Encryption debate reminiscent of climate change arguments: Senetas
Chair of Australian security vendor Senetas Francis Galbally has told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) that the current debate surrounding the proposed encryption-busting Assistance and Access Bill is similar to the one surrounding climate change in Australia.
Despite being told over and over again by experts that accessing encrypted communications will introduce weaknesses into the system, committee members continued to press that a solution is possible.
“It’s a bit like the people denying climate change — all the scientists say there’s climate change, but you politicians don’t admit it,” Galbally said towards the end of the hearing on Friday morning. “It’s the same thing here.
“You cannot do it without creating a systemic weakness. There’s no definition of it, but we’ve had everyone around the world telling you the same thing.”
Galbally detailed how the company had conducted an assessment of the Bill at its own expense, and identified three “catastrophic outcomes” as certain or likely to occur if the Bill is passed.
“The Bill, should it become law, will profoundly undermine the reputations of Australian software developers and hardware manufacturers in international markets; there is simply no doubt that this will result in a significant reduction in local R&D and manufacturing as a consequence of declining employment and export revenue,” Galbally said.
“Foreign governments and competitors will use the mere existence of this legislation to claim that Australian cybersecurity products are required to use or collaborate in creating encryption backdoors.”
Must read: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)
The chair added that customers and global competitors are not interested in the nuances and exemptions that could possibly be added to the Bill, as the company will be undercut and lose business.
“In the cut and thrust of the sales world, the existence of such legislation is enough for us to lose a sale,” Galbally added.
“I can say confidently that Senetas will be directly affected, and with exports representing over 95 percent of our sales, there will be a substantial impact on our business, were we to remain in Australia.”
In its submission to the committee earlier this month, the company said the Bill would damage Australian reputations and trust.
“If the customer suspects that they might have been targeted, the legislation also requires that the company must deny it — regardless of the truth,” it said.
“Any guarantee of security from an Australian technology company is therefore meaningless.”
Should the Bill proceed, Senetas said it could find itself, and up to 200 jobs, moving offshore to avoid perception issues.
Galbally pointed out that encryption is hardly new, and while there is a problem for law enforcement to overcome, it is not a recent development.
“You don’t think other countries haven’t thought about this, and looked at it, and thought it would be a good idea to do it?” he asked.
“The Russians, for example, they haven’t even done it because they know to do it upsets other things far greater than what they are trying to do.
“You have a problem with insurgents in Syria, you don’t drop an atom bomb on those insurgents and see what happens, the consequences that happen to everybody else around. This is the equivalent of dropping an atom bomb to find some nefarious character.
“You will destroy, eventually, Australian’s own data protection — that’s what it is.”
Towards the end of the hearing, PJCIS chair Andrew Hastie justified the encryption-busting legislation due to the amount of methamphetamine use in his electorate.
“We use more ice in regional WA than in Sydney or Melbourne, so my point is from an economic perspective, we have a serious problem in this country with ice, and of course, my electorate has a large meth problem,” he said.
“I’ll just put on the record, different perspectives on this question.”
Hastie also rejected comparisons between this Bill and how Chinese companies are forced to comply with demands from Beijing, because Australia is a liberal democracy.
Overnight, two of the United Kingdom’s highest cyber officers detailed how they believe law enforcement could access end-to-end encrypted communications.
Written by Technical Director of the National Cyber Security Centre Ian Levy and Technical Director for Cryptanalysis for GCHQ Crispin Robinson, the essay on Lawfare claims that end-to-end encryption remains, but an extra “end” for law enforcement.
“It’s relatively easy for a service provider to silently add a law enforcement participant to a group chat or call,” the pair said.
“The service provider usually controls the identity system, and so really decides who’s who and which devices are involved — they’re usually involved in introducing the parties to a chat or call.”
It is claimed that such a solution would be no more intrusive than the crocodile clip-style telephone interception used in the last century, and pointed to early digital exchanges that used the conference calling functionality to allow for lawful interception.
The pair wrote that what is being proposed is a discussion starter, and more work is needed.