|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||
The Walsh Report
CHAPTER 1
CONCLUSIONS AND FINDINGS
1.1 Conclusions
1.1.1 The relationship of the individual to society is determined by an
elaborate series of structured and informal arrangements. That our society
should be an open, pluralist, democratic, ethnically diverse one, eschewing
discrimination on the grounds of age, gender, religion, race, physical or
intellectual handicap or any other discriminator which denies dignity is
universally agreed.
1.1.2 Individuals living in community cede certain rights and
privileges to ensure order, equity and good government, even if sometimes
reluctantly. To this end, a lawful right to conduct intrusive investigations
has been given to law enforcement and national security agencies and to
ensure the exercise of those intrusive powers is properly controlled,
various forms of oversight and a package of administrative law measures have
been instituted. These have produced a significant increase in public
accountability, but our time is characterised by a mistrust of all powerful
institutions which seek to limit the freedoms of ordinary citizens.
1.1.3 The general availability to the individual of data security,
whether for storage or communications, will alter the relationship between
the citizen and the state. It will mark a rare opportunity, in the second
half of this century, when advantage moves in the citizen's favour. In
recent years the balance has shifted markedly to the advantage of the state
and to law enforcement and national security, as technology and computing
power have provided powerful investigative tools to trace or profile
individual subjects. 1 As long ago as 1890 the Harvard Law Review decried
the threat to privacy which 'recent inventions and business methods' posed -
the invention was black and white photography and the methods invasive
investigations by brash newspapers! 2 The Review accepts the considerable
and necessary benefit which cryptography will bring to the citizen, not only
for confidentiality but also for authenticity, integrity and
non-repudiation. It is, however, only confidentiality services with which
this Review is concerned.
1.1.4 The point is strenuously made by law enforcement and national
security representatives that loss of access to real-time communications and
to data stored electronically would have a significant and deleterious
effect on investigative capability. That effect would be the loss of
tactical intelligence by which their investigations are directed, the denial
of evidence which may secure the prosecution of serious criminals,
significant on-costs and increased risk.
1.1.5 This Review was commissioned by the Commonwealth and is directed
to Commonwealth requirements. The terms law enforcement and national
security have, therefore, a clearly intended Commonwealth application when
specific matters are addressed. Law enforcement is primarily taken by the
Review to embrace the Australian Federal Police (AFP) and the National Crime
Authority (NCA). In a secondary sense, it includes the Australian Customs
Service (ACS), the Australian Transaction Reports and Analysis Centre
(AUSTRAC) and the Commonwealth Law Enforcement Board (CLEB). National
security is taken to refer specifically to the Australian Security
Intelligence Organization (ASIO). But these matters, law enforcement in
particular, cannot be isolated in a federal sense. The Review consulted with
the police services of New South Wales and Victoria as major representatives
of State and Territory police services. The conclusions at which the Review
arrived have equal application for the States and Territories and the nature
of the challenge of encryption dictates that responses and solutions be
nationally based. There will be a need for complementary, coherent and
consistent action by the Commonwealth, the States and Territories in this
matter.
1.1.6 The public availability of encryption has drawn differing
responses from governments. This review has confined its study to
cryptography, of which encryption is the process by which data is
transformed into an unintelligible form, so the original data cannot be
obtained or cannot be obtained without using the inverse decryption process.
It has not concerned it self with other forms of data manipulation, such as
steganography or data compression, which may cause difficulty in
understanding the meaning of the data. Some countries, such as France,
Israel, Belgium and China, have limited the importation of encryption
systems and products and effectively mandated the escrowing of keys. Burma,
in late September 1996, banned connections to the Internet. In days of
cyberspace access, any attempt hermetically to seal borders seems an
exercise in futility. Other countries, such as the United States and the
United Kingdom, while proposing voluntary national arrangements which place
conditions on the use of encryption, have not excluded the prospect of
mandatory arrangements.
1.1.7 Recognising the importance of the information and communications
revolution to Australia's development and to the needs of electronic
commerce, successive Governments have favoured a process of self-regulation
to deal with encryption policy, believing competition and consumer demand
will ensure the interests of all sectors are addressed.
1.1.8 While the needs of electronic commerce, intellectual property and
the protection of safety-critical industrial 'processes may be attended by
self- regulation, the requirements of law enforcement, security and privacy
stand somewhat apart. It is a paradox that the purposes for which
cryptographic methods may be used can be mutually conflicting - providing
the security needed to move vast streams of commercial, financial and
medical data across open networks and providing impregnable communications
security for terrorists and organised crime to wreak their havoc on society.
The challenge for all governments is to secure a balanced policy outcome.
