Review of Policy relating to Encryption Technologies

(The Walsh Report)

This file is the complete single-document version of the report. Original URL:
      http://www.efa.org.au/Issues/Crypto/Walsh/index.htm

Update - December 1998

In December 1998, several uncensored copies of the Walsh Report were found in public and university libraries in Australia. These are believed to be deposit copies lodged by the Australian Government Publishing Service (AGPS) after the report was printed but before the decision by the Attorney-General's Department to withhold it from commercial sale. The report is not listed by AGPS, which is the normal channel for obtaining government publications.

The missing sections have now been incorporated in the online version and are highlighted in red.

History of the Report and its release under FOI

In February 1997, the Australian Attorney-General's Department put a hold on the public release of the Walsh Report, an important review of Australian cryptography policy.

The report, entitled Review of policy relating to encryption technologies, is the outcome of a study conducted in 1996 by Gerard Walsh, a former deputy director-general of the Australian Security Intelligence Organisation (ASIO). Publication of the report was eagerly awaited by members of the law enforcement community, other government departments, commerce, and the online community. It was expected that the report would examine the the various issues in the crypotography debate and encourage further comment and consultation.

The report was listed for sale by the Australian Government Publishing Service in January 1997, but was hurriedly withdrawn from the list 3 weeks later, following an enquiry by Electronic Frontiers Australia (EFA) as to the reasons why it was not actually available for sale. The original intention had apparently been to allow for a 3-month consultation period for public comment. EFA then released a Media Statement calling for the release of the report.

In March 1997, EFA applied for release of the report under the Freedom of Information Act. This request was denied, quoting various sections of the Act relating to national security and law enforcement as justification for the denial. EFA then submitted a request for review of the decision, and this request was successful, resulting in the release of an edited photocopy of the report in June 1997.

This is an important report and covers a number of issues of relevance to the global cryptography debate.

A number of paragraphs were deleted from the copy supplied to EFA. These have been identified in the report, together with an annotation referring to the section of the report under which that paragraph was claimed to be exempt from release.

However, in December 1998, the missing sections were obtained. The originally deleted paragraphs have been highlighted in red.

Reproduced below are the 3 sections of the Act under which parts of the report were deleted. The full text of the Freedom of Information Act 1982 is available online from the Australian Legal Information Institute (AUSTLII).

Freedom of Information Act 1982 - Sect 33

Documents affecting national security, defence or international relations

33.  (1) A document is an exempt document if disclosure of the document under this Act:

(2)  Where a Minister is satisfied that a document is an exempt document for a reason referred to in subsection (1), he or she may sign a certificate to that effect (specifying that reason) and, subject to the operation of Part VI, such a certificate, so long as it remains in force, establishes conclusively that the document is an exempt document referred to in subsection (1).

(3)  Where a Minister is satisfied as mentioned in subsection (2) by reason only of matter contained in a particular part or particular parts of a document, a certificate under that subsection in respect of the document shall identify that part or those parts of the document as containing the matter by reason of which the certificate is given.

(4)  Where a Minister is satisfied that information as to the existence or non-existence of a document as described in a request would, if contained in a document of an agency, cause the last-mentioned document to be an exempt document under this section for a reason referred to in subsection (1), he or she may sign a certificate to that effect (specifying that reason).

(5)  The responsible Minister of an agency may, either generally or as otherwise provided by the instrument of delegation, by writing signed by him, delegate to the principal officer of the agency his or her powers under this section in respect of documents of the agency.

(6)  A power delegated under subsection (5), when exercised by the delegate, shall, for the purposes of this Act, be deemed to have been exercised by the responsible Minister.

(7)  A delegation under subsection (5) does not prevent the exercise of a power by the responsible Minister.

.........

Freedom of Information Act 1982 - Sect 36

Internal working documents

36.  (1) Subject to this section, a document is an exempt document if it is a document the disclosure of which under this Act:

(a) would disclose matter in the nature of, or relating to, opinion, advice or recommendation obtained, prepared or recorded, or consultation or deliberation that has taken place, in the course of, or for the purposes of, the deliberative processes involved in the functions of an agency or Minister or of the Government of the Commonwealth; and (b) would be contrary to the public interest. (2)  In the case of a document of the kind referred to in subsection 9 (1), the matter referred to in paragraph (1) (a) of this section does not include matter that is used or to be used for the purpose of the making of decisions or recommendations referred to in subsection 9 (1).

(3)  Where a Minister is satisfied, in relation to a document to which paragraph (1) (a) applies, that the disclosure of the document would be contrary to the public interest, he or she may sign a certificate to that effect (specifying the ground of public interest in relation to which the certificate is given) and, subject to the operation of Part VI, such a certificate, so long as it remains in force, establishes conclusively that the disclosure of that document would be contrary to the public interest.

(4)  Where a Minister is satisfied as mentioned in subsection (3) by reason only of matter contained in a particular part or particular parts of a document, a certificate under that subsection in respect of the document shall identify that part or those parts of the document as containing the matter by reason of which the certificate is given.

(5)  This section does not apply to a document by reason only of purely factual material contained in the document.

(6)  This section does not apply to:

(7)  Where a decision is made under Part III that an applicant is not entitled to access to a document by reason of the application of this section, the notice under section 26 shall state the ground of public interest on which the decision is based.

(8)  The responsible Minister of an agency may, either generally or as otherwise provided by the instrument of delegation, by writing signed by him, delegate to the principal officer of the agency his or her powers under this section in respect of documents of the agency.

(9)  A power delegated under subsection (8), when exercised by the delegate, shall, for the purposes of this Act, be deemed to have been exercised by the responsible Minister.

(10)  A delegation under subsection (8) does not prevent the exercise of a power by the responsible Minister.

..........

Freedom of Information Act 1982 - Sect 37

Documents affecting enforcement of law and protection of public safety

37.  (1) A document is an exempt document if its disclosure under this Act would, or could reasonably be expected to:

(2)  A document is an exempt document if its disclosure under this Act would, or could reasonably be expected to:

(2A)  For the purposes of paragraph (1) (b), a person is taken to be a confidential source of information in relation to the enforcement or administration of the law if the person is receiving, or has received, protection under a program conducted under the auspices of the Australian Federal Police, or the police force of a State or Territory, for the protection of:

(3)  In this section, "law" means law of the Commonwealth or of a State or Territory.


Review of Policy relating to Encryption Technologies

Table of Contents

Foreword

Terms and Abbreviations

Chapter 1. Conclusions and Findings

Chapter 2. Context and Approach of the Review Chapter 3 The Direction and Impact of Encryption Chapter 4. The consequence for government Chapter 5. Striking a balance Chapter 6. Coordinating process and investigative capability Annexes

FOREWORD

1.    This report is in response to an invitation from the Secretary of the Attorney-General's Department to review the policy relating to encryption technologies and offer a view whether legislative or other actions are indicated to cater for national security and law enforcement interests in the face of the information and communications revolution and the continuing need to safeguard privacy. Terms of reference of the Review are attached at Annex A.

2.    The structure of the report is set out in Chapter 2. Limited resources precluded the Review inviting written submissions or conducting public hearings. Instead, the strategy adopted was to consult directly with as representative a sample of interested parties as time and resources would permit. All were uniformly generous with their time. For that, and the assistance given by the Security Division of the Department, I express my appreciation.

3.    There is an immediate need for broad public discussion of cryptography. The report's conclusion identifies the essential conundrum - strong cryptography, imminently available to the mass market, will offer significant enhancement of data security and personal and corporate privacy, but also provide a powerful shield behind which criminals and others may operate. Should government intervene and mandate conditions of use, intervene only when disadvantage to the state is evident, provide the framework of principles while legislative power addressing other but related powers of the state are kept relevant, or do nothing? How the inherent tensions in this issue are resolved will affect the whole community. Hence, the need for broad discussion and contribution. This report is intended to contribute to that process.

4.    The Australian Government is seeking public comment on the contents of this report. Comments should be directed to:

The closing date for comments is 16 February 1997



Gerard Walsh
10 October 1996


Terms and Abbreviations

AFPAustralian Federal Police
algorithm a mathematical operation or formulation performed to calculate new values (of text) from old. Encryption is done via an algorithm.. To disguise the information and make it unintelligible, a key is fed into the algorithm, along with the text to be converted into cyphertext. The same key or its pair, fed into the decryption algorithm returns the cyphertext into the original text.
ASC Australian Securities Commission
ASIO Australian Security Intelligence Organization
asymmetric key also referred to as public key or two key encryption. A method of encryption in which different keys are used to encrypt and decrypt. The keys are mathematically related but it is not possible to infer one from the other. One key may be made public and the other kept private, allowing Smith to encrypt and send a message to Jones using Jones' public key and Jones to decrypt it using her private key. With RSA (see below) either key can be used to encrypt as long as the other is used to decrypt, but anyone with access to Jones' cyphertext can decrypt her messages because her public key is known.
AUSCERT the Australian Computer Emergency Response Team (AUSCERT), an independent Internet security body.
AUSTEL the Australian Telecommunications Authority
AUSTRAC Australian Transaction Reports and Analysis Centre
authentication (1) in computer security, the act of identifying or verifying the eligibility of a station, originator or individual to access specific categories of information; (2) in data security, a measure designed to provide protection against fraudulent transmissions by establishing the validity of a transmission, message, station or originator; (3) in data security, processes that ensure everything about a teleprocessing transaction is genuine and that the message has not been altered or corrupted in transmission; (4) in computer security, the process that verifies the identity of an individual as established by an identification process; (5) in data security and data communications, both the prevention of undetected alteration to data and peer entity (mutual verification of each other's identities by communicating parties) authentication.
bit binary digit - here either of the mathematical characters zero or one
certificate a set of information which, at least, identifies the certification authority issuing the information; unambiguously names or identifies the owner; contains the owner's public key; and is digitally signed by the certification authority issuing the certificate.
certifying authority an entity that verifies the identity of another entity, allocates a unique name to that entity and verifies the correctness of information concerning that entity by signing a public key certificate for that entity.
cryptography the art or science that treats of the principles, means and methods for rendering plaintext unintelligible and for converting encrypted messages into intelligible form.
clipper chip a hardware encryption device first sponsored by the United States government in April 1993 and intended to be the sole encryption system used on the Internet. Legislation was prepared to back the proposal. It would have had an enforced system of escrow built into it, permitting law enforcement agencies armed with a warrant to decrypt any clipper-encrypted messages. Each chip was registered and pre-programmed with some numbers issued by the two escrow agencies (both government agencies). Knowledge of these two numbers, available on production of a warrant, would allow the calculation of the session key used and the identity of the sender, but not the recipient. The proposal was abandoned in 1995.
confidentiality in computer security, a concept that applies to data that must be held in confidence and that describes the status and degree of protection that must be provided for such data about individuals as well as organisations.
cyberspace the ether or medium through which messages are transmitted - at least the Internet and the networks connected to it.
cyphertext the text after encryption. It is sent by the user over an insecure communication channel on the assumption that the equivalent plain text will be unable to be inferred by cryptanalysis and so is safe from a passive and an active attack.
data compression in codes, reduction of the size of the data by techniques which exploit redundancies in the data; in memory systems, a technique that saves storage space by eliminating gaps, empty fields and redundancies to shorten the length of records or blocks.
decryption the conversion of cyphertext into its plaintext equivalent by use of the appropriate key.
DES the Data Encryption Standard (DES) specifies an algorithm to be implemented in electronic hardware devices and used for the cryptographic protection of computer data. It became mandatory for US Federal agencies in June 1977. The algorithm is public but the design principles remain classified. DES uses a 56-bit key and encodes text in 64-bit blocks.
digital signature a digital signature is a technique or procedure for the sender of a message to attach additional data to that message which forms a unique and unforgeable identifier of the sender and the message.
DSD Defence Signals Directorate
DSTO Defence Science and Technology Organisation
encryption the transformation of data to an unintelligible form in such a way that the original data either cannot be obtained (one-way encryption) or cannot be obtained without using the inverse decryption process (two-way encryption).
FBI Federal Bureau of Investigation (USA)
GII Global Information Infrastructure - a worldwide 'network of networks' creating a global information marketplace, encouraging broad-based social discourse within and among all countries. By interconnecting local, national, regional and global networks, the GII can expand the scope of benefits of advances in information and telecommunications technologies on a global scale. See also, the Internet and note that the GII is probably a short-hand reference to what the OECD called in 1980 as transborder flows of information.
hacking the act of gaining unauthorised access to a computer network by defeating the system's access controls. The act is often compounded by one or more offences relating to breaches of confidentiality, privacy, national security, altering or erasing data, intellectual property and commercial interests.
Internet a worldwide interconnection of individual networks operated by government, industry, academia and private parties. [The Internet originally served to connect laboratories engaged in government research, and has now been expanded to serve millions of users and a multitude of purposes.]
Jones see Smith
key a key is a number, whose size is expressed as a number of bits in binary arithmetic (eg 56-bit)
key distribution public keys can be distributed freely through listing on a bulletin board or via a directory. Public key encryption depends on confidence the public keys are correct. Users need to be assured they have valid keys for other people and keys need to be provided/copied by dependable means.
key escrow a concept, principally advanced by the US Government, under which keys for cryptographic systems would be registered with government appointed agencies and be accessible by law enforcement agencies on production of a warrant.
key length the size of a key and measure of its strength. In simplistic terms a 40/384-bit secret/public key system may be classified as weak, a 56/512-bit system as borderline: and an 80/1024-bit system as strong.
LAN Local Area Network
LEAC Law Enforcement Advisory Committee established by the regulating agency, A USTEL.
NCA National Crime Authority.
OECD Organisation for Economic Cooperation and Development
phreaking the unauthorised use of telecommunications services or equipment at the expense of another. This act not only defrauds carriers and service providers of rightful service charges but may also damage the integrity of the switching and billing systems.
PKAF a Public Key Authentication Framework would allow for the establishment of a trusted public key system, allowing any entity to determine the trust and validity of a public key certificate claimed to be associated with another entity. The proposal was prepared by the PKAF Task Group, formed by Standards Australia from representatives of industry and government.
plain text data or a message in ordinary language or format, which can be understood by a person or a computer.
public key encryption see assymetric system
private key encryption see symmetric system. Not to be confused with the private key of a public key pair which is used for confidentiality purposes.
RSA an algorithm for creating public key private key pairs and algorithms for the subsequent encryption and decryption of text. Designed by Rivest-Shamir-Adleman, after whom it is named. This system is commonly used for public key encryption and the only public key system which creates key pairs which can be used for either role.
Smith a fictional identity, like Jones, thought preferable by the author to colourless cyphers like A, B, C and a variant from the A lice and Bob who habituate frequent such texts. In a further attempt at verisimilitude, Smith is of the male gender, while Jones is a female.
steganography in data security, the concealment of the existence of messages, literally covered writing. This can take the form of filling in inter-message gaps with padding characters, thus although the existence of the communication link is not concealed an attacker is denied information on when messages are being transmitted.
symmetric key a method of encryption in which the same key is used to encrypt as to decrypt. Also referred to as secret key or single key encryption. This sort of encryption is used in telephone scramblers. The key length can be varied for different levels of protection. It is a much faster process than using asymmetric keys.
trusted third party an entity providing user services ranging from the provision of authentication services such as the verification of a client's public key, time stamping of documents, digital signatures and key retrieval services.


