The missing sections have now been incorporated in the online version andare highlighted in red.
The report, entitled Review of policy relating to encryption technologies, is the outcome of a study conducted in 1996 by Gerard Walsh, a former deputy director-general of the Australian Security Intelligence Organisation (ASIO). Publication of the report was eagerly awaited by members of the law enforcement community, other government departments, commerce, and the online community. It was expected that the report would examine thethe various issues in the crypotography debate and encourage further comment and consultation.
The report was listed for sale by the Australian Government Publishing Service in January 1997, but was hurriedly withdrawn fromthe list 3 weeks later, following an enquiry by Electronic Frontiers Australia (EFA)as to the reasons why it was not actually available for sale. The original intention had apparently been to allow for a 3-month consultation period for public comment. EFA then released a Media Statement calling for the release of the report.
In March 1997, EFA applied for release of the report under the Freedom ofInformation Act. This request was denied, quoting various sections of theAct relating to national security and law enforcement as justification for the denial.EFA then submitted a request for review of the decision, and this request was successful, resulting in the release of an edited photocopy of the report in June 1997.
This is an important report and covers a number of issues of relevance to theglobal cryptography debate.
A number of paragraphs were deleted from the copy supplied to EFA.These have been identified in the report, together with an annotationreferring to the section of the report under which that paragraph wasclaimed to be exempt from release.
However, in December 1998, the missing sections were obtained.The originally deleted paragraphs have been highlighted in red.
Reproduced below are the 3 sections of the Act under which partsof the report were deleted. The full text of the Freedom of Information Act 1982 is available online from the Australian Legal Information Institute (AUSTLII).
Freedom of Information Act 1982 - Sect 33
Documents affecting national security, defence or international relations
33. (1) A document is an exempt document if disclosure of the document underthis Act:
(3) Where a Minister is satisfied as mentioned in subsection (2) by reasononly of matter contained in a particular part or particular parts of adocument, a certificate under that subsection in respect of the document shallidentify that part or those parts of the document as containing the matter byreason of which the certificate is given.
(4) Where a Minister is satisfied that information as to the existence ornon-existence of a document as described in a request would, if contained in adocument of an agency, cause the last-mentioned document to be an exemptdocument under this section for a reason referred to in subsection (1), he orshe may sign a certificate to that effect (specifying that reason).
(5) The responsible Minister of an agency may, either generally or asotherwise provided by the instrument of delegation, by writing signed by him,delegate to the principal officer of the agency his or her powers under thissection in respect of documents of the agency.
(6) A power delegated under subsection (5), when exercised by the delegate,shall, for the purposes of this Act, be deemed to have been exercised by theresponsible Minister.
(7) A delegation under subsection (5) does not prevent the exercise of a powerby the responsible Minister.
.........
Freedom of Information Act 1982 - Sect 36
Internal working documents
36. (1) Subject to this section, a document is an exempt document if it is adocument the disclosure of which under this Act:
(a) would disclose matter in the nature of, or relating to, opinion, advice or recommendation obtained, prepared or recorded, or consultation or deliberation that has taken place, in the course of, or for the purposes of, the deliberative processes involved in the functions of an agency or Minister or of the Government of the Commonwealth; and (b) would be contrary to the public interest.(2) In the case of a document of the kind referred to in subsection 9 (1), thematter referred to in paragraph (1) (a) of this section does not includematter that is used or to be used for the purpose of the making of decisionsor recommendations referred to in subsection 9 (1).
(3) Where a Minister is satisfied, in relation to a document to whichparagraph (1) (a) applies, that the disclosure of the document would becontrary to the public interest, he or she may sign a certificate to thateffect (specifying the ground of public interest in relation to which thecertificate is given) and, subject to the operation of Part VI, such acertificate, so long as it remains in force, establishes conclusively that thedisclosure of that document would be contrary to the public interest.
(4) Where a Minister is satisfied as mentioned in subsection (3) by reasononly of matter contained in a particular part or particular parts of adocument, a certificate under that subsection in respect of the document shallidentify that part or those parts of the document as containing the matter byreason of which the certificate is given.
(5) This section does not apply to a document by reason only of purely factualmaterial contained in the document.
(6) This section does not apply to:
(7) Where a decision is made under Part III that an applicant is not entitledto access to a document by reason of the application of this section, thenotice under section 26 shall state the ground of public interest on which thedecision is based.
(8) The responsible Minister of an agency may, either generally or asotherwise provided by the instrument of delegation, by writing signed by him,delegate to the principal officer of the agency his or her powers under thissection in respect of documents of the agency.
(9) A power delegated under subsection (8), when exercised by the delegate,shall, for the purposes of this Act, be deemed to have been exercised by theresponsible Minister.
(10) A delegation under subsection (8) does not prevent the exercise of apower by the responsible Minister.
..........
Freedom of Information Act 1982 - Sect 37
Documents affecting enforcement of law and protection of public safety
37. (1) A document is an exempt document if its disclosure under this Actwould, or could reasonably be expected to:
(3) In this section, "law" means law of the Commonwealth or of a State orTerritory.
Table of Contents
Terms and Abbreviations Chapter 1. Conclusions and Findings 1.2 Findings 1.1 Conclusions
Chapter 2. Context and Approach of the Review
2.2. The Approach
2.3. Creative Tension or Competition
3.2. On law enforcement and national security
3.3. The statistical vacuum
3.4. Policy uncertainty
3.5. Today's problems for the investigators
3.6. The imminent challenge
3.7. Towards response strategies
4.2. National security
4.3. The cost of alternatives
4.4. Decryption capability for law enforcement and national security?
4.5. Public key infrastructures
4.6. International agreements
4.7. Third party systems
4.8. The Internet
5.2. Export controls
6.2. Maintaining investigative capability
6.3. Coordination of operational capacity
6.4. A new legislative approach
Annexe B. Australia Online [extract]
Annexe C. US Administration statement on commercial
encryption, 12 July 1996
Annexe D. UK Government paper of regulatory intent
concerning use of encryption on public
networks, 11 June 1996
Annexe E. OECD guidelines governing the protection of
privacy and transborder flows of personal data
Annexe F. US Administration statement on encryption issued
by the Vice-President, 1 October 1996.
1. This report is in response to an invitation from the Secretaryof the Attorney-General's Department to review the policy relating toencryption technologies and offer a view whether legislative or other actionsare indicated to cater for national security and law enforcement interestsin the face of the information and communications revolution and the continuingneed to safeguard privacy. Terms of reference of the Review are attached atAnnex A.
2. The structure of the report is set out in Chapter 2. Limitedresources precluded the Review inviting written submissions or conductingpublic hearings. Instead, the strategy adopted was to consult directlywith as representative a sample of interested parties as time and resourceswould permit. All were uniformly generous with their time. For that, and the assistance given by the Security Division of the Department, I express my appreciation.
3. There is an immediate need for broad public discussion ofcryptography. The report's conclusion identifies the essential conundrum - strongcryptography, imminently available to the mass market, will offer significantenhancement of data security and personal and corporate privacy, but alsoprovide a powerful shield behind which criminals and others may operate.Should government intervene and mandate conditions of use, intervene onlywhen disadvantage to the state is evident, provide the framework of principleswhile legislative power addressing other but related powers of the state arekept relevant, or do nothing? How the inherent tensions in this issue areresolved will affect the whole community. Hence, the need for broad discussion and contribution. This report is intended to contribute to thatprocess.
