Australia Wants to Take Government Surveillance to the Next Level


Australia Wants to Take Government Surveillance to the Next Level

A new bill will help its intelligence agencies circumvent encryption. And what starts Down Under won’t necessarily stay there.

By Lizzie O’Shea Sept. 4, 2018

SYDNEY, Australia — A state’s capacity to spy on its citizens has grown exponentially in recent years as new technology has meant more aspects of our lives can be observed, recorded and analyzed than ever before. At the same time, much to the frustration of intelligence agencies around the world, so has the ability to keep digital information secret, thanks to encryption.

That’s why the main intelligence agencies of the Anglophone world are now hoping that Australia will lead the charge in developing ways to get decrypt information at will, and to tap into data that was previously kept secret. A proposed law, the draft of which was released last month by the cybersecurity minister, is an aggressive step in that direction.

We should all be worried, because it’s not just criminals or terrorists who use encryption, but every one of us. We use encryption to buy things online, manage our finances, and communicate personally and professionally.

Hospitals, transportation systems and government agencies use encrypted data. Creating tools to weaken encrypted systems for one purpose weakens it for all purposes. If Australia succeeds in doing so, it could be your bank account or your medical records that are compromised in the end.

This particular bill has been more than a year in the making. At the June 2017 meeting in Ottawa of the Five Eyes — the intelligence alliance made up of the United States, Britain, Australia, Canada and New Zealand — Australia made a point of the need for states to find ways to overcome encryption. A joint communiqué that came out of the meeting noted that encryption can “severely undermine public safety efforts” and committed Five Eyes members to working with technology companies to “explore shared solutions.”

The Australian government set about translating this objective into law. The release of the bill, which came just before the latest meeting of the Five Eyes in Australia last month, which confirmed the strategy. No doubt Australia’s intelligence and law enforcement establishment were thrilled with this proposal.

Australia, which has no bill of rights, is a logical place to test new strategies for collecting intelligence that can later be adopted elsewhere. Among other things, the proposed law would create a process for “designated communications providers” — defined so expansively that it covers any business hosting a website — to assist intelligence and law enforcement agencies to do almost anything to give them access to encrypted communications. For example, providers may have to build tools, install software or keep agencies up-to-date with developments. In essence, state agencies will be able to circumvent encryption, either with the cooperation of tech companies or by compulsion.

The government has been quick to claim that this is not a back door, and the bill prohibits requests to companies to create “systemic” weaknesses. But this prohibition is ambiguous, and the reporting and accountability safeguards are minimal.

The truth is that there is simply no way to create tools to undermine encryption without jeopardizing digital security and eroding individual rights and freedoms. Hackers with bad intentions will do their utmost to take advantage of any such tools that companies are forced to provide the government.

There are good reasons to be deeply wary of granting powers to state agencies to build and hoard tools that weaken technological infrastructure. Last year, the WannaCry ransomware threw Britain’s National Health Service into chaos. The attack exploited a vulnerability in Microsoft software. According to Microsoft, the United States National Security Agency had discovered the vulnerability well before the ransomware was released, but decided against disclosing it to Microsoft to fix, and thereby protect the information systems used by the health service.

Industry figures and experts argue that the N.S.A. was seeking to accumulate a kind of digital arsenal — it could use the vulnerability for its own intelligence purposes while it remained unpatched. The problem was that at some point, intelligence about the vulnerability was apparently stolen. Only then did the N.S.A. tell Microsoft about its existence. As Microsoft pointed out, this was the equivalent of a Tomahawk missile going missing. British patients paid the price.

Seemingly in response to such criticisms, the bill in Australia prohibits the government from preventing a company from repairing such a vulnerability. But this is cold comfort: The N.S.A. didn’t need to prevent Microsoft patching the problem because Microsoft didn’t even know it existed.

The WannaCry attack illustrates how intelligence agencies prioritize their own interests. If we give state agencies more power to build tools to circumvent encryption, not only do we expose ourselves to the risk that they can be stolen, we are forced to trust that these agencies will behave responsibly. The evidence to date suggests the opposite.

