The Walsh report - Chapter 4

CHAPTER 4

THE CONSEQUENCES FOR GOVERNMENT

4.1      Law Enforcement

4.1.1      Law enforcement agencies have no doubt the loss of real-time access to the communications of their targets would represent a body-blow to their investigative capacity. The cost-effectiveness of this means of investigation is reported comprehensively in of the Report of the Review of the Long Term Cost Effectiveness of Telecommunications Interception. 38 Agencies reiterated the key role which the interception of voice and data communication continues to play in their investigations, illustrated this by the number of cases brought to prosecution which relied on intercepted communications to a significant degree and the proportion of these where no alternative means of generating critical tactical intelligence was available. The routine use of strong encryption to protect telecommunications would reduce that role to a simple indication that someone was using the service and, perhaps, the person with whom the speaker or sender was communicating. Ways may become available to generate a constant stream of traffic and limit even that conclusion.

4.1.2      Less concern was expressed at the encryption of stored data, though numerous examples have already been encountered where law enforcement agencies were unable to access the data and have had to return it unread. The interval between search and seizure and the need then to produce material in court or incorporate it into a brief of evidence would normally allow sufficient time to decrypt if the encryption application was a soft one or the key/password was available. In other instances, the only solution would be a cryptanalytical one and there is no guarantee such would be forthcoming - assuming the resources were available to try.

4.1.3      The issue of loss of real-time access to intercepted communications is very different from the issue of cost-effectiveness of interception, though there is a relationship. Because of the argued impact which loss of real-time access to voice and data communications would produce in tactical intelligence terms and in the security of evidence, there is need for Ministers and senior officials to have a reliable assessment of the operational, staffing, financial and legislative implications for law enforcement and the protection of national security. On the basis of those elements, an assessment of the risk exposure of agencies and the Commonwealth in attempting to pursue similar law enforcement and national security ends by alternative means should be prepared. The document will clearly be sensitive and I propose it be submitted to the Secretary of the Attorney-General's Department for presentation to the Secretaries Committee on National Security. The submission should be completed by the end of 1997 and be available to the further review of cryptographic policy recommended for that time.

4.2      National Security

4.2.1      ASIO expressed similar views and just as strongly, particularly where they affected investigations of a counter-terrorist, counter-espionage or politically motivated violence kind. It is the flexibility, low risk, relatively low cost, immediacy and guaranteed information stream which commends telecommunications interception to ASIO and to law enforcement agencies. It is not only the substance of a communication between two people, but whom the subject of the interception contacts, if and how the person behaves differently with one from others, the circle of contacts and services revealed, the presence of a person at the premises where a fixed service (telephone or computer) is located is made clear at various intervals, and where more than one service used by the same person is intercepted, further and useful comparisons may be made. All these matters constitute useful tactical intelligence, affecting the implementation or withholding of a range of other investigative actions, the coordination and timing of an investigation and affording the investigator the opportunity both to be forewarned and to monitor reactions once he/she has taken a decisive or recognisable action.

4.2.2      The loss of such a flexible, immediate and low-cost source of information would be likely to have a substantial impact on ASIO's threat assessment capacity. The intelligence requirements generated by this program frequently arise at short notice and often in fields not routinely covered by ASIO or law enforcement. If Australia was to receive information from a cooperating foreign agency of a threat to an overseas visitor or Australian dignitary and the probable source of that threat within Australia, it is unlikely such a matter could be investigated immediately without real-time access to the source's communications.

4.3      The Cost of alternatives

4.3.1      The loss of real-time access to communications would require the AFP the NCA and ASIO (and all State and Territory police services) to rely more heavily on human sources of information, on the use of listening devices, on tracking devices, on video surveillance, and on physical surveillance - all more invasive intrusions on a person's privacy. It takes a long time to recruit, train and position human sources and their flexibility of deployment is limited, As a rule of thumb, the minimum period of time to address the functions of recruitment, some basic training and then targeting a source to access particular information, could not be achieved in less than a period of months. Frequently it takes much longer. The nature of some target areas is such that only a person of a particular type of background, interests, culture and habits will survive the scrutiny of the group or organisation against which the person is targeted. The price of failure can be chillingly brutal. Even when success is achieved, rarely a quick commodity, there are considerable labour, financial and privacy costs. It will be the case for any agency engaged in the covert collection of information from human sources. Where the route to the desired information is by way of a technical computer attack, the financial costs is likely to be high.

