The war on encryption- The Five Eyes are watching you.

[mtdoc]

https://www.homeaffairs.gov.au/about/national-security/five-country-ministerial-2018/access-evidence-encryption

Interesting that they’re choosing Australia to access our data.

Principles
The Attorneys General and Interior Ministers of the United States, the United Kingdom, Canada, Australia and New Zealand affirm the following principles in relation to encryption.
1. Mutual Responsibility
Diminished access to the content of lawfully obtained data is not just an issue for Governments alone, but a mutual responsibility for all stakeholders.
Providers of information and communications technology and services - carriers, device manufacturers or over-the-top service providers -– are subject to the law, which can include requirements to assist authorities to lawfully access data, including the content of communications. Safe and secure communities benefit citizens and the companies that operate within them.   
We are always willing to work with technology providers in order to meet our public safety responsibilities and ensure the ability of citizens to protect their sensitive data. Law enforcement agencies in our countries need technology providers to assist with the execution of lawful orders. Currently there are some challenges arising from the increasing use and sophistication of encryption technology in relation to which further assistance is needed.
Governments should recognize that the nature of encryption is such that that there will be situations where access to information is not possible, although such situations should be rare.
2. Rule of law and due process are paramount
All governments should ensure that assistance requested from providers is underpinned by the rule of law and due process protections.
The principle that access by authorities to the information of private citizens occurs only pursuant to the rule of law and due process is fundamental to maintaining the values of our democratic society in all circumstances – whether in their homes, personal effects, devices, or communications. Access to information, subject to this principle, is critical to the ability of governments to protect our citizens by investigating threats and prosecuting crimes. This lawful access should always be subject to oversight by independent authorities and/or subject to judicial review.
3. Freedom of choice for lawful access solutions
The Governments of the Five Eyes encourage information and communications technology service providers to voluntarily establish lawful access solutions to their products and services that they create or operate in our countries. Governments should not favor a particular technology; instead, providers may create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements. Such solutions can be a constructive approach to current challenges.
Should governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.

Note the 1984 style doublespeak term du jour “lawful access”

Fucking fascists. At least you all down under are having some public discourse about this (I hope!).

[mtdoc]

Bump for the Aussies just waking up.

Surely there are others here who find this disturbing.

Even if you're not Australian, it can't hurt to submit your concerns before the comment period ends by going here.

[Halcyon]

Surely there are others here who find this disturbing.

Not at all. The great work the men and women do every day in our Police forces and security agencies are the reason why you can walk down the street and not worry about being blown up.

Your dick pics and porn history are hardly of interest to Government agencies.

[blueskull]

Governments putting backdoors on telecom infrastructures, isn't that done for decades?

FYI, Chinese government has mandated all browsers, freeware or not, sold and provided download in China, to have built in HTTPS root CA CNNIC, which is governed by a Chinese government affiliated hosting provider.

That means, whenever you connect to any website physically in China without a VPN, Chinese government can intercept the connection, change the CA provider to CNNIC, and use a compromised certificate to trick your browser. In the whole process, your browser will think it's been connected to a genuine root CA certified server.

Then, they will start an HTTPS client to your ultimate server and fetch data for you. In this process, they have access to the date without encryption, so they can spy on you or tamper with your data without you knowing anything went wrong, unless you are careful enough to check CA provider every time, or just disable CCNIC, which is a bad idea in China because many genuine Chinese websites are signed by CNNIC.

[coppercone2]

I think it was originally meant to be used for very serious things like WMD proliferation and counter espionage (as a brand of military SIGINT), with only the highest levels of the military/CIA involved with monitoring, but it kept being re purposed for different more 'petty' things like drug trafficking, as guidelines for classifying things as national security issues broadened.

The threat is because whereas it was intended probably to stop something like detecting communications patterns for a nuclear first strike, whereas now people wanna solve crimes and 'societal issues' using it. High levels of American government are not under immediate threat from something like a lone wolf terrorist or even high level drug dealer, but it violates privacy and the more common it is the more likely it is to be misused as its difficult to hold alot of people accountable.