Worse still, the Australian government hardly has the best reputation for keeping things safe. In recent times, it has lost control of medical data; one of its military contractors was hacked and lost “large amounts” of data; a cabinet full of secret documents even turned up this year in a secondhand furniture store. Just think about how easily sophisticated criminals might be able to get their hands on any digital tools for getting access to encrypted communications.

When Edward Snowden revealed in 2013 that the American and British spy agencies had tried to weaken encryption so that they could tap digital communications, cryptography scholars voiced their shock that these agencies would act “against the interests of the public.” “By weakening all our security so that they can listen in to the communications of our enemies,” they wrote, “they also weaken our security against our potential enemies.”

The same is true today. The Australian government is testing the limits of our democracy by seeking to empower the surveillance state, and what it learns will have implications globally. We need to take a stand against this power grab by state agencies, and reject the idea that encrypted communications undermine security. Quite the opposite: They are complementary.

Lizzie O’Shea (@Lizzie_OShea) is a human rights lawyer who is writing a book about technology and politics.

https://www.nytimes.com/2018/09/04/opinion/australia-encryptian-surveillance-bill.html

Comments

Post a Comment

Popular posts from this blog

BMW traps alleged thief by remotely locking him in car

BMW traps alleged thief by remotely locking him in car Stealer's Wheel? Seattle police department quotes "Watchmen" movie in a recap of the recent arrest. Tech Culture by Gael Fashingbauer Cooper December 4, 2016 5:00 PM PST It's maybe the most satisfying arrest we can imagine. Seattle police caught an alleged car thief by enlisting the help of car maker BMW to both track and then remotely lock the luckless criminal in the very car he was trying to steal. Jonah Spangenthal-Lee, deputy director of communications for the Seattle Police Department, posted a witty summary of the event on the SPD's blog on Wednesday. Turns out if you're inside a stolen car, it's perhaps not the best time to take a nap. "A car thief awoke from a sound slumber Sunday morning (Nov. 27) to find he had been remotely locked inside a stolen BMW, just as Seattle police officers were bearing down on him," Spangenthal-Lee wrote. The suspect found a ke...
Read more

Report: World’s 1st remote brain surgery via 5G network performed in China

World’s 1st remote brain surgery via 5G network performed in China Published time: 17 Mar, 2019 13:12 ·           A Chinese surgeon has performed the world’s first remote brain surgery using 5G technology, with the patient 3,000km away from the operating doctor. Dr. Ling Zhipei remotely implanted a neurostimulator into his patient’s brain on Saturday, Chinese state-run media  reports . The surgeon manipulated the instruments in the Beijing-based PLAGH hospital from a clinic subsidiary on the southern Hainan island, located 3,000km away. The surgery is said to have lasted three hours and ended successfully. The patient, suffering from Parkinson’s disease, is said to be feeling well after the pioneering operation. The doctor used a computer connected to the next-generation 5G network developed by Chinese tech giant Huawei. The new device enabled a near real-time connection, according to Dr. Ling.  “You barely feel that th...
Read more

New ATM's: withdraw money with veins in your finger

New cash machines: withdraw money with veins in your finger Cash machine technology that reads the pattern of finger veins is already available in Japan and Poland   By Telegraph Reporters 6:59PM BST 15 May 2014 Cash machines could soon be installed with devices that identify customers by reading the veins in their fingers. The technology is already being rolled out in Poland, where 1,730 cash machines will this year be installed with readers, negating the need for a debit card and Pin. Developed by Hitachi, the Japanese electronics firm, the machines read the patterns of the veins just below the surface of the skin on your finger using infra-red sensors. The light is partially absorbed by haemoglobin in the veins to capture a unique finger vein pattern profile, which is matched to a profile. The technology is used by Japanese banks and also in Turkey, offering “groundbreaking levels of accuracy and speed of authentication”, Hitachi said, which in t...
Read more