4. The Australian Government is seeking public comment on the contents of this report. Comments should be directed to:
Facsimile: (06) 270 2254
Email: security.division@ag.ausgovag.telememo.au
Gerard Walsh
10 October 1996
| AFP | Australian Federal Police |
| algorithm | a mathematical operation or formulation performed to calculate new values (of text) from old. Encryption is done via an algorithm.. To disguise the information and make it unintelligible, a key is fed into the algorithm, along with the text to be converted into cyphertext. The same key or its pair, fed into the decryption algorithm returns the cyphertext into the original text. |
| ASC | Australian Securities Commission |
| ASIO | Australian Security Intelligence Organization |
| asymmetric key | also referred to as public key or two key encryption. A method of encryption in which different keys are used to encrypt and decrypt. The keys are mathematically related but it is not possible to infer one from theother. One key may be made public and the other kept private, allowing Smith to encrypt and send a message to Jones using Jones' public key and Jones to decrypt it using her private key. With RSA (see below) either key can be used to encrypt as long as the other is used to decrypt,but anyone with access to Jones' cyphertext can decrypt her messages because her public key is known. |
| AUSCERT | the Australian Computer Emergency Response Team (AUSCERT), an independent Internet security body. |
| AUSTEL | the Australian Telecommunications Authority |
| AUSTRAC | Australian Transaction Reports and Analysis Centre |
| authentication | (1) in computer security, the act of identifying orverifying the eligibility of a station, originator or individual to access specific categories of information; (2) in data security, a measure designed to provide protectionagainst fraudulent transmissions by establishing the validity ofa transmission, message, station or originator; (3) in data security, processes that ensure everything about a teleprocessing transaction is genuine and that themessage has not been altered or corrupted in transmission; (4) in computer security, the process that verifies the identityof an individual as established by an identificationprocess; (5) in data security and data communications, boththe prevention of undetected alteration to data and peerentity (mutual verification of each other'sidentities by communicating parties) authentication. |
| bit | binary digit - here either of the mathematical characters zero or one |
| certificate | a set of information which, at least, identifies the certification authority issuing the information; unambiguously names or identifies the owner;contains the owner's public key; and is digitally signed bythe certification authority issuing the certificate. |
| certifying authority | an entity that verifies the identity of anotherentity, allocates a unique name to that entity andverifies the correctness of information concerning that entity by signing a public key certificate forthat entity. |
| cryptography | the art or science that treats of the principles, means and methods for rendering plaintext unintelligible andfor converting encrypted messages into intelligibleform. |
| clipper chip | a hardware encryption device first sponsored by the United States government in April 1993 and intended to bethe sole encryption system used on the Internet.Legislation was prepared to back the proposal. It would havehad an enforced system of escrow built into it, permittinglaw enforcement agencies armed with a warrant to decrypt any clipper-encrypted messages. Each chip was registered and pre-programmed with some numbers issued by the two escrow agencies (both government agencies). Knowledge of these two numbers,available on production of a warrant, would allow the calculationof the session key used and the identity of the sender,but not the recipient. The proposal was abandoned in 1995. |
| confidentiality | in computer security, a concept that applies to data that must be held in confidence and that describes thestatus and degree of protection that must be provided forsuch data about individuals as well as organisations. |
| cyberspace | the ether or medium through which messages are transmitted - at least the Internet and the networks connected to it. |
| cyphertext | the text after encryption. It is sent by the user over an insecure communication channel on the assumption that the equivalent plain text will be unable to be inferredby cryptanalysis and so is safe from a passive and an active attack. |
| data compression | in codes, reduction of the size of the data by techniques which exploit redundancies in the data; in memory systems, a technique that saves storage space by eliminating gaps, empty fields and redundancies toshorten the length of records or blocks. |
| decryption | the conversion of cyphertext into its plaintext equivalentby use of the appropriate key. |
| DES | the Data Encryption Standard (DES) specifies an algorithm to be implemented in electronic hardware devices and used for the cryptographic protection of computer data. It became mandatory for US Federal agencies in June 1977. The algorithm is public but the design principles remain classified. DES uses a 56-bitkey and encodes text in 64-bit blocks. |
| digital signature | a digital signature is a technique or procedure for the sender of a message to attach additional data to that message which forms a unique and unforgeable identifier of the sender and the message. |
| DSD | Defence Signals Directorate |
| DSTO | Defence Science and Technology Organisation |
| encryption | the transformation of data to an unintelligible form in such a way that the original data either cannot beobtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption). |
| FBI | Federal Bureau of Investigation (USA) |
| GII | Global Information Infrastructure - a worldwide 'network of networks' creating a global information marketplace, encouraging broad-based social discourse within and among all countries. By interconnecting local, national, regional and global networks, the GII can expand the scope of benefits of advances in information and telecommunications technologies on a global scale.See also, the Internet and note that the GII is probablya short-hand reference to what the OECD called in 1980as transborder flows of information. |
| hacking | the act of gaining unauthorised access to a computer network by defeating the system's access controls.The act is often compounded by one or more offencesrelating to breaches of confidentiality, privacy, nationalsecurity, altering or erasing data, intellectual property and commercial interests. |
| Internet | a worldwide interconnection of individual networks operated by government, industry, academia andprivate parties. [The Internet originally served to connect laboratories engaged in government research, and has now been expanded to serve millions of users and a multitude of purposes.] |
| Jones | see Smith |
| key | a key is a number, whose size is expressed as a number of bits in binary arithmetic (eg 56-bit) |
| key distribution | public keys can be distributed freely through listing on a bulletin board or via a directory. Public keyencryption depends on confidence the public keys are correct.Users need to be assured they have valid keys for otherpeople and keys need to be provided/copied by dependablemeans. |
| key escrow | a concept, principally advanced by the US Government, under which keys for cryptographic systems would be registered with government appointed agencies and be accessible by law enforcement agencies on productionof a warrant. |
| key length | the size of a key and measure of its strength. Insimplistic terms a 40/384-bit secret/public key system may be classified as weak, a 56/512-bit system asborderline: and an 80/1024-bit system as strong. |
| LAN | Local Area Network |
| LEAC | Law Enforcement Advisory Committee established by the regulating agency, A USTEL. |
| NCA | National Crime Authority. |
| OECD | Organisation for Economic Cooperation and Development |
| phreaking | the unauthorised use of telecommunications services or equipment at the expense of another. This act not only defrauds carriers and service providers of rightfulservice charges but may also damage the integrity of theswitching and billing systems. |
| PKAF | a Public Key Authentication Framework would allow for the establishment of a trusted public key system, allowing any entity to determine the trust and validityof a public key certificate claimed to be associated with another entity. The proposal was prepared by the PKAF Task Group, formed by Standards Australia from representatives of industry and government. |
| plain text | data or a message in ordinary language or format, which can be understood by a person or a computer. |
| public key encryption | see assymetric system |
| private key encryption | see symmetric system. Not to be confused with the private key of a public key pair which isused for confidentiality purposes. |
| RSA | an algorithm for creating public key private key pairs and algorithms for the subsequent encryption and decryption of text. Designed by Rivest-Shamir-Adleman, after whom it is named. This system is commonly used for publickey encryption and the only public key system which creates key pairs which can be used for either role. |
| Smith | a fictional identity, like Jones, thought preferable by the author to colourless cyphers like A, B, C and a variant from the A lice and Bob who habituate frequent such texts. In a further attempt at verisimilitude, Smith isof the male gender, while Jones is a female. |
| steganography | in data security, the concealment of the existence of messages, literally covered writing. This can take the form of filling in inter-message gaps with padding characters, thus although the existence of the communication link is not concealed an attacker isdenied information on when messages are being transmitted. |
| symmetric key | a method of encryption in which the same key is used to encrypt as to decrypt. Also referred to as secret key or single key encryption. This sort of encryption is used in telephone scramblers. The key length can be varied for different levels of protection. It is a much faster process than using asymmetric keys. |
| trusted third party | an entity providing user services ranging from the provision of authentication services such as the verification of a client's public key, time stamping of documents, digital signatures and key retrieval services. |
CONCLUSIONS AND FINDINGS
1.1 Conclusions
1.1.1 The relationship of the individual to society is determined by anelaborate series of structured and informal arrangements. That our societyshould be an open, pluralist, democratic, ethnically diverse one, eschewingdiscrimination on the grounds of age, gender, religion, race, physical orintellectual handicap or any other discriminator which denies dignity isuniversally agreed.
1.1.2 Individuals living in community cede certain rights and privilegesto ensure order, equity and good government, even if sometimes reluctantly. Tothis end, a lawful right to conduct intrusive investigations has been given tolaw enforcement and national security agencies and to ensure the exercise ofthose intrusive powers is properly controlled, various forms of oversight and apackage of administrative law measures have been instituted.These have produced a significant increase in public accountability, but ourtime is characterised by a mistrust of all powerful institutions which seek tolimit the freedoms of ordinary citizens.
1.1.3 The general availability to the individual of data security, whetherfor storage or communications, will alter the relationship between the citizenand the state. It will mark a rare opportunity, in the second half of thiscentury, when advantage moves in the citizen's favour. In recent years thebalance has shifted markedly to the advantage of the state and to lawenforcement and national security, as technology and computing power haveprovided powerful investigative tools to trace or profile individual subjects.1As long ago as 1890 the Harvard Law Review decried the threat to privacy which'recent inventions and business methods' posed - the invention was black andwhite photography and the methods invasive investigations by brash newspapers!2The Review accepts the considerable and necessary benefit which cryptographywill bring to the citizen, not only for confidentiality but also forauthenticity, integrity and non-repudiation. It is, however, onlyconfidentiality services with which this Review is concerned.
1.1.4 The point is strenuously made by law enforcement and nationalsecurity representatives that loss of access to real-time communications and todata stored electronically would have a significant and deleterious effect oninvestigative capability. That effect would be the loss of tacticalintelligence by which their investigations are directed, the denial of evidencewhich may secure the prosecution of serious criminals, significant on-costs andincreased risk.
1.1.5 This Review was commissioned by the Commonwealth and is directed toCommonwealth requirements. The terms law enforcement and national securityhave, therefore, a clearly intended Commonwealth application when specificmatters are addressed. Law enforcement is primarily taken bythe Review to embrace the Australian Federal Police (AFP) and the NationalCrime Authority (NCA). In a secondary sense, it includes the AustralianCustoms Service (ACS), the Australian Transaction Reports and AnalysisCentre (AUSTRAC) and the Commonwealth Law Enforcement Board (CLEB).National security is taken to refer specifically to the Australian SecurityIntelligence Organization (ASIO). But these matters, law enforcement inparticular, cannot be isolated in a federal sense. The Review consulted withthe police services of New South Wales and Victoria as major representatives ofState and Territory police services. The conclusions at which the Reviewarrived have equal application for the States and Territories and the nature ofthe challenge of encryption dictates that responses and solutions be nationallybased. There will be a need for complementary, coherent and consistent actionby the Commonwealth, the States and Territories in this matter.
1.1.6 The public availability of encryption has drawn differing responsesfrom governments. This review has confined its study to cryptography, ofwhich encryption is the process by which data is transformed into anunintelligible form, so the original data cannot be obtained or cannot beobtained without using the inverse decryption process. It has not concerned itself with other forms of data manipulation, such as steganography or datacompression, which may cause difficulty in understanding the meaning of thedata. Some countries, such as France, Israel, Belgium and China, have limitedthe importation of encryption systems and products and effectively mandatedthe escrowing of keys. Burma, in late September 1996, banned connections tothe Internet. In days of cyberspace access, any attempt hermetically to sealborders seems an exercise in futility. Other countries, such as the UnitedStates and the United Kingdom, while proposing voluntary national arrangementswhich place conditions on the use of encryption, have not excluded the prospectof mandatory arrangements.
1.1.7 Recognising the importance of the information and communicationsrevolution to Australia's development and to the needs of electronic commerce,successive Governments have favoured a process of self-regulation to deal withencryption policy, believing competition and consumer demand will ensure theinterests of all sectors are addressed.