4.3.2      Listening devices most often necessitate covert entry to a premises or place, a high-risk exposure for the integrity of the investigation which can never be completely managed and an intrusion into privacy graver than incurred by communications interception. While the prime risk occurs on approach, during entry/installation and leaving the target premises (a risk which rises almost exponentially when the process is repeated), there is the constant risk of technical detection through the use of a commercially available and proliferating range of techniques to identify various forms of listening device. As not all features or characteristics of a listening-device can be masked, one or more may provide sufficient of a recognisable signature to detection equipment that the device may be located - thereby establishing the fact of unwelcome interest and affecting subsequent behaviour and security practice of the target. Once a listening device is installed, its positioning is fixed so that should the target not communicate in its field of capture or only when there is high ambient noise, the result is likely to be without value.

4.3.3      Listening devices offer immediacy only when they are monitored in real-time, a practice not always possible or affordable. There are also far longer processing times involved in evaluating listening device product than something like telephone interception, where the calls are immediately accessible and each is date/timed. Legal authority to deploy tracking devices, whose installation may involve a trespass onto property, remains under consideration so this type of aid long used by overseas law enforcement agencies and security services is not generally available in Australia. Video surveillance of particular premises carries all the attendant risks mentioned in relation to listening devices and video surveillance of public areas raises a number of significant privacy issues. Physical surveillance is an expensive form of coverage to mount, with substantial overheads and a high risk of exposure - and the further risk of contaminating the investigation itself.

4.3.4 From disclosures made in courts and inferences to be reasonably drawn from briefs of evidence and prosecutions, from information in the public domain and on the Internet, criminals, terrorists and foreign intelligence officers know law enforcement agencies are able to decrypt a variety of commercial or 'soft' forms of encryption.

There is an observable pattern of changed encryption behaviour following arrests and even searches of property. Either the power of the encryption being employed is increased or the encryption practice, which may have been flawed because of poor password protection or similar, is enhanced. There is ample guidance material available on the Internet and elsewhere to judge which forms of encryption are secure against law enforcement agencies' efforts.

4.3.5      The listening device provisions in the Australian Federal Police Act 1979, confined as they are to the capture of voice (rather than sounds, signals, images, pictures, etc) limit that service's investigative capability. As computer and communications crimes are not currently categorised as Class 2 offences under the AFP Act, listening devices are not able to be deployed against these classes of activity. The original rationale for the drafting of the listening device provisions and those activity categorisations has been superseded by the changing faces of technology and crime. The lack of any overriding authority between the States, Territories and the Commonwealth in the areas of computing, and communications crime is probably not helpful.

4.3.6      The investigative impact on law enforcement agencies and national security would be substantial if real-time access to the communications of subjects of investigation was to be lost. There would be a consequent budgetary impact as the alternate sources of information are labour-intensive, less flexible, involve long lead-times, incur substantial financial outlays and sometimes produce after-care problems. The effect would, therefore, be on capability.

4.4      Decryption capability for law enforcement and national security?

4.4.1      The encryption of stored data ranges from relatively crude forms incorporated by manufacturers in pocket organisers through to strong forms such as PGP 39. The task facing law enforcement is increasingly a cryptanalytical one, not one of decryption. The Terms of reference of this Review seek at term (f)

4.4.2      The use of the term 'decrypting capability' here is deliberate. If posed in terms of cryptanalysis, the question would be whether the government should entertain establishing another agency to parallel the Defence Signals Directorate (DSD). The cost of such an initiative would approach half a billion dollars. On cost alone, this could not be contemplated. It would be an unreasonable budget outlay not simply because it would be unaffordable in today's economic climate, but also because the likely rate of return on the investment would be too meagre to warrant it. Also, the principal source from which experienced cryptanalytical personnel and technical expertise might be drawn is DSD itself. In a field where technology and methods are very sensitive, it would not be a simple matter to interpolate a quite different function with the attendant risk of disclosure of sensitive information in court proceedings.

4.4.3      Should a greater proportion of DSD's efforts be directed to support the work of law enforcement agencies? There would be sensitivity about such a proposal at the best of times. When Defence spending has been quarantined against the reduction of budget outlays elsewhere in the public sector, a political dimension is added to the issue. It would require the construction of fire- walls and special protocols to ensure security and the issue of evidentiary requirements would always be a vexed one. On its face, it is not a course which obviously commends itself. On the other hand, there will need to be some cryptanalytical capacity in the Commonwealth on which law enforcement or national security may call when the need arises. Need, in these circumstances, will be dictated by the immediacy and gravity of the contextual information. There is no sound basis, as I have indicated, for proposing a second cryptanalytical facility in the Commonwealth. It follows necessarily that whatever cryptanalytical needs law enforcement and national security agencies experience will have to be met from within DSD's capacity.

