CHAPTER 1

CONCLUSIONS AND FINDINGS

1.1 Conclusions

1.1.1    The relationship of the individual to society is determined by an elaborate series of structured and informal arrangements. That our society should be an open, pluralist, democratic, ethnically diverse one, eschewing discrimination on the grounds of age, gender, religion, race, physical or intellectual handicap or any other discriminator which denies dignity is universally agreed.

1.1.2      Individuals living in community cede certain rights and privileges to ensure order, equity and good government, even if sometimes reluctantly. To this end, a lawful right to conduct intrusive investigations has been given to law enforcement and national security agencies and to ensure the exercise of those intrusive powers is properly controlled, various forms of oversight and a package of administrative law measures have been instituted. These have produced a significant increase in public accountability, but our time is characterised by a mistrust of all powerful institutions which seek to limit the freedoms of ordinary citizens.

1.1.3      The general availability to the individual of data security, whether for storage or communications, will alter the relationship between the citizen and the state. It will mark a rare opportunity, in the second half of this century, when advantage moves in the citizen's favour. In recent years the balance has shifted markedly to the advantage of the state and to law enforcement and national security, as technology and computing power have provided powerful investigative tools to trace or profile individual subjects. 1 As long ago as 1890 the Harvard Law Review decried the threat to privacy which 'recent inventions and business methods' posed - the invention was black and white photography and the methods invasive investigations by brash newspapers! 2 The Review accepts the considerable and necessary benefit which cryptography will bring to the citizen, not only for confidentiality but also for authenticity, integrity and non-repudiation. It is, however, only confidentiality services with which this Review is concerned.

1.1.4      The point is strenuously made by law enforcement and national security representatives that loss of access to real-time communications and to data stored electronically would have a significant and deleterious effect on investigative capability. That effect would be the loss of tactical intelligence by which their investigations are directed, the denial of evidence which may secure the prosecution of serious criminals, significant on-costs and increased risk.

1.1.5      This Review was commissioned by the Commonwealth and is directed to Commonwealth requirements. The terms law enforcement and national security have, therefore, a clearly intended Commonwealth application when specific matters are addressed. Law enforcement is primarily taken by the Review to embrace the Australian Federal Police (AFP) and the National Crime Authority (NCA). In a secondary sense, it includes the Australian Customs Service (ACS), the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Commonwealth Law Enforcement Board (CLEB). National security is taken to refer specifically to the Australian Security Intelligence Organization (ASIO). But these matters, law enforcement in particular, cannot be isolated in a federal sense. The Review consulted with the police services of New South Wales and Victoria as major representatives of State and Territory police services. The conclusions at which the Review arrived have equal application for the States and Territories and the nature of the challenge of encryption dictates that responses and solutions be nationally based. There will be a need for complementary, coherent and consistent action by the Commonwealth, the States and Territories in this matter.

1.1.6      The public availability of encryption has drawn differing responses from governments. This review has confined its study to cryptography, of which encryption is the process by which data is transformed into an unintelligible form, so the original data cannot be obtained or cannot be obtained without using the inverse decryption process. It has not concerned it self with other forms of data manipulation, such as steganography or data compression, which may cause difficulty in understanding the meaning of the data. Some countries, such as France, Israel, Belgium and China, have limited the importation of encryption systems and products and effectively mandated the escrowing of keys. Burma, in late September 1996, banned connections to the Internet. In days of cyberspace access, any attempt hermetically to seal borders seems an exercise in futility. Other countries, such as the United States and the United Kingdom, while proposing voluntary national arrangements which place conditions on the use of encryption, have not excluded the prospect of mandatory arrangements.

1.1.7      Recognising the importance of the information and communications revolution to Australia's development and to the needs of electronic commerce, successive Governments have favoured a process of self-regulation to deal with encryption policy, believing competition and consumer demand will ensure the interests of all sectors are addressed.

1.1.8      While the needs of electronic commerce, intellectual property and the protection of safety-critical industrial 'processes may be attended by self- regulation, the requirements of law enforcement, security and privacy stand somewhat apart. It is a paradox that the purposes for which cryptographic methods may be used can be mutually conflicting - providing the security needed to move vast streams of commercial, financial and medical data across open networks and providing impregnable communications security for terrorists and organised crime to wreak their havoc on society. The challenge for all governments is to secure a balanced policy outcome.

1.1.9      Law enforcement and national security need to be able to collect the tactical intelligence and evidence critical to the effective prosecution and coordination of their inquiries. There was an understandable concern mentioned by some that government may be seeking to enhance the powers of law enforcement and security under the guise of a paradigm shift in technology. That is not so. The objective of the review was to ensure investigative capability was maintained, while privacy and civil liberties were preserved. The Review was satisfied the availability of real-time decrypted communications is central to the investigative capability of law enforcement agencies and the national security service.