1.1.8 While the needs of electronic commerce, intellectual property and theprotection of safety-critical industrial 'processes may be attended by self-regulation, the requirements of law enforcement, security and privacy standsomewhat apart. It is a paradox that the purposes for which cryptographicmethods may be used can be mutually conflicting - providing the securityneeded to move vast streams of commercial, financial and medical data acrossopen networks and providing impregnable communications security forterrorists and organised crime to wreak their havoc on society. The challengefor all governments is to secure a balanced policy outcome.
1.1.9 Law enforcement and national security need to be able to collect thetactical intelligence and evidence critical to the effective prosecution andcoordination of their inquiries. There was an understandable concernmentioned by some that government may be seeking to enhance the powers oflaw enforcement and security under the guise of a paradigm shift in technology.That is not so. The objective of the review was to ensure investigativecapability was maintained, while privacy and civil liberties were preserved.The Review was satisfied the availability of real-time decryptedcommunications is central to the investigative capability of law enforcementagencies and the national security service.
1.1.10 It was not clear, at the time the Review concluded, what public formof key management infrastructure would be required in Australia. There was aperiod, not so much earlier, when it was automatically accepted thatindependent entities would generate and archive keys. Developmentsin technology see individuals capable of generating their own keys reliably, but itremains likely that many will rely on a commercial independent entity to assistin data retrieval. The notion of 'trust' will be central to any system ofelectronic commerce or third parties. It is difficult to imagine allindividuals will be able or inclined to establish themselves the networks of trust necessaryto engage in business with confidence. In view of the premium to be placed ontrust and the high potential for corruption in the third party service providerarea, a system of integrity screening and registration for providers isindicated.The process adopted by casino authorities should prove a useful model.
1.1.11 The need for certification facilities (affording a level ofauthenticationor confidence in a person's private key) is clear and the sort of structural andprocedural model provided in the Public Key Authentication Framework(PKAF) seems widely to be accepted. Clear indication of government supportby, for instance, an announcement of intended usage of the system, would betimely and provide an urgently required planning base. For thepurposes ofelectronic commerce, there will be a need for legislation to give digitalsignatures the equivalent force and effect of a witnessed hand-writtensignature.As in the case of third party service providers, a form of vetting andregistration of those who would offer certification authority services is indicated.
1.1.12 A certification authority is neither an escrow agency nor a trustedthird party; it will not retain or archive key materials unless specificallyrequested by customers to do so and then only under contractual conditions thatremove any liability which may flow from compliance with lawful orders toproduce such materials to instrumentalities of the state. Its function relates tocertifying to the integrity or personal ownership for both authentication andconfidentiality purposes, to authenticating digital signatures for commercial,legal, evidentiary and similar purposes.
1.1.13 Some may argue the more organised, or 'professional', criminalelements would be unlikely to rely on any service providers, too easily riskingbecoming hostages to fortune - a view recited by all law enforcement agenciesconsulted by the Review. But convenience, lethargy and a lack of disciplinerepeatedly prove themselves capable of overcoming such caution, at leastamong the less professional strata. In such circumstances, they may be few ormany, government agencies could seek search warrants to obtain 'keys' wherethese were held either by the subject of the investigation or the registered thirdparty service provider.
1.1.14 Criminal enterprises, like normal businesses, may be expected togenerate their own key materials. There will be the capacity to generate astaggering number of keys, to use a computer randomly to choose the algorithm,to change the key randomly with every transaction or to change the keyautomatically at intervals set at seconds rather than minutes, while transactionsproceed. In such instances, there is no third party or service provider to be approached. Either voluntary or coercive attempts to require production of the'key' are unlikely to prove successful and the user would likely be unaware ofthe key being employed. The invocation of the principle of non self-incriminationmay well represent the polite end of the possible range of responses.
1.1.15 In light of this situation, the Review does not recommend mandatorythird party arrangements. Some form of voluntary third party service seems aninevitable development, however, for electronic commerce and intellectualproperty reasons, as well as interoperability and international agreements. It islikely to prove of limited assistance to law enforcement and national securityinvestigations.
1.1.16 Any attempt to prohibit the importation of cryptographic materialswould be misguided and harsh to the privacy rights of all citizens. Strongcommercial encryption is in the national interest and a role can be argued forgovernment to advise the community about the integrity/vulnerability ofsystems and products. On this note, the national interest strongly suggestsAustralia should not be dependent on products originating in one country. Therisk of national dependence on the United States, which manufactures themajority of the world's software, would at least be reduced by diversification ofsupply and there is scope for government to take a lead here.There is, ofcourse, some hope that the technology which passes through generations in theblink of an eye [a Web year was described to the Review as 90 days and goingdown!] may provide some comfort to law enforcement and national security. Inthe meantime, some practical suggestions are made.
1.1.17 Changes should be made to strengthen focussed investigations ofthe AFP, the NCA and ASIO, to review the sanctions for non-compliance withdirections to produce and to protect more effectively sensitive operationalmethods used by these agencies to acquire access to encryption keys or systems.There should be no change to the tests to be satisfied before warrant requestsare approved - they should remain as stringent as they are today. Nor should therebe any change to oversight arrangements.
1.1.18 The wide and easy availability of cryptography will enhance theprivacy of citizens, where they have control over the use to which data is beingput. It should allow some protection against the data-matching, profiling andpeddling of personal information for commercial gain which have becomeendemic, through ignorance or obfuscation of the need for informed consent.3It will adversely impact on the capability and investigative approach of lawenforcement agencies and the security service and may, consequently, provokesome redefinition of that fundamental relationship between citizen and state.To presage the imminent end to civilisation, however, which some foreign lawenforcement advocates assert will ensue should their favoured approach not beadopted, is neither a novel prophecy nor lends substantial assistance to thedebate.
1.1.19 The work of the sub-group of the Organisation for EconomicCooperation and Development (OECD), tasked with developing draft guidelineson cryptography, is important. The aim is a framework of principles addressingthe needs of the global village.4Electronic commerce requirements, if nothingelse, will likely dictate some common infrastructure to guaranteeinteroperability. If the European Union, the United States or Japan,for example, or any combination of these, was to muster sufficient support for aparticular model, Australia would be foolish not to follow suit. At this stage,however, there is no such agreement and, hence, no need to take an independentpolicy position on this issue.
1.1.20 The conundrum for government is the encryption genie is out of thebottle: a genie with the potential to enhance data security and personal andcorporate privacy but also to provide a shield of invisibility for criminals andothers. While the pace of change continues relentlessly, the most appropriatepolicy response remains to watch developments closely, to reinforce and protectthe investigative capacity of law enforcement and the security service, tomaintain the requirement that telecommunications services provided by carriersbe susceptible to interception, to progress the development of the OECDguidelines on cryptography, to ensure appropriate arrangements for thescreening, performance standards and registration of third party serviceproviders and certifying authorities are put in place, to coordinate policy andtechnical development which may provide a solution to public safety needs andto stimulate public discussion of and involvement in the search for a trulybalanced solution.
1.1.21 The implications for law enforcement and national security ofencryption, though significant, appear dwarfed by the potential fiscalconsequences, particularly when allied to more powerful processing and theprogressively increasing capacity for individuals to engage in anonymoustransactions. They are matters, however, outside the Terms of Reference.
1.2 Findings
1.2.1 The main finding of the Review is that major legislative action isnotadvised at this time to safeguard national security and law enforcementinterestsin the face of the challenge presented by cryptography, though a range of minorlegislative and other actions are indicated.
The 1994 judgement, that encryption was a looming problem which warranted close monitoring, remainssubstantially valid. The problem, in a substantive sense, still lies ahead of lawenforcement and national security agencies but the distance is shortening rapidly.
1.2.2 The option recommended by the Review to cater for national securityand law enforcement interests in the face of the encryption challenge is tostrengthen and further protect the investigative capability of those agencies,to recast the relevant statutory provisions in clear purpose terms to preventpremature aging and to consider the introduction of a new statute (the Aid toPublic Safety Act is proposed) which would aggregate the various intrusiveinvestigative powers, or at least those in the Attorney-General's portfolio,into one place. This would facilitate the process of review, as indicated by changesin technology or circumstance, and likely engender a more controlled publicdiscussion.
1.2.3 Australia has not been disadvantaged by the absence of policydecisions on the issue of key management infrastructure. Manyforeign governments have moved early, but not necessarily to advantage. The rate oftechnological change, developing public knowledge and expectation of theGlobal Information Infrastructure and the reaction to the control mechanismsattempted by some governments suggest, generally, a continuation of thiscourse. The immediate exception, on public administration grounds rather thananything else, would be the introduction of screening and registrationprocedures for third party service providers and certifying authorities. Thethird quarter of 1996 saw more intensive global engagement on this issue than anycomparable earlier period. The greater risk for Australia, in the short term,is the lack of certainty about who is directing government policy and who,therefore, is coordinating the work progressing across a range of fronts. Thatis an issue which needs urgently to be addressed.