1.1.9 Law enforcement and national security need to be able to collect
the tactical intelligence and evidence critical to the effective prosecution
and coordination of their inquiries. There was an understandable concern
mentioned by some that government may be seeking to enhance the powers of
law enforcement and security under the guise of a paradigm shift in
technology. That is not so. The objective of the review was to ensure
investigative capability was maintained, while privacy and civil liberties
were preserved. The Review was satisfied the availability of real-time
decrypted communications is central to the investigative capability of law
enforcement agencies and the national security service.
1.1.10 It was not clear, at the time the Review concluded, what public
form of key management infrastructure would be required in Australia. There
was a period, not so much earlier, when it was automatically accepted that
independent entities would generate and archive keys. Developments in
technology see individuals capable of generating their own keys reliably,
but it remains likely that many will rely on a commercial independent entity
to assist in data retrieval. The notion of 'trust' will be central to any
system of electronic commerce or third parties. It is difficult to imagine
all individuals will be able or inclined to establish themselves the
networks of trust necessary to engage in business with confidence. In view
of the premium to be placed on trust and the high potential for corruption
in the third party service provider area, a system of integrity screening
and registration for providers is indicated. The process adopted by casino
authorities should prove a useful model.
1.1.11 The need for certification facilities (affording a level of
authentication or confidence in a person's private key) is clear and the
sort of structural and procedural model provided in the Public Key
Authentication Framework (PKAF) seems widely to be accepted. Clear
indication of government support by, for instance, an announcement of
intended usage of the system, would be timely and provide an urgently
required planning base. For the purposes of electronic commerce, there will
be a need for legislation to give digital signatures the equivalent force
and effect of a witnessed hand-written signature. As in the case of third
party service providers, a form of vetting and registration of those who
would offer certification authority services is indicated.
1.1.12 A certification authority is neither an escrow agency nor a
trusted third party; it will not retain or archive key materials unless
specifically requested by customers to do so and then only under contractual
conditions that remove any liability which may flow from compliance with
lawful orders to produce such materials to instrumentalities of the state.
Its function relates to certifying to the integrity or personal ownership
for both authentication and confidentiality purposes, to authenticating
digital signatures for commercial, legal, evidentiary and similar purposes.
1.1.13 Some may argue the more organised, or 'professional', criminal
elements would be unlikely to rely on any service providers, too easily
risking becoming hostages to fortune - a view recited by all law enforcement
agencies consulted by the Review. But convenience, lethargy and a lack of
discipline repeatedly prove themselves capable of overcoming such caution,
at least among the less professional strata. In such circumstances, they may
be few or many, government agencies could seek search warrants to obtain
'keys' where these were held either by the subject of the investigation or
the registered third party service provider.
[para 1.1.14 not available]
1.1.15 In light of this situation, the Review does not recommend
mandatory third party arrangements. Some form of voluntary third party
service seems an inevitable development, however, for electronic commerce
and intellectual property reasons, as well as interoperability and
international agreements. It is likely to prove of limited assistance to law
enforcement and national security investigations.
1.1.16 Any attempt to prohibit the importation of cryptographic
materials would be misguided and harsh to the privacy rights of all
citizens. Strong commercial encryption is in the national interest and a
role can be argued for government to advise the community about the
integrity/vulnerability of systems and products. On this note, the national
interest strongly suggests Australia should not be dependent on products
originating in one country. The risk of national dependence on the United
States, which manufactures the majority of the world's software, would at
least be reduced by diversification of supply and there is scope for
government to take a lead here. There is, of course, some hope that the
technology which passes through generations in the blink of an eye [a Web
year was described to the Review as 90 days and going down!] may provide
some comfort to law enforcement and national security. In the meantime, some
practical suggestions are made.
1.1.17 Changes should be made to strengthen focussed investigations of
the AFP, the NCA and ASIO, to review the sanctions for non-compliance with
directions to produce and to protect more effectively sensitive operational
methods used by these agencies to acquire access to encryption keys or
systems. There should be no change to the tests to be satisfied before
warrant requests are approved - they should remain as stringent as they are
today. Nor should there be any change to oversight arrangements.
1.1.18 The wide and easy availability of cryptography will enhance the
privacy of citizens, where they have control over the use to which data is
being put. It should allow some protection against the data-matching,
profiling and peddling of personal information for commercial gain which
have become endemic, through ignorance or obfuscation of the need for
informed consent. 3 It will adversely impact on the capability and
investigative approach of law enforcement agencies and the security service
and may, consequently, provoke some redefinition of that fundamental
relationship between citizen and state. To presage the imminent end to
civilisation, however, which some foreign law enforcement advocates assert
will ensue should their favoured approach not be adopted, is neither a novel
prophecy nor lends substantial assistance to the debate.