1.1.10      It was not clear, at the time the Review concluded, what public form of key management infrastructure would be required in Australia. There was a period, not so much earlier, when it was automatically accepted that independent entities would generate and archive keys. Developments in technology see individuals capable of generating their own keys reliably, but it remains likely that many will rely on a commercial independent entity to assist in data retrieval. The notion of 'trust' will be central to any system of electronic commerce or third parties. It is difficult to imagine all individuals will be able or inclined to establish themselves the networks of trust necessary to engage in business with confidence. In view of the premium to be placed on trust and the high potential for corruption in the third party service provider area, a system of integrity screening and registration for providers is indicated. The process adopted by casino authorities should prove a useful model.

1.1.11      The need for certification facilities (affording a level of authentication or confidence in a person's private key) is clear and the sort of structural and procedural model provided in the Public Key Authentication Framework (PKAF) seems widely to be accepted. Clear indication of government support by, for instance, an announcement of intended usage of the system, would be timely and provide an urgently required planning base. For the purposes of electronic commerce, there will be a need for legislation to give digital signatures the equivalent force and effect of a witnessed hand-written signature. As in the case of third party service providers, a form of vetting and registration of those who would offer certification authority services is indicated.

1.1.12      A certification authority is neither an escrow agency nor a trusted third party; it will not retain or archive key materials unless specifically requested by customers to do so and then only under contractual conditions that remove any liability which may flow from compliance with lawful orders to produce such materials to instrumentalities of the state. Its function relates to certifying to the integrity or personal ownership for both authentication and confidentiality purposes, to authenticating digital signatures for commercial, legal, evidentiary and similar purposes.

1.1.13      Some may argue the more organised, or 'professional', criminal elements would be unlikely to rely on any service providers, too easily risking becoming hostages to fortune - a view recited by all law enforcement agencies consulted by the Review. But convenience, lethargy and a lack of discipline repeatedly prove themselves capable of overcoming such caution, at least among the less professional strata. In such circumstances, they may be few or many, government agencies could seek search warrants to obtain 'keys' where these were held either by the subject of the investigation or the registered third party service provider.

1.1.14      Criminal enterprises, like normal businesses, may be expected to generate their own key materials. There will be the capacity to generate a staggering number of keys, to use a computer randomly to choose the algorithm, to change the key randomly with every transaction or to change the key automatically at intervals set at seconds rather than minutes, while transactions proceed. In such instances, there is no third party or service provider to be approached. Either voluntary or coercive attempts to require production of the 'key' are unlikely to prove successful and the user would likely be unaware of the key being employed. The invocation of the principle of non self-incrimination may well represent the polite end of the possible range of responses.

1.1.15      In light of this situation, the Review does not recommend mandatory third party arrangements. Some form of voluntary third party service seems an inevitable development, however, for electronic commerce and intellectual property reasons, as well as interoperability and international agreements. It is likely to prove of limited assistance to law enforcement and national security investigations.

1.1.16      Any attempt to prohibit the importation of cryptographic materials would be misguided and harsh to the privacy rights of all citizens. Strong commercial encryption is in the national interest and a role can be argued for government to advise the community about the integrity/vulnerability of systems and products. On this note, the national interest strongly suggests Australia should not be dependent on products originating in one country. The risk of national dependence on the United States, which manufactures the majority of the world's software, would at least be reduced by diversification of supply and there is scope for government to take a lead here. There is, of course, some hope that the technology which passes through generations in the blink of an eye [a Web year was described to the Review as 90 days and going down!] may provide some comfort to law enforcement and national security. In the meantime, some practical suggestions are made.

1.1.17      Changes should be made to strengthen focussed investigations of the AFP, the NCA and ASIO, to review the sanctions for non-compliance with directions to produce and to protect more effectively sensitive operational methods used by these agencies to acquire access to encryption keys or systems. There should be no change to the tests to be satisfied before warrant requests are approved - they should remain as stringent as they are today. Nor should there be any change to oversight arrangements.

1.1.18      The wide and easy availability of cryptography will enhance the privacy of citizens, where they have control over the use to which data is being put. It should allow some protection against the data-matching, profiling and peddling of personal information for commercial gain which have become endemic, through ignorance or obfuscation of the need for informed consent. 3 It will adversely impact on the capability and investigative approach of law enforcement agencies and the security service and may, consequently, provoke some redefinition of that fundamental relationship between citizen and state. To presage the imminent end to civilisation, however, which some foreign law enforcement advocates assert will ensue should their favoured approach not be adopted, is neither a novel prophecy nor lends substantial assistance to the debate.

1.1.19      The work of the sub-group of the Organisation for Economic Cooperation and Development (OECD), tasked with developing draft guidelines on cryptography, is important. The aim is a framework of principles addressing the needs of the global village. 4 Electronic commerce requirements, if nothing else, will likely dictate some common infrastructure to guarantee interoperability. If the European Union, the United States or Japan, for example, or any combination of these, was to muster sufficient support for a particular model, Australia would be foolish not to follow suit. At this stage, however, there is no such agreement and, hence, no need to take an independent policy position on this issue.

