[ISN] Aust Defence wont disclose stance on encryption

From: InfoSec News (isnat_private)
Date: Fri Sep 21 2001 - 00:38:06 PDT

  • Next message: InfoSec News: "[ISN] 'Nimda' - Norwegian For 'Nasty'"

    By Rachel Lebihan, 
    ZDNet Australia
    20 September 2001
    Australias Department of Defence wont disclose if it will answer the
    US governments call to arms in restricting encryption technologies,
    and despite widespread support in the States for a ban on
    cryptography, experts say its unlikely to happen.
    ZDNet previously reported that the question of restricting the use of
    encryption tools is a matter of serious debate in the US, where
    officials have been quick to blame the use of cryptography for the
    surveillance breakdown that failed to detect signs of the recent
    US-focused terrorist attacks.
    The US has called for international support in its encryption
    crackdown but Australian government departments have been quick to
    pass the buck or keep their mouths shut as to whether or not the
    country will rally to support its US counterpart.
    Minister for communications Senator Richard Alstons office didnt
    return phone calls to ZDNet Australia and the Attorney Generals
    department referred the matter to the Department of Defence, which
    said: It goes into the realms of defence and we dont comment on that.
    According to reports from the US, there is widespread support for a
    ban on "uncrackable" encryption products, with 72 percent of Americans
    agreeing that anti-encryption laws would be "somewhat" or "very"
    helpful in preventing a repeat of the September 11 terrorist attacks.
    However, according to Laura Chappell of US-based Protocol Analysis
    Institute, a ban is unlikely to happen. Although over-the-counter
    decryption tools are readily available over the Internet we use the
    same tools for troubleshooting on our own networksto not allow vendors
    to distribute them is impossible, she told ZDNet Australia.
    The encryption issue is a double-edged sword...in the US we want to
    vote electronically so encryption must be tremendously advanced and
    secure. Alternately, we don't want the terrorists to have encryption
    better than our government, she said.
    Chappell believes that although a ban on cryptography wont happen,
    those who write encryption technology will probably cooperate more
    with the government to help them detect when terrorist communication
    is going occurring.
    This is the first time ISPs have really cooperatedthe government
    usually has to bend over backwards until its nose bleeds to get even a
    little cooperation, Chappell said.
    According to Grant Bayley, founder of 2600 Australia (
    www.2600.org.au/), a hub of information on computer security, if there
    are serious moves in the United States to crack down on encryption,
    the Australian Government will surely following suit.
    However, such a privacy-restrictive move isn't likely to be a quick
    one, given that additional laws would need to be created, debated,
    presumably senate-examined and passed, according to Bayley. A sudden
    backflip on privacy enhancements to a position of restricting
    cryptography and allowing much greater government surveillance of
    citizens isn't likely to go down well with an election looming, Bayley
    Bayley said it wouldnt surprise him if developers were asked by the
    government for decryption assistance, however, In my opinion, there's
    more problems associated with putting the genie back in the bottle
    than there have been with letting the genie out.
    I think the non-technical pollies in Washington are looking for every
    reason to avoid pointing the finger at the reduced human capabilities
    of their surveillance and intelligence organisations, he said.
    Alex Shiels, who runs a Web site relating to cryptography, censorship
    and free speech, agrees that no Western government is likely to outlaw
    cryptography because it's essential to the finance and e-commerce
    What we might see though is mandatory key escrow, where users are
    required to lodge their decryption keys with a government agency, to
    be made accessible to law enforcement when a warrant is granted,
    Shiels said, bringing into the debate the fact that corrupt or
    incompetent escrow agency officials could release keys to the wrong
    US corporations are bracing themselves for cyberterrorism attacks.
    Australia needs to do the same. Encryption forms a critical part of
    online security and internet defences. Any government moves to limit
    the use of encryption, including key escrow schemes, will weaken those
    defences, Shiels said.
    At the end of the day, Chappell believes that corporate America will
    win out.
    Corporate America is not going to break down the walls and allow a
    government state.
    What happens in Australia remains to be seen.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Fri Sep 21 2001 - 03:06:28 PDT