Turnbull has been at pains to emphasise the government does not want a "so called" backdoor to access devices and messages. But that is not how the technologists frame this debate.

If Malcolm Turnbull presses forward on threats to force technology companies to better cooperate on countering terrorism by unlocking secret encrypted messages and data belonging to suspected violent plottersthe Prime Minister can expect a heated tussle with America's powerful Silicon Valley.

Turnbull intends to nudge world leaders at the Group of 20 in Germany this week to pressurepredominantly US-based tech giants toshare more readily with authorities the secret digital behaviour of criminal suspects using smartphones and messaging apps.

The world's most valuable companies such as Apple and Facebook are in the crosshairs of like-minded political leaders from Australia, Germany and the United Kingdom.

Criminals are using encrypted devices such as the iPhone and messaging apps likeWhatsApp,Wickr, Telegram Messenger, Signal,SilentCircle,ChatSecureand even the Sony Play Station 4 to covertly plot their crimes.

Even though Donald Trump has presented himself as a tough law and order leader and has often been at loggerheads with progressive Silicon Valley, it appears unlikely that the US President will readily embrace Turnbull's offensive against American tech firms.

Zachary Goldman, co-founder of the Center for Cyber Security at New York University, says: "These are American companies, so in terms of economic competitiveness you are potentially putting at risk the darlings of the American economy."

"The European and Australian governments may not have the same concerns."

Encryption is effectively mathematical algorithms designed to stop hackers accessing information on phones and messaging app communications.

More than 1 billion transactions globally a day are encrypted, including online banking and internet shopping.

Silicon Valley is paying close attention to Australia's posturing.

While Australia is more than a year behind the US in the so-calledprivacy versus securitydebate between tech firms and national security personnel,the battle lines are already well defined.

Apple chief executive Tim Cook wrote an open letter to customers last year after the world's most valuable company refused to build a system to help the FBI unlock the iPhone of a San Bernardino terrorism culprit who jointly killed 14 people.

The FBI wanted to see who else the husband and wife killers had been communicating with and their recent places of movement, to help identity possible accomplices and stop any future attack.

Cook stood firm, arguing that Apple had a duty to protect personal information from conversations, photos, calendars, contacts, financial information and health data.

"The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers including tens of millions of American citizens from sophisticated hackers and cybercriminals," he wrote."The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe."

Trump, then the Republican presidential frontrunner, said at the time that Apple should comply with the California judge's order to help the FBI break into the phone.

"But to think that Apple won't allow us to get into her cell phone.

"Who do they think they are?"

Since the heat of the election, President Trump and US lawmakers have sat pat, in effect siding with technologists, privacy advocates and libertarians suspicious of government intrusion.

These groups have argued that weakening encryption will make people and businesses more vulnerable to cyber hacking criminals.

Turnbull, a former internet entrepreneur, has been at pains to emphasise the government does not want a"backdoor" to access devices and messages.

But that is not how the technologists frame this debate and they view the Prime Minister's argument as semantics.

The tech sector argues that any weakening of encryption is in effect a backdoor for the good guys and the bad guys.

Once a decoding keyis built or a vulnerability is exposed, hackers will do their best to hunt down the decryption method.

AmieStepanovich, US policy manager at Access Now, which is funded by tech firms such as including Facebook, Google, Microsoft, Yahooand human rights groups, says Australia is in a difficult position but risks weakening digital security for individuals and business.

"Weakening encryption won't work because the criminals will beincentivisedto get access to the tools," she says.

"Across the board it will lower the security of the rest of the world."

The government sees it differently.

As the Prime Minister hinted at in interviews with Fairfax Media and the ABC this week, the government believes the tech companies are already aware of flaws and weaknesses in their systems.

With this knowledge, one policy under consideration is to legally compel the companies to give their best effort to access the correspondence and data, without threatening the intellectual property of the tech firms.

The government believes this is more akin to exploiting a vulnerability, not creating a backdoor.

The government may also argue that digital companies already spend billions of dollars protecting their most precious and sensitive IP such as source code, sothe firms could alsodo the same for any information about how to get around their encrypted systems.

Chris Swecker, a retired head of the FBI criminal investigative division, says tech advocates have created an "artificial distinction" between lawful intercept of old tech like cell phone calls and pager messages, compared to new encrypted communications.

"Technology moved way ahead of the legal structure," he says.

"We can't put ourselves in a position where the only guys we catch are the dumb criminals who don't use cutting edge modern technology."

"I believe this technology communications material should be available via a valid court order."