1.1.20      The conundrum for government is the encryption genie is out of the bottle: a genie with the potential to enhance data security and personal and corporate privacy but also to provide a shield of invisibility for criminals and others. While the pace of change continues relentlessly, the most appropriate policy response remains to watch developments closely, to reinforce and protect the investigative capacity of law enforcement and the security service, to maintain the requirement that telecommunications services provided by carriers be susceptible to interception, to progress the development of the OECD guidelines on cryptography, to ensure appropriate arrangements for the screening, performance standards and registration of third party service providers and certifying authorities are put in place, to coordinate policy and technical development which may provide a solution to public safety needs and to stimulate public discussion of and involvement in the search for a truly balanced solution.

1.1.21      The implications for law enforcement and national security of encryption, though significant, appear dwarfed by the potential fiscal consequences, particularly when allied to more powerful processing and the progressively increasing capacity for individuals to engage in anonymous transactions. They are matters, however, outside the Terms of Reference.

1.2     Findings

1.2.1      The main finding of the Review is that major legislative action is not advised at this time to safeguard national security and law enforcement interests in the face of the challenge presented by cryptography, though a range of minor legislative and other actions are indicated.

The 1994 judgement, that encryption was a looming problem which warranted close monitoring, remains substantially valid. The problem, in a substantive sense, still lies ahead of law enforcement and national security agencies but the distance is shortening rapidly.

1.2.2      The option recommended by the Review to cater for national security and law enforcement interests in the face of the encryption challenge is to strengthen and further protect the investigative capability of those agencies, to recast the relevant statutory provisions in clear purpose terms to prevent premature aging and to consider the introduction of a new statute (the Aid to Public Safety Act is proposed) which would aggregate the various intrusive investigative powers, or at least those in the Attorney-General's portfolio, into one place. This would facilitate the process of review, as indicated by changes in technology or circumstance, and likely engender a more controlled public discussion.

1.2.3      Australia has not been disadvantaged by the absence of policy decisions on the issue of key management infrastructure. Many foreign governments have moved early, but not necessarily to advantage. The rate of technological change, developing public knowledge and expectation of the Global Information Infrastructure and the reaction to the control mechanisms attempted by some governments suggest, generally, a continuation of this course. The immediate exception, on public administration grounds rather than anything else, would be the introduction of screening and registration procedures for third party service providers and certifying authorities. The third quarter of 1996 saw more intensive global engagement on this issue than any comparable earlier period. The greater risk for Australia, in the short term, is the lack of certainty about who is directing government policy and who, therefore, is coordinating the work progressing across a range of fronts. That is an issue which needs urgently to be addressed.

1.2.4      The Review's findings are set out against each term of reference. Those of a broader nature, which do not specifically relate to a particular term of reference, have been aggregated under term number 2.

Term of Reference 1.The Review is to examine whether legislative or other action should be taken to safeguard national security and law enforcement interests in the light of the rapid development of the Global Information Infrastructure and the continuing need to safeguard individual privacy.

Findings:

1.2.5      The Review does not support legislative action at this stage to prescribe a form of key management infrastructure accessible by government for purposes of national safety, but overseas proposals and developments will need to be kept under close watch. The effort within the OECD to develop draft guidelines on cryptography is worthwhile and should provide a useful framework for national and international approach to this issue. A further Review is recommended late in 1997, when technology will have advanced further, any early impact of deregulated communications will be apparent, the position of other countries such as Britain and the United States will be clearer (both plan to introduce legislative measures), the OECD work will be largely concluded and the position Australia might best adopt to balance its national security and law enforcement interests with its support for electronic commerce, privacy and continuing access to the communications and information revolution, might be clearer. (paragraphs 3.4.1-3; 3.7.1-7; 4.5.11-16; 4.6.1-2; 5.1.5-9 refer)

1.2.6      The Review found a lack of clarity as to which Minister and which department had responsibility for cryptography policy and the consequent danger of a lack of coordination in policy development. These deficiencies need to be overcome. (paragraphs 2.3.1-2; 3.4.3-5; 6.1.1-4 refer)

1.2.7      The Review identified a number of areas where legislative action might be taken to ensure Australia's national security and law enforcement interests. These are set out at term 3(c).

Term of Reference 2.The objective of the Review will be to present options for encryption policies and legislation which adequately address national security, law enforcement and privacy needs while taking account of policy options being developed to address commercial needs.

Findings:

1.2.8      The Review does not recommend specific options for encryption legislation at this time. The policy options being developed to address commercial needs are as yet inchoate. The process of developing guidelines on the use of cryptography by the OECD Ad Hoc Group of Experts is still 6 months from conclusion and international agreements based on such a framework would seem to represent the only basis for trusted third party encryption of telecommunications. 5 (paragraph references as per 1.2.5)

1.2.9      There is no draft proposal at large which meets well the competing demands of law enforcement/national security, privacy and commercial needs. (paragraphs 4.5.1 1; 4.6.2; 4.7.1-6 refer)

1.2.10      The conceptual difficulty in resolving those tensions in one set of arrangements is exacerbated by the requirements of law enforcement and national security being predicated on access, while privacy and commercial needs are predicated on protection.