1.2.4 The Review's findings are set out against each term of reference.Those of a broader nature, which do not specifically relate to a particular termof reference, have been aggregated under term number 2.
| Term of Reference 1. | The Review is to examine whether legislative or otheraction should be taken to safeguard national securityand law enforcement interests in the light of therapid development of the Global InformationInfrastructure and the continuing need to safeguard individualprivacy. |
Findings:
1.2.5 The Review does not support legislative action at this stage toprescribe a form of key management infrastructure accessible by government forpurposes of national safety, but overseas proposals and developments will needto be kept under close watch. The effort within the OECD to develop draftguidelines on cryptography is worthwhile and should provide a usefulframework for national and international approach to this issue. Afurther Review is recommended late in 1997, when technology will have advancedfurther, any early impact of deregulated communications will be apparent, theposition of other countries such as Britain and the United States will beclearer (both plan to introduce legislative measures), the OECD work will be largelyconcluded and the position Australia might best adopt to balance its nationalsecurity and law enforcement interests with its support for electronic commerce,privacy and continuing access to the communications and informationrevolution, might be clearer. (paragraphs 3.4.1-3; 3.7.1-7; 4.5.11-16; 4.6.1-2;5.1.5-9 refer)
1.2.6 The Review found a lack of clarity as to which Minister and whichdepartment had responsibility for cryptography policy and the consequentdanger of a lack of coordination in policy development. These deficienciesneed to be overcome. (paragraphs 2.3.1-2; 3.4.3-5; 6.1.1-4 refer)
1.2.7 The Review identified a number of areas where legislative actionmight be taken to ensure Australia's national security and law enforcementinterests. These are set out at term 3(c).
| Term of Reference 2. | The objective of the Review will be to presentoptions for encryption policies and legislation whichadequately address national security, lawenforcement and privacy needs while taking accountof policy options being developed to addresscommercial needs. |
Findings:
1.2.8 The Review does not recommend specific options for encryptionlegislation at this time. The policy options being developed to addresscommercial needs are as yet inchoate. The process of developing guidelines onthe use of cryptography by the OECD Ad Hoc Group of Experts is still 6months from conclusion and international agreements based on such aframework would seem to represent the only basis for trusted third partyencryption of telecommunications.5 (paragraph references as per 1.2.5)
1.2.9 There is no draft proposal at large which meets well the competingdemands of law enforcement/national security, privacy and commercial needs.(paragraphs 4.5.1 1; 4.6.2; 4.7.1-6 refer)
1.2.10 The conceptual difficulty in resolving those tensions in one set ofarrangements is exacerbated by the requirements of law enforcement andnational security being predicated on access, while privacy and commercialneeds are predicated on protection.
1.2.11 There seems no compelling reason or virtue to move early onregulation or legislation concerning cryptography. Law enforcementand national security agencies have certainly experienced difficulty where subjectsof investigation have refused access to encrypted stored data and it has notbeen possible for them or other agencies to decrypt this material. It isquestionable, though, whether any range of policy decisions concerning key managementwould have altered this situation materially. For the present, theinvestigativecapability of the agencies is not significantly affected. (paragraphs 3.2.1-4;3.5.3-4; 4.1.2 refer)
1.2.12 To ensure policy positions are properly coordinated and reflect theinterests of the different parts of government, it would be preferable if thesefollowed decisions by Ministers on policy responsibility, were coordinated by astanding inter-departmental committee and that the committee was constituted atan appropriate level. (paragraphs 3.4.2-5 refer)
1.2.13 For reasons of electronic commerce and international cooperation inthe law enforcement and national security areas, Australia's policy positionsmust mesh with those of her major trading and cooperating partners. While afew countries have made public policy commitments, these are likely further tochange. International acceptance of the OECD draft guidelines oncryptography, the drafting of which is due to conclude early in 1997, mayprovide a basis for that consistency in national approach essential for the GII.(paragraphs 4.6.1-4 refer)
| Term of Reference 3(a). | Key factors to be addressed include Australia'snational security and defense interests; |
Findings:
1.2.14 While national security and defense interests provided the frameworkwithin which the other terms of reference in paragraph 3 were examined, theinjunction in the first term of reference of the Review to have regard for thecontinuing need to safeguard individual privacy and a reminder of that at term3(d) provided some tension when different requirements were to be served.The approach of the Review was to seek to strike a balance, leaving the privacyadvantage with the community as a whole when the security or defenseinterests, taken at their broadest, were unable to demonstrate an impediment tothe performance of their functions and model mechanisms of control eitherfailed or were oppressive.
| Term of Reference 3(b). | an assessment of the present state of encryptiontechnology and prospective developments in encryption technology over the next few yearslikely to impact on Australia's national security and law enforcement interests; |
Findings:
1.2.16 Data is being stored securely on computer systems or being sent overthe telephone system beyond the reach or visibility of the investigative agencies.(paragraphs 3.5.1-4 refer)
1.2.17 The likely trend will be from software encryption applications withseparate keys generated by the individual's computer system or an independententity to primarily hardware solutions where random keys are rapidly generatedand changed by the equipment itself and recognized and understood by those towhom data transmissions are directed (paragraphs 3.6.1-7 refer)
1.2.19 The AFP should chair an inter-agency group tasked with thepreparation of an assessment of the impact which the loss of real-time access to voice and data communications would have for law enforcement and nationalsecurity. The assessment should be submitted to the Secretary of the Attorney-General's Department for presentation to the Secretaries Committee on NationalSecurity. (paragraph 4.1.3 refers)
1.2.20 The future direction of encryption technology depends largely onadvances in the field of pure mathematics and computing power whichincreases, on average, by the power of 10 every five years. We will likely seededicated microchips able to work faster and process more complex algorithms.at reasonable speed. Secure faxes will become more common. Remotebanking facilities will become available. Local area computer networks(LANs) will use encryption for communication between workstation and fileserver or mail server. This encryption will be transparent to the user. Eachcomputer or user on the network will have its own public/private key pair, usedto generate random session keys. Further ahead, quantum computing and,perhaps, quantum cryptography are mentioned, as are molecular memories, butnone is predicted to cause major change to the projected trend line ofdevelopment. (paragraphs 3.1.1-4 refer)
1.2.21 The availability of an encryption function on major softwareapplications or as a service to telecommunications users would likely be takenup quickly by the community, but particularly the more significant targets oflaw enforcement and national security agencies. Microsoft, for example,recently indicated it would soon offer such an application. (paragraph 3.4.6 refers)
| Term of Reference 3(c) | whether Australia's present laws are adequateto ensure Australia's security and lawenforcement interests in an environment ofrapidly emerging new technologies; |
Findings:
1.2.23 The Telecommunications (Interception) Act 1979 is consideredadequate by national security and law enforcement agencies, though a range ofissues such as the continuing capacity to trace calls; the test of reasonableness(as applied) under which law enforcement and national security agencies mayseek such action; access to call record information and caller identification fromcarriers and service providers; the legal status and, therefore, obligations ofservice providers after 1 July 1997; the impact of satellites (eg systems arebeing launched by Asian countries which will cover significant parts ofAustralia); and some jurisdictional matters in relation to the Internet loom asissues which the Law Enforcement Advisory Committee (LEAC) and theAttorney-General's Department will need to pursue. (paragraphs 3.4.1-2;3.6.7; 4.8.4; 6.2.4 refer)
1.2.24 The Telecommunications Act 1991 would become inadequate if thelicense condition on carriers first to obtain approval from the Minister forCommunications and the Arts, who is required to consult with the Attorney-General,before marketing any telecommunications service not susceptible tointerception should be varied.6(Paragraph 6.2.18 refers)
1.2.25 The Telecommunications Act 1991 should establish a requirement forall communications service providers to be registered, which would facilitatethe service of warrants and access to customer data bases by law enforcement andnational security agencies. The purpose is not to restrict entry to the sectorbut to meet these requirements and ensure service providers may be kept informedof changes affecting their functions. (paragraphs 6.2.4-5; 6.2.18; 6.2.21 refer)
1.2.26 The ability to trace calls will continue to be of major importanceto the AFP, NCA and ASIO (and the State police services), even in situations whereinterception or access to communication content is denied. The application ofthe 'reasonableness' principle by communications carriers or service providerswill need to extend beyond life-threatening situations. The containment ofconsequential costs might best be managed by limiting, more than currently,those agencies authorised to make such requests.(paragraphs 3.6.7; 6.2.4 refer)
1.2.27 Invocation of the principle of non self-incrimination is likely toprove an obstacle to efforts by law enforcement agencies to obtain encryption keys bysearch warrants or orders made by courts and tribunals.(paragraphs 3.2.4; 3.5.1-4; 3.7.10-11 refer)
1.2.29 Consideration should be given to establishing a further and moreserious category of offence where encryption is used to obstruct investigationby law enforcement or national security agencies into the preparation for orcommission of a criminal offence and to give the Commissioner of the AFPauthority, analogous to the ss. 28/29 powers provision available to the Chairmanof the NCA, to require production of information or material which wouldrender seized encrypted data intelligible. (paragraphs 3.7.10; 3.7.11; 6.2.22refer)
1.2.30 The narrow definition of a listening device in the AustralianFederal Police Act 1979 should be amended to reflect the purpose of such devices,namely to transmit data. The current wording restricts transmission to voiceonly. (paragraphs 4.3.5; 6.2.1; 6.2.20; 6.4.4 refer)
1.2.31 The criteria of Class 2 offences as set out in section 12(B) of the AFPAct should be widened so that listening devices might be deployed in theinvestigation of computer and information crime. The use of computers ascommunications devices is much more common than when the Act was draftedand that trend is only likely to become more prevalent. (paragraphs 6.2.2;6.2.20 refer)
1.2.32 Authority needs to be created in the AFP Act, subject to the normalwarranting processes for the exercise of intrusive powers, for the agency toinstall tracing or tracking devices which transmit data, to enter premises orperform this remotely, to do so without seeking or obtaining the permission ofthe owner or user of the equipment or premises, to transit other premisesnecessary to reach the nominated premise and to re-enter such premises as arenecessary to maintain, replace or remove devices. Removal of devices, underthe same warrant conditions, would be permitted after the expiration of thewarrant, if secure circumstances do not obtain in the term of the warrant.Call-tracing should not be a facility confined in its application to life-threatening situations but available for the investigation of serious crime orsecurity, intelligence subjects. (paragraphs 6.2.6; 6.2.9; 6.2.20 refer)
1.2.34 All amendments and suggestions made in relation to the AFP Actshould be mirrored by amendment to the ASIO Act, both for its securityintelligence and its foreign intelligence investigation obligations.