1.1.19 The work of the sub-group of the Organisation for Economic
Cooperation and Development (OECD), tasked with developing draft guidelines
on cryptography, is important. The aim is a framework of principles
addressing the needs of the global village. 4 Electronic commerce
requirements, if nothing else, will likely dictate some common
infrastructure to guarantee interoperability. If the European Union, the
United States or Japan, for example, or any combination of these, was to
muster sufficient support for a particular model, Australia would be foolish
not to follow suit. At this stage, however, there is no such agreement and,
hence, no need to take an independent policy position on this issue.
1.1.20 The conundrum for government is the encryption genie is out of
the bottle: a genie with the potential to enhance data security and personal
and corporate privacy but also to provide a shield of invisibility for
criminals and others. While the pace of change continues relentlessly, the
most appropriate policy response remains to watch developments closely, to
reinforce and protect the investigative capacity of law enforcement and the
security service, to maintain the requirement that telecommunications
services provided by carriers be susceptible to interception, to progress
the development of the OECD guidelines on cryptography, to ensure
appropriate arrangements for the screening, performance standards and
registration of third party service providers and certifying authorities are
put in place, to coordinate policy and technical development which may
provide a solution to public safety needs and to stimulate public discussion
of and involvement in the search for a truly balanced solution.
1.1.21 The implications for law enforcement and national security of
encryption, though significant, appear dwarfed by the potential fiscal
consequences, particularly when allied to more powerful processing and the
progressively increasing capacity for individuals to engage in anonymous
transactions. They are matters, however, outside the Terms of Reference.
1.2 Findings
1.2.1 The main finding of the Review is that major legislative action
is not advised at this time to safeguard national security and law
enforcement interests in the face of the challenge presented by
cryptography, though a range of minor legislative and other actions are
indicated.
[remainder of para 1.2.1 not available]
1.2.2 The option recommended by the Review to cater for national
security and law enforcement interests in the face of the encryption
challenge is to strengthen and further protect the investigative capability
of those agencies, to recast the relevant statutory provisions in clear
purpose terms to prevent premature aging and to consider the introduction of
a new statute (the Aid to Public Safety Act is proposed) which would
aggregate the various intrusive investigative powers, or at least those in
the Attorney-General's portfolio, into one place. This would facilitate the
process of review, as indicated by changes in technology or circumstance,
and likely engender a more controlled public discussion.
1.2.3 Australia has not been disadvantaged by the absence of policy
decisions on the issue of key management infrastructure. Many foreign
governments have moved early, but not necessarily to advantage. The rate of
technological change, developing public knowledge and expectation of the
Global Information Infrastructure and the reaction to the control mechanisms
attempted by some governments suggest, generally, a continuation of this
course. The immediate exception, on public administration grounds rather
than anything else, would be the introduction of screening and registration
procedures for third party service providers and certifying authorities. The
third quarter of 1996 saw more intensive global engagement on this issue
than any comparable earlier period. The greater risk for Australia, in the
short term, is the lack of certainty about who is directing government
policy and who, therefore, is coordinating the work progressing across a
range of fronts. That is an issue which needs urgently to be addressed.
1.2.4 The Review's findings are set out against each term of reference.
Those of a broader nature, which do not specifically relate to a particular
term of reference, have been aggregated under term number 2.
Term of Reference 1. The Review is to examine whether legislative or
other action should be taken to safeguard national
security and law enforcement interests in the light
of the rapid development of the Global Information
Infrastructure and the continuing need to safeguard
individual privacy.
Findings:
1.2.5 The Review does not support legislative action at this stage to
prescribe a form of key management infrastructure accessible by government
for purposes of national safety, but overseas proposals and developments
will need to be kept under close watch. The effort within the OECD to
develop draft guidelines on cryptography is worthwhile and should provide a
useful framework for national and international approach to this issue. A
further Review is recommended late in 1997, when technology will have
advanced further, any early impact of deregulated communications will be
apparent, the position of other countries such as Britain and the United
States will be clearer (both plan to introduce legislative measures), the
OECD work will be largely concluded and the position Australia might best
adopt to balance its national security and law enforcement interests with
its support for electronic commerce, privacy and continuing access to the
communications and information revolution, might be clearer. (paragraphs
3.4.1-3; 3.7.1-7; 4.5.11-16; 4.6.1-2; 5.1.5-9 refer)
1.2.6 The Review found a lack of clarity as to which Minister and which
department had responsibility for cryptography policy and the consequent
danger of a lack of coordination in policy development. These deficiencies
need to be overcome. (paragraphs 2.3.1-2; 3.4.3-5; 6.1.1-4 refer)
1.2.7 The Review identified a number of areas where legislative action
might be taken to ensure Australia's national security and law enforcement
interests. These are set out at term 3(c).
Term of Reference 2. The objective of the Review will be to present
options for encryption policies and legislation
which adequately address national security, law
enforcement and privacy needs while taking account
of policy options being developed to address
commercial needs.