1.2.11      There seems no compelling reason or virtue to move early on regulation or legislation concerning cryptography. Law enforcement and national security agencies have certainly experienced difficulty where subjects of investigation have refused access to encrypted stored data and it has not been possible for them or other agencies to decrypt this material. It is questionable, though, whether any range of policy decisions concerning key management would have altered this situation materially. For the present, the investigative capability of the agencies is not significantly affected. (paragraphs 3.2.1-4; 3.5.3-4; 4.1.2 refer)

1.2.12      To ensure policy positions are properly coordinated and reflect the interests of the different parts of government, it would be preferable if these followed decisions by Ministers on policy responsibility, were coordinated by a standing inter-departmental committee and that the committee was constituted at an appropriate level. (paragraphs 3.4.2-5 refer)

1.2.13      For reasons of electronic commerce and international cooperation in the law enforcement and national security areas, Australia's policy positions must mesh with those of her major trading and cooperating partners. While a few countries have made public policy commitments, these are likely further to change. International acceptance of the OECD draft guidelines on cryptography, the drafting of which is due to conclude early in 1997, may provide a basis for that consistency in national approach essential for the GII. (paragraphs 4.6.1-4 refer)

Term of Reference 3(a).Key factors to be addressed include Australia's national security and defense interests;

Findings:

1.2.14      While national security and defense interests provided the framework within which the other terms of reference in paragraph 3 were examined, the injunction in the first term of reference of the Review to have regard for the continuing need to safeguard individual privacy and a reminder of that at term 3(d) provided some tension when different requirements were to be served. The approach of the Review was to seek to strike a balance, leaving the privacy advantage with the community as a whole when the security or defense interests, taken at their broadest, were unable to demonstrate an impediment to the performance of their functions and model mechanisms of control either failed or were oppressive.

Term of Reference 3(b). an assessment of the present state of encryption technology and prospective developments in encryption technology over the next few years likely to impact on Australia's national security and law enforcement interests;

Findings:

1.2.15      Strong encryption, which cannot be defeated by law enforcement and national security agencies, is already available commercially or in the public domain. (paragraphs 3.2.4; 3.5.1-4 refer)

1.2.16      Data is being stored securely on computer systems or being sent over the telephone system beyond the reach or visibility of the investigative agencies. (paragraphs 3.5.1-4 refer)

1.2.17      The likely trend will be from software encryption applications with separate keys generated by the individual's computer system or an independent entity to primarily hardware solutions where random keys are rapidly generated and changed by the equipment itself and recognized and understood by those to whom data transmissions are directed (paragraphs 3.6.1-7 refer)

1.2.18      The AFP, NCA and ASIO consider access in real time to the communications of subjects of investigation an essential capability for the performance of their functions. There has been negligible indication of encryption being used in voice communications, but a strong belief it is employed in computer to computer communications. A reliable statistical base is required to underpin a further and more comprehensive assessment of the impact which loss of real-time access to the voice and data communications of the subjects of investigation would pose. (paragraphs 3.3.1-4; 4.1.1-3; 4.2.1-2 refer)

1.2.19      The AFP should chair an inter-agency group tasked with the preparation of an assessment of the impact which the loss of real-time access to voice and data communications would have for law enforcement and national security. The assessment should be submitted to the Secretary of the Attorney-General's Department for presentation to the Secretaries Committee on National Security. (paragraph 4.1.3 refers)

1.2.20      The future direction of encryption technology depends largely on advances in the field of pure mathematics and computing power which increases, on average, by the power of 10 every five years. We will likely see dedicated microchips able to work faster and process more complex algorithms. at reasonable speed. Secure faxes will become more common. Remote banking facilities will become available. Local area computer networks (LANs) will use encryption for communication between workstation and file server or mail server. This encryption will be transparent to the user. Each computer or user on the network will have its own public/private key pair, used to generate random session keys. Further ahead, quantum computing and, perhaps, quantum cryptography are mentioned, as are molecular memories, but none is predicted to cause major change to the projected trend line of development. (paragraphs 3.1.1-4 refer)

1.2.21      The availability of an encryption function on major software applications or as a service to telecommunications users would likely be taken up quickly by the community, but particularly the more significant targets of law enforcement and national security agencies. Microsoft, for example, recently indicated it would soon offer such an application. (paragraph 3.4.6 refers)

1.2.22      The loss of access to real-time communications of their targets, and the inability to access seized stored data, will necessitate a range of activities by law enforcement and national security agencies which carry greater operational, personal and political risk, involve larger financial outlays and staff allocations and will require some legislative amendments. (paragraphs 4.3.1-6 refer)

Term of Reference 3(c) whether Australia's present laws are adequate to ensure Australia's security and law enforcement interests in an environment of rapidly emerging new technologies;

Findings:

1.2.23      The Telecommunications (Interception) Act 1979 is considered adequate by national security and law enforcement agencies, though a range of issues such as the continuing capacity to trace calls; the test of reasonableness (as applied) under which law enforcement and national security agencies may seek such action; access to call record information and caller identification from carriers and service providers; the legal status and, therefore, obligations of service providers after 1 July 1997; the impact of satellites (eg systems are being launched by Asian countries which will cover significant parts of Australia); and some jurisdictional matters in relation to the Internet loom as issues which the Law Enforcement Advisory Committee (LEAC) and the Attorney-General's Department will need to pursue. (paragraphs 3.4.1-2; 3.6.7; 4.8.4; 6.2.4 refer)