In echoes of that, Turnbull saidthis week that the rule of law must extend to cyber with the appropriate legal authority, such as a court order or warrant.

"We cannot allow these systems to be used as they are at the moment to enable terrorists and other criminals to basically conceal themselves to operate in the dark, a dark that we cannot illuminate and the law must be able to reach into those dark crevices and so that our agencies are able to keep us secure."

Still, any such move by Turnbull would also undermine the commercial interests of tech firms.

Since the 2013 revelations from rogue National Security Agency contractor Edward Snowdenabout the extent of US government spying, sometimes assisted by US telco and technology companies, Silicon Valley has become more circumspect about being seen tocooperate with law enforcement.

Turnbull knows from his time as communications minister that US tech firms like IBM and Cisco Systems suffered commercially in China because the Snowden affair raised perceptions that American hardware vendors were leaving backdoors open for NSA spooks.

If customers believe Silicon Valley is in cahoots with US spies, sales are likely to suffer, especially in large consumer markets such as China and Russia that are suspicious of the US government.

Furthermore, a related argument by technologists is that is that if Western governments like Australia force tech firms to decrypt private data and messages, less trusted foreign regimes such as in China and Russia will do the same against citizens from overseas.

The government has considered this problem too, but is also aware that presently nothing stopssuch regimes already doing this.

Indeed, Russia has tried to compel digital companies to share their source code, while China is forcing tech firms to retain locally their source code and intellectual property.

Encryption was discussed by Attorney General GeorgeBrandisand "Five Eyes"intelligence counterparts from Canada, New Zealand, the United Kingdom and US last week.

NYU's Goldman says there is no costless solution for governments and societies.

"The question is what costs are you willing to bear to accept risk?"

Critics of government-mandated decryption suggest other compromise options such as better training law enforcement to tap into digital data and for government agencies to improve their hacking techniques.

In the San Bernardino Apple iPhone case, the FBIultimately paid a third-party firm to successfully break the device's pass code.

Go here to read the rest:
Malcolm Turnbull faces Silicon Valley fight on encryption - The Australian Financial Review

Street art by Banksy near Hyde Park, London. Credit: David Maddison/Flickr. Some rights reserved.The Five Eyes is a surveillance partnership of intelligence agencies consisting of Australia, Canada, New Zealand, the United Kingdom, and the United States. According to a joint communique issued after the meeting, officials discussed encryption and access to data. The communique states that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism.

In the letter organized by Access Now, CIPPIC, and researchers from Citizen Lab, 83 groups and security experts wrote, we call on you to respect the right to use and develop strong encryption. Signatories also urged the members of the ministerial meeting to commit to allowing public participation in any future discussions.

Read the full letter here.

Security experts and cryptographers are as united in their views on encryption as scientists are on climate change.

Massive surveillance operations conducted by the Five Eyes partnership inherently put the human rights of people around the world at risk. The joint communique commits to human rights and the rule of law, but provides no detail as to how these powerful, secretive spy agencies plan to live up to those commitments. We call for public participation and meaningful accountability now; otherwise, those commitments are empty. Amie Stepanovich, U.S. Policy Manager at Access Now

Our political leaders are putting people around the world at greater risk of crime when they call for greater powers to weaken our digital security. Security experts and cryptographers are as united in their views on encryption as scientists are on climate change. Politicians need to listen to them before they make decisions that could put us all at risk. Jim Killock, ORG

Attempting to undermine the free use and development of strong encryption technology is not only technologically misguided, it is politically irresponsible. Both law enforcement and intelligence agencies have access to more dataand more powerful analytical toolsthan ever before in human history. Measures that undermine the efficacy or public availability of encryption will never be proportionate when weighed against their profound threat to global human rights: encryption is essential to the preservation of freedom of opinion, expression, dissent, and democratic engagement. Without it, meaningful privacy, trust, and safety in the digital sphere would not be possible. Lex Gill, Research Fellow, Citizen Lab, Munk School of Global Affairs

Encryption protects billions of ordinary people worldwide from criminals and authoritarian regimes. Agencies charged with protecting national security shouldnt be trying to undermine a cornerstone of security in the digital age. Cynthia Wong, Senior Internet Researcher, Human Rights Watch

Encryption is used by governments, businesses, and citizens alike to secure communications, safeguard personal information, and conduct business online. Deliberately weakening encryption threatens the integrity of governance, the safety of online commerce, and the interpersonal relationships that compose our daily lives. We must not sacrifice our core values to the threat of terrorism: the solution to such threats must entail better protecting our basic rights and the technologies that advance them. Christopher Parsons, Research Associate and Managing Director of the Telecom Transparency Project at the Citizen Lab, Munk School of Global Affairs

Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types.