Findings:
1.2.8 The Review does not recommend specific options for encryption
legislation at this time. The policy options being developed to address
commercial needs are as yet inchoate. The process of developing guidelines
on the use of cryptography by the OECD Ad Hoc Group of Experts is still 6
months from conclusion and international agreements based on such a
framework would seem to represent the only basis for trusted third party
encryption of telecommunications. 5 (paragraph references as per 1.2.5)
1.2.9 There is no draft proposal at large which meets well the
competing demands of law enforcement/national security, privacy and
commercial needs. (paragraphs 4.5.1 1; 4.6.2; 4.7.1-6 refer)
1.2.10 The conceptual difficulty in resolving those tensions in one set
of arrangements is exacerbated by the requirements of law enforcement and
national security being predicated on access, while privacy and commercial
needs are predicated on protection.
1.2.11 There seems no compelling reason or virtue to move early on
regulation or legislation concerning cryptography. Law enforcement and
national security agencies have certainly experienced difficulty where
subjects of investigation have refused access to encrypted stored data and
it has not been possible for them or other agencies to decrypt this
material. It is questionable, though, whether any range of policy decisions
concerning key management would have altered this situation materially. For
the present, the investigative capability of the agencies is not
significantly affected. (paragraphs 3.2.1-4; 3.5.3-4; 4.1.2 refer)
1.2.12 To ensure policy positions are properly coordinated and reflect
the interests of the different parts of government, it would be preferable
if these followed decisions by Ministers on policy responsibility, were
coordinated by a standing inter-departmental committee and that the
committee was constituted at an appropriate level. (paragraphs 3.4.2-5
refer)
1.2.13 For reasons of electronic commerce and international cooperation
in the law enforcement and national security areas, Australia's policy
positions must mesh with those of her major trading and cooperating
partners. While a few countries have made public policy commitments, these
are likely further to change. International acceptance of the OECD draft
guidelines on cryptography, the drafting of which is due to conclude early
in 1997, may provide a basis for that consistency in national approach
essential for the GII. (paragraphs 4.6.1-4 refer)
Term of Reference 3(a). Key factors to be addressed include Australia's
national security and defense interests;
Findings:
1.2.14 While national security and defense interests provided the
framework within which the other terms of reference in paragraph 3 were
examined, the injunction in the first term of reference of the Review to
have regard for the continuing need to safeguard individual privacy and a
reminder of that at term 3(d) provided some tension when different
requirements were to be served. The approach of the Review was to seek to
strike a balance, leaving the privacy advantage with the community as a
whole when the security or defense interests, taken at their broadest, were
unable to demonstrate an impediment to the performance of their functions
and model mechanisms of control either failed or were oppressive.
Term of Reference 3(b). an assessment of the present state of encryption
technology and prospective developments in
encryption technology over the next few years
likely to impact on Australia's national security
and law enforcement interests;
Findings:
[paras 1.2.15 and 1.2.16 not available]
1.2.17 The likely trend will be from software encryption applications
with separate keys generated by the individual's computer system or an
independent entity to primarily hardware solutions where random keys are
rapidly generated and changed by the equipment itself and recognized and
understood by those to whom data transmissions are directed (paragraphs
3.6.1-7 refer)
[para 1.2.18 not available]
1.2.19 The AFP should chair an inter-agency group tasked with the
preparation of an assessment of the impact which the loss of real-time
access to voice and data communications would have for law enforcement and
national security. The assessment should be submitted to the Secretary of
the Attorney-General's Department for presentation to the Secretaries
Committee on National Security. (paragraph 4.1.3 refers)
1.2.20 The future direction of encryption technology depends largely on
advances in the field of pure mathematics and computing power which
increases, on average, by the power of 10 every five years. We will likely
see dedicated microchips able to work faster and process more complex
algorithms. at reasonable speed. Secure faxes will become more common.
Remote banking facilities will become available. Local area computer
networks (LANs) will use encryption for communication between workstation
and file server or mail server. This encryption will be transparent to the
user. Each computer or user on the network will have its own public/private
key pair, used to generate random session keys. Further ahead, quantum
computing and, perhaps, quantum cryptography are mentioned, as are molecular
memories, but none is predicted to cause major change to the projected trend
line of development. (paragraphs 3.1.1-4 refer)
1.2.21 The availability of an encryption function on major software
applications or as a service to telecommunications users would likely be
taken up quickly by the community, but particularly the more significant
targets of law enforcement and national security agencies. Microsoft, for
example, recently indicated it would soon offer such an application.
