![\"Image](\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/06\/neo-urban-1734495_640.jpg\" "\\"Image")
<\/p>\n<\/p>\n
The debate about law enforcement access to encrypted communications<\/a> has flared up again recently. It seems that everyone has a view on the subject, including a string of American visitors to our shores: US Senator John McCain<\/a>, former Director of National Intelligence James Clapper<\/a> and security advisor Jake Sullivan<\/a>. Local commentators on security issues have a view as well, including ASPI\u2019s own Jacinta Carroll<\/a>. And Australia\u2019s Attorney-General has said<\/a> that the government wants the law to be<\/p>\n \u2018\u2026sufficiently strong to require companies, if need be, to assist in response to a warrant to assist law enforcement or intelligence to decrypt a communication.\u2019<\/p><\/blockquote>\n This is a tricky public policy issue by any standard, and a sensible discussion requires some history to put the contemporary debate into perspective. The first thing to note is that this isn\u2019t a case of the government wanting expanded powers under the justification of new security threats. It\u2019s more a case of running to stand still\u2014that is, governments around the world are trying not to lose capabilities they have enjoyed for some time. (For those keeping score, it seems to go back to around 1653<\/a> where Parliamentary systems are concerned.)<\/p>\n This post looks at how the world used to be for security agencies. I\u2019ll come back to the contemporary challenges in a later one. Bear with me for some legalese to start with. The legislative basis for the Australian government to gain access to domestic telecommunications is the Telecommunications (Interception and Access) Act 1979<\/a>. Section 191 of the Act<\/a> says that:<\/p>\n \u2018Each carrier supplying a particular kind of telecommunications service that is not covered by any determination under section\u00a0189<\/a> but that involves, or will involve, the use of a telecommunications system must ensure that the kind of service or the system has the capability to:<\/p><\/blockquote>\n enable a communication passing over the system to be intercepted in accordance with an interception warrant; and<\/p><\/blockquote>\n<\/li>\n transmit lawfully intercepted information to the delivery points applicable in respect of that kind of service.\u2019<\/p><\/blockquote>\n<\/li>\n<\/ol>\n (Section 189 grants The Attorney-General the ability to use legislative instruments to \u2018make determinations in relation to interception capabilities applicable to a specified kind of telecommunications service\u2019. The issuing of warrants is covered in Section 9<\/a>.)<\/p>\n In other words, a compulsory condition of being allowed to provide telecommunications in Australia is that the carrier must provide the government with access when presented with a warrant. In the days of copper telephony\u2014which was pretty much all that was around when the Act was first drafted\u2014almost all of the accessed communications would be unencrypted. (It\u2019s likely that the main exception was encrypted communications to and from foreign embassies.)<\/p>\n Individuals associated with politically motivated violence or other groups of interest to the police and ASIO wouldn\u2019t have had access to an encryption system. The telecommunication providers of the time had to adhere to a few industry standard protocols, most devices were analogue, and there was no internet data to worry about.<\/p>\n The landscape is now entirely changed. We now have a panoply of wholesale and retail suppliers of bandwidth, along which travels a wide variety of signal types. At both ends of the communication path data can be manipulated by apps and programs widely available on the world market. The providers of the \u2018pipes\u2019 that carry the data still have to provide access as per the Act, but now there\u2019s a much higher probability that intercepted data won\u2019t be immediately usable or, in the worst case for security agencies, won\u2019t be able to be exploited in time to be useful.<\/p>\n Another significant change from the 1970s is that governments were in many ways at the cutting edge of cryptographic techniques. Capabilities developed over decades of experience in two world wars and the Cold War were ahead of those in the private sector. In fact, the US government pushed secure cryptography out into the commercial sector, in an early and successful attempt to protect commercial and financial sector transactions. The National Bureau of Standards, with significant input from the National Security Agency (NSA), released an IBM-designed cipher system in the late 1970s.<\/p>\n The Data Encryption Standard (DES) (technical description here<\/a>) was used by the US Government for protecting sensitive but not national security classified information, and by banks and other businesses from 1977\u20132001. Not surprisingly, the involvement of the NSA led to some suspicions that \u2018back doors\u2019 had been engineered in. The NSA promulgated a modification to the scheme at one stage, prompting suspicions that the DES was being deliberately weakened to allow NSA access to encrypted material.<\/p>\n In fact, the suggested changes strengthened<\/em> DES against a cryptologic attack known to the NSA at the time<\/a>, but not discovered in the \u2018outside\u2019 world until the late 1980s. Through that pre-emptive measure, the NSA significantly strengthened the ability of the wider community to safely store and transmit data. Of course time marches on, and computing power caught up with the simplest version of DES. Although more complicated variations remain secure today, it has been replaced by the Advanced Encryption Standard<\/a>.<\/p>\n\n