Calls to undermine encryption in the name of national security are fundamentally misguided and dangerous. Encryption is a necessary and critical tool enabling individual privacy, a free media, online commerce and the operations of organisations of all types, including of course government agencies. Undermining encryption therefore represents a serious threat to national security in its own right, as well as threatening basic human rights and the enormous economic and social benefits that the digital revolution has brought for people across the globe. Jon Lawrence, EFA

Assurances of strong encryption not only benefit civil liberties and privacy, but the economy as well. A vibrant and dynamic internet economy is only possible if consumers and users trust the environment in which theyre conducting business. While law enforcement and intelligence services have legitimate concerns over their ability to access data, those concerns need to be balanced with the benefits encryption provides to average users transacting in cyberspace. A strong Internet economy, buttressed by the trust that encryption produces, is vital to national interests around the globe. National policies should support and defend, not weaken and abridge, access to encryption. Ryan Hagemann, Niskanen Center

The strength of the tools and techniques that our government and members of the public have and use to secure our nation and protect our privacy is of significant public interest. Transparency and accountability around a nations policy regarding the use of encryption is a bedrock importance in a democracy, particularly given the potential of backdoors to put billions of online users at greater risk for intrusion, compromise of personal data, and breaches of massive consumer or electoral databases. The democracies in the Five Eyes should be open and accountable to their publics about not only the existence of these discussions but their content, removing any gap between what is being proposed and the consent of those governed by those policies. Alex Howard, Sunlight Foundation

Encryption is a vital tool for journalists, activists, and everyone whose lives and work depend on using the internet securely. It allows reporters to protect their confidential sources from reprisal, and to fearlessly pursue stories that powerful actors dont want told. It offers protection from mortal danger for dissidents trying the communicate under repressive regimes. Undermining the integrity of encryption puts lives at risk, and runs directly counter to the mandate of the Five Eyes Signals Intelligence agencies to keep their citizens safe. Tom Henheffer, Executive Director, Canadian Journalists for Free Expression

The answer to concerns on going dark is to help bring our law enforcement and counterterrorism officials into the future, not send encryption to the past. We hope to hear back from the Five Eyes that they were looking for how to adapt to digital security measures, not break them to the detriment of everyday Americans and our national security. As Five Eyes leaders work on a strategy to protect against cyberattacks, it is important to have a transparent process and cooperation between governments and civil society without stifling innovation or weakening other parts of security. Austin Carson, Executive Director, TechFreedom

Strong encryption is essential for modern society. Broken technologies undermine commerce, security, and human rights. Jeramie Scott, EPIC

Any attempt by the U.K. government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation.

Any attempt by the U.K. government to attack encrypted messengers would be nothing less than an attack on the right to a private conversation. Far from making the internet safer, by undermining the technology that protects everything from our bank accounts to our private conversations, governments around the world are putting us all at risk. Transparency is vital around any coordinated plans that could jeopardize both our security and our rights. Silkie Carlo, Policy Officer, Liberty

We increasingly rely on a secure internet for work, personal relationships, commerce, and politics. While we support justifiable lawful intercept with appropriate oversight, we dont think we should be seriously weakening the security of the internet to achieve it. Attempts to weaken encryption will do more damage to our society and our freedom than the possible threats its meant to be protecting us from. Thomas Beagle, Chairperson, NZ Council for Civil Liberties

All sensitive personal data must be encrypted as a matter of human rights to privacy, especially health data, i.e., all information about our minds and bodies, wherever it exists. Today health data is the most valuable personal data of all, the most attractive to hackers, and the most sold and traded by the massive, hidden global health data broker industry. Dr. Deborah Peel, Patient Privacy Rights

We lock our devices for good reason. Introducing backdoors weakens security and violates our right to privacy. The very existence of backdoors means unwelcome guests will come knocking. Linda Sherry, Director of National Priorities, Consumer Action

Originally posted here:
Shielding data from the "five eyes": we need to stand up for encryption - Open Democracy

In the wake of the recent terrorist attacks in London, there is a renewed attempt by global governments to increase surveillance of the internet.

Taking aim at encryption, Malcolm Turnbull stated that, despite it being a vital piece of security for every user of the Internet encrypted messaging applications are also used by criminals and terrorists at the moment much of this traffic is difficult for our security agencies to decrypt, and indeed for our Five Eyes partners as well.

