Australia won't disclose stance on encryption

Despite calls for a ban on 'uncrackable' encryption products in the US, the Australian government isn't saying whether it will support the Americans

Australia's Department of Defence won't disclose if it will answer the US government's call to arms in restricting encryption technologies, and despite widespread support in the States for a ban on cryptography, experts say it's unlikely to happen.

ZDNet previously reported that the question of restricting the use of encryption tools is a matter of serious debate in the US, where officials have been quick to blame the use of cryptography for the surveillance breakdown that failed to detect signs of the recent US-focused terrorist attacks.

The US has called for international support in its encryption crackdown but Australian government departments have been quick to pass the buck or keep their mouths shut as to whether or not the country will rally to support its US counterpart.

Minister for communications Senator Richard Alston's office didn't return phone calls to ZDNet Australia and the Attorney General's department referred the matter to the Department of Defence, which said: "It goes into the realms of defence and we don't comment on that."

According to reports from the US, there is widespread support for a ban on "uncrackable" encryption products, with 72 percent of Americans agreeing that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of the 11 September terrorist attacks.

However, according to Laura Chappell of US-based Protocol Analysis Institute, a ban is unlikely to happen. Although "over-the-counter" decryption tools are readily available over the Internet, "we use the same tools for troubleshooting on our own networks...to not allow vendors to distribute them is impossible," she told ZDNet Australia.

"The encryption issue is a double-edged sword...in the US we want to vote electronically so encryption must be tremendously advanced and secure. Alternately, we don't want the terrorists to have encryption better than our government," she said.

Chappell believes that although a ban on cryptography won't happen, those who write encryption technology will probably cooperate more with the government to help them detect when terrorist communication is occurring.

"This is the first time ISPs have really cooperated...the government usually has to bend over backwards until its nose bleeds to get even a little cooperation," Chappell said.

According to Grant Bayley, founder of 2600 Australia ( www.2600.org.au/), a hub of information on computer security, if there are serious moves in the United States to crack down on encryption, the Australian Government will surely follow suit.

However, such a privacy-restrictive move isn't likely to be a quick one, given that additional laws would need to be "created, debated, presumably senate-examined and passed," according to Bayley. "A sudden backflip on privacy enhancements to a position of restricting cryptography and allowing much greater government surveillance of citizens isn't likely to go down well with an election looming," Bayley added.

Bayley said it wouldn't surprise him if developers were asked by the government for decryption assistance, however, "In my opinion, there's more problems associated with putting the genie back in the bottle than there have been with letting the genie out."

"I think the non-technical pollies in Washington are looking for every reason to avoid pointing the finger at the reduced human capabilities of their surveillance and intelligence organisations," he said.

Alex Shiels, who runs a Web site relating to cryptography, censorship and free speech, agrees that no Western government is likely to outlaw cryptography because it's essential to the finance and e-commerce industry.

"What we might see though is mandatory key escrow, where users are required to lodge their decryption keys with a government agency, to be made accessible to law enforcement when a warrant is granted," Shiels said, bringing into the debate the fact that corrupt or incompetent escrow agency officials could release keys to the wrong person.

"US corporations are bracing themselves for cyberterrorism attacks. Australia needs to do the same. Encryption forms a critical part of online security and Internet defences. Any government moves to limit the use of encryption, including key escrow schemes, will weaken those defences," Shiels said.

At the end of the day, Chappell believes that corporate America will "win out".

"Corporate America is not going to break down the walls and allow a government state."

What happens in Australia remains to be seen.

See the Viruses and Hacking News Section for the latest headlines.

See the Net Crime News Section for the latest on hacking, fraud, viruses and related issues.

Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.

Let the editors know what you think in the Mailroom. And read other letters.