Media Release

Electronic Frontiers Australia Inc.

News Release March 13th 1997

The Commonwealth Attorney-General's Department has put a hold on the public release of the Walsh Report, an important review of cryptography policy, according to information obtained by Electronic Frontiers Australia.

EFA spokesperson Greg Taylor said, "This report, entitled 'Review of policy relating to encryption technologies', is the outcome of a study conducted in 1996 by Gerard Walsh, a former deputy director-general of ASIO. Publication of the report was eagerly awaited by members of the law enforcement community, other government departments, commerce, and the online community. It was expected that the report would examine the the various issues in the crypotography debate and encourage further comment and consultation."

"The report was listed for sale by the Australian Government Publishing Service in January 1997, but was hurriedly withdrawn from the list 3 weeks later, following EFA's enquiry as to the reasons for its apparent embargo. The intention was to allow for a 3-month consultation period for public comment."

"We are now informed that the public release of the report has been stopped, apparently by the Attorney-General's office," Mr. Taylor said. "Even the Law Enforcement Advisory Committee (LEAC) of Austel, a body charged with the monitoring of electronic surveillance for law enforcement purposes, has been unable to obtain a copy."

Australia has never had a clear statement of policy about issues such as key escrow. The only regulations dealing with this technology are export restrictions administered by the Defence Signals Directorate. This curious administrative arrangement is a leftover from the days of the cold war, when cryptography was the province of the military and espionage interests. The whole field has now changed and encryption technology now forms an integral part of advances in network security and electronic commerce. The lack of a clear policy direction can only harm Australia's participation in these rapidly-developing fields.

"Key personnel in the Attorney-General's department are now claiming that the report was never intended to be made public", said Mr. Taylor. "This is a total fabrication. Why all this secrecy?", he said. "One theory is that the report leans too heavily in favour of privacy interests and fails to support the draconian stance of the US government, a position that the OECD has recently rejected. The US government's recently revamped policy requires cryptography software developers to incorporate key recovery facilities in their export products, which would allow US law enforcement interests to monitor the communications of overseas nationals."

"We call upon the Attorney-General to immediately release this report in the public interest", said Mr. Taylor. "The days of cloak-and-dagger intrigue are long gone. This is 1997, not 1984!"

[ENDS]

Media Contact:
Danny Yee [email protected]
+61 2 9351 5159 (work) / +61 2 9955 9898 (home)

Background:

The matter is also extensively reviewed in the February edition of the Privacy Law & Policy Reporter (PLPR), a monthly review and analysis of privacy laws, policies and intrusions, focussing on developments in Australian and New Zealand, and the Asia-Pacific region generally. PLPR is edited by Graham Greenleaf and published by International Business Communications (IBC), Level 11, Carlton Centre, 55-63 Elizabeth St, Sydney NSW 2000 (ACN: 003 316 201): tel +61 2 221 6199, fax +61 2 221 5923, e-mail [email protected] (Oliver Freeman, Publisher)

---------------------------------------------------------------------
Attachment:
Australian Government Publishing Service listing of the Walsh Report. This entry was placed on the AGPS Web site on 21 Jan 1997 but was removed on 7 Feb 1997, 10 minutes after EFA rang the Attorney- General's Department to enquire about the report.

Title                     Review of policy relating to encryption 
                          technologies.         

Author                    Attorney-General's Deparment. 
                          Security Division.   

ISBN                      0644475307           

Other Identification nos  9607994              

Price                     $11.95               

Imprint                   Barton, A.C.T. : Security Division,          
                          Attorney-General's Department, 1996.         

Physical Description      xii, 96 p. ; 25 cm.  

Notes                     '10 October 1996'.   

'The Australian Government is seeking public comment on the contents of 
this report ...  The closing date for comments is 16 February 1997' 
- Foreword.    