(paragraph 3.4.6 refers)
[para 1.2.21 and 1.2.22 not available]
Term of Reference 3(c) whether Australia's present laws are adequate to
ensure Australia's security and law enforcement
interests in an environment of rapidly emerging
new technologies;
Findings:
1.2.23 The Telecommunications (Interception) Act 1979 is considered
adequate by national security and law enforcement agencies, though a range
of issues such as the continuing capacity to trace calls; the test of
reasonableness (as applied) under which law enforcement and national
security agencies may seek such action; access to call record information
and caller identification from carriers and service providers; the legal
status and, therefore, obligations of service providers after 1 July 1997;
the impact of satellites (eg systems are being launched by Asian countries
which will cover significant parts of Australia); and some jurisdictional
matters in relation to the Internet loom as issues which the Law Enforcement
Advisory Committee (LEAC) and the Attorney-General's Department will need to
pursue. (paragraphs 3.4.1-2; 3.6.7; 4.8.4; 6.2.4 refer)
1.2.24 The Telecommunications Act 1991 would become inadequate if the
license condition on carriers first to obtain approval from the Minister for
Communications and the Arts, who is required to consult with the
Attorney-General, before marketing any telecommunications service not
susceptible to interception should be varied. 6 (Paragraph 6.2.18 refers)
1.2.25 The Telecommunications Act 1991 should establish a requirement
for all communications service providers to be registered, which would
facilitate the service of warrants and access to customer data bases by law
enforcement and national security agencies. The purpose is not to restrict
entry to the sector but to meet these requirements and ensure service
providers may be kept informed of changes affecting their functions.
(paragraphs 6.2.4-5; 6.2.18; 6.2.21 refer)
1.2.26 The ability to trace calls will continue to be of major
importance to the AFP, NCA and ASIO (and the State police services), even in
situations where interception or access to communication content is denied.
The application of the 'reasonableness' principle by communications carriers
or service providers will need to extend beyond life-threatening situations.
The containment of consequential costs might best be managed by limiting,
more than currently, those agencies authorised to make such requests.
(paragraphs 3.6.7; 6.2.4 refer)
1.2.27 Invocation of the principle of non self-incrimination is likely
to prove an obstacle to efforts by law enforcement agencies to obtain
encryption keys by search warrants or orders made by courts and tribunals.
(paragraphs 3.2.4; 3.5.1-4; 3.7.10-11 refer)
[para 1.2.28 not available]
1.2.29 Consideration should be given to establishing a further and more
serious category of offence where encryption is used to obstruct
investigation by law enforcement or national security agencies into the
preparation for or commission of a criminal offence and to give the
Commissioner of the AFP authority, analogous to the ss. 28/29 powers
provision available to the Chairman of the NCA, to require production of
information or material which would render seized encrypted data
intelligible. (paragraphs 3.7.10; 3.7.11; 6.2.22 refer)
1.2.30 The narrow definition of a listening device in the Australian
Federal Police Act 1979 should be amended to reflect the purpose of such
devices, namely to transmit data. The current wording restricts transmission
to voice only. (paragraphs 4.3.5; 6.2.1; 6.2.20; 6.4.4 refer)
1.2.31 The criteria of Class 2 offences as set out in section 12(B) of
the AFP Act should be widened so that listening devices might be deployed in
the investigation of computer and information crime. The use of computers as
communications devices is much more common than when the Act was drafted and
that trend is only likely to become more prevalent. (paragraphs 6.2.2;
6.2.20 refer)
1.2.32 Authority needs to be created in the AFP Act, subject to the
normal warranting processes for the exercise of intrusive powers, for the
agency to install tracing or tracking devices which transmit data, to enter
premises or perform this remotely, to do so without seeking or obtaining the
permission of the owner or user of the equipment or premises, to transit
other premises necessary to reach the nominated premise and to re-enter such
premises as are necessary to maintain, replace or remove devices. Removal of
devices, under the same warrant conditions, would be permitted after the
expiration of the warrant, if secure circumstances do not obtain in the term
of the warrant. Call-tracing should not be a facility confined in its
application to life- threatening situations but available for the
investigation of serious crime or security, intelligence subjects.
(paragraphs 6.2.6; 6.2.9; 6.2.20 refer)
[para 1.2.33 not available]
1.2.34 All amendments and suggestions made in relation to the AFP Act
should be mirrored by amendment to the ASIO Act, both for its security
intelligence and its foreign intelligence investigation obligations.
