several Australian government sites
    now link to the report on the EFA website. 
    
    Quite possibly, this situation would have remained unchanged, except for
    an alert university student who recently stumbled across an unexpurgated
    copy of the report, gathering dust in the State Library in Hobart.  The
    uncensored version has now replaced the censored report at the original
    URL. 
    
    The irony of this tale is that the allegedly sensitive parts of the
    report, which were meant to be hidden from public gaze, are now
    dramatically highlighted.  The censored sections provide a unique insight
    into the bureaucratic and political paranoia about cryptography, such that
    censorship was deemed to be an appropriate response.  The official case
    for strict crypto controls is now greatly weakened, because much of the
    censored material consists of unpalatable truths that the administration
    would prefer to be covered up, even though the information may already be
    known, or at least strongly suspected, in the crypto community. 
    
    This apparent unwillingness to admit the truth is an appalling indictment
    on those responsible for censoring the report. It is indicative of a
    bureaucracy more anxious to avoid embarrassment and criticism than adhere
    to open government principles and encourage policy debate.  Even worse,
    the censorship was performed under the mantra of law enforcement and
    national security, a chilling example of Orwellian group-think. 
    
    There are also some controversial recommendations in the report that
    demand attention, since they could well be still on the current policy
    agenda, in Australia or elsewhere.  Examples are proposals for legalised
    hacking by agencies, legalised trap-doors in proprietary software, and
    protection from disclosure of the methods used by agencies to obtain
    encrypted information, an apparent endorsement of rubber- hose
    code-breaking.
    
    On top of all this is the matter of allegedly sensitive material being
    released to public libraries.  It would seem that a number of copies have
    been gathering dust now for at least a year.  So far the sky hasn't
    fallen, nor has the country succumbed to rampant threats to national
    security. 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:16:21 PDT