Contents   

       1. Conclusions and findings  
       2. Context and approach of the review  
           2.1. The context: Barrett's obiter dictum  
           2.2. The approach  
           2.3. Creative tension or competition  
       3. The direction and impact of encryption  
           3.1. The direction  
           3.2. On law enforcement and national security   
           3.3. The statistical vacuum  
           3.4. Policy uncertainty  
           3.5. Today's problems for the investigators  
           3.6. The imminent challenge  
           3.7. Towards response strategies  
       4. The consequence for government  
           4.1. Law enforcement  
           4.2. National security      
           4.3. The cost of alternatives  
           4.4. Decryption capacbility for law enforcement and 
                  national security?  
           4.5. Public key infrastructures  
           4.6. International agreements  
           4.7. Third party systems     
           4.8. The Internet  
       5. Striking a balance  
           5.1. A matter of proportion  
           5.2. Export controls  
       6. Coordinating process and investigative capability  
           6.1. Policy primacy and coordination  
           6.2. Maintaining investigative capability  
           6.3. Coordination of operational capacity  
           6.4. A new legislative approach  
       Annexe A. Terms of reference of the review  
       Annexe B. Australia Online [extract]  
       Annexe C. US Administration statement on commercial 
                 encryption, 12 July 1996  
       Annexe D. UK Government paper of regulatory intent 
                 concerning use of encryption on public       
                 networks, 11 June 1996  
       Annexe E. OECD guidelines governing the protection of       
                 privacy and transborder flows of personal    
                 data  
       Annexe F. US Administration statement on encryption issued 
                 by the Vice-President, 1 October 1996.              

Summary    

The terms of reference of the review are as follows: 

The review is to examine whether legislative or other action should 
be taken to safeguard national security and law enforcement interests 
in the light of the rapid development of the global information  
infrastructure and the continuing need to safeguard individual privacy. 
The objective of the review will be to present options for encryption 
policies and legislation which adequately address national security, 
law enforcement and privacy needs while taking account of policy options 
being developed to address commercial needs. Key factors to be addressed 
include: 
  (a) Australia's national security and defence interests; 
  (b) an assessment of the present state on encryption technologies 
      and prospective developments in encryption technology over
      the next few years likely to impact on Australia's national 
      security and law enforcement interests; 
  (c) whether Australia's present laws are adequate to ensure 
      Australia's national security and law enforcement interests 
      in an environment of rapidly emerging technologies; 
  (d) measures to safeguard individual privacy including an 
      examination of the warranting provisions that may be required 
      to enable law enforcement and national security authorities to 
      gain access to encrypted material, whether in the form of 
      stored data or a message transmitted over a telecommunications 
      network; 
  (e) an assessment and evidence of the benefits of access by law 
      enforcement and national agencies to encrypted data; 
  (f) an assessment of the most appropriate means of funding the 
      development, implementation and maintenance of a decrypting 
      capability for existing and emerging technologies; 
  (g) whether Australia should seek to negotiate agreements with any 
      other country or countries governing access to encrypted data 
      where public keys (under a 'commercial key escrow' or 'trusted 
      third party' system of encryption) are held outside Australia; 
  (h) whether legislation is desirable to: 
      (i)  regulate the availability of 'commercial key escrow' or 
           'trusted third party' encryption; 
      (ii) facilitate the development of 'commercial key escrow' or 
           'trusted third party' encryption; 
  (i) the impact of overseas initiatives associated with encryption 
      technology, particularly in relation to the extent to which              
      international cooperation and proactive specification of desirable 
      characteristics for encryption products and 'commercial key  
      escrow' or 'trusted third party' services is desirable and 
      recommendations as to how such international cooperation best 
      be achieved;  the effectiveness of Australia's export controls 
      on encryption technology. The review is to have regard to the 
      Government's existing encryption policies, the work of the OECD 
      Committee of Experts on Security, Privacy and Intellectual 
      Property Protection in the global information infastructure on
      the development of international crypography guidelines and the 
      work of the Information Policy Task Force on the implementation 
      of open encryption standards which address commercial needs.    

Return to EFA Media Release Page