|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. | |||
The Walsh Report
CHAPTER 2
CONTEXT AND APPROACH OF THE REVIEW
2.1 The Context - Barrett's Obiter Dictum
2.1.1 This review occurred in concert with a range of similar reviews
initiated by different parts of government. Some overlap was indicated, and
the coordination arrangements remain something of a mystery. Topics as broad
as electronic commerce or on-line services understandably attract the
attention of a number of major policy departments and operational agencies,
while encryption is addressed simply as an element of their broader studies.
The focus of this review of encryption policy is to address law enforcement
and national security interests, while ensuring individual privacy needs are
safeguarded.
2.1.2 The review took as a reference point an observation made in the
Barrett report on Telephone Interception in 1994 that
If the international user requirements approach [a guideline developed
by a number of countries that carriers and suppliers taking into
account law enforcement's requirements in tire development of new
technology and new services] can be made to work, the next question is
whether the advent of more powerful and widespread encryption is likely
to defeat interception at some point in the future. 15
and the conclusion:
While Australian agencies all report that encryption has not been a
problem to date, it is likely to become one in the future. 16
2.1.3 The question which obviously presents itself is whether the 1994
conclusion still stands or how it should be revised.
2.1.4 Barrett recommended the Law Enforcement Advisory Committee (LEAC)
should keep the use of encryption under review and provide annual reports on
its effect. 17 That task was assigned to Sub-Committee E of LEAC. It has
submitted four reports to date 18. They note evidence of encryption being
used in stored data (primarily hard disk) but none as far as communications
are concerned. This view is qualified by the fact that the equipment used to
intercept digitised signals transmitted over high-speed modems is forced to
operate at the limit of capacity and some encrypted communications may not
be captured. The bottom line judgement has to be that Barrett's conclusion
stands intact but the time-frame is likely to be compressed. The problem is
no longer a future one - the operational and investigative problem will be
with law enforcement and the national security authority tomorrow.
2.2 The Approach
2.2.1 Working alone on such a review, it was clearly impractical to
invite written submissions or conduct public hearings. Related standing
reviews already existed and others were established in the brief life of
this Review. The primary issue was how law enforcement agencies and the
national security service might retain their current investigative
capability in a world where encryption may be generally used. The second
issue was to establish if what was hidden from investigative agencies behind
the veil of encryption would affect their effectiveness. Thirdly, if the
impact was deleterious, should Australia be looking at emulating the type of
response adopted by some foreign governments or do something else. And
fourthly, should a decrypting capability for law enforcement be established
and, if so, how might it be funded and maintained.
2.2.2 The structure of the Report reflects the major themes of the
Review. There were some other issues and by keeping a constant eye on the
Terms of Reference, these are addressed either separately or cognately.
2.2.3 The key constituencies for the review were easily identified:
privacy guardians and those academics or experts who had revealed a close
interest in this aspect of the debate; Commonwealth, State and Territory law
enforcement agencies and the national security service; policy departments
with an interest in the area; users; carriers and service providers; the
information technology industry itself; and the banking or finance sector.
Within quite severe resource limitations, the Review attempted to consult
with a representative sample of all these sectors and expresses its
appreciation for the time and thoughtful contributions which were made.
2.2.4 There were some areas of the Terms of Reference where it was not
possible to make a satisfactory response or the limitations imposed on a
single reviewer precluded the elicitation of the material on which a
response may have been based. In instances where I was aware this occurred,
I have identified areas which require further examination. Indeed, the
situation in a number of these is far from settled and continuing close
attention to developments in Australia and overseas is indicated. For the
same reason, there are many instances where findings have not prompted
recommendations but warrant close consideration.. I believe Australia has
suffered no damage from its disinclination to commit to a legislative or
regulatory regime in the cryptography field and has had time to learn from
or reflect on the early initiatives of other countries.
2.2.5 The Review addressed its terms of reference from a public policy
perspective. Some understanding of the core elements of cryptography is
necessary for informed discussion, but the Review did not seek to acquire,
far less claim, technical expertise. To those who found themselves
occasionally cast in the role of tutor and were then impelled to make
over-simplifications to achieve even nodding comprehension, grateful
appreciation is expressed.
2.2.6 As the Privacy Act does not apply to the private sector and the
privacy impact of the issues raised in the Terms of Reference exclusively
impact on the private sector, I thought it important to consult with both
formal privacy protection bodies on the one hand and academics and industry
experts on the other to gamer views in an area of uncertainty. I found much
commonality. There is broad acceptance of the checks and balances at the
Commonwealth level on intrusive investigations by law enforcement and the
security service. While some changes to the scope of warranting provisions
were seen as likely, these should be accepted by the community if the same
level of stringency in the securing, execution and oversight of warrants is
maintained.
2.3 Creative Tension or Competition?
2.3.1 Between the key constituencies mentioned above, some degree of
tension was to be expected. What also became apparent was the differing
philosophical position taken by various elements within each sector. This is
illustrated simply by the government sector, where four separate policy
departments represent the following discrete purposes:
i) privacy, intellectual property, international agreements, law
enforcement policy, national security policy, telecommunications
interception, protective security policy, law, evidence and
justice;
ii) the defence of the Commonwealth, support for the armed forces, the
collection and production of foreign signals intelligence,
communications security policy, computer security policy;
iii) science and technology policy, trade and investment facilitation,
government assistance to enterprise development and innovation
support, trade and export finance policy advice; and
iv) policy advice on multimedia, trade and industry development
aspects of telecommunications, regulatory aspects of
telecommunications, policy concerning broadband services.
Across such a spectrum of government interests, the fact of different
philosophical approaches is not surprising. What is of concern ,however, is
the lack of any coordination mechanism to bring together the disparate
policy interests and review bodies. The policy outline with which the
Government went to the 1996 federal election, Australia Online, elevates the
protection of personal privacy above other considerations and eschews
legislative action in the area of encryption. 19 The Review was advised
these elements reflect the Minister's current thinking. It is not clear,
though, how they and other elements infuse the policy development process
throughout government.
2.3.2 Proposals for coordination arrangements are advanced in Chapter 6.
The comments raised here are mentioned to understand the somewhat fragmented
context in which the Review occurred.
Footnotes:
15 Report of the Review of the Long Term Cost Effectiveness of
Telecommunications Interception conducted by Mr Pat Barrett, March 1994,
paragraph 5.3.19, p 98. Commonly referred to as the Barrett Report.
16 Ibid, p 99.
17 Ibid, Recommendation 5, p 16. The LEAC was established by the regulating
agency, the Australian Telecommunications Authority (AUSTEL).
18 Reports of December 1994, June 1995, December 1995 and June 1996.
19 Australia Online, op cit. See relevant section at Annex B of this report.
Chapter 3
----------------------------------------------------------------------------