4.4.4      If the level of demand should become significant, there would be a need to look at the mechanics of cooperative arrangements, turnaround times on requests, charging arrangements and the prioritising and channelling of requests on a national basis. That task should be picked up in the further review recommended for late 1997.

4.4.5      There was strong support from the AFP, some state police forces and ASIO for a separate decryption capability directed primarily to law enforcement purposes. Currently, many law enforcement requests, including a significant number from overseas agencies, are directed to universities and institutes of higher learning which have developed reputations for IT excellence and seminal research. Cases were cited to the Review where European law enforcement agencies have contacted institutes in Australia seeking help. The dilemma they faced was clear - bring cases to court without encrypted information which they believed was critical to their investigation or postpone cases in the hope the encryption may one day be broken. Neither course affords any comfort. Many appeals for decryption assistance explicitly presume the universities will supply this without cost, because of their percentage of public funding in their budgets. Not surprisingly, the universities see it otherwise.

4.4.6      If a decryption facility was to be established, both state and federal agencies consulted thought it should be located in a Commonwealth agency, funded jointly by the Commonwealth and the states, operating on a cost recovery basis, and function under the technical aegis of DSD and the specialist IT components of the law enforcement agencies. The Review was not persuaded, however, such a facility would achieve more than the individual agencies are now managing. Unless a key was obtained from the owner of the data or the manufacturer agreed to provide critical information, there is little prospect that other than very basic or crude forms of encryption would be decrypted. Certainly commercially available strong encryption will defy such an approach and will likely resist cryptanalytical attack.

4.4.7      No distinct or quantifiable benefit would seem to flow from developing an independent decryption facility for law enforcement. The better tactic would be to enhance the computer crime and technical investigation areas of the various agencies, to have a small budget slice reserved for training and minor capital expenditure and to ensure the separate efforts of agencies are coordinated so the sum produces enhanced capability. These are essentially matters for agency management. Of them, the critical factors are the technical or computer competence of the people and effective coordination across agency lines. The Review sensed impressive capability existed among computer crime specialists, but the number of investigators dedicated to this area is small both in actual terms and in proportion to the whole field of criminal investigation. The view was also gained that there has been little migration of expertise and operating familiarity to the larger body of criminal investigators. If the AFP, NCA and ASIO are to achieve requisite investigative and analytical capability in a field growing much faster than the pattern of staff or capital investment by those agencies in the past 3-5 years, the respective managements will need to accord these objectives a greater call on available resources.

4.4.8      There would be value in formalising periodic exchanges between DSD, ASIO, AFP and NCA at a senior technical level, so that information may be shared in a 'closed' forum, sterile areas of exploration avoided, attack techniques discussed and some measure of cooperative research agreed. This sort of inter-agency forum would provide an opportunity to review the arrangements by which requests for cooperation may be channelled from State and Territory police forces to DSD. Because of their compliance functions and their close investigative and functional roles, both the ACS and AUSTRAC would sensibly be included. The national and trans-national nature of criminal and security issues and the considerable challenge which wide-spread encryption will pose to law enforcement and national security agencies strongly suggests a State or Territory police force representative should be coopted to the forum. The manner of selection or rotation is something which could be left respectively to the forum itself and the Police Commissioners' conference, though a suggestion is offered at 6.3.2.

4.4.9      I mention such a forum should be 'closed' because information of great sensitivity would inevitably be discussed.

That means specific clearances would need to be given by Heads of Agency and Police Commissioners, a procedure for the State Police Commissioners to do this now exists, and the full range of indoctrination protocols applied. The purpose is not to prevent any derived knowledge from ever being gainfully used but to ensure conditions attaching to compartmented knowledge are observed, security is protected and inhibitions about the level of candour which might apply largely removed.