1.2.35 There will need to be integration between federal, state and territorylaw enforcement agencies as Commonwealth investigations frequently coverseveral jurisdictions, the State and Territory police forces operate in the sameareas of criminal investigation and the latter police forces employ the samecore technology and encounter the same problems. These issues might usefully beexplored at a meeting of the Standing Committee of Attorneys-General and theAustralian Police Ministers Conference. (paragraph 6.2.28 refers)
1.2.36 Statutory protection needs to be afforded those sensitive operationaland technical methods employed by law enforcement agencies in the course oftheir investigations. The process of establishing a public interest immunityclaim may implicitly reveal sufficient of a conceptual and operational approachas to destroy the integrity of such a method. Where high personal risk anddamage to the investigative capability of the agency may result, shouldprotection of the operational methods employed in a particular investigation notbe absolute, agency heads should be empowered to issue a certificate, pursuantto the proposed provision, identifying the operationally sensitive informationprotected from disclosure, discovery by legal process or access under the FOIAct. (paragraphs 6.2.12-17; 6.2.20 refer)
1.2.37 Consideration be given to incorporating all intrusive investigativepowers, or at least those of the agencies in the Attorney-General's portfoliosuch as the AFP, ASIO, AUSTRAC and the NCA, into one statute with an aim andtitle like 'the Aid to Public Safety Act'. The various powers should beexpressed in terms of their purpose, not the means by which those purposes maybe achieved. The benefit would rest in common approaches acrossCommonwealth agencies, a clearer over-arching purpose, a positiveencouragement to inter-agency cooperation and the greater speed and politicalease with which necessary amendments may be effected to ensure the statuteremains relevant to developing technology and practice. (paragraphs 6.4.1-8refer)
1.2.38 Instead of the current four or more types of warrant for intrusiveinvestigative activities by law enforcement and national security agencies, towhich further types are proposed at 1.2.28, 1.2.32 and 1.2.33, all warrant typesshould be reduced to one of two: the interception of communications or entryinto property. (paragraph 6.4.8 refers)
| Term of Reference 3(d) | measures to safeguard individual privacyincluding an examination of the warrantingprovisions that may be required to enable lawenforcement and national security authoritiesto gain access to encrypted material, whetherin the form of stored data or a messagetransmitted over a telecommunications network; |
Findings:
1.2.39 The ready availability of strong encryption, with no requirement toescrow or register keys, nor to entrust them to any independent entity, is themost effective safeguard of individual privacy. (paragraphs 3.4.8; 4.5.7;4.5.10; 4.6.3; 4.8.4 refer)
1.2.40 The current regime of stringent warranting provisions for the exerciseof intrusive investigative powers should continue and apply to any change to therange of those powers. (paragraphs 2.2.6; 5.1.7; 5.1.9 refer)
1.2.41 To ensure the privacy rights and civil liberties of those subjects ofinvestigation by law enforcement and national security agencies are preserved,where a court or tribunal is prevented from examining any circumstancessurrounding covert investigations because a statutory protection againstinvoluntary disclosure has been invoked by an agency, such cases or a sample ofthese cases should be examined by a senior, independent official experienced inthe conduct and handling protocols of sensitive matters. As the Inspector-General of Intelligence and Security has the function to inquire into mattersreferred to the Inspector-General by the Human Rights and Equal OpportunityCommission in respect of the intelligence community, the sole aspect to bereviewed here, this function would be caught within existing responsibilities.In the case of Commonwealth law enforcement agencies, the function might begiven to the proposed National Integrity and Investigations Commission.(paragraphs 6.2.24-27 refer)
| Term of Reference 3(e) | an assessment and evidence of the benefits ofaccess by law enforcement and nationalsecurity agencies to encrypted data; |
Findings-
1.2.43 There are indications, more frequently seen by law enforcementagencies than ASIO, that the subjects of investigation are making significant useof encryption to store data securely. It is already a frequent experience that thisdata cannot be decrypted. (paragraphs 3.2.4; 3.5.1; 3.5.3; 4.1.2; 4.4.1 refer)
1.2.44 Real-time access by law enforcement and national security agencies tothe voice and data communications of their subjects of investigation isessential to core capability. The loss of that access would seriously impaircapability, increase the risk factor in their operations and entail a range ofstaffing, budgetary, legislative and political consequences. (paragraphs 4.3.1-6refer)
1.2.45 The lack of reliable national statistics on attacks on computer andcommunications systems will hamper policy development in areas such aselectronic commerce and cryptography. The proposed IDC on Cryptographyshould consider the matter in the light of the review of AUSCERTcommissioned by DOCA and its impact. (paragraphs 3.3.4-5)
| Term of Reference 3(f) | an assessment of the most appropriate meansoffending the development, implementationand maintenance of a decrypting capability forexisting and emerging technologies; |
Findings:
1.2.46 No cogent reason was presented to the Review which suggested anindependent cryptanalytical capability should be established for lawenforcement and national security interests. (paragraphs 4.4.1-5 refer)
1.2.47 While general support for an independent decryption capability wasevident among law enforcement agencies, the limited opportunities andexpectations with which decryption would be approached would not justify thesignificant establishment and recurrent budgetary allocation required.(paragraphs 4.4.6-7 refer)
1.2.48 A 'closed' forum at a senior technical and operational level involvinglaw enforcement, national security and the Defence Signals Directorate shouldbe established to discuss and share attack methodologies against encryption, thecovert acquisition of keys, agree possible research projects and reviewcooperation arrangements. Such a forum would provide a means for keepingthe Secretaries Committee on National Security informed of any significantchange to the investigative capability of law enforcement or national securityagencies as a result of encryption.8Because of the protocols surrounding thisfield, it would be sensible for such a forum to be covered by memoranda ofunderstanding agreed by the heads of the various agencies. (paragraphs 4.4.7-12; 6.3.2 refer)
1.2.49 The cost of enhancing in-house facilities to produce a modestdecryption capability should not necessitate New Policy Proposals, but theCommissioner of the AFP, the Chairman of the NCA and the Director-Generalof ASIO should ensure investment in staff training, development andsecondments and minor capital expenditure on decryption facilities are plannedand implemented in a coordinated fashion. The proposed inter-agency forummay provide the vehicle to coordinate that investment and development.(paragraphs 4.4.7; 6.3.1-3; 6.3.5 refer)
| Term of Reference 3(g) | whether Australia should seek to negotiateagreements with any other country orcountries governing access to encrypted datawhere public keys (under a 'Commercial keyEscrow' or 'Trusted Third Party' system ofencryption) are held outside Australia; |
Findings:
1.2.50 It would be premature to enter formal negotiations with othercountries on access to encrypted data, where public keys are held in thosecountries, until there is some certainty as to likely key managementinfrastructures. Reciprocity is a standard feature of such access agreements.Caution against entering formal negotiations is not intended to precludesubstantive discussions on the issues. Indeed, the US has intimated that acondition of easing export controls may be the existence of a form of certifiedkey management. (paragraphs 4.6.1-2 refer)
1.2.51 Such agreements should reflect the arrangements which nationalsecurity and law enforcement agencies have in place to handle the exchange ofsensitive tracing and operational matters. Those arrangements, properly, haveregard for the legal, political and human rights record of the requestingcountryand the likely use which may be made of the information sought. (paragraph4.6.4 refer)
| Term of Reference 3(h) | whether legislation is desirable to: (i) regulate the availability of 'CommercialKey Escrow' or 'Trusted Third Party'encryption; or (ii) facilitate the development of 'CommercialKey Escrow' or 'Trusted Third Party'systems of encryption; |
1.2.53 There is a high risk of corruption in the third party service providersector and the Government would be prudent to require integrity screening andregistration of those who seek to offer such services to the public. Thetestingprocess employed by casino authorities should prove a useful model.(paragraphs 4.7.6-7 refer)
1.2.54 Some licensing or registration arrangement, together with arequirement to meet minimum performance standards (as proposed by StandardsAustralia) is indicated for Certifying Authorities providing authenticationservices. This may depend on the outcome of the Wallis Inquiry into the effectsof deregulation of the finance system9or government may wish to consider itcognately with the recommendations from the working groups of officialsexamining a range of electronic commerce issues. The separation of theauthentication from the confidentiality key is a matter where clear and earlystatement of government's position would assist. (paragraph 4.5.15 refers)
| Term of Reference 3(i) | the impact of overseas initiatives associatedwith encryption technology, particularly inrelation to the extent to which internationalcooperation and proactive specification ofdesirable characteristics for encryptionproducts and 'Commercial Key Escrow' or'Trusted Third Party' services is desirableand recommendations as to how such internationalcooperation might best be achieved,. |
Findings:
1.2.55 Considerable variation exists in the approach of foreign governmentsto cryptography policy issues, ranging from banning, to registration, to thepromotion of voluntary systems of key management which may meet some ofthe needs of law enforcement and security, to the deliberate decision not totake decisions on these matters while the technology continues to develop at arapid rate and offers new approaches for dealing with the issue. (paragraphs4.5.1-13 refer)
1.2.56 There seems to be little popular support in or outside the UnitedStates for a 'Commercial Key Escrow' system involving government agenciescreating as it would significant vulnerability outside of the control of theperson or corporation. 10
1.2.58 The issue of international cooperation would best be addressedfrommid-1997 when there has been more developmental work, the position of anumber of countries will be clearer, legislative proposals will have beenintroduced by some and the work. of the OECD Ad Hoc Group of Experts willhave concluded. (paragraphs 4.6.1-4 refer)
| Term of Reference 3(j) | the effectiveness of Australia's export controlson encryption technology. |