CHAPTER 1

CONCLUSIONS AND FINDINGS

1.1 Conclusions

1.1.1    The relationship of the individual to society is determined by an elaborate series of structured and informal arrangements. That our society should be an open, pluralist, democratic, ethnically diverse one, eschewing discrimination on the grounds of age, gender, religion, race, physical or intellectual handicap or any other discriminator which denies dignity is universally agreed.

1.1.2      Individuals living in community cede certain rights and privileges to ensure order, equity and good government, even if sometimes reluctantly. To this end, a lawful right to conduct intrusive investigations has been given to law enforcement and national security agencies and to ensure the exercise of those intrusive powers is properly controlled, various forms of oversight and a package of administrative law measures have been instituted. These have produced a significant increase in public accountability, but our time is characterised by a mistrust of all powerful institutions which seek to limit the freedoms of ordinary citizens.

1.1.3      The general availability to the individual of data security, whether for storage or communications, will alter the relationship between the citizen and the state. It will mark a rare opportunity, in the second half of this century, when advantage moves in the citizen's favour. In recent years the balance has shifted markedly to the advantage of the state and to law enforcement and national security, as technology and computing power have provided powerful investigative tools to trace or profile individual subjects. 1 As long ago as 1890 the Harvard Law Review decried the threat to privacy which 'recent inventions and business methods' posed - the invention was black and white photography and the methods invasive investigations by brash newspapers! 2 The Review accepts the considerable and necessary benefit which cryptography will bring to the citizen, not only for confidentiality but also for authenticity, integrity and non-repudiation. It is, however, only confidentiality services with which this Review is concerned.

1.1.4      The point is strenuously made by law enforcement and national security representatives that loss of access to real-time communications and to data stored electronically would have a significant and deleterious effect on investigative capability. That effect would be the loss of tactical intelligence by which their investigations are directed, the denial of evidence which may secure the prosecution of serious criminals, significant on-costs and increased risk.

1.1.5      This Review was commissioned by the Commonwealth and is directed to Commonwealth requirements. The terms law enforcement and national security have, therefore, a clearly intended Commonwealth application when specific matters are addressed. Law enforcement is primarily taken by the Review to embrace the Australian Federal Police (AFP) and the National Crime Authority (NCA). In a secondary sense, it includes the Australian Customs Service (ACS), the Australian Transaction Reports and Analysis Centre (AUSTRAC) and the Commonwealth Law Enforcement Board (CLEB). National security is taken to refer specifically to the Australian Security Intelligence Organization (ASIO). But these matters, law enforcement in particular, cannot be isolated in a federal sense. The Review consulted with the police services of New South Wales and Victoria as major representatives of State and Territory police services. The conclusions at which the Review arrived have equal application for the States and Territories and the nature of the challenge of encryption dictates that responses and solutions be nationally based. There will be a need for complementary, coherent and consistent action by the Commonwealth, the States and Territories in this matter.

1.1.6      The public availability of encryption has drawn differing responses from governments. This review has confined its study to cryptography, of which encryption is the process by which data is transformed into an unintelligible form, so the original data cannot be obtained or cannot be obtained without using the inverse decryption process. It has not concerned it self with other forms of data manipulation, such as steganography or data compression, which may cause difficulty in understanding the meaning of the data. Some countries, such as France, Israel, Belgium and China, have limited the importation of encryption systems and products and effectively mandated the escrowing of keys. Burma, in late September 1996, banned connections to the Internet. In days of cyberspace access, any attempt hermetically to seal borders seems an exercise in futility. Other countries, such as the United States and the United Kingdom, while proposing voluntary national arrangements which place conditions on the use of encryption, have not excluded the prospect of mandatory arrangements.

1.1.7      Recognising the importance of the information and communications revolution to Australia's development and to the needs of electronic commerce, successive Governments have favoured a process of self-regulation to deal with encryption policy, believing competition and consumer demand will ensure the interests of all sectors are addressed.

1.1.8      While the needs of electronic commerce, intellectual property and the protection of safety-critical industrial 'processes may be attended by self- regulation, the requirements of law enforcement, security and privacy stand somewhat apart. It is a paradox that the purposes for which cryptographic methods may be used can be mutually conflicting - providing the security needed to move vast streams of commercial, financial and medical data across open networks and providing impregnable communications security for terrorists and organised crime to wreak their havoc on society. The challenge for all governments is to secure a balanced policy outcome.

1.1.9      Law enforcement and national security need to be able to collect the tactical intelligence and evidence critical to the effective prosecution and coordination of their inquiries. There was an understandable concern mentioned by some that government may be seeking to enhance the powers of law enforcement and security under the guise of a paradigm shift in technology. That is not so. The objective of the review was to ensure investigative capability was maintained, while privacy and civil liberties were preserved. The Review was satisfied the availability of real-time decrypted communications is central to the investigative capability of law enforcement agencies and the national security service.

1.1.10      It was not clear, at the time the Review concluded, what public form of key management infrastructure would be required in Australia. There was a period, not so much earlier, when it was automatically accepted that independent entities would generate and archive keys. Developments in technology see individuals capable of generating their own keys reliably, but it remains likely that many will rely on a commercial independent entity to assist in data retrieval. The notion of 'trust' will be central to any system of electronic commerce or third parties. It is difficult to imagine all individuals will be able or inclined to establish themselves the networks of trust necessary to engage in business with confidence. In view of the premium to be placed on trust and the high potential for corruption in the third party service provider area, a system of integrity screening and registration for providers is indicated. The process adopted by casino authorities should prove a useful model.

1.1.11      The need for certification facilities (affording a level of authentication or confidence in a person's private key) is clear and the sort of structural and procedural model provided in the Public Key Authentication Framework (PKAF) seems widely to be accepted. Clear indication of government support by, for instance, an announcement of intended usage of the system, would be timely and provide an urgently required planning base. For the purposes of electronic commerce, there will be a need for legislation to give digital signatures the equivalent force and effect of a witnessed hand-written signature. As in the case of third party service providers, a form of vetting and registration of those who would offer certification authority services is indicated.

1.1.12      A certification authority is neither an escrow agency nor a trusted third party; it will not retain or archive key materials unless specifically requested by customers to do so and then only under contractual conditions that remove any liability which may flow from compliance with lawful orders to produce such materials to instrumentalities of the state. Its function relates to certifying to the integrity or personal ownership for both authentication and confidentiality purposes, to authenticating digital signatures for commercial, legal, evidentiary and similar purposes.

1.1.13      Some may argue the more organised, or 'professional', criminal elements would be unlikely to rely on any service providers, too easily risking becoming hostages to fortune - a view recited by all law enforcement agencies consulted by the Review. But convenience, lethargy and a lack of discipline repeatedly prove themselves capable of overcoming such caution, at least among the less professional strata. In such circumstances, they may be few or many, government agencies could seek search warrants to obtain 'keys' where these were held either by the subject of the investigation or the registered third party service provider.

1.1.14      Criminal enterprises, like normal businesses, may be expected to generate their own key materials. There will be the capacity to generate a staggering number of keys, to use a computer randomly to choose the algorithm, to change the key randomly with every transaction or to change the key automatically at intervals set at seconds rather than minutes, while transactions proceed. In such instances, there is no third party or service provider to be approached. Either voluntary or coercive attempts to require production of the 'key' are unlikely to prove successful and the user would likely be unaware of the key being employed. The invocation of the principle of non self-incrimination may well represent the polite end of the possible range of responses.

1.1.15      In light of this situation, the Review does not recommend mandatory third party arrangements. Some form of voluntary third party service seems an inevitable development, however, for electronic commerce and intellectual property reasons, as well as interoperability and international agreements. It is likely to prove of limited assistance to law enforcement and national security investigations.

1.1.16      Any attempt to prohibit the importation of cryptographic materials would be misguided and harsh to the privacy rights of all citizens. Strong commercial encryption is in the national interest and a role can be argued for government to advise the community about the integrity/vulnerability of systems and products. On this note, the national interest strongly suggests Australia should not be dependent on products originating in one country. The risk of national dependence on the United States, which manufactures the majority of the world's software, would at least be reduced by diversification of supply and there is scope for government to take a lead here. There is, of course, some hope that the technology which passes through generations in the blink of an eye [a Web year was described to the Review as 90 days and going down!] may provide some comfort to law enforcement and national security. In the meantime, some practical suggestions are made.

1.1.17      Changes should be made to strengthen focussed investigations of the AFP, the NCA and ASIO, to review the sanctions for non-compliance with directions to produce and to protect more effectively sensitive operational methods used by these agencies to acquire access to encryption keys or systems. There should be no change to the tests to be satisfied before warrant requests are approved - they should remain as stringent as they are today. Nor should there be any change to oversight arrangements.

1.1.18      The wide and easy availability of cryptography will enhance the privacy of citizens, where they have control over the use to which data is being put. It should allow some protection against the data-matching, profiling and peddling of personal information for commercial gain which have become endemic, through ignorance or obfuscation of the need for informed consent. 3 It will adversely impact on the capability and investigative approach of law enforcement agencies and the security service and may, consequently, provoke some redefinition of that fundamental relationship between citizen and state. To presage the imminent end to civilisation, however, which some foreign law enforcement advocates assert will ensue should their favoured approach not be adopted, is neither a novel prophecy nor lends substantial assistance to the debate.

1.1.19      The work of the sub-group of the Organisation for Economic Cooperation and Development (OECD), tasked with developing draft guidelines on cryptography, is important. The aim is a framework of principles addressing the needs of the global village. 4 Electronic commerce requirements, if nothing else, will likely dictate some common infrastructure to guarantee interoperability. If the European Union, the United States or Japan, for example, or any combination of these, was to muster sufficient support for a particular model, Australia would be foolish not to follow suit. At this stage, however, there is no such agreement and, hence, no need to take an independent policy position on this issue.

1.1.20      The conundrum for government is the encryption genie is out of the bottle: a genie with the potential to enhance data security and personal and corporate privacy but also to provide a shield of invisibility for criminals and others. While the pace of change continues relentlessly, the most appropriate policy response remains to watch developments closely, to reinforce and protect the investigative capacity of law enforcement and the security service, to maintain the requirement that telecommunications services provided by carriers be susceptible to interception, to progress the development of the OECD guidelines on cryptography, to ensure appropriate arrangements for the screening, performance standards and registration of third party service providers and certifying authorities are put in place, to coordinate policy and technical development which may provide a solution to public safety needs and to stimulate public discussion of and involvement in the search for a truly balanced solution.

1.1.21      The implications for law enforcement and national security of encryption, though significant, appear dwarfed by the potential fiscal consequences, particularly when allied to more powerful processing and the progressively increasing capacity for individuals to engage in anonymous transactions. They are matters, however, outside the Terms of Reference.

1.2     Findings

1.2.1      The main finding of the Review is that major legislative action is not advised at this time to safeguard national security and law enforcement interests in the face of the challenge presented by cryptography, though a range of minor legislative and other actions are indicated.

The 1994 judgement, that encryption was a looming problem which warranted close monitoring, remains substantially valid. The problem, in a substantive sense, still lies ahead of law enforcement and national security agencies but the distance is shortening rapidly.

1.2.2      The option recommended by the Review to cater for national security and law enforcement interests in the face of the encryption challenge is to strengthen and further protect the investigative capability of those agencies, to recast the relevant statutory provisions in clear purpose terms to prevent premature aging and to consider the introduction of a new statute (the Aid to Public Safety Act is proposed) which would aggregate the various intrusive investigative powers, or at least those in the Attorney-General's portfolio, into one place. This would facilitate the process of review, as indicated by changes in technology or circumstance, and likely engender a more controlled public discussion.

1.2.3      Australia has not been disadvantaged by the absence of policy decisions on the issue of key management infrastructure. Many foreign governments have moved early, but not necessarily to advantage. The rate of technological change, developing public knowledge and expectation of the Global Information Infrastructure and the reaction to the control mechanisms attempted by some governments suggest, generally, a continuation of this course. The immediate exception, on public administration grounds rather than anything else, would be the introduction of screening and registration procedures for third party service providers and certifying authorities. The third quarter of 1996 saw more intensive global engagement on this issue than any comparable earlier period. The greater risk for Australia, in the short term, is the lack of certainty about who is directing government policy and who, therefore, is coordinating the work progressing across a range of fronts. That is an issue which needs urgently to be addressed.

1.2.4      The Review's findings are set out against each term of reference. Those of a broader nature, which do not specifically relate to a particular term of reference, have been aggregated under term number 2.

Term of Reference 1.The Review is to examine whether legislative or other action should be taken to safeguard national security and law enforcement interests in the light of the rapid development of the Global Information Infrastructure and the continuing need to safeguard individual privacy.

Findings:

1.2.5      The Review does not support legislative action at this stage to prescribe a form of key management infrastructure accessible by government for purposes of national safety, but overseas proposals and developments will need to be kept under close watch. The effort within the OECD to develop draft guidelines on cryptography is worthwhile and should provide a useful framework for national and international approach to this issue. A further Review is recommended late in 1997, when technology will have advanced further, any early impact of deregulated communications will be apparent, the position of other countries such as Britain and the United States will be clearer (both plan to introduce legislative measures), the OECD work will be largely concluded and the position Australia might best adopt to balance its national security and law enforcement interests with its support for electronic commerce, privacy and continuing access to the communications and information revolution, might be clearer. (paragraphs 3.4.1-3; 3.7.1-7; 4.5.11-16; 4.6.1-2; 5.1.5-9 refer)

1.2.6      The Review found a lack of clarity as to which Minister and which department had responsibility for cryptography policy and the consequent danger of a lack of coordination in policy development. These deficiencies need to be overcome. (paragraphs 2.3.1-2; 3.4.3-5; 6.1.1-4 refer)

1.2.7      The Review identified a number of areas where legislative action might be taken to ensure Australia's national security and law enforcement interests. These are set out at term 3(c).

Term of Reference 2.The objective of the Review will be to present options for encryption policies and legislation which adequately address national security, law enforcement and privacy needs while taking account of policy options being developed to address commercial needs.

Findings:

1.2.8      The Review does not recommend specific options for encryption legislation at this time. The policy options being developed to address commercial needs are as yet inchoate. The process of developing guidelines on the use of cryptography by the OECD Ad Hoc Group of Experts is still 6 months from conclusion and international agreements based on such a framework would seem to represent the only basis for trusted third party encryption of telecommunications. 5 (paragraph references as per 1.2.5)

1.2.9      There is no draft proposal at large which meets well the competing demands of law enforcement/national security, privacy and commercial needs. (paragraphs 4.5.1 1; 4.6.2; 4.7.1-6 refer)

1.2.10      The conceptual difficulty in resolving those tensions in one set of arrangements is exacerbated by the requirements of law enforcement and national security being predicated on access, while privacy and commercial needs are predicated on protection.