4.4.10      Because they relate to the forum's effectiveness, the issues of who should chair it and to whom it should report might briefly be canvassed here. DSD possesses the cryptanalytical expertise. The AFP possesses the operational management expertise, the experience of progressing cases from investigation to prosecution, of supporting prosecutions and has an appreciation of counter-terrorist requirements through its involvement in the National Anti- Terrorist Plan and its participation in various standing committees. ASIO works closely with DSD, and also with the AFP. It does not have executive powers and only occasionally becomes involved, as a party, to litigation. Like DSD, it has an overwhelming need to protect its targeting, sources and methods. The NCA shares the operational imperatives of the AFP and ASIO, but works to a narrower investigative last. All agencies have a need to preserve their covert collection and investigative capability. On this analysis, I consider ASIO should be the initial chair of the inter-agency cryptographic forum and the situation should be reviewed after 18 months. That interval should ensure judgement is made on the basis of solid work, not simply issues of establishment.

4.4.11      To whom should such a body report? Because of the importance and the sensitivity of the matters to be addressed by the forum and the need for Ministers to be kept informed, the appropriate authority would seem to be the Secretaries Committee on National Security and then to Cabinet. 1 gave consideration to the Heads of Commonwealth Law Enforcement Agencies (HOCOLEA) but the national security interest takes the matter beyond the remit of that body.

4.4.12      Knowledge of cyphertext which cannot be decrypted is more valuable information to a criminal, terrorist or foreign intelligence officer than knowledge of systems and applications which can be decrypted. DSD may feel understandably vulnerable in entering such an arrangement where such judgements are likely to emerge or be required. The current degree of feeling and suspicion seems born of ignorance or matters not stated rather than from any adverse experience. A more positive approach by both sides should assist to break down those barriers.

4.4.13      At paragraph 3.5.4, it was concluded areas of expertise in computer crime investigations will likely determine the priority with which certain criminal investigations are initiated and a particular challenge for agency managements will be to maintain and develop the number of staff with the requisite skills. The inter-agency forum could play a useful role in coordinating capital investment and personnel development plans for this area in the member agencies.

4.4.14      The need for law enforcement and national security to initiate a dialogue with the IT industry, carriers and service providers was mentioned at paragraph 3.7.5. Such a task would logically be undertaken by forum representatives.

4.4.15      It may be that some memoranda of understanding would be required to protect technology transferred between agencies and sensitive operational methods against disclosure in court proceedings or discovery processes. If indicated, such devices should reinforce the special compartment in which this information is located.

4.5      Public Key Infrastructures

4.5.1      The reactions of foreign governments to the availability of stronger forms of encryption has varied. Some require import licenses. Russia, India, France, China and Israel are among those and Russia and France require those who wish to use encryption to obtain state licences. The Belgians discovered they had passed a law in December 1994 which might prohibit the use of unescrowed encryption. At the time it went unnoticed as part of a larger law. The law adds a condition under which telecommunications equipment may be seized, namely in case of end equipment which renders interception ineffective. It has not been enforced as the Belgian Institute for Posts and Telecommunications remains unclear of its consequences. 40 The example is cited as a salutary warning of the fate which may befall premature policy initiatives.

4.5.2      The efficacy of legislative measures to limit or control importation, let alone the political and public policy wisdom of pursuing them when the Internet offers a range of encryption applications, seems doubtful in the extreme.

4.5.3      Export controls on cryptography and cryptographic products have long been in place in Australia. They interlock with controls imposed by a number of countries, principal among them the United Kingdom, Germany, France and the United States - generally thought to produce more than 70% of the world's software. Contemporaneous with calls for government not to interfere with the availability of cryptography for the privacy protection of citizens have been calls for export controls to be ameliorated.

4.5.4      The lack of enthusiasm with which American commentators greeted the series of United States government proposals, culminating in the formal Administration statements on 11 July 1996, to establish a key management infrastructure, under which the needs of quality assurance, integrity, data retrieval and public safety would be accommodated, broadly reflects the reaction of those consulted by this Review. 41 Few felt key escrow arrangements could be argued as secure and less considered government ever acting as an escrow agent to be appropriate.

4.5.5      The American proposal for a commercial encryption policy is based on a global key management infrastructure that supports digital signatures and confidentiality. Independent entities, key escrow agencies, would verify digital signatures and also hold spare keys to confidential data. Those keys could only be obtained by persons or businesses that have lost the key to their own encrypted data, or by law enforcement officials acting under proper authority.