1.2.24      The Telecommunications Act 1991 would become inadequate if the license condition on carriers first to obtain approval from the Minister for Communications and the Arts, who is required to consult with the Attorney-General, before marketing any telecommunications service not susceptible to interception should be varied. 6 (Paragraph 6.2.18 refers)

1.2.25      The Telecommunications Act 1991 should establish a requirement for all communications service providers to be registered, which would facilitate the service of warrants and access to customer data bases by law enforcement and national security agencies. The purpose is not to restrict entry to the sector but to meet these requirements and ensure service providers may be kept informed of changes affecting their functions. (paragraphs 6.2.4-5; 6.2.18; 6.2.21 refer)

1.2.26      The ability to trace calls will continue to be of major importance to the AFP, NCA and ASIO (and the State police services), even in situations where interception or access to communication content is denied. The application of the 'reasonableness' principle by communications carriers or service providers will need to extend beyond life-threatening situations. The containment of consequential costs might best be managed by limiting, more than currently, those agencies authorised to make such requests. (paragraphs 3.6.7; 6.2.4 refer)

1.2.27      Invocation of the principle of non self-incrimination is likely to prove an obstacle to efforts by law enforcement agencies to obtain encryption keys by search warrants or orders made by courts and tribunals. (paragraphs 3.2.4; 3.5.1-4; 3.7.10-11 refer)

1.2.28      The Crimes Act 1914 should be amended to permit the AFP, NCA and ASIO to 'hack' into a nominated computer system to secure access to that system or evidence of an electronic attack on a computer system. (paragraphs 6.2.3; 6.2.22 refer)

1.2.29      Consideration should be given to establishing a further and more serious category of offence where encryption is used to obstruct investigation by law enforcement or national security agencies into the preparation for or commission of a criminal offence and to give the Commissioner of the AFP authority, analogous to the ss. 28/29 powers provision available to the Chairman of the NCA, to require production of information or material which would render seized encrypted data intelligible. (paragraphs 3.7.10; 3.7.11; 6.2.22 refer)

1.2.30      The narrow definition of a listening device in the Australian Federal Police Act 1979 should be amended to reflect the purpose of such devices, namely to transmit data. The current wording restricts transmission to voice only. (paragraphs 4.3.5; 6.2.1; 6.2.20; 6.4.4 refer)

1.2.31      The criteria of Class 2 offences as set out in section 12(B) of the AFP Act should be widened so that listening devices might be deployed in the investigation of computer and information crime. The use of computers as communications devices is much more common than when the Act was drafted and that trend is only likely to become more prevalent. (paragraphs 6.2.2; 6.2.20 refer)

1.2.32      Authority needs to be created in the AFP Act, subject to the normal warranting processes for the exercise of intrusive powers, for the agency to install tracing or tracking devices which transmit data, to enter premises or perform this remotely, to do so without seeking or obtaining the permission of the owner or user of the equipment or premises, to transit other premises necessary to reach the nominated premise and to re-enter such premises as are necessary to maintain, replace or remove devices. Removal of devices, under the same warrant conditions, would be permitted after the expiration of the warrant, if secure circumstances do not obtain in the term of the warrant. Call-tracing should not be a facility confined in its application to life- threatening situations but available for the investigation of serious crime or security, intelligence subjects. (paragraphs 6.2.6; 6.2.9; 6.2.20 refer)

1.2.33      Authority should be created for the AFP, the NCA and ASIO to alter proprietary software so that it performs additional functions to those specified by the manufacturer. Such an authority, which clearly should be subject to warranting provisions, would, for example, enable passive access to a computer work station of a LAN and link investigative capability more effectively to current technology. While there are issues of liability, the Review is convinced the effort should be made to accommodate these so that a target computer may be converted to a listening device. This capacity may represent one of the important avenues of accessing plain text. (paragraphs 6.2.10-11; 6.2.20 refer)

1.2.34      All amendments and suggestions made in relation to the AFP Act should be mirrored by amendment to the ASIO Act, both for its security intelligence and its foreign intelligence investigation obligations.