1.2.11      There seems no compelling reason or virtue to move early on regulation or legislation concerning cryptography. Law enforcement and national security agencies have certainly experienced difficulty where subjects of investigation have refused access to encrypted stored data and it has not been possible for them or other agencies to decrypt this material. It is questionable, though, whether any range of policy decisions concerning key management would have altered this situation materially. For the present, the investigative capability of the agencies is not significantly affected. (paragraphs 3.2.1-4; 3.5.3-4; 4.1.2 refer)

1.2.12      To ensure policy positions are properly coordinated and reflect the interests of the different parts of government, it would be preferable if these followed decisions by Ministers on policy responsibility, were coordinated by a standing inter-departmental committee and that the committee was constituted at an appropriate level. (paragraphs 3.4.2-5 refer)

1.2.13      For reasons of electronic commerce and international cooperation in the law enforcement and national security areas, Australia's policy positions must mesh with those of her major trading and cooperating partners. While a few countries have made public policy commitments, these are likely further to change. International acceptance of the OECD draft guidelines on cryptography, the drafting of which is due to conclude early in 1997, may provide a basis for that consistency in national approach essential for the GII. (paragraphs 4.6.1-4 refer)

Term of Reference 3(a).Key factors to be addressed include Australia's national security and defense interests;

Findings:

1.2.14      While national security and defense interests provided the framework within which the other terms of reference in paragraph 3 were examined, the injunction in the first term of reference of the Review to have regard for the continuing need to safeguard individual privacy and a reminder of that at term 3(d) provided some tension when different requirements were to be served. The approach of the Review was to seek to strike a balance, leaving the privacy advantage with the community as a whole when the security or defense interests, taken at their broadest, were unable to demonstrate an impediment to the performance of their functions and model mechanisms of control either failed or were oppressive.

Term of Reference 3(b). an assessment of the present state of encryption technology and prospective developments in encryption technology over the next few years likely to impact on Australia's national security and law enforcement interests;

Findings:

1.2.15      Strong encryption, which cannot be defeated by law enforcement and national security agencies, is already available commercially or in the public domain. (paragraphs 3.2.4; 3.5.1-4 refer)

1.2.16      Data is being stored securely on computer systems or being sent over the telephone system beyond the reach or visibility of the investigative agencies. (paragraphs 3.5.1-4 refer)

1.2.17      The likely trend will be from software encryption applications with separate keys generated by the individual's computer system or an independent entity to primarily hardware solutions where random keys are rapidly generated and changed by the equipment itself and recognized and understood by those to whom data transmissions are directed (paragraphs 3.6.1-7 refer)

1.2.18      The AFP, NCA and ASIO consider access in real time to the communications of subjects of investigation an essential capability for the performance of their functions. There has been negligible indication of encryption being used in voice communications, but a strong belief it is employed in computer to computer communications. A reliable statistical base is required to underpin a further and more comprehensive assessment of the impact which loss of real-time access to the voice and data communications of the subjects of investigation would pose. (paragraphs 3.3.1-4; 4.1.1-3; 4.2.1-2 refer)

1.2.19      The AFP should chair an inter-agency group tasked with the preparation of an assessment of the impact which the loss of real-time access to voice and data communications would have for law enforcement and national security. The assessment should be submitted to the Secretary of the Attorney-General's Department for presentation to the Secretaries Committee on National Security. (paragraph 4.1.3 refers)

1.2.20      The future direction of encryption technology depends largely on advances in the field of pure mathematics and computing power which increases, on average, by the power of 10 every five years. We will likely see dedicated microchips able to work faster and process more complex algorithms. at reasonable speed. Secure faxes will become more common. Remote banking facilities will become available. Local area computer networks (LANs) will use encryption for communication between workstation and file server or mail server. This encryption will be transparent to the user. Each computer or user on the network will have its own public/private key pair, used to generate random session keys. Further ahead, quantum computing and, perhaps, quantum cryptography are mentioned, as are molecular memories, but none is predicted to cause major change to the projected trend line of development. (paragraphs 3.1.1-4 refer)

1.2.21      The availability of an encryption function on major software applications or as a service to telecommunications users would likely be taken up quickly by the community, but particularly the more significant targets of law enforcement and national security agencies. Microsoft, for example, recently indicated it would soon offer such an application. (paragraph 3.4.6 refers)

1.2.22      The loss of access to real-time communications of their targets, and the inability to access seized stored data, will necessitate a range of activities by law enforcement and national security agencies which carry greater operational, personal and political risk, involve larger financial outlays and staff allocations and will require some legislative amendments. (paragraphs 4.3.1-6 refer)

Term of Reference 3(c) whether Australia's present laws are adequate to ensure Australia's security and law enforcement interests in an environment of rapidly emerging new technologies;

Findings:

1.2.23      The Telecommunications (Interception) Act 1979 is considered adequate by national security and law enforcement agencies, though a range of issues such as the continuing capacity to trace calls; the test of reasonableness (as applied) under which law enforcement and national security agencies may seek such action; access to call record information and caller identification from carriers and service providers; the legal status and, therefore, obligations of service providers after 1 July 1997; the impact of satellites (eg systems are being launched by Asian countries which will cover significant parts of Australia); and some jurisdictional matters in relation to the Internet loom as issues which the Law Enforcement Advisory Committee (LEAC) and the Attorney-General's Department will need to pursue. (paragraphs 3.4.1-2; 3.6.7; 4.8.4; 6.2.4 refer)

1.2.24      The Telecommunications Act 1991 would become inadequate if the license condition on carriers first to obtain approval from the Minister for Communications and the Arts, who is required to consult with the Attorney-General, before marketing any telecommunications service not susceptible to interception should be varied. 6 (Paragraph 6.2.18 refers)

1.2.25      The Telecommunications Act 1991 should establish a requirement for all communications service providers to be registered, which would facilitate the service of warrants and access to customer data bases by law enforcement and national security agencies. The purpose is not to restrict entry to the sector but to meet these requirements and ensure service providers may be kept informed of changes affecting their functions. (paragraphs 6.2.4-5; 6.2.18; 6.2.21 refer)

1.2.26      The ability to trace calls will continue to be of major importance to the AFP, NCA and ASIO (and the State police services), even in situations where interception or access to communication content is denied. The application of the 'reasonableness' principle by communications carriers or service providers will need to extend beyond life-threatening situations. The containment of consequential costs might best be managed by limiting, more than currently, those agencies authorised to make such requests. (paragraphs 3.6.7; 6.2.4 refer)

1.2.27      Invocation of the principle of non self-incrimination is likely to prove an obstacle to efforts by law enforcement agencies to obtain encryption keys by search warrants or orders made by courts and tribunals. (paragraphs 3.2.4; 3.5.1-4; 3.7.10-11 refer)

1.2.28      The Crimes Act 1914 should be amended to permit the AFP, NCA and ASIO to 'hack' into a nominated computer system to secure access to that system or evidence of an electronic attack on a computer system. (paragraphs 6.2.3; 6.2.22 refer)

1.2.29      Consideration should be given to establishing a further and more serious category of offence where encryption is used to obstruct investigation by law enforcement or national security agencies into the preparation for or commission of a criminal offence and to give the Commissioner of the AFP authority, analogous to the ss. 28/29 powers provision available to the Chairman of the NCA, to require production of information or material which would render seized encrypted data intelligible. (paragraphs 3.7.10; 3.7.11; 6.2.22 refer)

1.2.30      The narrow definition of a listening device in the Australian Federal Police Act 1979 should be amended to reflect the purpose of such devices, namely to transmit data. The current wording restricts transmission to voice only. (paragraphs 4.3.5; 6.2.1; 6.2.20; 6.4.4 refer)

1.2.31      The criteria of Class 2 offences as set out in section 12(B) of the AFP Act should be widened so that listening devices might be deployed in the investigation of computer and information crime. The use of computers as communications devices is much more common than when the Act was drafted and that trend is only likely to become more prevalent. (paragraphs 6.2.2; 6.2.20 refer)

1.2.32      Authority needs to be created in the AFP Act, subject to the normal warranting processes for the exercise of intrusive powers, for the agency to install tracing or tracking devices which transmit data, to enter premises or perform this remotely, to do so without seeking or obtaining the permission of the owner or user of the equipment or premises, to transit other premises necessary to reach the nominated premise and to re-enter such premises as are necessary to maintain, replace or remove devices. Removal of devices, under the same warrant conditions, would be permitted after the expiration of the warrant, if secure circumstances do not obtain in the term of the warrant. Call-tracing should not be a facility confined in its application to life- threatening situations but available for the investigation of serious crime or security, intelligence subjects. (paragraphs 6.2.6; 6.2.9; 6.2.20 refer)

1.2.33      Authority should be created for the AFP, the NCA and ASIO to alter proprietary software so that it performs additional functions to those specified by the manufacturer. Such an authority, which clearly should be subject to warranting provisions, would, for example, enable passive access to a computer work station of a LAN and link investigative capability more effectively to current technology. While there are issues of liability, the Review is convinced the effort should be made to accommodate these so that a target computer may be converted to a listening device. This capacity may represent one of the important avenues of accessing plain text. (paragraphs 6.2.10-11; 6.2.20 refer)

1.2.34      All amendments and suggestions made in relation to the AFP Act should be mirrored by amendment to the ASIO Act, both for its security intelligence and its foreign intelligence investigation obligations.

1.2.35      There will need to be integration between federal, state and territory law enforcement agencies as Commonwealth investigations frequently cover several jurisdictions, the State and Territory police forces operate in the same areas of criminal investigation and the latter police forces employ the same core technology and encounter the same problems. These issues might usefully be explored at a meeting of the Standing Committee of Attorneys-General and the Australian Police Ministers Conference. (paragraph 6.2.28 refers)

1.2.36      Statutory protection needs to be afforded those sensitive operational and technical methods employed by law enforcement agencies in the course of their investigations. The process of establishing a public interest immunity claim may implicitly reveal sufficient of a conceptual and operational approach as to destroy the integrity of such a method. Where high personal risk and damage to the investigative capability of the agency may result, should protection of the operational methods employed in a particular investigation not be absolute, agency heads should be empowered to issue a certificate, pursuant to the proposed provision, identifying the operationally sensitive information protected from disclosure, discovery by legal process or access under the FOI Act. (paragraphs 6.2.12-17; 6.2.20 refer)

1.2.37      Consideration be given to incorporating all intrusive investigative powers, or at least those of the agencies in the Attorney-General's portfolio such as the AFP, ASIO, AUSTRAC and the NCA, into one statute with an aim and title like 'the Aid to Public Safety Act'. The various powers should be expressed in terms of their purpose, not the means by which those purposes may be achieved. The benefit would rest in common approaches across Commonwealth agencies, a clearer over-arching purpose, a positive encouragement to inter-agency cooperation and the greater speed and political ease with which necessary amendments may be effected to ensure the statute remains relevant to developing technology and practice. (paragraphs 6.4.1-8 refer)

1.2.38      Instead of the current four or more types of warrant for intrusive investigative activities by law enforcement and national security agencies, to which further types are proposed at 1.2.28, 1.2.32 and 1.2.33, all warrant types should be reduced to one of two: the interception of communications or entry into property. (paragraph 6.4.8 refers)

Term of Reference 3(d)measures to safeguard individual privacy including an examination of the warranting provisions that may be required to enable law enforcement and national security authorities to gain access to encrypted material, whether in the form of stored data or a message transmitted over a telecommunications network;

Findings:

1.2.39      The ready availability of strong encryption, with no requirement to escrow or register keys, nor to entrust them to any independent entity, is the most effective safeguard of individual privacy. (paragraphs 3.4.8; 4.5.7; 4.5.10; 4.6.3; 4.8.4 refer)

1.2.40      The current regime of stringent warranting provisions for the exercise of intrusive investigative powers should continue and apply to any change to the range of those powers. (paragraphs 2.2.6; 5.1.7; 5.1.9 refer)

1.2.41      To ensure the privacy rights and civil liberties of those subjects of investigation by law enforcement and national security agencies are preserved, where a court or tribunal is prevented from examining any circumstances surrounding covert investigations because a statutory protection against involuntary disclosure has been invoked by an agency, such cases or a sample of these cases should be examined by a senior, independent official experienced in the conduct and handling protocols of sensitive matters. As the Inspector- General of Intelligence and Security has the function to inquire into matters referred to the Inspector-General by the Human Rights and Equal Opportunity Commission in respect of the intelligence community, the sole aspect to be reviewed here, this function would be caught within existing responsibilities. In the case of Commonwealth law enforcement agencies, the function might be given to the proposed National Integrity and Investigations Commission. (paragraphs 6.2.24-27 refer)

Term of Reference 3(e) an assessment and evidence of the benefits of access by law enforcement and national security agencies to encrypted data;

Findings-

1.2.42      The value of intercepted communications, as cited to the Review of the Long-Term Cost Effectiveness of Telephone Interception, has not diminished and additional material is available since that review. Law enforcement agencies and ASIO made a cogent case for access to data concerning subjects of investigation, whether voice or data communication, computer communication or stored data, whether concealed by speed, compression or encryption. The assessed benefits are the capacity to conduct investigations effectively and the performance of their statutory functions. (paragraphs 4.1.1-2; 4.2.1-2; 4.3.1 refer)

1.2.43      There are indications, more frequently seen by law enforcement agencies than ASIO, that the subjects of investigation are making significant use of encryption to store data securely. It is already a frequent experience that this data cannot be decrypted. (paragraphs 3.2.4; 3.5.1; 3.5.3; 4.1.2; 4.4.1 refer)

1.2.44      Real-time access by law enforcement and national security agencies to the voice and data communications of their subjects of investigation is essential to core capability. The loss of that access would seriously impair capability, increase the risk factor in their operations and entail a range of staffing, budgetary, legislative and political consequences. (paragraphs 4.3.1-6 refer)

1.2.45      The lack of reliable national statistics on attacks on computer and communications systems will hamper policy development in areas such as electronic commerce and cryptography. The proposed IDC on Cryptography should consider the matter in the light of the review of AUSCERT commissioned by DOCA and its impact. (paragraphs 3.3.4-5)

Term of Reference 3(f) an assessment of the most appropriate means offending the development, implementation and maintenance of a decrypting capability for existing and emerging technologies;

Findings:

1.2.46      No cogent reason was presented to the Review which suggested an independent cryptanalytical capability should be established for law enforcement and national security interests. (paragraphs 4.4.1-5 refer)

1.2.47      While general support for an independent decryption capability was evident among law enforcement agencies, the limited opportunities and expectations with which decryption would be approached would not justify the significant establishment and recurrent budgetary allocation required. (paragraphs 4.4.6-7 refer)

1.2.48      A 'closed' forum at a senior technical and operational level involving law enforcement, national security and the Defence Signals Directorate should be established to discuss and share attack methodologies against encryption, the covert acquisition of keys, agree possible research projects and review cooperation arrangements. Such a forum would provide a means for keeping the Secretaries Committee on National Security informed of any significant change to the investigative capability of law enforcement or national security agencies as a result of encryption. 8 Because of the protocols surrounding this field, it would be sensible for such a forum to be covered by memoranda of understanding agreed by the heads of the various agencies. (paragraphs 4.4.7- 12; 6.3.2 refer)