1.2.35 There will need to be integration between federal, state and
territory law enforcement agencies as Commonwealth investigations frequently
cover several jurisdictions, the State and Territory police forces operate
in the same areas of criminal investigation and the latter police forces
employ the same core technology and encounter the same problems. These
issues might usefully be explored at a meeting of the Standing Committee of
Attorneys-General and the Australian Police Ministers Conference. (paragraph
6.2.28 refers)
1.2.36 Statutory protection needs to be afforded those sensitive
operational and technical methods employed by law enforcement agencies in
the course of their investigations. The process of establishing a public
interest immunity claim may implicitly reveal sufficient of a conceptual and
operational approach as to destroy the integrity of such a method. Where
high personal risk and damage to the investigative capability of the agency
may result, should protection of the operational methods employed in a
particular investigation not be absolute, agency heads should be empowered
to issue a certificate, pursuant to the proposed provision, identifying the
operationally sensitive information protected from disclosure, discovery by
legal process or access under the FOI Act. (paragraphs 6.2.12-17; 6.2.20
refer)
1.2.37 Consideration be given to incorporating all intrusive
investigative powers, or at least those of the agencies in the
Attorney-General's portfolio such as the AFP, ASIO, AUSTRAC and the NCA,
into one statute with an aim and title like 'the Aid to Public Safety Act'.
The various powers should be expressed in terms of their purpose, not the
means by which those purposes may be achieved. The benefit would rest in
common approaches across Commonwealth agencies, a clearer over-arching
purpose, a positive encouragement to inter-agency cooperation and the
greater speed and political ease with which necessary amendments may be
effected to ensure the statute remains relevant to developing technology and
practice. (paragraphs 6.4.1-8 refer)
1.2.38 Instead of the current four or more types of warrant for
intrusive investigative activities by law enforcement and national security
agencies, to which further types are proposed at 1.2.28, 1.2.32 and 1.2.33,
all warrant types should be reduced to one of two: the interception of
communications or entry into property. (paragraph 6.4.8 refers)
Term of Reference 3(d) measures to safeguard individual privacy including
an examination of the warranting provisions that
may be required to enable law enforcement and
national security authorities to gain access to
encrypted material, whether in the form of stored
data or a message transmitted over a
telecommunications network;
Findings:
1.2.39 The ready availability of strong encryption, with no requirement
to escrow or register keys, nor to entrust them to any independent entity,
is the most effective safeguard of individual privacy. (paragraphs 3.4.8;
4.5.7; 4.5.10; 4.6.3; 4.8.4 refer)
1.2.40 The current regime of stringent warranting provisions for the
exercise of intrusive investigative powers should continue and apply to any
change to the range of those powers. (paragraphs 2.2.6; 5.1.7; 5.1.9 refer)
1.2.41 To ensure the privacy rights and civil liberties of those
subjects of investigation by law enforcement and national security agencies
are preserved, where a court or tribunal is prevented from examining any
circumstances surrounding covert investigations because a statutory
protection against involuntary disclosure has been invoked by an agency,
such cases or a sample of these cases should be examined by a senior,
independent official experienced in the conduct and handling protocols of
sensitive matters. As the Inspector- General of Intelligence and Security
has the function to inquire into matters referred to the Inspector-General
by the Human Rights and Equal Opportunity Commission in respect of the
intelligence community, the sole aspect to be reviewed here, this function
would be caught within existing responsibilities. In the case of
Commonwealth law enforcement agencies, the function might be given to the
proposed National Integrity and Investigations Commission. (paragraphs
6.2.24-27 refer)
Term of Reference 3(e) an assessment and evidence of the benefits of
access by law enforcement and national security
agencies to encrypted data;
Findings-
1.2.42
Law enforcement agencies and ASIO made a cogent case for access to data
concerning subjects of investigation, whether voice or data communication,
computer communication or stored data, whether concealed by speed,
compression or encryption. The assessed benefits are the capacity to conduct
investigations and the performance of their statutory functions. (paragraphs
4.1.1-2; 4.2.1-2; 4.3.1 refer)
[para 1.2.43 not available]
1.2.44 Real-time access by law enforcement and national security
agencies to the voice and data communications of their subjects of
investigation is essential to core capability. The loss of that access would
seriously impair capability, increase the risk factor in their operations
and entail a range of staffing, budgetary, legislative and political
consequences. (paragraphs 4.3.1-6 refer)
1.2.45 The lack of reliable national statistics on attacks on computer
and communications systems will hamper policy development in areas such as
electronic commerce and cryptography. The proposed IDC on Cryptography
should consider the matter in the light of the review of AUSCERT
commissioned by DOCA and its impact. (paragraphs 3.3.4-5)
Term of Reference 3(f) an assessment of the most appropriate means
offending the development, implementation and
maintenance of a decrypting capability for
existing and emerging technologies;
Findings:
1.2.46 No cogent reason was presented to the Review which suggested an
independent cryptanalytical capability should be established for law
enforcement and national security interests. (paragraphs 4.4.1-5 refer)
1.2.47 While general support for an independent decryption capability
was evident among law enforcement agencies, the limited opportunities and
expectations with which decryption would be approached would not justify the
significant establishment and recurrent budgetary allocation required.