1.2.35      There will need to be integration between federal, state and territory law enforcement agencies as Commonwealth investigations frequently cover several jurisdictions, the State and Territory police forces operate in the same areas of criminal investigation and the latter police forces employ the same core technology and encounter the same problems. These issues might usefully be explored at a meeting of the Standing Committee of Attorneys-General and the Australian Police Ministers Conference. (paragraph 6.2.28 refers)

1.2.36      Statutory protection needs to be afforded those sensitive operational and technical methods employed by law enforcement agencies in the course of their investigations. The process of establishing a public interest immunity claim may implicitly reveal sufficient of a conceptual and operational approach as to destroy the integrity of such a method. Where high personal risk and damage to the investigative capability of the agency may result, should protection of the operational methods employed in a particular investigation not be absolute, agency heads should be empowered to issue a certificate, pursuant to the proposed provision, identifying the operationally sensitive information protected from disclosure, discovery by legal process or access under the FOI Act. (paragraphs 6.2.12-17; 6.2.20 refer)

1.2.37      Consideration be given to incorporating all intrusive investigative powers, or at least those of the agencies in the Attorney-General's portfolio such as the AFP, ASIO, AUSTRAC and the NCA, into one statute with an aim and title like 'the Aid to Public Safety Act'. The various powers should be expressed in terms of their purpose, not the means by which those purposes may be achieved. The benefit would rest in common approaches across Commonwealth agencies, a clearer over-arching purpose, a positive encouragement to inter-agency cooperation and the greater speed and political ease with which necessary amendments may be effected to ensure the statute remains relevant to developing technology and practice. (paragraphs 6.4.1-8 refer)

1.2.38      Instead of the current four or more types of warrant for intrusive investigative activities by law enforcement and national security agencies, to which further types are proposed at 1.2.28, 1.2.32 and 1.2.33, all warrant types should be reduced to one of two: the interception of communications or entry into property. (paragraph 6.4.8 refers)

Term of Reference 3(d)measures to safeguard individual privacy including an examination of the warranting provisions that may be required to enable law enforcement and national security authorities to gain access to encrypted material, whether in the form of stored data or a message transmitted over a telecommunications network;

Findings:

1.2.39      The ready availability of strong encryption, with no requirement to escrow or register keys, nor to entrust them to any independent entity, is the most effective safeguard of individual privacy. (paragraphs 3.4.8; 4.5.7; 4.5.10; 4.6.3; 4.8.4 refer)

1.2.40      The current regime of stringent warranting provisions for the exercise of intrusive investigative powers should continue and apply to any change to the range of those powers. (paragraphs 2.2.6; 5.1.7; 5.1.9 refer)

1.2.41      To ensure the privacy rights and civil liberties of those subjects of investigation by law enforcement and national security agencies are preserved, where a court or tribunal is prevented from examining any circumstances surrounding covert investigations because a statutory protection against involuntary disclosure has been invoked by an agency, such cases or a sample of these cases should be examined by a senior, independent official experienced in the conduct and handling protocols of sensitive matters. As the Inspector- General of Intelligence and Security has the function to inquire into matters referred to the Inspector-General by the Human Rights and Equal Opportunity Commission in respect of the intelligence community, the sole aspect to be reviewed here, this function would be caught within existing responsibilities. In the case of Commonwealth law enforcement agencies, the function might be given to the proposed National Integrity and Investigations Commission. (paragraphs 6.2.24-27 refer)

Term of Reference 3(e) an assessment and evidence of the benefits of access by law enforcement and national security agencies to encrypted data;

Findings-

1.2.42      The value of intercepted communications, as cited to the Review of the Long-Term Cost Effectiveness of Telephone Interception, has not diminished and additional material is available since that review. Law enforcement agencies and ASIO made a cogent case for access to data concerning subjects of investigation, whether voice or data communication, computer communication or stored data, whether concealed by speed, compression or encryption. The assessed benefits are the capacity to conduct investigations effectively and the performance of their statutory functions. (paragraphs 4.1.1-2; 4.2.1-2; 4.3.1 refer)

1.2.43      There are indications, more frequently seen by law enforcement agencies than ASIO, that the subjects of investigation are making significant use of encryption to store data securely. It is already a frequent experience that this data cannot be decrypted. (paragraphs 3.2.4; 3.5.1; 3.5.3; 4.1.2; 4.4.1 refer)

1.2.44      Real-time access by law enforcement and national security agencies to the voice and data communications of their subjects of investigation is essential to core capability. The loss of that access would seriously impair capability, increase the risk factor in their operations and entail a range of staffing, budgetary, legislative and political consequences. (paragraphs 4.3.1-6 refer)

1.2.45      The lack of reliable national statistics on attacks on computer and communications systems will hamper policy development in areas such as electronic commerce and cryptography. The proposed IDC on Cryptography should consider the matter in the light of the review of AUSCERT commissioned by DOCA and its impact. (paragraphs 3.3.4-5)

Term of Reference 3(f) an assessment of the most appropriate means offending the development, implementation and maintenance of a decrypting capability for existing and emerging technologies;

Findings:

1.2.46      No cogent reason was presented to the Review which suggested an independent cryptanalytical capability should be established for law enforcement and national security interests. (paragraphs 4.4.1-5 refer)

1.2.47      While general support for an independent decryption capability was evident among law enforcement agencies, the limited opportunities and expectations with which decryption would be approached would not justify the significant establishment and recurrent budgetary allocation required. (paragraphs 4.4.6-7 refer)