1.2.49      The cost of enhancing in-house facilities to produce a modest decryption capability should not necessitate New Policy Proposals, but the Commissioner of the AFP, the Chairman of the NCA and the Director-General of ASIO should ensure investment in staff training, development and secondments and minor capital expenditure on decryption facilities are planned and implemented in a coordinated fashion. The proposed inter-agency forum may provide the vehicle to coordinate that investment and development. (paragraphs 4.4.7; 6.3.1-3; 6.3.5 refer)

Term of Reference 3(g)whether Australia should seek to negotiate agreements with any other country or countries governing access to encrypted data where public keys (under a 'Commercial key Escrow' or 'Trusted Third Party' system of encryption) are held outside Australia;

Findings:

1.2.50      It would be premature to enter formal negotiations with other countries on access to encrypted data, where public keys are held in those countries, until there is some certainty as to likely key management infrastructures. Reciprocity is a standard feature of such access agreements. Caution against entering formal negotiations is not intended to preclude substantive discussions on the issues. Indeed, the US has intimated that a condition of easing export controls may be the existence of a form of certified key management. (paragraphs 4.6.1-2 refer)

1.2.51      Such agreements should reflect the arrangements which national security and law enforcement agencies have in place to handle the exchange of sensitive tracing and operational matters. Those arrangements, properly, have regard for the legal, political and human rights record of the requesting country and the likely use which may be made of the information sought. (paragraph 4.6.4 refer)

Term of Reference 3(h)whether legislation is desirable to:

(i) regulate the availability of 'Commercial Key Escrow' or 'Trusted Third Party' encryption; or

(ii) facilitate the development of 'Commercial Key Escrow' or 'Trusted Third Party' systems of encryption;

1.2.52      The models of 'Commercial Key Escrow' and 'Trusted Third Party' systems variously proposed by the United States and Britain contain some (inevitable?) design flaws which will leave subjects of law enforcement and national security investigations outside their arrangements. The market may well identify, for normal commercial reasons, the need for trusted third party services in Australia. (paragraphs 4.5.4-11; 4.7.1-6 refer)

1.2.53      There is a high risk of corruption in the third party service provider sector and the Government would be prudent to require integrity screening and registration of those who seek to offer such services to the public. The testing process employed by casino authorities should prove a useful model. (paragraphs 4.7.6-7 refer)

1.2.54      Some licensing or registration arrangement, together with a requirement to meet minimum performance standards (as proposed by Standards Australia) is indicated for Certifying Authorities providing authentication services. This may depend on the outcome of the Wallis Inquiry into the effects of deregulation of the finance system 9 or government may wish to consider it cognately with the recommendations from the working groups of officials examining a range of electronic commerce issues. The separation of the authentication from the confidentiality key is a matter where clear and early statement of government's position would assist. (paragraph 4.5.15 refers)

Term of Reference 3(i)the impact of overseas initiatives associated with encryption technology, particularly in relation to the extent to which international cooperation and proactive specification of desirable characteristics for encryption products and 'Commercial Key Escrow' or 'Trusted Third Party' services is desirable and recommendations as to how such international cooperation might best be achieved,.

Findings:

1.2.55      Considerable variation exists in the approach of foreign governments to cryptography policy issues, ranging from banning, to registration, to the promotion of voluntary systems of key management which may meet some of the needs of law enforcement and security, to the deliberate decision not to take decisions on these matters while the technology continues to develop at a rapid rate and offers new approaches for dealing with the issue. (paragraphs 4.5.1-13 refer)

1.2.56      There seems to be little popular support in or outside the United States for a 'Commercial Key Escrow' system involving government agencies creating as it would significant vulnerability outside of the control of the person or corporation. 10

1.2.57      The British Government's 'Trusted Third Party' scheme carries some of the same weaknesses.11  The university proposal on which it is based does provide for separation of the authentication and confidentiality functions but again, surprisingly, this was not address in the official government statement. It is not yet known if the mooted European Union variation of the British proposal will improve on the design (paragraphs 4.5.8-11; 4.6.3; 4.7.1-6 refer)

1.2.58      The issue of international cooperation would best be addressed frommid-1997 when there has been more developmental work, the position of a number of countries will be clearer, legislative proposals will have been introduced by some and the work. of the OECD Ad Hoc Group of Experts will have concluded. (paragraphs 4.6.1-4 refer)

Term of Reference 3(j)the effectiveness of Australia's export controls on encryption technology.

Findings:

1.2.59      Any judgement as to effectiveness depends on the aspect from which the issue is approached. As the Review was enjoined to consider Australia's national security and defence interests as key factors, it may be argued Australia's export controls were effective, though American export controls may have had greater influence on the limited proliferation of 'strong' forms of encryption in the region. (paragraphs 5.2.1-4 refer)

1.2.60      The continuing efficacy of export controls as a defensive strategy is dubious when no import controls exist and firms are able to evade the export controls of the United States, far and away the major software supplier, and purchase their requirements in Europe or Asia. As well, the Internet offers a market-place without borders. (paragraphs 5.2.6-7 refer)

1.2.61      From a commercial perspective, the purpose and impact of those export controls was questioned. There was criticism that Australian cryptographic products did not always meet customer requirements and suffered in comparison with American products on the counts of convenience, comparability and cost. (paragraph 5.2.6 refers)

1.2.62      The abolition, or even an amelioration, of United States export controls will likely prompt a rapid extension of key lengths as an argued talisman of data security. (paragraph 5.2.11 refers)

Term of Reference 4. The Review is to have regard to the Government's existing encryption policies, the work of the OECD Committee of Experts on Security, Privacy and Intellectual Property Protection in the Global Information Infrastructure on the development of international cryptography guidelines and the work of the Information Policy Task Force on the implementation of open encryption standards which address commercial needs.

Findings:

1.2.63      The Review examined and took account of the Government's approach outlined in Australia Online 12 and by officials of the Department of Communications and the Arts. It examined the 1980 OECD Guidelines on Trans-Border Flows of Personal Data 13 and the 1992 OECD Guidelines on Information Systems Security and informed itself of their antecedents. It had the benefit of many discussions and meetings with representatives of all interested agencies on the draft guidelines on cryptography currently being developed and was invited to participate in inter-departmental discussions chaired by the Attorney-General's Department. The Information Policy Task Force had not been established in the period of this Review but a retitled Information Policy Advisory Council was due shortly to meet. 14

Footnotes:

1 Technologies include DNA analysis, fibre analysis, improved electronic surveillance methods across public agencies such as Immigration, Social Security, Taxation, Customs, financial institutions, communications camera, transport companies and regulators, etc.

2 Samuel D Warren & Louis D Brandeis, The Right To Privacy, 4 Harv. L Rev. 193, 195 (1890)

3 Prof Greg Tucker notes the possibility that an unregulated GII environment could lead to a loss of control by individuals over their personal data, running the risk of creating a surveillance society. From his paper titled 'Security, Privacy and Intellectual Property Rights in the Information Infrastructure' presented to the OECD, May 1996, p 143.

4 Not only is the relationship between the individual and the state likely to he affected by cryptography and its consequences but Michael Nelson argues we will see less powerful governments in relation to trans-national criminal organisations because traditional notions of sovereignty, national security and warfare will be undermined by 2020 when the whole world will be 'wired' and e-cash is the norm. Michael Nelson, Special Assistant, Information Security, Executive Office of the President, quoted in BNA Daily Report for Executives, 6 September 1996, Washington, DC. A view offered also in a Technology Issue Note published by the National Security Agency titled 'NSA and the Cyberpunk Future', 3 June 1966, pp 4-5.

5 This group is Co-chaired by a Deputy Secretary of the Attorney-General's Department and is scheduled to complete its work by February 1997.

6 The US Administration is proposing legislation requiring each telecommunications carrier to increase its capacity to meet assistance capability requirements (the capacity simultaneously to undertake call tracing and communications interceptions) equal to 0.5% - 1% of the engineered capacity of the equipment, facilities or services that provide a customer or subscriber with the ability to originate, terminate or direct communications. The Congress has enacted the Communications Assistance for Law Enforcement Act (CALEA) and authorised funding support of $500 ml. Under the Omnibus Consolidated Appropriations Bill signed by President Clinton on September 30, 1996, the permanent Telecommunications Compliance Fund may receive money from any US Government agency with law enforcement or intelligence responsibilities. Carriers have raised significantly the charges levied on law enforcement agencies for special assistance.

7 Inspector-General of Intelligence and Security Act 1986. s.8 (1)(a)(v).

8 Both the Commissioner of the AFP and the Director-General of ASIO may be invited to attend meetings of the Committee and the Secretaries of the Defence and the Attorney-General's Department, which embrace the portfolio interests, are members.

9 The Financial Systems Inquiry, commissioned by the Treasurer under the chairmanship of Mr Stan Wallis, is due to report to the Australian Government by May 1997.

10 The US Administration issued two statements on July 12, 1996, one entitled Administration Statement on Commercial Encryption Policy (shown at Annex C); the other, US Cryptography Policy: Why We Are Taking the Current Approach.

11 A Paper on Regulatory Intent Concerning Use of Encryption on Public Networks was issued by the British Department of Trade and Industry on 11 June 1996.

12 Policy statement on media issues published by the Coalition parties prior to the 1996 federal election. The section immediately relevant to this Review (personal Privacy and Commercial Security) is shown at Annex B.

13 Attached at Annex F of this report.

14 The Information Policy Task Force was a specific proposal in Australia Online. p 10 et seq and is specified as a relevant parameter for this Review. See Terms of Reference, attached as Annex A to this report, para 4.


CHAPTER 2

CONTEXT AND APPROACH OF THE REVIEW

2.1 The Context - Barrett's Obiter Dictum

2.1.1     This review occurred in concert with a range of similar reviews initiated by different parts of government. Some overlap was indicated, and the coordination arrangements remain something of a mystery. Topics as broad as electronic commerce or on-line services understandably attract the attention of a number of major policy departments and operational agencies, while encryption is addressed simply as an element of their broader studies. The focus of this review of encryption policy is to address law enforcement and national security interests, while ensuring individual privacy needs are safeguarded.

2.1.2      The review took as a reference point an observation made in the Barrett report on Telephone Interception in 1994 that

and the conclusion:

2.1.3      The question which obviously presents itself is whether the 1994 conclusion still stands or how it should be revised.

2.1.4      Barrett recommended the Law Enforcement Advisory Committee (LEAC) should keep the use of encryption under review and provide annual reports on its effect. 17 That task was assigned to Sub-Committee E of LEAC. It has submitted four reports to date 18. They note evidence of encryption being used in stored data (primarily hard disk) but none as far as communications are concerned. This view is qualified by the fact that the equipment used to intercept digitised signals transmitted over high-speed modems is forced to operate at the limit of capacity and some encrypted communications may not be captured. The bottom line judgement has to be that Barrett's conclusion stands intact but the time-frame is likely to be compressed. The problem is no longer a future one - the operational and investigative problem will be with law enforcement and the national security authority tomorrow.

2.2      The Approach

2.2.1      Working alone on such a review, it was clearly impractical to invite written submissions or conduct public hearings. Related standing reviews already existed and others were established in the brief life of this Review. The primary issue was how law enforcement agencies and the national security service might retain their current investigative capability in a world where encryption may be generally used. The second issue was to establish if what was hidden from investigative agencies behind the veil of encryption would affect their effectiveness. Thirdly, if the impact was deleterious, should Australia be looking at emulating the type of response adopted by some foreign governments or do something else. And fourthly, should a decrypting capability for law enforcement be established and, if so, how might it be funded and maintained.

2.2.2      The structure of the Report reflects the major themes of the Review. There were some other issues and by keeping a constant eye on the Terms of Reference, these are addressed either separately or cognately.

2.2.3      The key constituencies for the review were easily identified: privacy guardians and those academics or experts who had revealed a close interest in this aspect of the debate; Commonwealth, State and Territory law enforcement agencies and the national security service; policy departments with an interest in the area; users; carriers and service providers; the information technology industry itself; and the banking or finance sector. Within quite severe resource limitations, the Review attempted to consult with a representative sample of all these sectors and expresses its appreciation for the time and thoughtful contributions which were made.

2.2.4      There were some areas of the Terms of Reference where it was not possible to make a satisfactory response or the limitations imposed on a single reviewer precluded the elicitation of the material on which a response may have been based. In instances where I was aware this occurred, I have identified areas which require further examination. Indeed, the situation in a number of these is far from settled and continuing close attention to developments in Australia and overseas is indicated. For the same reason, there are many instances where findings have not prompted recommendations but warrant close consideration. I believe Australia has suffered no damage from its disinclination to commit to a legislative or regulatory regime in the cryptography field and has had time to learn from or reflect on the early initiatives of other countries.

2.2.5      The Review addressed its terms of reference from a public policy perspective. Some understanding of the core elements of cryptography is necessary for informed discussion, but the Review did not seek to acquire, far less claim, technical expertise. To those who found themselves occasionally cast in the role of tutor and were then impelled to make over-simplifications to achieve even nodding comprehension, grateful appreciation is expressed.

2.2.6     As the Privacy Act does not apply to the private sector and the privacy impact of the issues raised in the Terms of Reference exclusively impact on the private sector, I thought it important to consult with both formal privacy protection bodies on the one hand and academics and industry experts on the other to gamer views in an area of uncertainty. I found much commonality. There is broad acceptance of the checks and balances at the Commonwealth level on intrusive investigations by law enforcement and the security service. While some changes to the scope of warranting provisions were seen as likely, these should be accepted by the community if the same level of stringency in the securing, execution and oversight of warrants is maintained.

2.3      Creative Tension or Competition?

2.3.1     Between the key constituencies mentioned above, some degree of tension was to be expected. What also became apparent was the differing philosophical position taken by various elements within each sector. This is illustrated simply by the government sector, where four separate policy departments represent the following discrete purposes:

Across such a spectrum of government interests, the fact of different philosophical approaches is not surprising. What is of concern ,however, is the lack of any coordination mechanism to bring together the disparate policy interests and review bodies. The policy outline with which the Government went to the 1996 federal election, Australia Online, elevates the protection of personal privacy above other considerations and eschews legislative action in the area of encryption. 19 The Review was advised these elements reflect the Minister's current thinking. It is not clear, though, how they and other elements infuse the policy development process throughout government.

2.3.2     Proposals for coordination arrangements are advanced in Chapter 6. The comments raised here are mentioned to understand the somewhat fragmented context in which the Review occurred.

Footnotes:

15 Report of the Review of the Long Term Cost Effectiveness of Telecommunications Interception conducted by Mr Pat Barrett, March 1994, paragraph 5.3.19, p 98. Commonly referred to as the Barrett Report.

16 Ibid, p 99.

17 Ibid, Recommendation 5, p 16. The LEAC was established by the regulating agency, the Australian Telecommunications Authority (AUSTEL).