4.5.6      Pressure created by the United States' computer industry and users eventually caused three Bills dealing with cryptography to come before the US Senate, two of which propose the abolition of export controls. The Republican candidate for the Presidency, Mr Robert Dole, was a co-sponsor of one of the bills. The Commerce Committee of the Senate scheduled a vote on one measure for September 12, 1996, but this was delayed because of other business. With the conclusion of the final session of the 104th Congress before the November elections, the measure will have to be revived by the returned Administration and the next Congress. The White House was originally expected to introduce its own legislation around mid-September, offering special arrangements for industry segments such as finance, health care and insurance. In turn, those sectors were expected to support government key escrow systems, which would have the effect of making them mandatory. 42 The July 1996 United States Administration statement foreshadowing the liberalisation of export controls for certain commercial encryption products seemed, also, an attempt to dispel Clipper suspicions. 43 The terms and conditions attaching to that forecast liberalisation of export controls were eventually set out in the Vice-President's statement of 1 October 1996. 44

4.5.7      While performance standards and key recovery, alone with some relaxation of export controls are noted as the main features of the July 1996 American proposal, there was no attempt to hide the principal drivers - on the one hand, the requirements of national security and law enforcement; on the other, the export interests of the United States.

Ignored are four detracting considerations: the first is the added vulnerability which escrowing requirements introduce; the second is the increased risk of repudiation as the escrow agency could impersonate an individual; the third is that those to whom the proposal is directed (organised crime, terrorists, foreign intelligence services) may not use such a service; and the fourth is the likelihood criminals who wish to appear to be engaging in normal commerce may encrypt their data with another encryption application before wrapping it with the escrowed key. 45   United States commentators, but not they alone, are concerned government access to authentication keys could result in the fabrication of evidence and significant complication for the administration of justice. US Government sources are reported to say informally there was and is no intention to see authentication keys escrowed and the point was not made explicit because it was regarded as self-evident. It seems extraordinary that so unnecessary a hostage should have been risked. 46

4.5.8 The United Kingdom government has taken a similar path. On the 11 June 1996, a policy paper was issued publicly. 47 This announced the adoption of licensed and regulated Trusted Third Party (TTP) services as the core of its arrangements. 48 Without giving a binding commitment, it noted licensing might be predicated on an examination of applicants' fiduciary responsibility, competence to provide services in this sector and commitment to modern management principles! The purpose of the licensing policy is to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of encryption keys under warrant. The UK Government announced legislative proposals would be brought forward after further consultation on detailed policy elements.

4.5.9      The British paper did not distinguish between authentication and confidentiality keys, though the Royal Holloway proposal on which it is founded did, and foresees some relaxation of export controls. For a time it offered the advantage over the early Clipper schemes of an offer of key back-up for data retrieval purposes, but the July 1996 American key management infrastructure proposal also included that element.

4.5.10      At its essence, the TTP proposal provides users with key management services and law enforcement agencies with warranted access to a particular user's communications. Like the American proposal, the scheme would be voluntary but creates new points of vulnerability where the keys of participants may be attacked. The cost would be borne by the individual.

4.5.11      Trusted third party encryption is much more problematical in relation to telecommunications than for stored data. It is difficult to imagine trusted third party encryption becoming the norm unless governments put substantial sanctions in place. For those to be meaningful will require close coordination and global agreements to cover a global market. The importance of the efforts by the Australian government and OECD partners to reach an acceptable draft of cryptography guidelines is underlined here as global agreements will only be secured on the basis of internationally accepted principles.

4.5.12      The French government has adopted a mandatory third party scheme which will result in some relaxation of the earlier ban on cryptography. Like the others, it does not distinguish between authentication and confidentiality keys. One is tempted to say it poses the same problem for criminal prosecutions but the French approach to these matters necessitates more specialist information than is available to this Review. The government, of course, picks up lawful access to the key under the scheme.

4.5.13      While a number of governments have taken legislative or regulatory action, more seem to have been monitoring developments and turning their minds to data protection and privacy legislation. Within the European Union and the OECD, significant effort is being devoted to international draft principles covering the use of cryptography, for which a target date of February 1997 has been set. The OECD is considering undertaking a review of the 1980 privacy guidelines and intends to review the 1992 IT security guidelines next year. Some work on intellectual property requirements remains outstanding.

4.5.14      In Australia, a group representing government, industry and users produced several iterations of a public key authentication framework (PKAF) proposal. 49 This scheme would be voluntary, not subject to government licence and would deal only with authentication. The PKAF function is that of a certifying authority, not a trusted third party or escrow agency. Keys would have to be generated in accordance with the scheme to ensure integrity and security, no key would be retained by PKAF and no government access to the scheme is proposed. The proposal was developed under the aegis of Standards Australia and conforms to both management and technical standards. Its adoption will require amendment to the Evidence Act or the Acts Interpretation Act to provide for a digital signature to have the same force and effect as a hand-written signature.