[coppercone2]

Surely there are others here who find this disturbing.

Not at all. The great work the men and women do every day in our Police forces and security agencies are the reason why you can walk down the street and not worry about being blown up.

Your dick pics and porn history are hardly of interest to Government agencies.

sure they are if someone does not like something you like. Nothing is preventing some guy from remembering something about you he does not like and doing something about it later.

Are you not aware of certain hot-button issues like religious choice, abortion, political orientation, sexual identity? You think that extremist groups in your country are not interested in having their own moles in the government to spy on people?

How do you think that some kind of organization like a Mafia or radical political group (bikies maybe for you aussies) don't want to have connections? Of course they do.. all those guys dream about knowing someone in the DMV, police department, FBI, various inspection offices etc. Information can be used for sizing you up, intimidation or blackmail.  Or even corporate espionage. Often corruption is absolutely necessary for their methods of operation.

[Mr. Scram]

Not at all. The great work the men and women do every day in our Police forces and security agencies are the reason why you can walk down the street and not worry about being blown up.

Your dick pics and porn history are hardly of interest to Government agencies.

You have to remember that Snowden released the files because he couldn't see a relationship between what the NSA was doing and protecting the public at large. In other words, he did what he did because he felt large the scale surveillance he was seeing wasn't about not being blown up.

Of course, there are also a rather perverse incentives for security theater to tell us we're being kept safe from harm. Just the financial side of things means there's by now a huge industry that thrives on us being made feel safe again.

For the sake of completeness, NSA personnel has been reported to pass around and share explicit photos they intercepted. Not only is that an illustration of the lack of boundaries these agencies operate with, but it also means that yes, they do care about your dick pics.

[coppercone2]

I always said track the lube and tissues to find out where the NSA analysts are

[mtdoc]

Surely there are others here who find this disturbing.

Not at all. The great work the men and women do every day in our Police forces and security agencies are the reason why you can walk down the street and not worry about being blown up.

Your dick pics and porn history are hardly of interest to Government agencies.

So you have no problem with the government compelling private companies to provide them with a means to access any and all encrypted data anytime they want?  Really?

BTW - There is no credible evidence the mass collection of data by the NSA has prevented any terrorist attacks.

I'm much more afraid of the police state than I am afraid of terrorists.   It's by design that they would like you to live in fear and thereby be ok with loss of privacy and other civil liberties.  Historically that has always been how it's done.  It is sad that so many still fall for it.

You have to remember - that once current governments are given access to all encrypted data then any future government, no matter how perverse or totalitarian will also have access to all encrypted data.

[Halcyon]

Surely there are others here who find this disturbing.

Not at all. The great work the men and women do every day in our Police forces and security agencies are the reason why you can walk down the street and not worry about being blown up.

Your dick pics and porn history are hardly of interest to Government agencies.

So you have no problem with the government compelling private companies to provide them with a means to access any and all encrypted data anytime they want?  Really?

BTW - There is no credible evidence the mass collection of data by the NSA has prevented any terrorist attacks.

I'm much more afraid of the police state than I am afraid of terrorists.   It's by design that they would like you to live in fear and thereby be ok with loss of privacy and other civil liberties.  Historically that has always been how it's done.  It is sad that so many still fall for it.

You have to remember - that once current governments are given access to all encrypted data then any future government, no matter how perverse or totalitarian will also have access to all encrypted data.

I'm not even going to entertain some of your comments with a response.

No one is talking about giving the Government unlimited access to everything, "any time they want". That's not how these things work.

And if you think there is no evidence that our Government agencies have prevented some serious terrorist attacks, then you've been living under a rock for most of your life. Just last week, two potentially major events were prevented in Sydney that were widely publicised.

This thread is going to de-rail, just like the others before it have. Some people just have this crazy opinion and mentality when it comes to Government agencies accessing information about them, yet have little to no understanding of what those agencies do or how they work. All I can say to those people is: You're welcome!