18 Reports of December 1994, June 1995, December 1995 and June 1996.

19 Australia Online, op cit. See relevant section at Annex B of this report.


CHAPTER 3

THE DIRECTION AND IMPACT OF ENCRYPTION

3.1      The direction

3.1.1      The ability to sketch confidently the direction of encryption would be a very marketable talent in the IT industry. Few are prepared to be expansive in their predictions, but some trends or tendencies have emerged. On one point all seem agreed - when personal computers are sold with standard software packages which offer a pull-down encryption facility, there will be wide use of encryption. There are plenty of encryption systems and applications available commercially and in the public domain. The volume has increased significantly over the past three years but not the variety. Commercial and private interest has principally been in the data storage area, with limited incursion into computer to computer communications. Criminal intelligence from law enforcement agencies overseas indicates the larger narcotics suppliers are using such encrypted links.

3.1.2      Likely developments over the next few years? Cryptography in modems, currently restricted by export restrictions; financial smart-cards with complete encryption which will defy transaction tracking; a continuing trend from encryption software programs to hardware-based systems; and always more speed. In the same period, communications will continue to become faster and cheaper. Relaxation of United States export controls would see systems with quality algorithms and long keys surge on to the market. There is little doubt the combination of these developments will see a major slow-down in the 'reading' capacity of the Sigint community for a period. How long that period may be and how it may be overcome are issues to be discussed in a framework of more sensitivity than the nature of this review permits.

3.1.3      And then there is quantum cryptography. Some argue it is the next wave, others dismiss it as fantasy. Gilles Brassard spoke on the subject at a cryptanalytical conference organised by the Queensland University of Technology in July 1995. He said quantum cryptography harnesses Heisenberg's uncertainty principle from quantum mechanics to allow two parties who have never met and who share no secret information beforehand to communicate in absolute secrecy under the nose of an adversary, regardless of her computing power. This is achieved by the exchange of very tenuous signals that consist on the average of one-tenth of one photon per pulse. Prototypes have been built that work over a distance of ten kilometres of optical fibre. 20 The optimists suggest commercial application is 15-20 years away, the sceptics argue it is light years

3.1.4      The short judgement of likely encryption developments may be summed up in three words which are an unintended parody of the Olympic motto: stronger, faster, cheaper.

3.2      On Law enforcement and national security

3.2.1      There is already considerable evidence of encryption being used in the areas of organised crime, narcotics, pornography, illegal gaming for storing data. Criminal intelligence indicates the larger narcotics syndicates overseas already employ encrypted computer links (e-mail and telnet), but very few communications applications have been detected in Australia.

3.2.2      'Serious' criminal elements are reported to have moved rapidly from analogue to digital mobile systems as soon as GSM became available. 21   Prior to that time, there is considerable anecdotal evidence that analogue telephones were being purchased, used once and discarded as a countering tactic to law enforcement. More recent practice is for criminals to carry a supply of SIM cards which, when changed, alter the characteristics or signature of the telephone. Examples were given to the Review of suspects having 30-40 SIM cards on their person when arrested, the highest figure quoted was 140, and of a firm in Sydney which will post SIM cards on request, providing only a credit card reference is given.

3.2.3      The telephone system is being used by criminal elements to send data from point to point and these exchanges are sometimes encrypted. The Review was given virtually no indication of voice communications being encrypted, though as early as 1991, an Australian company was importing voice encryption for PSTN circuits. 22 Considerable concern about hacking and phreaking was evinced, and evidence to support that concern, including attacks on law enforcement agencies own data bases. While the expected security rules that there should be no PSTN connection with the data bases apply, the reality is back-doors can be engineered by those with intimate knowledge of the systems. These activities are, however, outside the Terms of Reference of this Review.

3.2.4      Australian law enforcement agencies have not experienced difficulty in securing warrants to search and seize the stored data of suspects, but have found increasing difficulty in accessing this material in readable form. They advised no statutory or other power exists to compel people to disclose information against the principle of non self-incrimination. Some possibilities will be discussed later in the report. 23

3.2.5      In a speech in early February, 1996 an American academic, prominent on law and order issues, said:

3.2.6      Such an analysis of the medium-term future could be seen as much advocacy of the American model of key escrow as a depiction of an environment where such a model would offer attraction.

3.2.7      As the assessment is likely to be recycled, because of the weight accorded Dr Denning's views in the encryption debate, it has to be said it reflects either sudden and unreported change in the American scene or an exuberant use of the subjunctive tense. Only eight months earlier, in April 1994, Vice Admiral John M McConnell, Director of the National Security Agency, told the United States Senate's Judiciary Committee's Sub-Committee on Technology and the Law his agency's continuous monitoring of communications worldwide showed little was being encrypted. 25

3.2.8      A speech given by Louis Freeh, Director of the FBI, in late 1995 has been relied on by American conservative advocates to buttress their point of view. 26 He argued encryption should be viewed as a public safety issue, noting the Bureau was 'increasingly' being 'impeded' in its mission, not just in communications but data storage as well. He cited a terrorist case based in the Philippines which involved a plan to blow up a United States airliner as well as a plan to assassinate the Pope, a computer hacker and a child pornographer. There has been no public reference to new cases - surprising if 12 months ago the FBI was being impeded from performing its functions.

3.2.9      Despite an understandable concern at what might be, the indications are that the current United States experience is not significantly different to Australia's - a small proportionate incidence of personal computers and associated digital storage utilising encryption or password protection but the trend line moving upward in only a slight way from a low base. The encryption involved ranging from the relatively unsophisticated through to DES.

3.2.10      National statistics are not available for Australia but partial figures and the impression of those work-in. in the technical areas of law enforcement indicate we remain, fortunately, yet some distance from Denning's vision of Armageddon.

3.3      The Statistical Vacuum

3.3.1      Regrettably, many judgements in a Review such as this must rely on anecdotal evidence. There is no reliable statistical data and the same privation will limit future related inquiries and affect, if not flaw, policy development. There is no requirement on carriers to report the take-up rate of services they market, the shift from one sector to another and the obligations of service providers are unclear. Similarly with suspected computer and communications offences, where reporting is patently uneven and often deliberately avoided.

3.3.2      Consequently, whether addressing the take-up rate of a service, the incidence of hacking or phreaking, or extortion on the threat of disabling computer systems, opinion can only be based on inference, anecdote and intuition. There is no central repository of reliable statistical information, a situation not improved by the reduction, through budgetary constraints in some areas, of the resources available for law enforcement to play a proactive role in this area.

3.3.3      The London Sunday Times articles detailing 'sting' attacks on financial institutions appeared early in this Review process. 27 They prompted a range of observations, albeit mostly anecdotal or hearsay, suggesting such attacks may not be as rare or geographically distant as the Australian community might wish. Law enforcement agencies acknowledged that institutions and corporations do not believe those responsible will be identified, let alone their assets recovered. The experience of the Sumitomo Corporation in Japan early in the Review period was a salutary reminder of the accuracy of this perception. Sumitomo admitted to its shareholders major fraud had taken place but had been stopped. The shareholders and the stock exchange exacted savage retribution for the confession.

3.3.4      The potential loss of public confidence, with the consequent perception of possible inability to meet commercial obligations, is central to financial institutions' reluctance to report major criminal activity. It was apparent to the Review that financial institutions are as restrictive in their internal communication as they are tacitum externally. An independent statutory body, funded by government, with a legislated code of confidentiality covering mandatory reporting to it and its own reporting arrangements to the parliament, operating under oversight of the Auditor-General, and independent of any external influences would be a sensible repository for the statistical data required by government and a source of advice and guidance to the corporate and commercial world. It would be able to undertake analysis of the data received, alert public and private sectors to activity trends and act as an expert witness in court proceedings.

3.3.5      Such a role would fit a body like AUSCERT, were it to be funded by the Commonwealth, placed under a strict regime of confidentiality, vouchsafed by the Auditor-General and guaranteed independence. 28 Its American equivalent is funded by the Department of Defense. The Department of Communications and the Arts commissioned a consultant to look at AUSCERT and the recommendations have now been enacted. The impact of that review on its functions should be able to be evaluated by mid-1997 when the envisaged role for AUSCERT or a similar body should be addressed by the proposed inter-departmental committee on cryptography.

3.4      Policy Uncertainty

3.4.1      While normally unhelpful to meet a question with a question, to address encryption technologies from a public policy point of view one first has to answer a question that is both philosophical and practical. As we develop the Global Information Infrastructure (GII) who should control it? The carriers, service providers, government, the people who use it or some amalgam of a number of these? Put another way, the question asks who should control data in the GII. Without data protection legislation in place, is the carrier prevented from acting at will with the data entrusted to networks. A traditional public policy view would argue government regulation and restraint of processes affecting civil rights and privacy produce more equitable outcomes. When governments fail in that role or, the people, at least in democracies, may proceed to remove those governments. To vest the responsibility with the carriers or service providers, those participating for profit, would expose a novel dilemma for the citizen - how does one 'throw out' a carrier or service provider judged to be abusing one's privacy or civil rights? The answer that one should shift to an alternate presumes availability and suitability, neither of which may be provided. The 'amalgam proposal' envisages governments picking up citizens' concerns, providing a framework of some sort within which carriers and providers would operate and regulate themselves.

3.4.2      At the international level, Australia is playing a significant role in the development of draft guidelines on cryptography, which will complement earlier guidelines on privacy and security of information. These should provide the international framework, to the central tenets of which it is hoped member countries would commit themselves. The process of guideline development has been measured, as the issue of cryptography policy opens for redefinition the citizen's relationship to the state and the role to be accorded governments within that relationship. National experience and expectations are very different and time is required to focus on trans-national principles. That the eye of some has been turned more to international arrangements they would wish to see in place has not helped a process which must work from first principles, formulate national policy on that basis and then move to bilateral and multilateral agreements.

3.4.3      The Australian Government's online industry election statement identified private commerce as the driver of innovation and investment in new online services. It proposed the establishment of an Information Policy Task Force (IPTF) to examine various policy issues and report to the Goveniment. 29 Meantime, many different committees and working groups are tasked with examining aspects of on-line services, electronic commerce, encryption, smart- cards and electronic cash and the daughter of Campbell 30 inquiry will pick up all of these and many more besides. These various bodies embrace, among others, the Attorney-General's Department, the Department of Communication and the Arts, the Department of Defence, the Department of Finance, the Department of Industry, Science and Tourism and a number of agencies. That is not surprising as elements of cryptography touch their functions. What is surprising is the uneven level of representation which some of those review groups attract. A formally established inter-departmental committee (IDC) would seem a more sensible and effective means of policy coordination and development than current arrangements. If established, the appropriate IDC representation would be at Branch Head level.

3.4.4      There is a need for one department to have the clear responsibility for cryptography policy and to coordinate the multi-faceted development of government policies which involve cryptographic applications. It would not seem sensible for the Department of Defence to assume this policy function. One of its portfolio organisations, the Defence Signals Directorate (DSD), is already tasked by government with the collection, production and dissemination of signals intelligence and 'to advise the Government on all matters pertaining to communications security and computer security'. 31 A role not confined solely to situations where national security could be adversely affected but also embracing sensitive official information requiring protection for privacy, financial or other reasons. 32  Defence's framework, however, is inextricably linked with sensitive and classified applications, primarily for its own and diplomatic purposes - instanced by its required alertness to dual use applications and global proliferation of cryptography. This would appear to make Defence a less than obvious choice for the role in question.

3.4.5      The Treasury and the Department of Finance have obvious interests in the whole field of electronic commerce, but cryptography is a discrete element of that issue and not a principal policy interest. The Department of Communications and the Arts has policy responsibility for broadband services, telecommunications and multimedia, but again cryptography stands a little apart from these. The Department of Industry, Science and Tourism approaches the issue from a developmental and export point of view, rather than a policy one. Embracing the interests of law enforcement, security, privacy, commercial law, intellectual property and protective security policy, the Attorney-General's Department may be seen as a preferred option to house the policy responsibility and chair the IDC. There is a need for Ministers urgently to address this issue and for it to be determined.

3.4.6      There would seem little doubt that when the major software manufacturers make available encryption applications, a majority of the world's computer users will access them. That time was not announced when this Review commenced and yet Microsoft presaged such a development in July 1996.

3.4.7      The most obvious implication for governments facing the astonishing pace of development in the communications and information sectors and the easy private availability of strong encryption is the fiscal one: such a proportion of financial transactions and movements may take place via virtual banking arrangements in cyberspace that governments may face progressive revenue starvation. Only slightly behind is the implication for the delicate balance our society has reached between privacy, law enforcement and security interests. Firstly, there is some inherent tension when these issues are conjoined.

Secondly, it is not simply a question of setting an individual's right against society's rights, for we do not face here a static balance. All who live in community accept there has to be some trade-off, but that trade-off is not an unqualified one. There must be limits. It is a flawed approach to assume a small or episodic interest of the state should necessarily predominate over the privacy interests of the individual.

3.4.8      From a privacy point of view, cryptography offers welcome security to the individual (person or corporation) and the opportunity to place data, stored or in transmission, beyond the reach of those who may seek to ascertain their private or commercial affairs. The Government's online election policy supported the availability of strong encryption, the principle of informed consent and the centrality of personal privacy in our society. It recognised not all would use encryption for honest purposes but placed the onus on law enforcement and security agencies to justify any measures which should outweigh the social and economic consequences of the loss of personal privacy and commercial security. 33

3.4.9      The range of situations likely to confront law enforcement and security agencies is as wide as their statutory mandates, but particular focus has to be given to crimes such as kidnapping or other threats of violence directed against VIPs or internationally protected persons, terrorist situations, extortion involving significant threats to public safety and attacks on the institutions of the state.

3.5      Today's Problems for the Investigators

3.5.1      Encrypted stored data and packets of information wrapped in encryption applications before they are sent over the telephone already pose a problem for law enforcement. The power of complex algorithms is available at the click of a computer 'mouse', In short, 56-bit DES is commercially available and will not be decrypted by any law enforcement agency without the key being available. Even a cryptanalytical agency would find the process difficult and slow without the key.

3.5.2      There have been major advances in cryptography in recent years and significant increases in commercial involvement. Cryptanalysis, however, does not necessarily maintain a constant distance behind cryptography. The interval will vary and, without moving into any sensitive detail, it cannot be expected - on budgetary, personnel and capital equipment alone - that cryptanalytical facilities will always be able to 'crack' commercial and public domain forms of encryption.

3.5.3      Law enforcement agencies noted, with some chagrin, it is not the seizure of property which poses difficulty for them. The problem arises from an inability to force disclosure of encryption 'keys' where a person invokes the principle of non self-incrimination. This problem of information being put out of reach of other than specified persons has resource implications for ASIO, where accessing plans for acts of politically motivated violence or terrorist incidents is a central part of that agency's function. It will make both human source and technical targeting a more difficult exercise - and increased difficulty impacts on flexibility, responsiveness and financial outlays.

