Electronic Frontiers Australia Inc.
News Release March 13th 1997
The Commonwealth Attorney-General's Department has put a hold on the public release of the Walsh Report, an important review of cryptography policy, according to information obtained by Electronic Frontiers Australia.
EFA spokesperson Greg Taylor said, "This report, entitled 'Review of policy relating to encryption technologies', is the outcome of a study conducted in 1996 by Gerard Walsh, a former deputy director-general of ASIO. Publication of the report was eagerly awaited by members of the law enforcement community, other government departments, commerce, and the online community. It was expected that the report would examine the the various issues in the crypotography debate and encourage further comment and consultation."
"The report was listed for sale by the Australian Government Publishing Service in January 1997, but was hurriedly withdrawn from the list 3 weeks later, following EFA's enquiry as to the reasons for its apparent embargo. The intention was to allow for a 3-month consultation period for public comment."
"We are now informed that the public release of the report has been stopped, apparently by the Attorney-General's office," Mr. Taylor said. "Even the Law Enforcement Advisory Committee (LEAC) of Austel, a body charged with the monitoring of electronic surveillance for law enforcement purposes, has been unable to obtain a copy."
Australia has never had a clear statement of policy about issues such as key escrow. The only regulations dealing with this technology are export restrictions administered by the Defence Signals Directorate. This curious administrative arrangement is a leftover from the days of the cold war, when cryptography was the province of the military and espionage interests. The whole field has now changed and encryption technology now forms an integral part of advances in network security and electronic commerce. The lack of a clear policy direction can only harm Australia's participation in these rapidly-developing fields.
"Key personnel in the Attorney-General's department are now claiming that the report was never intended to be made public", said Mr. Taylor. "This is a total fabrication. Why all this secrecy?", he said. "One theory is that the report leans too heavily in favour of privacy interests and fails to support the draconian stance of the US government, a position that the OECD has recently rejected. The US government's recently revamped policy requires cryptography software developers to incorporate key recovery facilities in their export products, which would allow US law enforcement interests to monitor the communications of overseas nationals."
"We call upon the Attorney-General to immediately release this report in the public interest", said Mr. Taylor. "The days of cloak-and-dagger intrigue are long gone. This is 1997, not 1984!"
Danny Yee [email protected]
+61 2 9351 5159 (work) / +61 2 9955 9898 (home)
The matter is also extensively reviewed in the February edition of the Privacy Law & Policy Reporter (PLPR), a monthly review and analysis of privacy laws, policies and intrusions, focussing on developments in Australian and New Zealand, and the Asia-Pacific region generally. PLPR is edited by Graham Greenleaf and published by International Business Communications (IBC), Level 11, Carlton Centre, 55-63 Elizabeth St, Sydney NSW 2000 (ACN: 003 316 201): tel +61 2 221 6199, fax +61 2 221 5923, e-mail [email protected] (Oliver Freeman, Publisher)
Australian Government Publishing Service listing of the Walsh Report. This entry was placed on the AGPS Web site on 21 Jan 1997 but was removed on 7 Feb 1997, 10 minutes after EFA rang the Attorney- General's Department to enquire about the report.
Title Review of policy relating to encryption technologies. Author Attorney-General's Deparment. Security Division. ISBN 0644475307 Other Identification nos 9607994 Price $11.95 Imprint Barton, A.C.T. : Security Division, Attorney-General's Department, 1996. Physical Description xii, 96 p. ; 25 cm. Notes '10 October 1996'. 'The Australian Government is seeking public comment on the contents of this report ... The closing date for comments is 16 February 1997' - Foreword. Contents 1. Conclusions and findings 2. Context and approach of the review 2.1. The context: Barrett's obiter dictum 2.2. The approach 2.3. Creative tension or competition 3. The direction and impact of encryption 3.1. The direction 3.2. On law enforcement and national security 3.3. The statistical vacuum 3.4. Policy uncertainty 3.5. Today's problems for the investigators 3.6. The imminent challenge 3.7. Towards response strategies 4. The consequence for government 4.1. Law enforcement 4.2. National security 4.3. The cost of alternatives 4.4. Decryption capacbility for law enforcement and national security? 4.5. Public key infrastructures 4.6. International agreements 4.7. Third party systems 4.8. The Internet 5. Striking a balance 5.1. A matter of proportion 5.2. Export controls 6. Coordinating process and investigative capability 6.1. Policy primacy and coordination 6.2. Maintaining investigative capability 6.3. Coordination of operational capacity 6.4. A new legislative approach Annexe A. Terms of reference of the review Annexe B. Australia Online [extract] Annexe C. US Administration statement on commercial encryption, 12 July 1996 Annexe D. UK Government paper of regulatory intent concerning use of encryption on public networks, 11 June 1996 Annexe E. OECD guidelines governing the protection of privacy and transborder flows of personal data Annexe F. US Administration statement on encryption issued by the Vice-President, 1 October 1996. Summary The terms of reference of the review are as follows: The review is to examine whether legislative or other action should be taken to safeguard national security and law enforcement interests in the light of the rapid development of the global information infrastructure and the continuing need to safeguard individual privacy. The objective of the review will be to present options for encryption policies and legislation which adequately address national security, law enforcement and privacy needs while taking account of policy options being developed to address commercial needs. Key factors to be addressed include: (a) Australia's national security and defence interests; (b) an assessment of the present state on encryption technologies and prospective developments in encryption technology over the next few years likely to impact on Australia's national security and law enforcement interests; (c) whether Australia's present laws are adequate to ensure Australia's national security and law enforcement interests in an environment of rapidly emerging technologies; (d) measures to safeguard individual privacy including an examination of the warranting provisions that may be required to enable law enforcement and national security authorities to gain access to encrypted material, whether in the form of stored data or a message transmitted over a telecommunications network; (e) an assessment and evidence of the benefits of access by law enforcement and national agencies to encrypted data; (f) an assessment of the most appropriate means of funding the development, implementation and maintenance of a decrypting capability for existing and emerging technologies; (g) whether Australia should seek to negotiate agreements with any other country or countries governing access to encrypted data where public keys (under a 'commercial key escrow' or 'trusted third party' system of encryption) are held outside Australia; (h) whether legislation is desirable to: (i) regulate the availability of 'commercial key escrow' or 'trusted third party' encryption; (ii) facilitate the development of 'commercial key escrow' or 'trusted third party' encryption; (i) the impact of overseas initiatives associated with encryption technology, particularly in relation to the extent to which international cooperation and proactive specification of desirable characteristics for encryption products and 'commercial key escrow' or 'trusted third party' services is desirable and recommendations as to how such international cooperation best be achieved; the effectiveness of Australia's export controls on encryption technology. The review is to have regard to the Government's existing encryption policies, the work of the OECD Committee of Experts on Security, Privacy and Intellectual Property Protection in the global information infastructure on the development of international crypography guidelines and the work of the Information Policy Task Force on the implementation of open encryption standards which address commercial needs.[end]
Return to EFA Media Release Page