Findings:
1.2.59 Any judgement as to effectiveness depends on the aspect from whichthe issue is approached. As the Review was enjoined to consider Australia'snational security and defence interests as key factors, it may be arguedAustralia's export controls were effective, though American export controls mayhave had greater influence on the limited proliferation of 'strong' forms ofencryption in the region. (paragraphs 5.2.1-4 refer)
1.2.61 From a commercial perspective, the purpose and impact of thoseexport controls was questioned. There was criticism thatAustralian cryptographic products did not always meet customer requirements and sufferedin comparison with American products on the counts of convenience,comparability and cost. (paragraph 5.2.6 refers)
1.2.62 The abolition, or even an amelioration, of United States exportcontrols will likely prompt a rapid extension of key lengths as an arguedtalisman of data security. (paragraph 5.2.11 refers)
| Term of Reference 4. | The Review is to have regard to theGovernment's existing encryption policies, the work of the OECD Committee of Experts on Security,Privacy and Intellectual Property Protection in the Global Information Infrastructure on thedevelopment of international cryptography guidelines and the work of the Information Policy Task Force onthe implementation of open encryption standards which address commercial needs. |
Findings:
1.2.63 The Review examined and took account of the Government'sapproach outlined in Australia Online 12and by officials of the Department ofCommunications and the Arts. It examined the 1980 OECD Guidelines onTrans-Border Flows of Personal Data 13and the 1992 OECD Guidelines onInformation Systems Security and informed itself of their antecedents. It hadthe benefit of many discussions and meetings with representatives of allinterested agencies on the draft guidelines on cryptography currently beingdeveloped and was invited to participate in inter-departmental discussionschaired by the Attorney-General's Department. The Information Policy TaskForce had not been established in the period of this Review but a retitledInformation Policy Advisory Council was due shortly to meet. 14
Footnotes:
1Technologies include DNA analysis, fibre analysis, improved electronicsurveillance methods across public agencies such as Immigration, SocialSecurity, Taxation, Customs, financial institutions, communicationscamera, transport companies and regulators, etc. 2Samuel D Warren & Louis D Brandeis, The Right To Privacy, 4 Harv. L Rev. 193,195 (1890) 3 Prof Greg Tucker notes the possibility that an unregulated GII environmentcould lead to a loss of control byindividuals over their personal data, running the risk of creating asurveillance society. From his paper titled'Security, Privacy and Intellectual Property Rights in the InformationInfrastructure' presented to the OECD,May 1996, p 143. 4Not only is the relationship between the individual and the state likely to heaffected by cryptography and itsconsequences but Michael Nelson argues we will see less powerful governments inrelation to trans-nationalcriminal organisations because traditional notions of sovereignty, nationalsecurity and warfare will beundermined by 2020 when the whole world will be 'wired' and e-cash is the norm.Michael Nelson, SpecialAssistant, Information Security, Executive Office of the President, quoted inBNA Daily Report for Executives,6 September 1996, Washington, DC. A view offered also in a Technology IssueNote published by theNational Security Agency titled 'NSA and the Cyberpunk Future', 3 June 1966, pp4-5. 5This group is Co-chaired by a Deputy Secretary of the Attorney-General'sDepartment and is scheduled to complete its work by February 1997. 6The US Administration is proposing legislation requiring each telecommunications carrier to increase itscapacity to meet assistance capability requirements (the capacity simultaneously to undertake call tracing andcommunications interceptions) equal to 0.5% - 1% of the engineered capacity ofthe equipment, facilities or services that provide a customer or subscriber with the ability to originate,terminate or direct communications.The Congress has enacted the Communications Assistance for Law Enforcement Act(CALEA) and authorised funding support of $500 ml. Under the Omnibus Consolidated Appropriations Billsigned by President Clinton on September 30, 1996, the permanent Telecommunications Compliance Fund mayreceive money from any US Government agency with law enforcement or intelligence responsibilities.Carriers have raised significantly the charges levied on law enforcement agencies for special assistance. 7Inspector-General of Intelligence and Security Act 1986. s.8 (1)(a)(v). 8Both the Commissioner of the AFP and the Director-General of ASIO may beinvited to attend meetings of the Committee and the Secretaries of the Defence and the Attorney-General'sDepartment, which embrace the portfolio interests, are members. 9The Financial Systems Inquiry, commissioned by the Treasurer under thechairmanship of Mr Stan Wallis, is due to report to the Australian Government byMay 1997. 10The US Administration issued two statements on July 12, 1996, one entitledAdministration Statement on Commercial Encryption Policy (shown at Annex C); theother, US Cryptography Policy: Why We Are Taking the Current Approach. 11A Paper on Regulatory Intent Concerning Use of Encryption on PublicNetworks was issued by the British Department of Trade and Industry on 11June 1996. 12Policy statement on media issues published by the Coalition parties prior tothe 1996 federal election. Thesection immediately relevant to this Review (personal Privacy and CommercialSecurity) is shown at Annex B. 13Attached at Annex F of this report. 14The Information Policy Task Force was a specific proposal in AustraliaOnline. p 10 et seq and is specified as a relevant parameter for this Review. See Terms of Reference, attached asAnnex A to this report, para 4.
CONTEXT AND APPROACH OF THE REVIEW
2.1 The Context - Barrett's Obiter Dictum
2.1.1 This review occurred in concert with a range of similar reviewsinitiated by different parts of government. Some overlap was indicated, and thecoordination arrangements remain something of a mystery. Topics as broad aselectronic commerce or on-line services understandably attract the attention ofa number of major policy departments and operational agencies, while encryptionis addressed simply as an element of their broader studies. The focus of thisreview of encryption policy is to address law enforcement and national securityinterests, while ensuring individual privacy needs are safeguarded.
2.1.2 The review took as a reference point an observation made in theBarrett report on Telephone Interception in 1994 that
2.1.3 The question which obviously presents itself is whether the 1994conclusion still stands or how it should be revised.
2.1.4 Barrett recommended the Law Enforcement Advisory Committee(LEAC) should keep the use of encryption under review and provide annualreports on its effect.17That task was assigned to Sub-Committee E of LEAC.It has submitted four reports to date 18.They note evidence of encryptionbeing used in stored data (primarily hard disk) but none as far as communications areconcerned. This view is qualified by the fact that the equipment used tointercept digitised signals transmitted over high-speed modems is forced tooperate at the limit of capacity and some encrypted communications may not becaptured. The bottom line judgement has to be that Barrett's conclusion standsintact but the time-frame is likely to be compressed. The problem is no longera future one - the operational and investigative problem will be with lawenforcement and the national security authority tomorrow.
2.2.1 Working alone on such a review, it was clearly impractical to invitewritten submissions or conduct public hearings. Related standingreviewsalready existed and others were established in the brief life of this Review.Theprimary issue was how law enforcement agencies and the national securityservice might retain their current investigative capability in a world whereencryption may be generally used. The second issue was to establish if whatwas hidden from investigative agencies behind the veil of encryption wouldaffect their effectiveness. Thirdly, if the impact was deleterious, shouldAustralia be looking at emulating the type of response adopted by some foreigngovernments or do something else. And fourthly, should a decryptingcapability for law enforcement be established and, if so, how might it be fundedand maintained.
2.2.2 The structure of the Report reflects the major themes of the Review.There were some other issues and by keeping a constant eye on the Terms ofReference, these are addressed either separately or cognately.
2.2.3 The key constituencies for the review were easily identified: privacyguardians and those academics or experts who had revealed a close interest inthis aspect of the debate; Commonwealth, State and Territory law enforcementagencies and the national security service; policy departments with an interestin the area; users; carriers and service providers; the information technologyindustry itself; and the banking or finance sector. Within quite severeresourcelimitations, the Review attempted to consult with a representative sample of allthese sectors and expresses its appreciation for the time and thoughtfulcontributions which were made.
2.2.4 There were some areas of the Terms of Reference where it was notpossible to make a satisfactory response or the limitations imposed on a singlereviewer precluded the elicitation of the material on which a response may havebeen based. In instances where I was aware this occurred, I have identifiedareas which require further examination. Indeed, the situation in a number ofthese is far from settled and continuing close attention to developments inAustralia and overseas is indicated. For the same reason, there are manyinstances where findings have not prompted recommendations but warrant closeconsideration. I believe Australia has suffered no damage from itsdisinclination to commit to a legislative or regulatory regime in thecryptography field and has had time to learn from or reflect on the earlyinitiatives of other countries.
2.2.5 The Review addressed its terms of reference from a public policyperspective. Some understanding of the core elements of cryptography isnecessary for informed discussion, but the Review did not seek to acquire, farless claim, technical expertise. To those who found themselves occasionallycast in the role of tutor and were then impelled to make over-simplifications toachieve even nodding comprehension, grateful appreciation is expressed.
2.2.6 As the Privacy Act does not apply to the private sector and theprivacyimpact of the issues raised in the Terms of Reference exclusively impact on theprivate sector, I thought it important to consult with both formal privacyprotection bodies on the one hand and academics and industry experts on theother to gamer views in an area of uncertainty. I found much commonality.There is broad acceptance of the checks and balances at the Commonwealthlevel on intrusive investigations by law enforcement and the security service.While some changes to the scope of warranting provisions were seen as likely,these should be accepted by the community if the same level of stringency in thesecuring, execution and oversight of warrants is maintained.
