Path:

ping.be!Belgium.EU.net!EU.net!howland.reston.ans.net!tank.news.pipex.net!pipex!sunsite.doc.ic.ac.uk!lyra.csx.cam.ac.uk!rja14

From: rja14@cl.cam.ac.uk (Ross Anderson) Newsgroups: alt.security.pgp,alt,politics.datahighway,aus.legal,aus.net.news,sci.crypt Subject: Australia next to ban PGP Date: 1 Aug 1995 17:53:50 GMT Organization: U of Cambridge Computer Lab, UK Lines: 57 Message-ID: <3vlpne$cks@lyra.csx.cam.ac.uk> NNTP-Posting-Host: nene.cl.cam.ac.uk Xref: ping.be alt.security.pgp:9699 sci.crypt:4852

Australia's proposed crypto policy:

(1) Banks will get key escrow

(2) Other Australian residents will be forced to use weak crypto

Source: talk by Steve Orlowski, Assistant Director, Australian attorney general's department, given at the Cryptography Policy and Algorithms Conference, Queensland University of Technology, last month.

p 34: `the needs of the majority of users of the infrastructure for privacy and smaller financial transactions can be met by lower level encryption which could withstand a normal but not sophisticated attack against it. Law enforcement agencies could develop the capability to mount such sophisticated attacks. Criminals who purchased the higher level encryption products would immediately attract attention to themselves.'

He mentioned that his department considered itself a suitable repository for the government central decrypting unit, which would decrypt traffic for local police forces. He also wants to escrowed keys for banks and other organisations allowed to use strong crypto.

Centralising the wiretap capability with the AG is represented as a useful safeguard against abuse of power by local police forces. It would be presented as a `data recovery' facility in order to reassure the voters.

Centralisation will enable the AG to acquire the capability to use ``more sophisticated techniques in circumstances where the key cannot, for whatever reason, be recovered from escrow''.

So the technical parameters would appear to be: 40 bit keys for the masses, 56-bit escrowed keys for the banks, and a Wiener machine sitting in Orlowski's office. Belt, braces and string.

Curiously enough, he quotes a `Review of long Term Cost Effectiveness of Telecommunications Interception' as saying that ``Encryption by targets of their communications (both voice and data) is not considered as a problem for TI at present in Australia'' and goes on to say that ``there has been comparatively little market for voice encryption products, although they have been readily available''.

He even produces some good arguments for the EFF, such as that much of the intelligence comes from the call log data and from calls to third parties such as airlines and hotels which are not encrypted.

He also says that the OECD countries will hold a meeting on National Cryptography Policies later this year. While at the conference, I found out that a classified meeting took place this March in Germany between the signals intelligence agencies of the developed countries, plus Australia and South Africa, at which the assembled spooks agreed to press their governments to bring in escrow and/or weak crypto.

Australia seems rather eager to lick Uncle Sam's boots on this issue. I wonder what the payoff was?

Ross

-- Thank you VERY much! You'll be getting a Handsome Simulfax Copy of your OWN words in the mail soon (and My Reply). <Andrew.Spring@ping.be> PGP Print: 0529 C9AF 613E 9E49 378E 54CD E232 DF96 Thank you for question, exit left to Funway.