3.5.4      Law enforcement agencies recognise that to seek a password of those from whom property has been seized may, or will, be taken as an admission the particular encryption application has not or cannot be broken. They also accept many forms of encryption will not be broken or reverse engineered. The selection of which investigations deserve concentration will depend on intelligence and the availability of the requisite IT competence in the relevant agency. The Review was struck by the knowledge and expertise of specialists in the law enforcement agencies and in ASIO, but it was also palpably obvious their numbers are few. Investment in and retention of a corps of such people is an unavoidable choice for the management of those agencies. This is a matter which might, in structured and coordinated fashion, usefully come within the purview of the Inter-Agency Cryptography Forum discussed at paragraph 4.4.8.

3.6      The Imminent Challenge

3.6.1      Little evidence emerges of encrypted voice communications being employed by criminal elements, although ASIO noted foreign intelligence services had long adopted the practice. Great weight was placed by those law enforcement agencies consulted and ASIO on the tactical importance of real-time access to voice and data communications for the conduct of investigations and the collection of evidence. It was said, and examples were advanced to support the contention, that loss of this access would seriously impact on their investigative capability. The unique advantages of interception of communications are passivity, flexibility and the low risk of the endeavour, combined with immediacy of intelligence flow. Denied this tool, agencies would be forced to engage in a wider range of human source activities, for which the preparatory planning stage is quite long, which may entail considerable financial outlays and about which there would be a high degree of operational, bureaucratic and political risk.

3.6.2      It is clear secure encrypted communications are available now to the ordinary citizen with some computer literacy, the motivation to acquire the capability and the wish to communicate securely with like-minded and like- equipped people. Today, 'Smith' could use a commercial symmetric algorithm like IDEA, together with a 56-bit key producing strong cyphertext, to communicate with 'Jones', who, possessing the same algorithm and using a 56-bit key, would decrypt the message. Such a system is fast, a single key performs both the encryption and decryption function and any key number from a randomly generated pool may be used.

3.6.3      The exchange of the symmetrical keys discussed above might be performed with an asymmetrical algorithm using a pair of related but dissimilar keys, one of which is referred to as the private key and the other as the public key. The public key is then exchanged with all other parties with whom one wishes to communicate. Potentially such a key could be notified in a public directory and be accessed by all. To send a message to Jones, Smith uses a two stage process. In the first stage, he encrypts the symmetric key for the IDEA algorithm with Jones' public key (which is publicly available). In the second stage, Smith encrypts his message using IDEA with the symmetric key. Smith then sends the encrypted key and the encrypted message to Jones. On receipt of the two files, Jones performs the two-stage process in reverse. Firstly, she decrypts the symmetric key using her private key (which she alone knows) and uses this symmetric key with the IDEA algorithm to decrypt Smith's message.

3.6.4      Another level of strength is achieved by using separate 'session' keys for every message or series of messages. Automatic teller machines employs session keys which change with every transaction. A random source is used to generate, let us say, a 128-bit key which combined with IDEA produces a session key. That key is used to convert a message into cyphertext. But the key is also combined with RSA to produce an encrypted session key. 34 This is separately and first communicated to Jones and received in the 'start' compartment of the output file of her computer. When Smith sends his cyphertext message to Jones, she can decrypt it by using the specially encrypted session key which is now available to her. Such a system employs both RSA and IDEA and separate sessional keys.

3.6.5      Even if a law enforcement agency was to execute a search warrant against premises where Smith's computer was located and already had a copy of his public key, it would be extremely unlikely to be able to obtain a copy of the session key. Ibis would not be retained in Smith's computer. Unless Smith volunteered to whom communication from his computer was directed or Jones was known to be the addressee of that communication and law enforcement was able to await receipt and decryption, little prospect exists to intercept satisfactorily such communications.

3.6.6      It is perfectly feasible, today, to incorporate all the features of the system outlined here into a 'black box' arrangement which, may be programmed to change the key, say, every 10-15 seconds or more often. Among a group drawn together in common purpose (such as a bunch of criminals or a terrorist cell) it would be relatively simple to have a personal computer function as the central processor, directing and forwarding traffic, incorporating a tamper-free heart to prevent interference by investigative agencies with its functions and a self-destruct feature which would erase all memory if tampering was detected.

3.6.7      Law enforcement and national security agencies assess the ability to trace calls (including call record information), with the assistance of carriers or service providers, to be of crucial importance to the performance of their functions and this capacity will become even more important if the ability to intercept calls should be lost or the content of communications was denied by use of an encryption application. These issues are currently being considered by Sub-Committee B of LEAC, as well as: the legislative authority on which requests for assistance by investigative agencies are based; the appropriate scope of the 'reasonableness' test to be applied (ie is it reasonable to confine the application of special call tracing measures to life-threatening situations); the criteria to be applied when seeking call tracing or call record information and issues of cost.

3.7      Towards Response Strategies

3.7.1      The above examples illustrate what may be done today and which may already be happening. That agencies have not reported wholesale examples is no comfort such practices are not being employed. Where the targets of law enforcement and national security observe strict communication security, the prospect of capturing communications at source or the point of dispatch may be made even more difficult.

3.7.2      The prospect of collecting data at point of receipt is reduced by the availability of services such as anonymous remailing, which can cause a message to bounce around the ether like a ball in a pin-ball machine. In Internet communications, random paths are taken by message packets and there is no guarantee constituent packets of the same message will travel by similar routes. Indeed, directions may be given to diverge the packets and some may be repeated. All that is certain is that they will arrive at their address and arrange themselves into correct order. The random routing of packets will not, of itself, cause a problem where a more conventional attack at, say, an Internet Service Providers' premises is possible. If the packets are encrypted, however, the problem remains.

3.7.3      So should one pray for a miracle? If patience is in short supply, perhaps so. Stephanie Perrin, a Canadian privacy specialist, made two telling points in her address to an OECD conference in Canberra early in 1996. 35 She publicly reaffirmed her faith in encryption technology but expressed concern at the people who may be driving it at any time. Her second point reflected the inherent tension in the public cryptographic debate - the available technology is of a kind and capacity unable to accommodate simultaneously both privacy and public safety needs, so striking a balance is like 'squaring the circle'.

3.7.4      There would appear to be no particular comfort to be gained by investing hope in a cryptanalytical breakthrough, to pole vault law enforcement and national security over the mounting obstacle of public and private cryptography. Such events occur at something like 15 year intervals, which would exclude them as a relevant factor in this Review, and the diversity and scale of the volume likely to be faced would daunt even wishful capacity.

3.7.5      As interception on the network proves progressively difficult and intractable to decryption and capture at the point of receipt is denied because direction and intention are both obscured, areas of encouraging research will require the coordinated resource commitment by the relevant agencies and cooperative dialogue with the IT industry, carriers and service providers. In fields where the level of cooperation bears a direct relationship to the trust felt, it would scarcely be sensible for the Commonwealth, the States and Territories all separately to approach these groups.

3.7.6      No argument for government to take public policy decisions on key management infrastructure, such as the US and UK have done, was put to the Review. In fact, the reverse was argued. There is a risk of marginalisation if actions are perceived as premature or ill-conceived.

Scanning through the measures of those countries whose governments have decided to 'do something' about cryptography, one is drawn to the conclusion that most efforts have already proved nugatory. The flexibility of encryption systems and applications, let alone the greater advantages which hardware based systems will offer, and the pace of technological development, will sideline the remainder.

3.7.7      There are matters of privacy, authentication, warranting provisions and the need to protect law enforcement and national security access and decryption methods which need to be addressed. Some are discussed elsewhere in the report. Others are outside the terms of this Review. The extension of the Privacy Act to the private sector is likely to prove a significant bulwark for personal data protection. Authentication has being addressed by the group brought together by Standards Australia to develop a draft Australian Standard for Public Key Authentication.

3.7.8      The banks, of course, have a long history, at least 15 years, of dealing with keys, of separating the purpose of different keys and of using them. There are Australian Standards for electronic interchanges which address encryption keys, authentication keys and privacy keys. Some interesting conceptual and technical work is being done by Professor Bill Caelli and some of his colleagues on the separation of signing and privacy keys, on notarising the purpose of keys and linking the certification and notarising processes to a form of registration which would permit access by law enforcement and security to the confidentiality key. While it is too early to determine if the proposal is viable from the technical and public acceptance points of view, there seems some basis for encouragement.

3.7.9      It is worth recalling, when expressions of grave anxiety are ventilated over any prospect the state, or its agencies, may be able to access one's signing key (authentication) that people already submit their biometric signature (fingerprints) to the state in certain circumstances. The community accepts that as reasonable. There is no doubt fingerprints are a unique means of identification, as personal as one's handwritten and witnessed signature, as specific as one's digital signature. The state enforces a process of fingerprinting in specific circumstances, it requires considerable numbers of the community to trust the third party with whom those fingerprints are lodged and the community interests itself very little in the terms under which they are held or the access which may be gained. Such a level of trust is given to that third party, the police service, that few believe copies may be made, printed on to latex gloves and one's biometric identity compromised in the commission of a criminal offence. The community appears to trust the integrity of the process and grievance mechanisms such as the Ombudsman's office which stand outside the process, though one suspects the particular sensitivity over possible access to digital signatures derives as much from ignorance and apprehension about the technology as lack of confidence in the integrity of the proposed custody system.

3.7.10      Strong argument was put to the Review, and accepted by many of those especially concerned with privacy, that those who employ encryption in connection with the planning for or execution of major criminal offences should be required to disclose the decryption key when lawful demand was made and failure to do so should incur significant penalty. There is attraction in the analogy between encryption used in the planning for or commission of a criminal offence and the use of a firearm in the commission of a criminal offence. For the use of a deadly weapon in connection with a criminal offence, the state normally seeks to exact a penalty proportionately greater than if the perpetrator had been unarmed. That the use of encryption in connection with a criminal offence be similarly viewed, where the intention to frustrate any lawful investigation would be assumed to be the primary motivation in such circumstances and any claimed preservation of confidentiality considered a secondary motive, is worthy of considerations The legislation and experience of those American states which have legislated in this manner might be instructive. 37

3.7.11      The standard instruments of search, discovery or demand should continue to prove useful for law enforcement agencies and the security service, but they may not always be adequate. Sometimes those served with requests may not be inclined to comply. Where they consider they risk incriminating themselves by doing so is an obvious example. Claims that the key is lost, held by another or simply not known may appear among the range of replies. Faced with non-compliance and the risk that delay may result in the alteration or destruction of data, little recourse is currently available to law enforcement agencies or prosecution authorities save seeking to have the person charged with contempt or the obstruction of justice. These avenues are likely to offer little satisfaction to the pursuit of the investigation. In the case of strong physical methods of storage, the application of effort and technology will normally overcome protective levels or barriers in relatively short order. Faced with unintelligible data, the absence of prospective access to the key through any independent entity, but actual and circumstantial evidence that persuades the encrypted data relates to the commission of serious criminal offence, the community is likely to support a case for forcing a criminal suspect or terrorist from behind the shield of encryption.

3.7.12      The National Crime Authority (NCA) and the Australian Securities Commission (ASC) both have powers requiring persons to answer questions or produce material. In the case of the NCA, the Chairman can, for instance, issue an instrument under the Act's section 28/29 powers provision requiring production of material or information where he/she considers such relates directly to the resolution of an investigation under reference. There would seem to be merit in affording the same power to the Commissioner of the AFP to require the production of the decryption key, information or material which would render intelligible data which has been intercepted or seized and cannot be 'read'.

3.7.13      A process of periodic review, stimulated also by operational circumstance or indications from the courts of actual or potential deficiency, would seem indicated.

Footnotes:

20 Gilles Brassard of Universite de Montreal and the University of Wollongong. 'Quantum Cryptography' from the proceedings of the Cryptography Policy and Algorithms Conference. Queensland University of Technology, 3-5 July 1995, p 59.

21 This view of agencies consulted is supported by a report published by Sub-Committee C of LEAC in August 1996 on The Use of GSM Services by Persons of Interest to Law Enforcement and Intelligence Agencies.

22 PSTN - Public Switched Telecommunications Network

23 Cf. paragraphs 3.7.10-11.

24 Dr Dorothy Denning, Professor of Computer Science, Faculty of Computer Science, Georgetown University, Washington DC, 'The Future of Cryptography' a presentation to the Joint Australian/OECD conference on Security, Privacy and Intellectual Property Protection in the Global Information Infrastructure, Canberra, 7-8 February, 1996

25 Reported in CQ magazine, issue of April 13, 1996, p 987.

26 Louis J Freeh, Director of the FBI, speech given to the International Cryptography Institute, Washington, DC, September 21, 1995. Available on the FBI Home Page.

27 The Sunday Times, London. June 2 and June 9, 1996.

28 The Australian Computer Emergency Response Team (AUSCERT) is an independent Internet security body based at Queensland University. Funded for a time by Telstra, when the latter assumed management control of the Internet from the Australian Vice Chancellors Committee, it survived for a period on the basis of temporary and emergency funding but is now moving (reaching?) to self-sufficiency.

29 Australia Online, op cit, pl0 et seq. See Annex B

30 A commonly used 'colloquial' title of the Financial Systems Inquiry. mentioned because one of its central terms of reference is to examine the impact of the implementation of many of the recommendations of the seminal Campbell committee which looked at deregulation of the financial markets.

31 Defence Signals Directorate, November 1986, Part I.

32 Ibid, Part iv(a) and IV(b).

33 Australia Online, op cit, p 16. Repeated at Annex B of this report.

34 RSA is one of two commonly used proprietary algorithms, the other being Diffie-Hellman. It is named after its designers, Rivest-Shamir-Adleman.

35 Ms Stephanie Perrin, Special Policy Advisor, Technology Impact Assessment, Industry Canada, from an address titled 'A Canadian Perspective' given to the Joint Australian/OECD Conference on Security, Privacy and Intellectual Property Protection in the Global Information Infrastructure, 7-8 February 1996, Canberra.

36 The National Research Council of the US recommended in its study of US cryptography policy at 5.4 'Congress should seriously consider legislation that would impose criminal penalties on the use of encrypted communications in interstate commerce with the intent to commit a federal crime.'

37 The bill introduced into the US Senate by Senator Leahy in March 1996 (and supported by [then] Senator Robert Dole, is cited as the 'Encrypted Communications Privacy Act of 1996'. It contained the following provisions: "s. 2804 Unlawful use of encryption to obstruct justice. Whoever wilfully endeavours by means of encryption to obstruct, impede or prevent the communication of information in furtherance of a felony which may be prosecuted in a court of the United States, to an investigative or law enforcement officer shall - (1) in the case of a first conviction, be sentenced to imprisonment for not more than 5 years, fined under this title, or both, or (2) in the case of a second or subsequent conviction, be sentenced to imprisonment for not more than 10 years, funded under this title or both. The 104th Congress passed in its last days HR 3723, the National Information Infrastructure Protection Act of 1996. A section of the bill entitled "Use of Certain Technology to Facilitate Criminal Conduct' requires presentencing reports to include a statement whether the defendant used encryption which use could result in an 'obstruction of justice' increase in jail time under Federal Sentencing Guidelines.