(paragraphs 4.4.6-7 refer)
1.2.48 A 'closed' forum at a senior technical and operational level
involving law enforcement, national security and the Defence Signals
Directorate should be established to discuss and share attack methodologies
against encryption, the covert acquisition of keys, agree possible research
projects and review cooperation arrangements. Such a forum would provide a
means for keeping the Secretaries Committee on National Security informed of
any significant change to the investigative capability of law enforcement or
national security agencies as a result of encryption. 8 Because of the
protocols surrounding this field, it would be sensible for such a forum to
be covered by memoranda of understanding agreed by the heads of the various
agencies. (paragraphs 4.4.7- 12; 6.3.2 refer)
1.2.49 The cost of enhancing in-house facilities to produce a modest
decryption capability should not necessitate New Policy Proposals, but the
Commissioner of the AFP, the Chairman of the NCA and the Director-General of
ASIO should ensure investment in staff training, development and secondments
and minor capital expenditure on decryption facilities are planned and
implemented in a coordinated fashion. The proposed inter-agency forum may
provide the vehicle to coordinate that investment and development.
(paragraphs 4.4.7; 6.3.1-3; 6.3.5 refer)
Term of Reference 3(g) whether Australia should seek to negotiate
agreements with any other country or countries
governing access to encrypted data where public
keys (under a 'Commercial key Escrow' or 'Trusted
Third Party' system of encryption) are held
outside Australia;
Findings:
1.2.50 It would be premature to enter formal negotiations with other
countries on access to encrypted data, where public keys are held in those
countries, until there is some certainty as to likely key management
infrastructures. Reciprocity is a standard feature of such access
agreements. Caution against entering formal negotiations is not intended to
preclude substantive discussions on the issues. Indeed, the US has intimated
that a condition of easing export controls may be the existence of a form of
certified key management. (paragraphs 4.6.1-2 refer)
1.2.51 Such agreements should reflect the arrangements which national
security and law enforcement agencies have in place to handle the exchange
of sensitive tracing and operational matters. Those arrangements, properly,
have regard for the legal, political and human rights record of the
requesting country and the likely use which may be made of the information
sought. (paragraph 4.6.4 refer)
Term of Reference 3(h) whether legislation is desirable to:
(i) regulate the availability of 'Commercial Key
Escrow' or 'Trusted Third Party' encryption; or
(ii) facilitate the development of 'Commercial Key
Escrow' or 'Trusted Third Party' systems of
encryption;
[para 1.2.52 not available]
1.2.53 There is a high risk of corruption in the third party service
provider sector and the Government would be prudent to require integrity
screening and registration of those who seek to offer such services to the
public. The testing process employed by casino authorities should prove a
useful model. (paragraphs 4.7.6-7 refer)
1.2.54 Some licensing or registration arrangement, together with a
requirement to meet minimum performance standards (as proposed by Standards
Australia) is indicated for Certifying Authorities providing authentication
services. This may depend on the outcome of the Wallis Inquiry into the
effects of deregulation of the finance system 9 or government may wish to
consider it cognately with the recommendations from the working groups of
officials examining a range of electronic commerce issues. The separation of
the authentication from the confidentiality key is a matter where clear and
early statement of government's position would assist. (paragraph 4.5.15
refers)
Term of Reference 3(i) the impact of overseas initiatives associated with
encryption technology, particularly in relation to
the extent to which international cooperation and
proactive specification of desirable
characteristics for encryption products and
'Commercial Key Escrow' or 'Trusted Third Party'
services is desirable and recommendations as to
how such international cooperation might best be
achieved,.
Findings:
1.2.55 Considerable variation exists in the approach of foreign
governments to cryptography policy issues, ranging from banning, to
registration, to the promotion of voluntary systems of key management which
may meet some of the needs of law enforcement and security, to the
deliberate decision not to take decisions on these matters while the
technology continues to develop at a rapid rate and offers new approaches
for dealing with the issue. (paragraphs 4.5.1-13 refer)
1.2.56 There seems to be little popular support in or outside the
United States for a 'Commercial Key Escrow' system involving government
agencies creating as it would significant vulnerability outside of the
control of the person or corporation. 10
[para 1.2.57 not available]
1.2.58 The issue of international cooperation would best be addressed
frommid-1997 when there has been more developmental work, the position of a
number of countries will be clearer, legislative proposals will have been
introduced by some and the work. of the OECD Ad Hoc Group of Experts will
have concluded. (paragraphs 4.6.1-4 refer)
Term of Reference 3(j) the effectiveness of Australia's export controls
on encryption technology.