[mtdoc]

No one is talking about giving the Government unlimited access to everything, "any time they want".

True no one is.  This is about them having unrestricted access to all encrypted data - that is not "everything".

Just last week, two potentially major events were prevented in Sydney that were widely publicised.

Was that due to having unrestricted access to personal data?  I don't think so.

Sure, terrorist attacks are prevented- good. But currently this is accomplished through traditional means and not through mass surveillance or accessing encrypted data.

History is clear - governments, police and intelligence agencies cannot be trusted with unrestricted access to personal data.  Absolute safety from terrorist attacks can never be achieved and efforts to pursue it with expansion of the police state will breed more terrorists.  The state would love to keep you in irrational fear to justify loss of civil liberties.

Even if mass surveillance and unrestricted access to encrypted data did reduce you risk of being killed by a terrorist (there's no evidence for this) then at what cost?  The chance of being killed by a terrorist is currently vanishingly small (more likely to be killed by an asteroid, a shark, a dog, etc) with police agencies using traditional means.

As Benjamin Franklin said: "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

[Mr. Scram]

No one is talking about giving the Government unlimited access to everything, "any time they want". That's not how these things work.

And if you think there is no evidence that our Government agencies have prevented some serious terrorist attacks, then you've been living under a rock for most of your life. Just last week, two potentially major events were prevented in Sydney that were widely publicised.

This thread is going to de-rail, just like the others before it have. Some people just have this crazy opinion and mentality when it comes to Government agencies accessing information about them, yet have little to no understanding of what those agencies do or how they work. All I can say to those people is: You're welcome!

Some people have crazy opinions and mentalities when it comes to government agencies. However, most just have a historic perspective and worry about the huge push to systematically monitor any and all data. We have to remind ourselves that the huge increase of the use of encryption for benign purposes has been a response to the Snowden files. If "going dark" truly is a problem, which is another discussion it's important to understand that the agencies have  provoked that by their own actions.

It's true that people have little understanding of what those agencies do or work. Unfortunately, that often seems to be by design. Whenever the public asks for a more complete story they are regularly thwarted by a wall of "can't tell you, that's secret", systematically undermining their ability to get any insights. The insights that the public has had have shown a worrying lack of boundaries when it comes to civil liberties or showing the complete picture, so it's not unreasonable for at least part of the public to have become quite wary.

It's also obvious that agencies wanting to brute force their way into encryption isn't going to have the desired results. Without showing appropriate restraint and a modicum of transparency, people are just going to find alternatives to replace at least some of the trust these agencies have lost.

[coppercone2]

also how do you secure the judges if they don't have anonymous internet? They actually legally recommend judges use Tor when researching a case to hamper corruption. It would bypass your judicial system........

and you can profile a jury that way too.

How the hell would you put govt officials on trial? special jury?

[Dielectric]

In before the lock...

Putting aside the grave concerns I have about systems like this being used to track political dissidents, the moment there's any kind of back door like that, you can bet that an army of "black hats" is going to bust that wide open within the week.  Even if it's a technically sound solution, someone will make a mistake and leave the keys somewhere on a flash drive in an airport.  This is the government we're talking about.  Do you think they'd be any better at security practices than Experian or Target?

It simply puts ALL of our data at risk, especially with the super lax security mindset that almost everyone has.

[xrunner]

Just remember - just because you're not paranoid does not mean that no one is watching you. 

[joseph nicholas]

Just an aside, if your not sure any of this is true, just go to the local telephone switching station in your community and occasionally check to see if squad cars are parked out front.

[Dielectric]

Just an aside, if your not sure any of this is true, just go to the local telephone switching station in your community and occasionally check to see if squad cars are parked out front.

That's after they've already tracked you with an IMSI catcher. 

[BradC]

Just an aside, if your not sure any of this is true, just go to the local telephone switching station in your community and occasionally check to see if squad cars are parked out front.