CHAPTER 4

THE CONSEQUENCES FOR GOVERNMENT

4.1      Law Enforcement

4.1.1      Law enforcement agencies have no doubt the loss of real-time access to the communications of their targets would represent a body-blow to their investigative capacity. The cost-effectiveness of this means of investigation is reported comprehensively in of the Report of the Review of the Long Term Cost Effectiveness of Telecommunications Interception. 38 Agencies reiterated the key role which the interception of voice and data communication continues to play in their investigations, illustrated this by the number of cases brought to prosecution which relied on intercepted communications to a significant degree and the proportion of these where no alternative means of generating critical tactical intelligence was available. The routine use of strong encryption to protect telecommunications would reduce that role to a simple indication that someone was using the service and, perhaps, the person with whom the speaker or sender was communicating. Ways may become available to generate a constant stream of traffic and limit even that conclusion.

4.1.2      Less concern was expressed at the encryption of stored data, though numerous examples have already been encountered where law enforcement agencies were unable to access the data and have had to return it unread. The interval between search and seizure and the need then to produce material in court or incorporate it into a brief of evidence would normally allow sufficient time to decrypt if the encryption application was a soft one or the key/password was available. In other instances, the only solution would be a cryptanalytical one and there is no guarantee such would be forthcoming - assuming the resources were available to try.

4.1.3      The issue of loss of real-time access to intercepted communications is very different from the issue of cost-effectiveness of interception, though there is a relationship. Because of the argued impact which loss of real-time access to voice and data communications would produce in tactical intelligence terms and in the security of evidence, there is need for Ministers and senior officials to have a reliable assessment of the operational, staffing, financial and legislative implications for law enforcement and the protection of national security. On the basis of those elements, an assessment of the risk exposure of agencies and the Commonwealth in attempting to pursue similar law enforcement and national security ends by alternative means should be prepared. The document will clearly be sensitive and I propose it be submitted to the Secretary of the Attorney-General's Department for presentation to the Secretaries Committee on National Security. The submission should be completed by the end of 1997 and be available to the further review of cryptographic policy recommended for that time.

4.2      National Security

4.2.1      ASIO expressed similar views and just as strongly, particularly where they affected investigations of a counter-terrorist, counter-espionage or politically motivated violence kind. It is the flexibility, low risk, relatively low cost, immediacy and guaranteed information stream which commends telecommunications interception to ASIO and to law enforcement agencies. It is not only the substance of a communication between two people, but whom the subject of the interception contacts, if and how the person behaves differently with one from others, the circle of contacts and services revealed, the presence of a person at the premises where a fixed service (telephone or computer) is located is made clear at various intervals, and where more than one service used by the same person is intercepted, further and useful comparisons may be made. All these matters constitute useful tactical intelligence, affecting the implementation or withholding of a range of other investigative actions, the coordination and timing of an investigation and affording the investigator the opportunity both to be forewarned and to monitor reactions once he/she has taken a decisive or recognisable action.

4.2.2      The loss of such a flexible, immediate and low-cost source of information would be likely to have a substantial impact on ASIO's threat assessment capacity. The intelligence requirements generated by this program frequently arise at short notice and often in fields not routinely covered by ASIO or law enforcement. If Australia was to receive information from a cooperating foreign agency of a threat to an overseas visitor or Australian dignitary and the probable source of that threat within Australia, it is unlikely such a matter could be investigated immediately without real-time access to the source's communications.

4.3      The Cost of alternatives

4.3.1      The loss of real-time access to communications would require the AFP the NCA and ASIO (and all State and Territory police services) to rely more heavily on human sources of information, on the use of listening devices, on tracking devices, on video surveillance, and on physical surveillance - all more invasive intrusions on a person's privacy. It takes a long time to recruit, train and position human sources and their flexibility of deployment is limited, As a rule of thumb, the minimum period of time to address the functions of recruitment, some basic training and then targeting a source to access particular information, could not be achieved in less than a period of months. Frequently it takes much longer. The nature of some target areas is such that only a person of a particular type of background, interests, culture and habits will survive the scrutiny of the group or organisation against which the person is targeted. The price of failure can be chillingly brutal. Even when success is achieved, rarely a quick commodity, there are considerable labour, financial and privacy costs. It will be the case for any agency engaged in the covert collection of information from human sources. Where the route to the desired information is by way of a technical computer attack, the financial costs is likely to be high.

4.3.2      Listening devices most often necessitate covert entry to a premises or place, a high-risk exposure for the integrity of the investigation which can never be completely managed and an intrusion into privacy graver than incurred by communications interception. While the prime risk occurs on approach, during entry/installation and leaving the target premises (a risk which rises almost exponentially when the process is repeated), there is the constant risk of technical detection through the use of a commercially available and proliferating range of techniques to identify various forms of listening device. As not all features or characteristics of a listening-device can be masked, one or more may provide sufficient of a recognisable signature to detection equipment that the device may be located - thereby establishing the fact of unwelcome interest and affecting subsequent behaviour and security practice of the target. Once a listening device is installed, its positioning is fixed so that should the target not communicate in its field of capture or only when there is high ambient noise, the result is likely to be without value.

4.3.3      Listening devices offer immediacy only when they are monitored in real-time, a practice not always possible or affordable. There are also far longer processing times involved in evaluating listening device product than something like telephone interception, where the calls are immediately accessible and each is date/timed. Legal authority to deploy tracking devices, whose installation may involve a trespass onto property, remains under consideration so this type of aid long used by overseas law enforcement agencies and security services is not generally available in Australia. Video surveillance of particular premises carries all the attendant risks mentioned in relation to listening devices and video surveillance of public areas raises a number of significant privacy issues. Physical surveillance is an expensive form of coverage to mount, with substantial overheads and a high risk of exposure - and the further risk of contaminating the investigation itself.

4.3.4 From disclosures made in courts and inferences to be reasonably drawn from briefs of evidence and prosecutions, from information in the public domain and on the Internet, criminals, terrorists and foreign intelligence officers know law enforcement agencies are able to decrypt a variety of commercial or 'soft' forms of encryption.

There is an observable pattern of changed encryption behaviour following arrests and even searches of property. Either the power of the encryption being employed is increased or the encryption practice, which may have been flawed because of poor password protection or similar, is enhanced. There is ample guidance material available on the Internet and elsewhere to judge which forms of encryption are secure against law enforcement agencies' efforts.

4.3.5      The listening device provisions in the Australian Federal Police Act 1979, confined as they are to the capture of voice (rather than sounds, signals, images, pictures, etc) limit that service's investigative capability. As computer and communications crimes are not currently categorised as Class 2 offences under the AFP Act, listening devices are not able to be deployed against these classes of activity. The original rationale for the drafting of the listening device provisions and those activity categorisations has been superseded by the changing faces of technology and crime. The lack of any overriding authority between the States, Territories and the Commonwealth in the areas of computing, and communications crime is probably not helpful.

4.3.6      The investigative impact on law enforcement agencies and national security would be substantial if real-time access to the communications of subjects of investigation was to be lost. There would be a consequent budgetary impact as the alternate sources of information are labour-intensive, less flexible, involve long lead-times, incur substantial financial outlays and sometimes produce after-care problems. The effect would, therefore, be on capability.

4.4      Decryption capability for law enforcement and national security?

4.4.1      The encryption of stored data ranges from relatively crude forms incorporated by manufacturers in pocket organisers through to strong forms such as PGP 39. The task facing law enforcement is increasingly a cryptanalytical one, not one of decryption. The Terms of reference of this Review seek at term (f)

4.4.2      The use of the term 'decrypting capability' here is deliberate. If posed in terms of cryptanalysis, the question would be whether the government should entertain establishing another agency to parallel the Defence Signals Directorate (DSD). The cost of such an initiative would approach half a billion dollars. On cost alone, this could not be contemplated. It would be an unreasonable budget outlay not simply because it would be unaffordable in today's economic climate, but also because the likely rate of return on the investment would be too meagre to warrant it. Also, the principal source from which experienced cryptanalytical personnel and technical expertise might be drawn is DSD itself. In a field where technology and methods are very sensitive, it would not be a simple matter to interpolate a quite different function with the attendant risk of disclosure of sensitive information in court proceedings.

4.4.3      Should a greater proportion of DSD's efforts be directed to support the work of law enforcement agencies? There would be sensitivity about such a proposal at the best of times. When Defence spending has been quarantined against the reduction of budget outlays elsewhere in the public sector, a political dimension is added to the issue. It would require the construction of fire- walls and special protocols to ensure security and the issue of evidentiary requirements would always be a vexed one. On its face, it is not a course which obviously commends itself. On the other hand, there will need to be some cryptanalytical capacity in the Commonwealth on which law enforcement or national security may call when the need arises. Need, in these circumstances, will be dictated by the immediacy and gravity of the contextual information. There is no sound basis, as I have indicated, for proposing a second cryptanalytical facility in the Commonwealth. It follows necessarily that whatever cryptanalytical needs law enforcement and national security agencies experience will have to be met from within DSD's capacity.

4.4.4      If the level of demand should become significant, there would be a need to look at the mechanics of cooperative arrangements, turnaround times on requests, charging arrangements and the prioritising and channelling of requests on a national basis. That task should be picked up in the further review recommended for late 1997.

4.4.5      There was strong support from the AFP, some state police forces and ASIO for a separate decryption capability directed primarily to law enforcement purposes. Currently, many law enforcement requests, including a significant number from overseas agencies, are directed to universities and institutes of higher learning which have developed reputations for IT excellence and seminal research. Cases were cited to the Review where European law enforcement agencies have contacted institutes in Australia seeking help. The dilemma they faced was clear - bring cases to court without encrypted information which they believed was critical to their investigation or postpone cases in the hope the encryption may one day be broken. Neither course affords any comfort. Many appeals for decryption assistance explicitly presume the universities will supply this without cost, because of their percentage of public funding in their budgets. Not surprisingly, the universities see it otherwise.

4.4.6      If a decryption facility was to be established, both state and federal agencies consulted thought it should be located in a Commonwealth agency, funded jointly by the Commonwealth and the states, operating on a cost recovery basis, and function under the technical aegis of DSD and the specialist IT components of the law enforcement agencies. The Review was not persuaded, however, such a facility would achieve more than the individual agencies are now managing. Unless a key was obtained from the owner of the data or the manufacturer agreed to provide critical information, there is little prospect that other than very basic or crude forms of encryption would be decrypted. Certainly commercially available strong encryption will defy such an approach and will likely resist cryptanalytical attack.

4.4.7      No distinct or quantifiable benefit would seem to flow from developing an independent decryption facility for law enforcement. The better tactic would be to enhance the computer crime and technical investigation areas of the various agencies, to have a small budget slice reserved for training and minor capital expenditure and to ensure the separate efforts of agencies are coordinated so the sum produces enhanced capability. These are essentially matters for agency management. Of them, the critical factors are the technical or computer competence of the people and effective coordination across agency lines. The Review sensed impressive capability existed among computer crime specialists, but the number of investigators dedicated to this area is small both in actual terms and in proportion to the whole field of criminal investigation. The view was also gained that there has been little migration of expertise and operating familiarity to the larger body of criminal investigators. If the AFP, NCA and ASIO are to achieve requisite investigative and analytical capability in a field growing much faster than the pattern of staff or capital investment by those agencies in the past 3-5 years, the respective managements will need to accord these objectives a greater call on available resources.

4.4.8      There would be value in formalising periodic exchanges between DSD, ASIO, AFP and NCA at a senior technical level, so that information may be shared in a 'closed' forum, sterile areas of exploration avoided, attack techniques discussed and some measure of cooperative research agreed. This sort of inter-agency forum would provide an opportunity to review the arrangements by which requests for cooperation may be channelled from State and Territory police forces to DSD. Because of their compliance functions and their close investigative and functional roles, both the ACS and AUSTRAC would sensibly be included. The national and trans-national nature of criminal and security issues and the considerable challenge which wide-spread encryption will pose to law enforcement and national security agencies strongly suggests a State or Territory police force representative should be coopted to the forum. The manner of selection or rotation is something which could be left respectively to the forum itself and the Police Commissioners' conference, though a suggestion is offered at 6.3.2.

4.4.9      I mention such a forum should be 'closed' because information of great sensitivity would inevitably be discussed.

That means specific clearances would need to be given by Heads of Agency and Police Commissioners, a procedure for the State Police Commissioners to do this now exists, and the full range of indoctrination protocols applied. The purpose is not to prevent any derived knowledge from ever being gainfully used but to ensure conditions attaching to compartmented knowledge are observed, security is protected and inhibitions about the level of candour which might apply largely removed.

4.4.10      Because they relate to the forum's effectiveness, the issues of who should chair it and to whom it should report might briefly be canvassed here. DSD possesses the cryptanalytical expertise. The AFP possesses the operational management expertise, the experience of progressing cases from investigation to prosecution, of supporting prosecutions and has an appreciation of counter-terrorist requirements through its involvement in the National Anti- Terrorist Plan and its participation in various standing committees. ASIO works closely with DSD, and also with the AFP. It does not have executive powers and only occasionally becomes involved, as a party, to litigation. Like DSD, it has an overwhelming need to protect its targeting, sources and methods. The NCA shares the operational imperatives of the AFP and ASIO, but works to a narrower investigative last. All agencies have a need to preserve their covert collection and investigative capability. On this analysis, I consider ASIO should be the initial chair of the inter-agency cryptographic forum and the situation should be reviewed after 18 months. That interval should ensure judgement is made on the basis of solid work, not simply issues of establishment.

4.4.11      To whom should such a body report? Because of the importance and the sensitivity of the matters to be addressed by the forum and the need for Ministers to be kept informed, the appropriate authority would seem to be the Secretaries Committee on National Security and then to Cabinet. 1 gave consideration to the Heads of Commonwealth Law Enforcement Agencies (HOCOLEA) but the national security interest takes the matter beyond the remit of that body.

4.4.12      Knowledge of cyphertext which cannot be decrypted is more valuable information to a criminal, terrorist or foreign intelligence officer than knowledge of systems and applications which can be decrypted. DSD may feel understandably vulnerable in entering such an arrangement where such judgements are likely to emerge or be required. The current degree of feeling and suspicion seems born of ignorance or matters not stated rather than from any adverse experience. A more positive approach by both sides should assist to break down those barriers.

4.4.13      At paragraph 3.5.4, it was concluded areas of expertise in computer crime investigations will likely determine the priority with which certain criminal investigations are initiated and a particular challenge for agency managements will be to maintain and develop the number of staff with the requisite skills. The inter-agency forum could play a useful role in coordinating capital investment and personnel development plans for this area in the member agencies.

4.4.14      The need for law enforcement and national security to initiate a dialogue with the IT industry, carriers and service providers was mentioned at paragraph 3.7.5. Such a task would logically be undertaken by forum representatives.

4.4.15      It may be that some memoranda of understanding would be required to protect technology transferred between agencies and sensitive operational methods against disclosure in court proceedings or discovery processes. If indicated, such devices should reinforce the special compartment in which this information is located.