2.3.1 Between the key constituencies mentioned above, some degree oftension was to be expected. What also became apparent was the differingphilosophical position taken by various elements within each sector. This isillustrated simply by the government sector, where four separate policydepartments represent the following discrete purposes:
Across such a spectrum of government interests, the fact of differentphilosophical approaches is not surprising. What is of concern ,however, is thelack of any coordination mechanism to bring together the disparate policyinterests and review bodies. The policy outline with which the Governmentwent to the 1996 federal election, Australia Online, elevates the protection ofpersonal privacy above other considerations and eschews legislative action inthe area of encryption.19The Review was advised these elements reflect theMinister's current thinking. It is not clear, though, how they and otherelements infuse the policy development process throughout government.
2.3.2 Proposals for coordination arrangements are advanced in Chapter 6.The comments raised here are mentioned to understand the somewhatfragmented context in which the Review occurred.
Footnotes:
15Report of the Review of the Long Term Cost Effectiveness ofTelecommunications Interception conductedby Mr Pat Barrett, March 1994, paragraph 5.3.19, p 98. Commonly referred to asthe Barrett Report. 16Ibid, p 99. 17Ibid, Recommendation 5, p 16. The LEAC was established by the regulatingagency, the Australian Telecommunications Authority (AUSTEL). 18Reports of December 1994, June 1995, December 1995 and June 1996.
19 Australia Online, op cit. See relevant section at Annex B of this report.
THE DIRECTION AND IMPACT OF ENCRYPTION
3.1.1 The ability to sketch confidently the direction of encryption would bea very marketable talent in the IT industry. Few are prepared to be expansivein their predictions, but some trends or tendencies have emerged. On one point allseem agreed - when personal computers are sold with standard softwarepackages which offer a pull-down encryption facility, there will be wide use ofencryption. There are plenty of encryption systems and applications availablecommercially and in the public domain. The volume has increasedsignificantly over the past three years but not the variety. Commercialand private interest has principally been in the data storage area, with limitedincursion into computer to computer communications. Criminal intelligencefrom law enforcement agencies overseas indicates the larger narcotics suppliersare using such encrypted links.
3.1.2 Likely developments over the next few years? Cryptographyin modems, currently restricted by export restrictions; financial smart-cardswith complete encryption which will defy transaction tracking; a continuing trendfrom encryption software programs to hardware-based systems; and alwaysmore speed. In the same period, communications will continue to becomefaster and cheaper. Relaxation of United States export controls would seesystems with quality algorithms and long keys surge on to the market. There islittle doubt the combination of these developments will see a major slow-downin the 'reading' capacity of the Sigint community for a period. How long thatperiod may be and how it may be overcome are issues to be discussed in aframework of more sensitivity than the nature of this review permits.
3.1.3 And then there is quantum cryptography. Some argue it is the nextwave, others dismiss it as fantasy. Gilles Brassard spoke on the subject at acryptanalytical conference organised by the Queensland University ofTechnology in July 1995. He said quantum cryptography harnessesHeisenberg's uncertainty principle from quantum mechanics to allow twoparties who have never met and who share no secret information beforehand tocommunicate in absolute secrecy under the nose of an adversary, regardless ofher computing power. This is achieved by the exchange of very tenuous signalsthat consist on the average of one-tenth of one photon per pulse. Prototypeshave been built that work over a distance of ten kilometres of optical fibre.20The optimists suggest commercial application is 15-20 years away, the scepticsargue it is light years
3.1.4 The short judgement of likely encryption developmentsmay be summed up in three words which are an unintended parody of the Olympicmotto: stronger, faster, cheaper.
3.2.1 There is already considerable evidence of encryption being used inthe areas of organised crime, narcotics, pornography, illegal gaming for storingdata. Criminal intelligence indicates the larger narcotics syndicates overseasalready employ encrypted computer links (e-mail and telnet), but very fewcommunications applications have been detected in Australia.
3.2.3 The telephone system is being used by criminal elements to send datafrom point to point and these exchanges are sometimes encrypted.The Review was given virtually no indication of voice communications being encrypted,though as early as 1991, an Australian company was importing voice encryptionfor PSTN circuits.22Considerable concern about hacking and phreaking wasevinced, and evidence to support that concern, including attacks on lawenforcement agencies own data bases. While the expected security rules thatthere should be no PSTN connection with the data bases apply, the reality isback-doors can be engineered by those with intimate knowledge of thesystems. These activities are, however, outside the Terms of Reference of thisReview.
3.2.5 In a speech in early February, 1996 an American academic,prominent on law and order issues, said:
3.2.6 Such an analysis of the medium-term future could be seen asmuch advocacy of the American model of key escrow as a depiction of anenvironment where such a model would offer attraction.
3.2.7 As the assessment is likely to be recycled, because of theweight accorded Dr Denning's views in the encryption debate, it has to be saidit reflects either sudden and unreported change in the American scene oran exuberant use of the subjunctive tense. Only eight months earlier, inApril 1994, Vice Admiral John M McConnell, Director of the National SecurityAgency, told the United States Senate's Judiciary Committee's Sub-Committeeon Technology and the Law his agency's continuous monitoring ofcommunications worldwide showed little was being encrypted. 25
3.2.8 A speech given by Louis Freeh, Director of the FBI, in late1995 has been relied on by American conservative advocates to buttress theirpoint of view. 26 He argued encryption should be viewed as a public safety issue,noting the Bureau was 'increasingly' being 'impeded' in its mission, not justin communications but data storage as well. He cited a terrorist casebased in the Philippines which involved a plan to blow up a United States airliner as well asa plan to assassinate the Pope, a computer hacker and a child pornographer.There has been no public reference to new cases - surprising if 12 months agothe FBI was being impeded from performing its functions.
3.2.10 National statistics are not available for Australia but partialfiguresand the impression of those work-in. in the technical areas of law enforcementindicate we remain, fortunately, yet some distance from Denning's vision ofArmageddon.
3.3.1 Regrettably, many judgements in a Review such as this must rely onanecdotal evidence. There is no reliable statistical data and the sameprivation will limit future related inquiries and affect, if not flaw, policy development.There is no requirement on carriers to report the take-up rate of services theymarket, the shift from one sector to another and the obligations of serviceproviders are unclear. Similarly with suspected computer and communicationsoffences, where reporting is patently uneven and often deliberately avoided.
3.3.2 Consequently, whether addressing the take-up rate of a service, theincidence of hacking or phreaking, or extortion on the threat of disablingcomputer systems, opinion can only be based on inference, anecdote andintuition. There is no central repository of reliable statistical information,a situation not improved by the reduction, through budgetary constraints in someareas, of the resources available for law enforcement to play a proactive rolein this area.
3.3.3 The London Sunday Times articles detailing 'sting' attacks onfinancial institutions appeared early in this Review process. 27 They prompted a range of observations, albeit mostly anecdotal or hearsay, suggesting suchattacks may not be as rare or geographically distant as the Australian communitymight wish. Law enforcement agencies acknowledged that institutions andcorporations do not believe those responsible will be identified, let alonetheir assets recovered. The experience of the Sumitomo Corporation in Japanearly in the Review period was a salutary reminder of the accuracy of thisperception. Sumitomo admitted to its shareholders major fraud had taken place buthad been stopped. The shareholders and the stock exchange exacted savageretribution for the confession.
3.3.4 The potential loss of public confidence, with theconsequent perception of possible inability to meet commercial obligations, iscentral to financial institutions' reluctance to report major criminal activity.It was apparent to the Review that financial institutions are as restrictivein their internal communication as they are tacitum externally.An independent statutory body, funded by government, with a legislated code ofconfidentiality covering mandatory reporting to it and its own reporting arrangementsto the parliament, operating under oversight of the Auditor-General, andindependent of any external influences would be a sensible repository for thestatistical data required by government and a source of advice and guidance to thecorporate and commercial world. It would be able to undertakeanalysis of the data received, alert public and private sectors to activity trends and actas an expert witness in court proceedings.
3.3.5 Such a role would fit a body like AUSCERT, were it to befunded by the Commonwealth, placed under a strict regime of confidentiality,vouchsafed by the Auditor-General and guaranteed independence.28Its American equivalent is funded by the Department of Defense.The Department of Communications and the Arts commissioned a consultant to look atAUSCERT and the recommendations have now been enacted. The impact of thatreview on its functions should be able to be evaluated by mid-1997 when theenvisaged role for AUSCERT or a similar body should be addressed by the proposedinter-departmental committee on cryptography.
3.4.1 While normally unhelpful to meet a question with aquestion, to address encryption technologies from a public policy point of view onefirst has to answer a question that is both philosophical and practical. As wedevelop the Global Information Infrastructure (GII) who should control it?The carriers, service providers, government, the people who use it or some amalgamof a number of these? Put another way, the question asks who shouldcontrol data in the GII. Without data protection legislation in place, is thecarrier prevented from acting at will with the data entrusted to networks. Atraditional public policy view would argue government regulation and restraint ofprocesses affecting civil rights and privacy produce more equitable outcomes. Whengovernments fail in that role or, the people, at least in democracies, mayproceed to remove those governments. To vest the responsibility with thecarriers or service providers, those participating for profit, would expose a novel dilemmafor the citizen - how does one 'throw out' a carrier or service provider judgedto be abusing one's privacy or civil rights? The answer that one should shiftto an alternate presumes availability and suitability, neither of which may beprovided. The 'amalgam proposal' envisages governments picking up citizens'concerns, providing a framework of some sort within which carriers andproviders would operate and regulate themselves.
3.4.2 At the international level, Australia is playing a significant role inthe development of draft guidelines on cryptography, which will complement earlierguidelines on privacy and security of information. These should provide theinternational framework, to the central tenets of which it is hoped membercountries would commit themselves. The process of guideline development hasbeen measured, as the issue of cryptography policy opens for redefinition thecitizen's relationship to the state and the role to be accorded governmentswithin that relationship. National experience and expectations are very different andtime is required to focus on trans-national principles. That the eye of somehas been turned more to international arrangements they would wish to see in placehas not helped a process which must work from first principles, formulatenational policy on that basis and then move to bilateral and multilateralagreements.
