Before we get into the new law, a little definitional background is necessary
I have worked in the security market and at one time was considered an expert. One of the fundamental laws that I created for one of my security papers and my security practice was associated with active attacks and passive attacks. In all business environments, one must contend with attacks. They can be classified as to either being an active attack or a passive attack. Active attacks change something in your data base. Passive attacks just read information and do not change anything. With those two definitions, I can now say the law that I derived many years ago – – –
Passive attacks cannot be detected but they can be prevented. Active attacks cannot be prevented but they can be detected and shut down..
If someone has access to your data, you cannot tell whether he is going to read it or whether he reads it. However, you can prevent him from getting information and using ti by encrypting the file. Thus, you cannot detect whether someone who has access reads your information. However, you can keep them from using it by encrypting it and keeping the real information secret. Alternatively, you cannot keep intruders from actively attacking your file and trying to change it in any way. However, you can instantly detect whether anything has changed and be alerted if you have encrypted the file. There is an industry standard way, used in banking and using DES encryption, of encrypting certain text and attaching it to the file so that if anything changes in the file, the attachment shows that a change has been made. This technique is used in secure signatures. As a result, if the file is encrypted and anything changes, then it is instantly known and the intruder can be shut down. In this manner, active attacks can be detected and shut down but not prevented. In passive attacks, the encryption prevents the information from being read and prevents it from being used.
The Australian legislation drives to the heart of private transactions and security. As such, it destroys any privacy the private transaction had enjoyed by being encrypted. The law’s tenants are
- The Government can compel local providers – including overseas providers such as Facebook and WhatsApp to remove electrtonic protection. Further, authorities can also require3 that those demands be kept secret.
This means that all private transactions are now readable by the government and the private institution must trust the government to protect that information and make certain that the information does not get into others hands. Historically, this has never been successfutl
- Australian authorities can require that the demands that they put on the encryptor be kept secret. This is comparable to the Patriot Act where the government can enter files or your home and the entire operation is kept secret.
- Legislation for this new law is to take place in 18 months.
- Google and Twitter have said that legislation such as this would force them to created vulnerabilities in their products such as decrypting messages which could be used by bad actors.
- Privacy experts say – If you require encryption to be undermined by law enforcement officers, then you are ultimately undermining encryption in all circumstances. Backdoors will be found and everyone will be less secure.
- Australian legislation means that the five Eyes of the English speaking world will be able to request Australia by their intelligence partners to enact bsimilar searches even though their constitution’s will not allow such invasion of privacy.
In summary, this is a bad law and should not be passed. It invades all private transactions that use encryption for privacy. It destroys the concept of secure transactions and it forces the citizen to place too much faith in his government when they have on many occasions shown that they cannot be trusted. The recent attorney general’s attacks on the TEA Party conservatives are just one instance where the individuals in government violated the law and suffered no consequences. ,