1975 called and asked for its paranoia back.

Legal wiretaps have been far more advanced than working on a local exchange for many, many years now. Most employees of organisations with that capacity don't even need to leave their office chair to do it.

[CJay]

I'm not even going to entertain some of your comments with a response.

Sorry mate, you and I agree on quite a few contentious issues for reasons we've touched on in private but not this one.

Throughout history there have been abuses of power and they've not lessened, they've increased with the abundance of technology because it's so much simpler to collect in bulk and search at your leisure.

The maxim 'if you've nothing to hide you've nothing to fear' is the biggest and best reason why you should be afraid because it tells you that the agencies with the powers are trawling our private data.

[BradC]

'if you've nothing to hide you've nothing to fear'

I often hear that phrase thrown about by people who actually have no idea. The best ever example of that is one I don't want to bring up for fear of invoking Godwins law.

The issue as I see it is I might be able to trust the Government not to use my data for nefarious purposes, but I actually can't trust the Government to keep the data they have on me safe and secure. Unfortunately the inevitable next person with access to that data is one I have no reason to trust.

[djnz]

Governments putting backdoors on telecom infrastructures, isn't that done for decades?

FYI, Chinese government has mandated all browsers, freeware or not, sold and provided download in China, to have built in HTTPS root CA CNNIC, which is governed by a Chinese government affiliated hosting provider.

That means, whenever you connect to any website physically in China without a VPN, Chinese government can intercept the connection, change the CA provider to CNNIC, and use a compromised certificate to trick your browser. In the whole process, your browser will think it's been connected to a genuine root CA certified server.

Then, they will start an HTTPS client to your ultimate server and fetch data for you. In this process, they have access to the date without encryption, so they can spy on you or tamper with your data without you knowing anything went wrong, unless you are careful enough to check CA provider every time, or just disable CCNIC, which is a bad idea in China because many genuine Chinese websites are signed by CNNIC.

Certificate pinning.

[edy]

Just my 2 cents...

A nefarious evil government who wants to find something on you and lock you up will do so, WITHOUT requiring any back doors.  They will simply show up to your house in the middle of the house, arrest you and take you out to Siberia to a work camp for 10 years, your family thinking you're dead. This is not fantasy, it happened, BEFORE the age of internet. No evidence or backdoors required.

While I enjoy having reasonable security and encryption tools at my disposal to thwart the casual hacker, it will not stop a very determined government with proper resources. And a very determined government may not care whether they even have evidence on you. "Oops! What is this USB key we found under your pillow! What, you say it's not yours? But we saw it there". 

[mtdoc]

'if you've nothing to hide you've nothing to fear'

I often hear that phrase thrown about by people who actually have no idea. The best ever example of that is one I don't want to bring up for fear of invoking Godwins law.

The issue as I see it is I might be able to trust the Government not to use my data for nefarious purposes, but I actually can't trust the Government to keep the data they have on me safe and secure. Unfortunately the inevitable next person with access to that data is one I have no reason to trust.

Yes,  that is the issue. Once the precedent is set that tech companies are compelled to provide the government with encryption keys then that genie can not be put back in the bottle. We're not talking about hardware back doors here - this is about the loss of encryption.

Just because you may trust the current government and its police agencies, does not mean the all future governments or government agencies or government contractors given access will be trustworthy.

Too many people seem to be ignorant of history.

Right now, at this point in history, data is everything. It's the ultimate point of leverage and control. If someone (or some government agency) has complete access to all data, they then have potentially unlimited power. And once the ability for individuals to have private conversations is lost, the any pretense of democracy will be lost. No independent judiciary, no free press, no unfettered political opposition.

[JimRemington]

Your dick pics and porn history are hardly of interest to Government agencies.

Naah, but they certainly are to the bozos who work in those agencies, and take a few minutes off now and then to work on their "personal issues".

Do you know what that weirdo who lives next door to you does for a living?

[mtdoc]

Techcrunch article