1.2.48      A 'closed' forum at a senior technical and operational level involving law enforcement, national security and the Defence Signals Directorate should be established to discuss and share attack methodologies against encryption, the covert acquisition of keys, agree possible research projects and review cooperation arrangements. Such a forum would provide a means for keeping the Secretaries Committee on National Security informed of any significant change to the investigative capability of law enforcement or national security agencies as a result of encryption. 8 Because of the protocols surrounding this field, it would be sensible for such a forum to be covered by memoranda of understanding agreed by the heads of the various agencies. (paragraphs 4.4.7- 12; 6.3.2 refer)

1.2.49      The cost of enhancing in-house facilities to produce a modest decryption capability should not necessitate New Policy Proposals, but the Commissioner of the AFP, the Chairman of the NCA and the Director-General of ASIO should ensure investment in staff training, development and secondments and minor capital expenditure on decryption facilities are planned and implemented in a coordinated fashion. The proposed inter-agency forum may provide the vehicle to coordinate that investment and development. (paragraphs 4.4.7; 6.3.1-3; 6.3.5 refer)

Term of Reference 3(g)whether Australia should seek to negotiate agreements with any other country or countries governing access to encrypted data where public keys (under a 'Commercial key Escrow' or 'Trusted Third Party' system of encryption) are held outside Australia;

Findings:

1.2.50      It would be premature to enter formal negotiations with other countries on access to encrypted data, where public keys are held in those countries, until there is some certainty as to likely key management infrastructures. Reciprocity is a standard feature of such access agreements. Caution against entering formal negotiations is not intended to preclude substantive discussions on the issues. Indeed, the US has intimated that a condition of easing export controls may be the existence of a form of certified key management. (paragraphs 4.6.1-2 refer)

1.2.51      Such agreements should reflect the arrangements which national security and law enforcement agencies have in place to handle the exchange of sensitive tracing and operational matters. Those arrangements, properly, have regard for the legal, political and human rights record of the requesting country and the likely use which may be made of the information sought. (paragraph 4.6.4 refer)

Term of Reference 3(h)whether legislation is desirable to:

(i) regulate the availability of 'Commercial Key Escrow' or 'Trusted Third Party' encryption; or

(ii) facilitate the development of 'Commercial Key Escrow' or 'Trusted Third Party' systems of encryption;

1.2.52      The models of 'Commercial Key Escrow' and 'Trusted Third Party' systems variously proposed by the United States and Britain contain some (inevitable?) design flaws which will leave subjects of law enforcement and national security investigations outside their arrangements. The market may well identify, for normal commercial reasons, the need for trusted third party services in Australia. (paragraphs 4.5.4-11; 4.7.1-6 refer)

1.2.53      There is a high risk of corruption in the third party service provider sector and the Government would be prudent to require integrity screening and registration of those who seek to offer such services to the public. The testing process employed by casino authorities should prove a useful model. (paragraphs 4.7.6-7 refer)

1.2.54      Some licensing or registration arrangement, together with a requirement to meet minimum performance standards (as proposed by Standards Australia) is indicated for Certifying Authorities providing authentication services. This may depend on the outcome of the Wallis Inquiry into the effects of deregulation of the finance system 9 or government may wish to consider it cognately with the recommendations from the working groups of officials examining a range of electronic commerce issues. The separation of the authentication from the confidentiality key is a matter where clear and early statement of government's position would assist. (paragraph 4.5.15 refers)

Term of Reference 3(i)the impact of overseas initiatives associated with encryption technology, particularly in relation to the extent to which international cooperation and proactive specification of desirable characteristics for encryption products and 'Commercial Key Escrow' or 'Trusted Third Party' services is desirable and recommendations as to how such international cooperation might best be achieved,.

Findings:

1.2.55      Considerable variation exists in the approach of foreign governments to cryptography policy issues, ranging from banning, to registration, to the promotion of voluntary systems of key management which may meet some of the needs of law enforcement and security, to the deliberate decision not to take decisions on these matters while the technology continues to develop at a rapid rate and offers new approaches for dealing with the issue. (paragraphs 4.5.1-13 refer)

1.2.56      There seems to be little popular support in or outside the United States for a 'Commercial Key Escrow' system involving government agencies creating as it would significant vulnerability outside of the control of the person or corporation. 10

1.2.57      The British Government's 'Trusted Third Party' scheme carries some of the same weaknesses.11  The university proposal on which it is based does provide for separation of the authentication and confidentiality functions but again, surprisingly, this was not address in the official government statement. It is not yet known if the mooted European Union variation of the British proposal will improve on the design (paragraphs 4.5.8-11; 4.6.3; 4.7.1-6 refer)

1.2.58      The issue of international cooperation would best be addressed frommid-1997 when there has been more developmental work, the position of a number of countries will be clearer, legislative proposals will have been introduced by some and the work. of the OECD Ad Hoc Group of Experts will have concluded. (paragraphs 4.6.1-4 refer)

Term of Reference 3(j)the effectiveness of Australia's export controls on encryption technology.