Findings:
1.2.59 Any judgement as to effectiveness depends on the aspect from
which the issue is approached. As the Review was enjoined to consider
Australia's national security and defence interests as key factors, it may
be argued Australia's export controls were effective, though American export
controls may have had greater influence on the limited proliferation of
'strong' forms of encryption in the region. (paragraphs 5.2.1-4 refer)
[para 1.2.60 not available]
1.2.61 From a commercial perspective, the purpose and impact of those
export controls was questioned. There was criticism that Australian
cryptographic products did not always meet customer requirements and
suffered in comparison with American products on the counts of convenience,
comparability and cost. (paragraph 5.2.6 refers)
1.2.62 The abolition, or even an amelioration, of United States export
controls will likely prompt a rapid extension of key lengths as an argued
talisman of data security. (paragraph 5.2.11 refers)
Term of Reference 4. The Review is to have regard to the Government's
existing encryption policies, the work of the OECD
Committee of Experts on Security, Privacy and
Intellectual Property Protection in the Global
Information Infrastructure on the development of
international cryptography guidelines and the work
of the Information Policy Task Force on the
implementation of open encryption standards which
address commercial needs.
Findings:
1.2.63 The Review examined and took account of the Government's
approach outlined in Australia Online 12 and by officials of the Department
of Communications and the Arts. It examined the 1980 OECD Guidelines on
Trans-Border Flows of Personal Data 13 and the 1992 OECD Guidelines on
Information Systems Security and informed itself of their antecedents. It
had the benefit of many discussions and meetings with representatives of all
interested agencies on the draft guidelines on cryptography currently being
developed and was invited to participate in inter-departmental discussions
chaired by the Attorney-General's Department. The Information Policy Task
Force had not been established in the period of this Review but a retitled
Information Policy Advisory Council was due shortly to meet. 14
Footnotes:
1 Technologies include DNA analysis, fibre analysis, improved electronic
surveillance methods across public agencies such as Immigration, Social
Security, Taxation, Customs. financial institutions. communications camera,
transport companies and regulators, etc.
2 Samuel D Warren & Louis D Brandeis, The Right To Privacy, 4 Harv. L Rev.
193, 195 (1890)
3 Prof Greg Tucker notes the possibility that an unregulated GII environment
could lead to a loss of control by individuals over their personal data,
running the risk of creating a surveillance society. From his paper titled
'Security, Privacy and Intellectual Property Rights in the Information
Infrastructure' presented to the OECD, May 1996, p 143.
4 Not only is the relationship between the individual and the state likely
to he affected by cryptography and its consequences but Michael Nelson
argues we will see less powerful governments in relation to trans-national
criminal organisations because traditional notions of sovereignty, national
security and warfare will be undermined by 2020 when the whole world will be
'wired' and e-cash is the norm. Michael Nelson, Special Assistant,
Information Security, Executive Office of the President, quoted in BNA Daily
Report for Executives, 6 September 1996, Washington, DC. A view offered also
in a Technology Issue Note published by the National Security Agency titled
'NSA and the Cyberpunk Future', 3 June 1966, pp 4-5.
5 This group is Co-chaired by a Deputy Secretary of the Attorney-General's
Department and is scheduled to complete its work by February 1997.
6 The US Administration is proposing legislation requiring each
telecommunications carrier to increase its capacity to meet assistance
capability requirements (the capacity simultaneously to undertake call
tracing and communications interceptions) equal to 0.5% - 1% of the
engineered capacity of the equipment, facilities or services that provide a
customer or subscriber with the ability to originate, terminate or direct
communications. The Congress has enacted the Communications Assistance for
Law Enforcement Act (CALEA) and authorised funding support of $500 ml. Under
the Omnibus Consolidated Appropriations Bill signed by President Clinton on
September 30, 1996, the permanent Telecommunications Compliance Fund may
receive money from any US Government agency with law enforcement or
intelligence responsibilities. Carriers have raised significantly the
charges levied on law enforcement agencies for special assistance.
7 Inspector-General of Intelligence and Security Act 1986. s.8 (1)(a)(v).
8 Both the Commissioner of the AFP and the Director-General of ASIO may be
invited to attend meetings of the Committee and the Secretaries of the
Defence and the Attorney-General's Department, which embrace the portfolio
interests, are members.
9 The Financial Systems Inquiry, commissioned by the Treasurer under the
chairmanship of Mr Stan Wallis, is due to report to the Australian
Government by May 1997.
10 The US Administration issued two statements on July 12, 1996, one
entitled Administration Statement on Commercial Encryption Policy (shown at
Annex C); the other, US Cryptography Policy: Why We Are Taking the Current
Approach.
12 Policy statement on media issues published by the Coalition parties prior
to the 1996 federal election. The section immediately relevant to this
Review (personal Privacy and Commercial Security) is shown at Annex B.
13 Attached at Annex F of this report.
14 The Information Policy Task Force was a specific proposal in Australia
Online. p 10 et seq and is specified as a relevant parameter for this
Review. See Terms of Reference, attached as Annex A to this report, para 4.
Chapter 2
----------------------------------------------------------------------------