4.5.15      It is unclear how the Australian market will develop, though electronic commerce and the trans-national nature of so many commercial operations suggest the lead of major trading partners will likely be followed. For the moment, the PKAF project appears to have lost some momentum and the expected launch of products by potential service providers have been delayed. There will almost certainly be a public requirement for agencies which provide third party, data recovery and, possibly, key generation facilities. Some form of registration of these service providers, as in the telecommunications field, would seems sensible to ensure public confidence and operating integrity and would be helpful to law enforcement agencies and the protection of national security. It would be in the national interest, given the community's future reliance on the integrity of digital signatures, for the bona-fides of these providers to be vetted as a condition of registration. The framework for that registration process should be put in place promptly.

4.5.16      The United Kingdom intends to bring forward legislative proposals to address the licensing of trusted third parties. 50 The statement issued by United States Vice-President AI Gore on 1 October 1996, addressing the liberalisation of export controls, advised these would be conditional upon industry commitments to build and market future products that support key recovery. 51 The proposal 'presumes' trusted parties will be designated by users, but does not address or exclude the issue of licensing. The statement makes clear that law enforcement access, under proper authority, would only be to the user's confidentiality key. A condition of registration, which might carry benefits such as inclusion in public directories and approval for products/services to be used in government and financial sector dealings, could be that keys would be made available to the AFP, NCA or ASIO on production of a lawful instrument.

4.6      International Agreements

4.6.1      There may be some requirement for the Australian Government, for electronic commerce or similar purpose, to put in place systems which interlink with the American, the British or some other proposal which wins sufficient global support. 52 This will depend, in part, on the specific features of the arrangements implemented by those governments and their interoperability with the requirements for a Public Key Authentication Framework outlined in the Miscellaneous Publication released by Standards Australia in November 1996. The British Government paper of 11 June 1996 spoke of the need for common architectural framework in different countries to support the provision of integrity and confidentiality and saw encryption algorithms on the International Standards Organisation register as a sensible benchmark. Agreement on international, and therefore interoperable, standards is a core objective of the OECD group developing guidelines on cryptography.

4.6.2      Until broad agreement on standards and architecture is secured, it would seem premature to enter any bilateral negotiations, though clearly substantive discussions on the issues must proceed.

4.6.3      The review encountered significant scepticism about mandated key escrow or TTP systems. The national sovereignty of the agencies providing these services could not be guaranteed, with consequent implications for the national interest. There is the strong likelihood that these agencies would become the major targets of foreign intelligence services. When an agency owner provides a key, under lawful authority, to a law enforcement agency questions of integrity about that key would arise. The PKAF proposal outlines a precise set of obligations and actions where a private key is known or suspected to be compromised. Certainly the key has to be replaced, the certificate containing the associated public key revoked and the fact notified promptly on a Certificate Revocation List. Where a key is surrendered to a law enforcement authority in response to a search warrant, the question arises how the compromised nature of the key would be advised to the owner and what liability may be carried by the law enforcement agency or the service provider? While separation of the authentication key pair from the confidentiality key pair would go a long way to reduce this problem, the need for clear policy definition is clear. An early and clear statement from government that it has decided the issues of authentication and confidentiality are to be separated would be of significant benefit.

4.6.4      Law enforcement agencies and ASIO will need to address the reciprocal arrangements for the acquisition of keys which they would seek of others and will be sought of them. The sensible course would be to cover such exchanges by memoranda of understanding, after normal agency and Ministerial processes of approval.

4.7      Third Party Systems

4.7.1      If there is a single lesson to emerge from the ill-fated 'Clipper' debate in the United States, it is that attempts by government to mandate any cryptographic technology solution or the use of government escrow or recovery agents are doomed to failure. Whether and how private citizens or corporations choose to recover data or protect themselves against a shut-out is for them alone to decide. It is interesting to note a recent IT industry paper builds a proposal around a key recovery system rather than an escrow System. 53  No user key would be held by the key recovery agency or agencies. The algorithm/s employed would be publicly available, there would be no limit on key lengths and the self-escrowing of keys would be permitted. On production of a court order or warrant, and with the presentation of some intercepted traffic between the party in question and another, the key recovery agency would be able to reconstitute the message without recovering the key. While this proposal may meet data retrieval requirements, it is likely to lack evidential value for a prosecution.