3.4.3 The Australian Government's online industry election statementidentified private commerce as the driver of innovation and investment in newonline services. It proposed the establishment of an Information Policy TaskForce (IPTF) to examine various policy issues and report to the Goveniment.29Meantime, many different committees and working groups are tasked withexamining aspects of on-line services, electronic commerce, encryption, smart-cards and electronic cash and the daughter of Campbell30inquiry will pick up all of these and many more besides. These various bodies embrace, amongothers, the Attorney-General's Department, the Department of Communicationand the Arts, the Department of Defence, the Department of Finance, theDepartment of Industry, Science and Tourism and a number of agencies. Thatis not surprising as elements of cryptography touch their functions. What issurprising is the uneven level of representation which some of those reviewgroups attract. A formally established inter-departmental committee (IDC)would seem a more sensible and effective means of policy coordination anddevelopment than current arrangements. If established, the appropriate IDCrepresentation would be at Branch Head level.
3.4.4 There is a need for one department to have the clearresponsibility for cryptography policy and to coordinate the multi-faceted development ofgovernment policies which involve cryptographic applications. It wouldnot seem sensible for the Department of Defence to assume this policyfunction.One of its portfolio organisations, the Defence Signals Directorate(DSD), is already tasked by government with the collection, production anddissemination of signals intelligence and 'to advise the Government on all matterspertaining to communications security and computer security'. 31 A role not confined solely to situations where national security could be adverselyaffected but also embracing sensitive official information requiring protection forprivacy, financial or other reasons. 32 Defence's framework, however, is inextricably linked with sensitive and classified applications, primarily for itsown and diplomatic purposes - instanced by its required alertness to dual useapplications and global proliferation of cryptography. This would appear to makeDefence a less than obvious choice for the role in question.
3.4.5 The Treasury and the Department of Finance have obviousinterests in the whole field of electronic commerce, but cryptography is a discreteelement of that issue and not a principal policy interest. The Department of Communications and the Arts has policy responsibility for broadbandservices, telecommunications and multimedia, but again cryptography stands alittle apart from these. The Department of Industry, Science and Tourism approachesthe issue from a developmental and export point of view, rather than apolicy one. Embracing the interests of law enforcement, security, privacy,commercial law, intellectual property and protective security policy, the Attorney-General'sDepartment may be seen as a preferred option to house the policy responsibilityand chair the IDC. There is a need for Ministers urgently to addressthis issue and for it to be determined.
3.4.6 There would seem little doubt that when the major softwaremanufacturers make available encryption applications, a majority of theworld's computer users will access them. That time was not announced when thisReview commenced and yet Microsoft presaged such a development in July 1996.
3.4.7 The most obvious implication for governments facing theastonishing pace of development in the communications and information sectors andthe easy private availability of strong encryption is the fiscal one: sucha proportion of financial transactions and movements may take place via virtualbanking arrangements in cyberspace that governments may face progressiverevenue starvation. Only slightly behind is the implication for the delicatebalance our society has reached between privacy, law enforcement and securityinterests. Firstly, there is some inherent tension when these issues areconjoined.
Secondly, it is not simply a question of setting an individual's right againstsociety's rights, for we do not face here a static balance. All who live incommunity accept there has to be some trade-off, but that trade-off is not anunqualified one. There must be limits. It is a flawed approach to assume asmall or episodic interest of the state should necessarily predominate over theprivacy interests of the individual.
3.4.8 From a privacy point of view, cryptography offers welcome securityto the individual (person or corporation) and the opportunity to place data,stored or in transmission, beyond the reach of those who may seek to ascertaintheir private or commercial affairs. The Government's online election policysupported the availability of strong encryption, the principle of informedconsent and the centrality of personal privacy in our society. It recognisednot all would use encryption for honest purposes but placed the onus on lawenforcement and security agencies to justify any measures which shouldoutweigh the social and economic consequences of the loss of personal privacyand commercial security.33
3.4.9 The range of situations likely to confront law enforcement andsecurity agencies is as wide as their statutory mandates, but particular focushas to be given to crimes such as kidnapping or other threats of violencedirected against VIPs or internationally protected persons, terroristsituations, extortion involving significant threats to public safety and attackson the institutions of the state.
3.5.2 There have been major advances in cryptography in recent years andsignificant increases in commercial involvement. Cryptanalysis, however, doesnot necessarily maintain a constant distance behind cryptography. The intervalwill vary and, without moving into any sensitive detail, it cannot be expected -on budgetary, personnel and capital equipment alone - that cryptanalyticalfacilities will always be able to 'crack' commercial and public domain forms ofencryption.
3.5.3 Law enforcement agencies noted, with some chagrin, it is not theseizure of property which poses difficulty for them. The problem arises froman inability to force disclosure of encryption 'keys' where a person invokes theprinciple of non self-incrimination. This problem of information being put outof reach of other than specified persons has resource implications for ASIO,where accessing plans for acts of politically motivated violence or terroristincidents is a central part of that agency's function. It will make both humansource and technical targeting a more difficult exercise - and increaseddifficulty impacts on flexibility, responsiveness and financial outlays.
3.6.2 It is clear secure encrypted communications are available now to theordinary citizen with some computer literacy, the motivation to acquire thecapability and the wish to communicate securely with like-minded and like-equipped people. Today, 'Smith' could use a commercial symmetric algorithmlike IDEA, together with a 56-bit key producing strong cyphertext, tocommunicate with 'Jones', who, possessing the same algorithm and using a 56-bitkey, would decrypt the message. Such a system is fast, a single keyperforms both the encryption and decryption function and any key number froma randomly generated pool may be used.
3.6.3 The exchange of the symmetrical keys discussed above might beperformed with an asymmetrical algorithm using a pair of related but dissimilarkeys, one of which is referred to as the private key and the other as the publickey. The public key is then exchanged with all other parties with whom onewishes to communicate. Potentially such a key could be notified in a publicdirectory and be accessed by all. To send a message to Jones, Smith uses atwo stage process. In the first stage, he encrypts the symmetric key for theIDEA algorithm with Jones' public key (which is publicly available). In thesecond stage, Smith encrypts his message using IDEA with the symmetric key.Smith then sends the encrypted key and the encrypted message to Jones. Onreceipt of the two files, Jones performs the two-stage process in reverse.Firstly, she decrypts the symmetric key using her private key (which she aloneknows) and uses this symmetric key with the IDEA algorithm to decryptSmith's message.
3.6.4 Another level of strength is achieved by using separate 'session' keysfor every message or series of messages. Automatic teller machines employssession keys which change with every transaction. A random source is used togenerate, let us say, a 128-bit key which combined with IDEA produces asession key. That key is used to convert a message into cyphertext. But thekey is also combined with RSA to produce an encrypted session key.34This is separately and first communicated to Jones and received in the 'start'compartment of the output file of her computer. When Smith sends hiscyphertext message to Jones, she can decrypt it by using the specially encryptedsession key which is now available to her. Such a system employs both RSAand IDEA and separate sessional keys.
3.6.5 Even if a law enforcement agency was to execute a search warrantagainst premises where Smith's computer was located and already had a copy ofhis public key, it would be extremely unlikely to be able to obtain a copy ofthe session key. Ibis would not be retained in Smith's computer. Unless Smithvolunteered to whom communication from his computer was directed or Joneswas known to be the addressee of that communication and law enforcement wasable to await receipt and decryption, little prospect exists to interceptsatisfactorily such communications.
3.6.6 It is perfectly feasible, today, to incorporate all the features ofthe system outlined here into a 'black box' arrangement which, may be programmedto change the key, say, every 10-15 seconds or more often. Among a groupdrawn together in common purpose (such as a bunch of criminals or a terroristcell) it would be relatively simple to have a personal computer function as thecentral processor, directing and forwarding traffic, incorporating a tamper-freeheart to prevent interference by investigative agencies with its functions and aself-destruct feature which would erase all memory if tampering was detected.
3.6.7 Law enforcement and national security agencies assess the ability totrace calls (including call record information), with the assistance of carriersor service providers, to be of crucial importance to the performance of theirfunctions and this capacity will become even more important if the ability tointercept calls should be lost or the content of communications was denied byuse of an encryption application. These issues are currently being consideredby Sub-Committee B of LEAC, as well as: the legislative authority on whichrequests for assistance by investigative agencies are based; the appropriatescope of the 'reasonableness' test to be applied (ie is it reasonable to confinethe application of special call tracing measures to life-threatening situations);the criteria to be applied when seeking call tracing or call record information andissues of cost.
3.7.1 The above examples illustrate what may be done today and whichmay already be happening. That agencies have not reported wholesaleexamples is no comfort such practices are not being employed. Where thetargets of law enforcement and national security observe strict communicationsecurity, the prospect of capturing communications at source or the point ofdispatch may be made even more difficult.
3.7.2 The prospect of collecting data at point of receipt is reduced by theavailability of services such as anonymous remailing, which can cause amessage to bounce around the ether like a ball in a pin-ball machine.In Internet communications, random paths are taken by message packets and thereis no guarantee constituent packets of the same message will travel by similarroutes. Indeed, directions may be given to diverge the packets and some maybe repeated. All that is certain is that they will arrive at their addressand arrange themselves into correct order. The random routing of packets will not,of itself, cause a problem where a more conventional attack at, say, an InternetService Providers' premises is possible. If the packets are encrypted, however,the problem remains.
3.7.3 So should one pray for a miracle? If patience is in shortsupply, perhaps so. Stephanie Perrin, a Canadian privacy specialist, made two tellingpoints in her address to an OECD conference in Canberra early in 1996.35She publicly reaffirmed her faith in encryption tech