NEWS

Turnbull vs. Maths: How Do You Snoop On Encryption Without Ruining It For Everyone?

'The laws of mathematics are very commendable, but the only law that applies... is the law of Australia.'

14/07/2017 4:37 PM AEST | Updated 14/07/2017 5:09 PM AEST

The laws of Australia are about to come head to head with the laws of mathematics, after Prime Minister Malcolm Turnbull announced he wants major tech companies to help authorities access encrypted messages.

The PM announced on Friday his government will ask big-name tech companies to help them access end to end encrypted messaging as part of its strategy to fight crime and terrorism.

But experts warn the PM is potentially trying to legislate around the laws of mathematics -- that to try to force a "back-door" on encrypted communication companies could potentially weaken encrypted systems and open them to abuse. So that in theory, by targeting the select few you could harm the many.

I'm not suggesting this is an easy nut to crack. But the fact is we've got a problem.Malcolm Turnbull

But the PM is undeterred.

Fairfax
Australian Prime Minister Malcolm Turnbull takes questions from the media after visiting the digital forensics lab at Australian Federal Police headquarters in Sydney on Friday, July 14, 2017. (AAP Image/Keri Megelus) NO ARCHIVING

"The laws of Australia prevail in Australia, I can assure you of that," he told reporters on Friday.

"The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia."

He said the legislation will require companies to provide assistance and is modelled on the UK legislation.

"So what they will have to do is to provide assistance to the police to enable them to have access to the information pursuant to a warrant. Look, I'm not suggesting this is not without some difficulty," he said.

Those difficulties are already apparent, with Facebook saying that providing access to encrypted messages isn't possible.

Asking major companies to create a back door to encrypted communications -- something the PM said he doesn't want, but observers say his statement effectively alluded to -- creates its own set of problems and is capable of abuse.

Dr Vanessa Teague, from Melbourne University's School of Computing and Information Systems, said if the Prime Minister was requesting companies hand over communications that can be accessed by companies such as Google or Facebook -- such as posts or other types of messages -- it would be 'reasonable'," she told the HuffPost Australia.

"But what he seems to be saying is he wants access to messaging systems that are end-to-end encrypted.

"The mathematical opportunity to do that is not available."

Some possible ways to read encrypted messages:

  • Compromise the device — a technique that Edward Snowden described early on in his revelations about the National Security Agency (NSA);
  • Weaken or backdoor the encryption algorithms : The simplest kind of backdoor is key escrow, where a key needed to decrypt encrypted data is held in escrow so an authorised third party may gain access;
  • Then, in the words of Teague and her colleagues at Melbourne University, "The government then promises not to read your messages without a good reason."

"He likes the idea of people being able to read bad people's messages," Teague said. "But the laws of mathematics apply to everyone equally on the internet."

Teague's colleague at in the Department of Computing and Information Systems, Dr Suelette Dreyfus, also said the proposal carried risks.

"In knucklehead terms: if you break something there's a risk someone else will get a hold of it," she said, referring to a potential back door to end-to-end encryption.

"Once it's broken, anyone can walk through the hole."

Trust in secure communications -- from business to the personal -- are what companies such as Whatsapp, Viber and Signal offer. Potentially trying to force a back door -- one that's exploitable to anyone who has the right key -- is essentially forcing someone to create a broken product, she said.

"20-something-million innocent Australians that need assurances about their lives, which are wrapped around this e-economy [would be affected]," Dreyfus said.

The government's position has also raised concerns from human rights experts.

Elaine Pearson, Australia director at Human Rights Watch said the proposal to weaken encryption will not make Australians safer.

Turnbull might say he's not talking about 'back doors' but there's no way to access end-to-end encryption without deliberately weakening the encrypted apps that exist right now.Elaine Pearson

"The government needs to accept that it won't know what everybody is doing all of the time. We don't outlaw whispering or drawing the blinds for privacy. In the same way, we should accept encryption is the only way to safeguard our communications in an era of cybercrime and unauthorised surveillance."

Turnbull once sang a different tune about encryption.

During the meta-data debate In 2015, the then communications minister told the ABC he favoured the messaging app Wickr.

"Probably the least secure form of messaging is SMS or text messaging because the messages are not encrypted in transit and they're not encrypted on the telco's server," he said.

"And of course they [the messages] reside there even after they've been deleted for varying periods.

"I use Wickr as an application. I use a number of others. I use WhatsApp ... because they're superior over-the-top messaging platforms."

ALSO ON HUFFPOST AUSTRALIA

More On This Topic