4.7.2      The proposal overcomes many of the deficiencies of the escrow system, but two seem to linger: the first is the vulnerability which attaches to the operation of the key recovery agencies. The system's developers envisage a number of large agencies in a variety of countries, with users deliberately spreading some of their data vulnerability off-shore. They then ask the question could agencies in a variety of countries be equally susceptible to inducement whether from a drug cartel or a particular government. The second residual problem is the extent to which 'serious' criminals will avail themselves of such a system without suspecting they are buying a Trojan horse. There is ample evidence law-breakers continue to use means of communication when they believe them possibly to be compromised and this tendency is advanced by some to argue that criminals will not take extraordinary measures to secure their data. IT industry representatives, the AFP, the NCA, ASIO and state police forces consulted all considered encryption would routinely be employed when it was generally available, simple to use and effective. Those conditions will imminently be met.

4.7.3      The Review formed the opinion that some form of third party system would commend itself as the best option for government and a sales pitch based on data recovery and public safety would be more likely to gain community acceptance than one founded on law and order, or even less, for essential tax collection purposes! No person consulted disputed the need for the state to be able to move quickly when confronted with kidnapping, the threat of terrorism or the abuse of children. At a level of principle, that consensus, wrapped in the delivery of a useful service such as data retrieval, offers the best 'hearts and minds' approach. The appeal of each of the three 'Clipper' versions was based on the needs of law enforcement and national security - those appeals were greeted with some cynicism. This is not to say that high-flown principle does not carry some weight but third party service providers will be in business to make a profit.

4.7.4      The assumption that encryption users would require some form of third party system rested hitherto on the premise that software based methods would be employed to generate encryption materials. While the software approach still predominates, a shift towards primarily hardware based solutions is starting to revise thinking. The need for emergency data recovery, date/time stamping and non-repudiation facilities is certain to be felt and that means trusted third parties will have a place. As a passing comment, use of the Internet seems to have increased the community's level of data security consciousness. The realisation that using the Internet in open mode to buy tickets for a function on a particular date may be to risk advertising one's house may be empty on that evening would be disquieting!

4.7.5      While the American and British proposals both envisage law enforcement and national security agencies serving legal instruments on TTPs or escrow agencies and obtaining the specified keys, the confidentiality of such arrangements is not guaranteed and the integrity of investigations is sometimes put at risk. Problems of leakage of information from telecommunications carriers and companies providing pager services to the subjects of law enforcement investigations are currently experienced in Australia and may be expected to continue. The post 1 July 1997 deregulated climate is unlikely to temper this pattern.

4.7.6      Users of TTPs, escrow arrangements or key recovery agencies will need to ask themselves to what extent those service providers should be trusted. The British Government has formally proposed a licensing system and a Federal Bureau of Investigation/Department of Justice proposal outlined the US Administration's views of the characteristics it considered should attach to the service provided and those providing the services. Licensing systems, or their equivalents, do not guarantee ownership of such agencies will remain in the national interest, nor that those involved would remain immune to inducements or coercion, but they do provide a measure of public confidence. In that fabled New World Order of which public commentators are wont to speak, key recovery agencies, escrow agencies and TTPs will become major intelligence targets for all countries with a capability to match their desire. It will be possible for the risk factor to be reduced, where users have the wit and resources to spread it across jurisdictions and different control interests, to have some objective testing of the 'trust quotient' of service providers, but not finally to eliminate it.

4.7.7      How then to address the question of trust? Users cannot be expected to presume the bona fades of those providing third party services and the integrity of commercial and personal transactions will rest on that of the service providers. This dictates, in view of the potential for corruption in this industry sector, a form of screening and registration will be essential. The procedures used in several States and Territories to assess potential casino operators would be a useful initial model for the integrity checking process. In view of the pace at which technology has been developing and the cost and consequences of leaving the process of regulation too late, it would be prudent for government to indicate early its intention to apply a system of registration and take the administrative steps to implement it.

4.8      The Internet

4.8.1      Cryptography today can scarcely be discussed or viewed outside the context of the Internet. Designed originally by the United States Department of Defense to be a centre-less anarchic system and then taken over by the academic community, it continues to defy attempts to regulate it. In the course of the 1996 US presidential election campaign, President Clinton promised to build a new network. It was not clear if this would be a second Internet, if it was intended to incorporate some form of central control or key nodes or the extent of its relationship with the existing Internet. What is clear is the problem will remain as long as the current net exists and many will defend its right to longevity.

