{"id":287,"date":"2015-05-25T05:35:40","date_gmt":"2015-05-25T05:35:40","guid":{"rendered":"http:\/\/www.dogoodsoft.com\/blog\/?p=287"},"modified":"2024-12-23T07:59:47","modified_gmt":"2024-12-23T07:59:47","slug":"caution-needed-with-anti-encryption-tools-that-dodge-data-retention-surveillance","status":"publish","type":"post","link":"https:\/\/www.dogoodsoft.com\/blog\/caution-needed-with-anti-encryption-tools-that-dodge-data-retention-surveillance-287\/","title":{"rendered":"Caution needed with anti-encryption tools that dodge data retention surveillance"},"content":{"rendered":"

\"Caution<\/a><\/p>\n

Hot on the heels of Canberra’s\u00a0successful push for mandatory retention of\u00a0telco\u00a0records about who we call, and how much we web surf, and when we email, we sense a new debate\u00a0about technologies that scramble the actual contents of our communications, so an investigator may be able to\u00a0work out who we called or mailed, but never what was said or written.<\/p>\n

Recent media\u00a0articles have noted that the New South Wales Crime Commission has been hindered by phone systems that encrypt conversations that prevent a crime\u00a0fighter from eavesdropping. While the new data retention laws may alert Batman to the fact that Joker and Penguin have been trading a lot of calls lately, and Commissioner Gordon might be more than willing to authorise a bat-intercept on the strength of that information, the chase comes to naught when the caped crusader’s\u00a0phone tap reveals nothing more than\u00a0gibberish\u00a0on the line.<\/p>\n

As Fairfax Media also reports, drug dealers and money launderers are using Phantom Secure, an encryption tool for Blackberry messages, and\u00a0BlackPhones, a voice encrypter for Android phones, to communicate in code.\u00a0No doubt terrorists are customers for the same technologies. So, just months after the national parliament reached an accord on\u00a0mandatory requirements for communications companies to retain details about our calls, messages and web surfing, do we need to decide the even thornier questions of\u00a0whether a ban on certain\u00a0voice and data encryption\u00a0tools is possible and, if so, whether it would be the right thing to do?<\/p>\n

That’s a key difference between\u00a0the existing so-called metadata retention law and any move against products like Phantom Secure and BlackPhone.All the retention law does, and\u00a0even\u00a0this much is highly contentious from a civil liberties perspective, is requires comms companies to keep certain transactional records.<\/p>\n

A law\u00a0dealing with\u00a0encryption technologies would\u00a0need to go much further, criminalising hardware, software and services that are already in common use including,\u00a0as New South Wales police readily agree, by legitimate businesses. Mind you, as the human rights movement would point out, you needn’t be a business to have a right to communicate privately.<\/p>\n

What might an anti-encryption\u00a0law\u00a0look like? 99 per cent\u00a0of all encryption would have to be excepted. Every time we visit an authenticated website, or buy online using a bank or quasi-bank like Paypal,\u00a0we unknowingly use automated encryption. These communications are scrambled on their way across the internet, but they begin and end language, and an appropriately authorised regulator that wants to know what information was exchanged can get their hands on it. This isn’t the kind of encryption that investigators need to worry about.<\/p>\n

AN ENCRYPTION LICENCE?<\/strong><\/p>\n

One option is a law requiring users of high strength encryption tools to be licensed,\u00a0like\u00a0gun owners need a licence.\u00a0Before guffawing at such a thought, be aware that this is how Team America tried to deal with the issue\u00a0internationally. The first mass market, effectively unbreakable text encryption tool was called PGP, standing for Pretty Good Privacy. The acronym was an in-joke. The developers knew how good their solution was, and gave it a name\u00a0that was like calling\u00a0Adam Gilchrist\u00a0PGC, a Pretty Good\u00a0Cricketer.<\/p>\n

PGP\u00a0wasn’t\u00a0restricted within the USA itself. They have a constitutional right of free speech. But anyone involved in\u00a0unlicensed\u00a0export\u00a0to\u00a0other countries committed a criminal offence against, believe it or not, a law against unauthorised sale of munitions.\u00a0That was thirty years ago, and the discussion we may now be about to have about drug runners, money launderers and terrorists will cross ground that was well traversed back then.<\/p>\n

Why should we let people we don’t trust access technologies that facilitate\u00a0conversations that might be against our interests\u00a0and that we can’t intercept no matter how reasonable our suspicions\u00a0and how high the stakes?<\/p>\n

The problem with that approach\u00a0in 2015\u00a0is that any solution that compromises the rights\u00a0to free\u00a0or\u00a0private speech and the presumption of innocence,\u00a0and criminalises or licenses existing freedoms,\u00a0should ring every alarm and flash every red light a modern democracy has to ring and flash.<\/p>\n

If drug runners, money launderers and their ilk are using encryption tools, by all means let’s\u00a0deal with that\u00a0in a targeted, measured way. But let’s also never forget the\u00a0thanks\u00a0the developer of PGP once received from a dissident behind the Iron Curtain,\u00a0for serving freedom and saving lives.<\/p>\n","protected":false},"excerpt":{"rendered":"

Hot on the heels of Canberra’s\u00a0successful push for mandatory retention of\u00a0telco\u00a0records about who we call, and how much we web surf, and when we email, we sense a new debate\u00a0about technologies that scramble the actual contents of our communications, so an investigator may be able to\u00a0work out who we called or mailed, but never what … Continue reading Caution needed with anti-encryption tools that dodge data retention surveillance<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[121,44,120],"class_list":["post-287","post","type-post","status-publish","format-standard","hentry","category-news","tag-blackphones","tag-data-encryption","tag-data-retention"],"_links":{"self":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/287","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/comments?post=287"}],"version-history":[{"count":1,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/287\/revisions"}],"predecessor-version":[{"id":289,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/posts\/287\/revisions\/289"}],"wp:attachment":[{"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/media?parent=287"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/categories?post=287"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dogoodsoft.com\/blog\/wp-json\/wp\/v2\/tags?post=287"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}