Findings:

1.2.59      Any judgement as to effectiveness depends on the aspect from which the issue is approached. As the Review was enjoined to consider Australia's national security and defence interests as key factors, it may be argued Australia's export controls were effective, though American export controls may have had greater influence on the limited proliferation of 'strong' forms of encryption in the region. (paragraphs 5.2.1-4 refer)

1.2.60      The continuing efficacy of export controls as a defensive strategy is dubious when no import controls exist and firms are able to evade the export controls of the United States, far and away the major software supplier, and purchase their requirements in Europe or Asia. As well, the Internet offers a market-place without borders. (paragraphs 5.2.6-7 refer)

1.2.61      From a commercial perspective, the purpose and impact of those export controls was questioned. There was criticism that Australian cryptographic products did not always meet customer requirements and suffered in comparison with American products on the counts of convenience, comparability and cost. (paragraph 5.2.6 refers)

1.2.62      The abolition, or even an amelioration, of United States export controls will likely prompt a rapid extension of key lengths as an argued talisman of data security. (paragraph 5.2.11 refers)

Term of Reference 4. The Review is to have regard to the Government's existing encryption policies, the work of the OECD Committee of Experts on Security, Privacy and Intellectual Property Protection in the Global Information Infrastructure on the development of international cryptography guidelines and the work of the Information Policy Task Force on the implementation of open encryption standards which address commercial needs.

Findings:

1.2.63      The Review examined and took account of the Government's approach outlined in Australia Online 12 and by officials of the Department of Communications and the Arts. It examined the 1980 OECD Guidelines on Trans-Border Flows of Personal Data 13 and the 1992 OECD Guidelines on Information Systems Security and informed itself of their antecedents. It had the benefit of many discussions and meetings with representatives of all interested agencies on the draft guidelines on cryptography currently being developed and was invited to participate in inter-departmental discussions chaired by the Attorney-General's Department. The Information Policy Task Force had not been established in the period of this Review but a retitled Information Policy Advisory Council was due shortly to meet. 14

Footnotes:

1 Technologies include DNA analysis, fibre analysis, improved electronic surveillance methods across public agencies such as Immigration, Social Security, Taxation, Customs, financial institutions, communications camera, transport companies and regulators, etc.

2 Samuel D Warren & Louis D Brandeis, The Right To Privacy, 4 Harv. L Rev. 193, 195 (1890)

3 Prof Greg Tucker notes the possibility that an unregulated GII environment could lead to a loss of control by individuals over their personal data, running the risk of creating a surveillance society. From his paper titled 'Security, Privacy and Intellectual Property Rights in the Information Infrastructure' presented to the OECD, May 1996, p 143.

4 Not only is the relationship between the individual and the state likely to he affected by cryptography and its consequences but Michael Nelson argues we will see less powerful governments in relation to trans-national criminal organisations because traditional notions of sovereignty, national security and warfare will be undermined by 2020 when the whole world will be 'wired' and e-cash is the norm. Michael Nelson, Special Assistant, Information Security, Executive Office of the President, quoted in BNA Daily Report for Executives, 6 September 1996, Washington, DC. A view offered also in a Technology Issue Note published by the National Security Agency titled 'NSA and the Cyberpunk Future', 3 June 1966, pp 4-5.

5 This group is Co-chaired by a Deputy Secretary of the Attorney-General's Department and is scheduled to complete its work by February 1997.

6 The US Administration is proposing legislation requiring each telecommunications carrier to increase its capacity to meet assistance capability requirements (the capacity simultaneously to undertake call tracing and communications interceptions) equal to 0.5% - 1% of the engineered capacity of the equipment, facilities or services that provide a customer or subscriber with the ability to originate, terminate or direct communications. The Congress has enacted the Communications Assistance for Law Enforcement Act (CALEA) and authorised funding support of $500 ml. Under the Omnibus Consolidated Appropriations Bill signed by President Clinton on September 30, 1996, the permanent Telecommunications Compliance Fund may receive money from any US Government agency with law enforcement or intelligence responsibilities. Carriers have raised significantly the charges levied on law enforcement agencies for special assistance.

7 Inspector-General of Intelligence and Security Act 1986. s.8 (1)(a)(v).

8 Both the Commissioner of the AFP and the Director-General of ASIO may be invited to attend meetings of the Committee and the Secretaries of the Defence and the Attorney-General's Department, which embrace the portfolio interests, are members.

9 The Financial Systems Inquiry, commissioned by the Treasurer under the chairmanship of Mr Stan Wallis, is due to report to the Australian Government by May 1997.

10 The US Administration issued two statements on July 12, 1996, one entitled Administration Statement on Commercial Encryption Policy (shown at Annex C); the other, US Cryptography Policy: Why We Are Taking the Current Approach.

11 A Paper on Regulatory Intent Concerning Use of Encryption on Public Networks was issued by the British Department of Trade and Industry on 11 June 1996.

12 Policy statement on media issues published by the Coalition parties prior to the 1996 federal election. The section immediately relevant to this Review (personal Privacy and Commercial Security) is shown at Annex B.

13 Attached at Annex F of this report.

14 The Information Policy Task Force was a specific proposal in Australia Online. p 10 et seq and is specified as a relevant parameter for this Review. See Terms of Reference, attached as Annex A to this report, para 4.



Chapter 2