4.8.2      In such a fluid context, to mandate processes is a questionable course as it will not automatically direct or prevent the conduct to which they are directed. Professor Dennis Longley observed, 'the Internet can always refigure itself around restrictions or regulations'. 54 There have already been knee-jerk reactions in various parts of the world to developments on the Internet but reasonably clear indication that few, if any, of those proposals will work and the dangers they are intended to avert or contain may sometimes have been over- stated.

4.8.3      The anarchic nature of the Internet may have conditioned the United States Administration's approach to cryptography policy. As recently as 25 July, FBI Director Louis Freeh said if the current 'voluntary' policy failed, he would seek mandatory domestic controls on cryptography, while conceding these too may not work - they were simply the logical progression of his thinking. 55 If one had to pick a single characteristic which epitomised public policy, pragmatism would beat logic every time. Dorothy Denning, a staunch advocate of the American 'law and order position', argued in a web debate that an encrypted Global Information Infrastructure is without precedent in world history. That is right , and so is the GII itself. The public discussion needs to offer more than the prospect of losing one's encryption keys and/or facing the depredations of organised crime and terrorism before general support for government arranged key management infrastructure wills be elicited. It is a question of balance.

4.8.4      There are powerful benefits to be reaped by our citizens and our community from the ready availability of encryption in terms of privacy, commerce, the range of on-line services which might be accessed from home, inquiries which may be initiated discreetly, payments made and a range of others. There remain, for law enforcement agencies, concerns about the legally unclear (in terms of the TI Act) role of Internet service providers, jurisdictional confusion as to service of warrants, uncertainty about the telecommunications market in Australia after 1 July 1997, the potential for people to use satellite telephones which transmit and receive directly from satellites located over South-east Asia and other matters. LEAC, supported by an annual telecommunications interception conference, should provide the avenue for meeting these concerns or feeding them into other established channels.

Footnotes:

38 See Attachment 6 of the Barrett Report.

39 PGP - Pretty Good Privacy - a strong encryption package that utilises RSA, designed by Paul Zimmerman and published on the Internet. The US Government charged Zimmerman with breaching export controls but dropped the suit after more than two years when it could not establish if Zimmerman placed PGP on a server or someone stole it.

40 Crypto Law Survey, Version 4.2, July l996, available http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm

41 The first of two statements released by the White House on 12 July 1996, titled Administration Statement on Commercial Encryption Policy July 12 1996, is shown at Annex C of this report. The second statement issued on the same date was titled US Cryptography Policy: Why We Are Taking the Current Approach.

42 EPIC Alert, Vol. 3.16, September 12, 1996, item 4. p 4. (http://www.epic.org/)

43 The first use of key escrow, dubbed Clipper. was in 1993. Clipper was a hardware chip that allowed digital telephone users to make secure calls but also allowed the government. under lawful authority, to intercept calls.

44 The full text of the Vice-President's statement is shown at Annex F of this report.

45 The only way of finding out if Smith or Jones is using double encryption (with a non-escrowed key) would be by decrypting their files/communications with their escrowed keys and observing the decrypted data is still unintelligible. Warrants would have to be obtained to verify people are playing by the rules or else their privacy would be violated.

46 Annex F, which contains the statement issued by US Vice-President Al Gore on 1 October 1996, states that access to confidentiality keys alone will be sought/authorised.

47 Paper on Regulatory Intent Concerning Use of Encryption on Public Networks, issued by the Department of Trade and Industry, 11 June 1996. This paper is repeated at Annex D.

48 A solution first advanced by the Royal Holloway group of the University of London.

49 A draft Australian Standard on Strategies for the Implementation of a Public Key Authentication Framework in Australia was issued for comment by Standards Australia on 1 April 1996 and was released as a Miscellaneous Publication (MP75) on 5 November 1996.

50 See Annex D

51 Statement of the Vice-President, AI Gore, released by the White House on 1 October 1996. Copy attached at Annex F.

52 cf conclusion at 1.1.19 of this report.

53 The Need for a Global Cryptographic Policy Framework - An IBM Position Paper, August 1996.

54 Professor Dennis Longley, Director Information Security Research Centre, Queensland University of Technology, in a presentation to the Joint Australian/OECD conference on Security Privacy and Intellectual Property Protection in the Global Information Infrastructure, 7-8 February 1996, Canberra.

55 Louis J Freeh, Director of the FBI, testimony before the Commerce Committee of the Senate of the United States Congress. 25 July 1996, quoted in Epic Alert, Volume 3.14 of August 1, 1996.



Chapter 5