In June, attorney-general George Darth Brandis, along with his Five Eyes counterparts from the UK, US, Canada and NZ, met in Ottawa to discuss ways to weaken encryption and pressure the tech industry to build back doors through which they can spy on global communications.

In response, a joint statement by 83 organisations and individuals from these five countries opposed these plans. The executive officer of Electronic Frontiers Australia, Jon Lawrence, said, Calls to undermine encryption in the name of national security are fundamentally misguided and dangerous. Jim Killock, executive director at the UKs Open Rights Group, said, Security experts and cryptographers are as united in their views on encryption as scientists are on climate change.

At the time of writing, we dont know what decisions were made at the Five Eyes ministerial meeting, but new attempts to circumvent encryption reflect the ways that state surveillance has changed since revelations from US whistleblower Edward Snowden.

In 2013, Snowden shocked the world when he revealed that the US and its allies had created the largest and most complex system of state surveillance that has ever existed. One of the US National Security Agencys most invasive programs was XKeyscore, a searchable database with millions of peoples emails, web browsing histories and more. This also allowed for real-time monitoring of almost any individual around the world while they used the internet.

Just four years later, the state of computer security has changed immensely, making this surveillance more difficult. According to a report published in February by the Electronic Frontiers Federation, more than half of all internet traffic is now encrypted. The expansion of Virtual Private Network services and use of the Onion Router (TOR) has made it easier for everyone to remain anonymous online. However, the development that is of most concern to the likes of the NSA is the widespread use of encrypted mobile devices and messaging applications such as Signal and WhatsApp.

These applications use a method called end-to-end encryption in which messages are encrypted, and the tools to decrypt those messages exist only on the device of the sender and receiver. Therefore, a company like WhatsApp cannot read the messages sent through its servers. As a WhatsApp spokesperson said in 2016 as part of an ongoing court case brought by the Brazilian government, We cannot share information we dont have access to.

Years before James Comey began presenting himself as the supposed good guy of the US establishment, the then FBI director railed against the use of domestic encryption tools. In 2015 he stated, If the challenges of real-time interception threaten to leave us in the dark, encryption threatens to lead all of us to a very dark place.

He pressured companies such as Apple to build back doors to bypass encryption. While the intelligence agencies recognise that they cannot currently break modern encryption algorithms, they have focused their resources on trying to get around them by hacking directly into mobile devices.

This strategy was demonstrated in March when whistleblower website WikiLeaks released Vault 7, the largest ever publication of confidential documents leaked from the CIA. Additional leaks this year by hacking group Shadow Brokers have further revealed the extent of the intelligence agencies hacking capabilities. These documents show that the US has been developing, purchasing and stockpiling security vulnerabilities in Apple and Android mobile devices. Exploiting these vulnerabilities has allowed them to read WhatsApp or Signal messages as they are being typed or read.

One of the most damning leaks in Vault 7 revealed that the CIA had discovered how to turn Samsung Smart TVs into covert listening devices, even when they are turned off.

The recent WannaCry and Petya ransomware attacks, which caused immense damage across the world, both used security holes codenamed EternalBlue that had been stockpiled by the CIA and deliberately left open. While the CIA did not intend these vulnerabilities to be used in this way, it is the inevitable result of keeping software insecure and creating back doors.

With leaks from the CIA and the NSA exposed, these security flaws are now being fixed, making it more difficult for the agencies to continue their spying activities. This explains the increased push from Five Eyes countries to force tech companies to install back doors so they can bypass encryption.

However, the argument that states should have the right to bypass encryption to stop terrorism simply doesnt hold up. It would be ludicrous to suggest that turning Smart TVs into listening devices is about stopping ISIS. It has always been about developing tools for mass surveillance, and now increasingly for espionage and cyberwar. This has been seen before. For example, the worm Stuxnet was written by the US and Israel and used to target Iranian nuclear facilities.

It is not a question of whether governments will one day use these hacking techniques for domestic surveillance they already do. On 30 June, it was revealed that Centrelink has been paying Israeli hacking company Cellebrite to break into mobile phones. The methods used are the same ones Cellebrite developed in 2015, when it helped the FBI break into an iPhone as part of the San Bernardino terrorism case.

It is now known that government departments such as the Australian Tax Office and the Department of Employment have paid around $500,000 to Cellebrite for equipment and training to hack into phones.

In the debate about metadata storage, George Brandis was adamant that the government wasnt after the content of Australians communications, just who we are talking to. These new revelations and the entire debate about encryption show that the content is exactly what they are after. No matter the justification, we should resist any attempt to weaken encryption and our right to privacy.

See the original post here:
Weakening encryption is an attack on our freedom - Red Flag