4.5      Public Key Infrastructures

4.5.1      The reactions of foreign governments to the availability of stronger forms of encryption has varied. Some require import licenses. Russia, India, France, China and Israel are among those and Russia and France require those who wish to use encryption to obtain state licences. The Belgians discovered they had passed a law in December 1994 which might prohibit the use of unescrowed encryption. At the time it went unnoticed as part of a larger law. The law adds a condition under which telecommunications equipment may be seized, namely in case of end equipment which renders interception ineffective. It has not been enforced as the Belgian Institute for Posts and Telecommunications remains unclear of its consequences. 40 The example is cited as a salutary warning of the fate which may befall premature policy initiatives.

4.5.2      The efficacy of legislative measures to limit or control importation, let alone the political and public policy wisdom of pursuing them when the Internet offers a range of encryption applications, seems doubtful in the extreme.

4.5.3      Export controls on cryptography and cryptographic products have long been in place in Australia. They interlock with controls imposed by a number of countries, principal among them the United Kingdom, Germany, France and the United States - generally thought to produce more than 70% of the world's software. Contemporaneous with calls for government not to interfere with the availability of cryptography for the privacy protection of citizens have been calls for export controls to be ameliorated.

4.5.4      The lack of enthusiasm with which American commentators greeted the series of United States government proposals, culminating in the formal Administration statements on 11 July 1996, to establish a key management infrastructure, under which the needs of quality assurance, integrity, data retrieval and public safety would be accommodated, broadly reflects the reaction of those consulted by this Review. 41 Few felt key escrow arrangements could be argued as secure and less considered government ever acting as an escrow agent to be appropriate.

4.5.5      The American proposal for a commercial encryption policy is based on a global key management infrastructure that supports digital signatures and confidentiality. Independent entities, key escrow agencies, would verify digital signatures and also hold spare keys to confidential data. Those keys could only be obtained by persons or businesses that have lost the key to their own encrypted data, or by law enforcement officials acting under proper authority.

4.5.6      Pressure created by the United States' computer industry and users eventually caused three Bills dealing with cryptography to come before the US Senate, two of which propose the abolition of export controls. The Republican candidate for the Presidency, Mr Robert Dole, was a co-sponsor of one of the bills. The Commerce Committee of the Senate scheduled a vote on one measure for September 12, 1996, but this was delayed because of other business. With the conclusion of the final session of the 104th Congress before the November elections, the measure will have to be revived by the returned Administration and the next Congress. The White House was originally expected to introduce its own legislation around mid-September, offering special arrangements for industry segments such as finance, health care and insurance. In turn, those sectors were expected to support government key escrow systems, which would have the effect of making them mandatory. 42 The July 1996 United States Administration statement foreshadowing the liberalisation of export controls for certain commercial encryption products seemed, also, an attempt to dispel Clipper suspicions. 43 The terms and conditions attaching to that forecast liberalisation of export controls were eventually set out in the Vice-President's statement of 1 October 1996. 44

4.5.7      While performance standards and key recovery, alone with some relaxation of export controls are noted as the main features of the July 1996 American proposal, there was no attempt to hide the principal drivers - on the one hand, the requirements of national security and law enforcement; on the other, the export interests of the United States.

Ignored are four detracting considerations: the first is the added vulnerability which escrowing requirements introduce; the second is the increased risk of repudiation as the escrow agency could impersonate an individual; the third is that those to whom the proposal is directed (organised crime, terrorists, foreign intelligence services) may not use such a service; and the fourth is the likelihood criminals who wish to appear to be engaging in normal commerce may encrypt their data with another encryption application before wrapping it with the escrowed key. 45   United States commentators, but not they alone, are concerned government access to authentication keys could result in the fabrication of evidence and significant complication for the administration of justice. US Government sources are reported to say informally there was and is no intention to see authentication keys escrowed and the point was not made explicit because it was regarded as self-evident. It seems extraordinary that so unnecessary a hostage should have been risked. 46

4.5.8 The United Kingdom government has taken a similar path. On the 11 June 1996, a policy paper was issued publicly. 47 This announced the adoption of licensed and regulated Trusted Third Party (TTP) services as the core of its arrangements. 48 Without giving a binding commitment, it noted licensing might be predicated on an examination of applicants' fiduciary responsibility, competence to provide services in this sector and commitment to modern management principles! The purpose of the licensing policy is to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of encryption keys under warrant. The UK Government announced legislative proposals would be brought forward after further consultation on detailed policy elements.

4.5.9      The British paper did not distinguish between authentication and confidentiality keys, though the Royal Holloway proposal on which it is founded did, and foresees some relaxation of export controls. For a time it offered the advantage over the early Clipper schemes of an offer of key back-up for data retrieval purposes, but the July 1996 American key management infrastructure proposal also included that element.

4.5.10      At its essence, the TTP proposal provides users with key management services and law enforcement agencies with warranted access to a particular user's communications. Like the American proposal, the scheme would be voluntary but creates new points of vulnerability where the keys of participants may be attacked. The cost would be borne by the individual.

4.5.11      Trusted third party encryption is much more problematical in relation to telecommunications than for stored data. It is difficult to imagine trusted third party encryption becoming the norm unless governments put substantial sanctions in place. For those to be meaningful will require close coordination and global agreements to cover a global market. The importance of the efforts by the Australian government and OECD partners to reach an acceptable draft of cryptography guidelines is underlined here as global agreements will only be secured on the basis of internationally accepted principles.

4.5.12      The French government has adopted a mandatory third party scheme which will result in some relaxation of the earlier ban on cryptography. Like the others, it does not distinguish between authentication and confidentiality keys. One is tempted to say it poses the same problem for criminal prosecutions but the French approach to these matters necessitates more specialist information than is available to this Review. The government, of course, picks up lawful access to the key under the scheme.

4.5.13      While a number of governments have taken legislative or regulatory action, more seem to have been monitoring developments and turning their minds to data protection and privacy legislation. Within the European Union and the OECD, significant effort is being devoted to international draft principles covering the use of cryptography, for which a target date of February 1997 has been set. The OECD is considering undertaking a review of the 1980 privacy guidelines and intends to review the 1992 IT security guidelines next year. Some work on intellectual property requirements remains outstanding.

4.5.14      In Australia, a group representing government, industry and users produced several iterations of a public key authentication framework (PKAF) proposal. 49 This scheme would be voluntary, not subject to government licence and would deal only with authentication. The PKAF function is that of a certifying authority, not a trusted third party or escrow agency. Keys would have to be generated in accordance with the scheme to ensure integrity and security, no key would be retained by PKAF and no government access to the scheme is proposed. The proposal was developed under the aegis of Standards Australia and conforms to both management and technical standards. Its adoption will require amendment to the Evidence Act or the Acts Interpretation Act to provide for a digital signature to have the same force and effect as a hand-written signature.

4.5.15      It is unclear how the Australian market will develop, though electronic commerce and the trans-national nature of so many commercial operations suggest the lead of major trading partners will likely be followed. For the moment, the PKAF project appears to have lost some momentum and the expected launch of products by potential service providers have been delayed. There will almost certainly be a public requirement for agencies which provide third party, data recovery and, possibly, key generation facilities. Some form of registration of these service providers, as in the telecommunications field, would seems sensible to ensure public confidence and operating integrity and would be helpful to law enforcement agencies and the protection of national security. It would be in the national interest, given the community's future reliance on the integrity of digital signatures, for the bona-fides of these providers to be vetted as a condition of registration. The framework for that registration process should be put in place promptly.

4.5.16      The United Kingdom intends to bring forward legislative proposals to address the licensing of trusted third parties. 50 The statement issued by United States Vice-President AI Gore on 1 October 1996, addressing the liberalisation of export controls, advised these would be conditional upon industry commitments to build and market future products that support key recovery. 51 The proposal 'presumes' trusted parties will be designated by users, but does not address or exclude the issue of licensing. The statement makes clear that law enforcement access, under proper authority, would only be to the user's confidentiality key. A condition of registration, which might carry benefits such as inclusion in public directories and approval for products/services to be used in government and financial sector dealings, could be that keys would be made available to the AFP, NCA or ASIO on production of a lawful instrument.

4.6      International Agreements

4.6.1      There may be some requirement for the Australian Government, for electronic commerce or similar purpose, to put in place systems which interlink with the American, the British or some other proposal which wins sufficient global support. 52 This will depend, in part, on the specific features of the arrangements implemented by those governments and their interoperability with the requirements for a Public Key Authentication Framework outlined in the Miscellaneous Publication released by Standards Australia in November 1996. The British Government paper of 11 June 1996 spoke of the need for common architectural framework in different countries to support the provision of integrity and confidentiality and saw encryption algorithms on the International Standards Organisation register as a sensible benchmark. Agreement on international, and therefore interoperable, standards is a core objective of the OECD group developing guidelines on cryptography.

4.6.2      Until broad agreement on standards and architecture is secured, it would seem premature to enter any bilateral negotiations, though clearly substantive discussions on the issues must proceed.

4.6.3      The review encountered significant scepticism about mandated key escrow or TTP systems. The national sovereignty of the agencies providing these services could not be guaranteed, with consequent implications for the national interest. There is the strong likelihood that these agencies would become the major targets of foreign intelligence services. When an agency owner provides a key, under lawful authority, to a law enforcement agency questions of integrity about that key would arise. The PKAF proposal outlines a precise set of obligations and actions where a private key is known or suspected to be compromised. Certainly the key has to be replaced, the certificate containing the associated public key revoked and the fact notified promptly on a Certificate Revocation List. Where a key is surrendered to a law enforcement authority in response to a search warrant, the question arises how the compromised nature of the key would be advised to the owner and what liability may be carried by the law enforcement agency or the service provider? While separation of the authentication key pair from the confidentiality key pair would go a long way to reduce this problem, the need for clear policy definition is clear. An early and clear statement from government that it has decided the issues of authentication and confidentiality are to be separated would be of significant benefit.

4.6.4      Law enforcement agencies and ASIO will need to address the reciprocal arrangements for the acquisition of keys which they would seek of others and will be sought of them. The sensible course would be to cover such exchanges by memoranda of understanding, after normal agency and Ministerial processes of approval.

4.7      Third Party Systems

4.7.1      If there is a single lesson to emerge from the ill-fated 'Clipper' debate in the United States, it is that attempts by government to mandate any cryptographic technology solution or the use of government escrow or recovery agents are doomed to failure. Whether and how private citizens or corporations choose to recover data or protect themselves against a shut-out is for them alone to decide. It is interesting to note a recent IT industry paper builds a proposal around a key recovery system rather than an escrow System. 53  No user key would be held by the key recovery agency or agencies. The algorithm/s employed would be publicly available, there would be no limit on key lengths and the self-escrowing of keys would be permitted. On production of a court order or warrant, and with the presentation of some intercepted traffic between the party in question and another, the key recovery agency would be able to reconstitute the message without recovering the key. While this proposal may meet data retrieval requirements, it is likely to lack evidential value for a prosecution.

4.7.2      The proposal overcomes many of the deficiencies of the escrow system, but two seem to linger: the first is the vulnerability which attaches to the operation of the key recovery agencies. The system's developers envisage a number of large agencies in a variety of countries, with users deliberately spreading some of their data vulnerability off-shore. They then ask the question could agencies in a variety of countries be equally susceptible to inducement whether from a drug cartel or a particular government. The second residual problem is the extent to which 'serious' criminals will avail themselves of such a system without suspecting they are buying a Trojan horse. There is ample evidence law-breakers continue to use means of communication when they believe them possibly to be compromised and this tendency is advanced by some to argue that criminals will not take extraordinary measures to secure their data. IT industry representatives, the AFP, the NCA, ASIO and state police forces consulted all considered encryption would routinely be employed when it was generally available, simple to use and effective. Those conditions will imminently be met.

4.7.3      The Review formed the opinion that some form of third party system would commend itself as the best option for government and a sales pitch based on data recovery and public safety would be more likely to gain community acceptance than one founded on law and order, or even less, for essential tax collection purposes! No person consulted disputed the need for the state to be able to move quickly when confronted with kidnapping, the threat of terrorism or the abuse of children. At a level of principle, that consensus, wrapped in the delivery of a useful service such as data retrieval, offers the best 'hearts and minds' approach. The appeal of each of the three 'Clipper' versions was based on the needs of law enforcement and national security - those appeals were greeted with some cynicism. This is not to say that high-flown principle does not carry some weight but third party service providers will be in business to make a profit.

4.7.4      The assumption that encryption users would require some form of third party system rested hitherto on the premise that software based methods would be employed to generate encryption materials. While the software approach still predominates, a shift towards primarily hardware based solutions is starting to revise thinking. The need for emergency data recovery, date/time stamping and non-repudiation facilities is certain to be felt and that means trusted third parties will have a place. As a passing comment, use of the Internet seems to have increased the community's level of data security consciousness. The realisation that using the Internet in open mode to buy tickets for a function on a particular date may be to risk advertising one's house may be empty on that evening would be disquieting!

4.7.5      While the American and British proposals both envisage law enforcement and national security agencies serving legal instruments on TTPs or escrow agencies and obtaining the specified keys, the confidentiality of such arrangements is not guaranteed and the integrity of investigations is sometimes put at risk. Problems of leakage of information from telecommunications carriers and companies providing pager services to the subjects of law enforcement investigations are currently experienced in Australia and may be expected to continue. The post 1 July 1997 deregulated climate is unlikely to temper this pattern.

4.7.6      Users of TTPs, escrow arrangements or key recovery agencies will need to ask themselves to what extent those service providers should be trusted. The British Government has formally proposed a licensing system and a Federal Bureau of Investigation/Department of Justice proposal outlined the US Administration's views of the characteristics it considered should attach to the service provided and those providing the services. Licensing systems, or their equivalents, do not guarantee ownership of such agencies will remain in the national interest, nor that those involved would remain immune to inducements or coercion, but they do provide a measure of public confidence. In that fabled New World Order of which public commentators are wont to speak, key recovery agencies, escrow agencies and TTPs will become major intelligence targets for all countries with a capability to match their desire. It will be possible for the risk factor to be reduced, where users have the wit and resources to spread it across jurisdictions and different control interests, to have some objective testing of the 'trust quotient' of service providers, but not finally to eliminate it.

4.7.7      How then to address the question of trust? Users cannot be expected to presume the bona fades of those providing third party services and the integrity of commercial and personal transactions will rest on that of the service providers. This dictates, in view of the potential for corruption in this industry sector, a form of screening and registration will be essential. The procedures used in several States and Territories to assess potential casino operators would be a useful initial model for the integrity checking process. In view of the pace at which technology has been developing and the cost and consequences of leaving the process of regulation too late, it would be prudent for government to indicate early its intention to apply a system of registration and take the administrative steps to implement it.

4.8      The Internet

4.8.1      Cryptography today can scarcely be discussed or viewed outside the context of the Internet. Designed originally by the United States Department of Defense to be a centre-less anarchic system and then taken over by the academic community, it continues to defy attempts to regulate it. In the course of the 1996 US presidential election campaign, President Clinton promised to build a new network. It was not clear if this would be a second Internet, if it was intended to incorporate some form of central control or key nodes or the extent of its relationship with the existing Internet. What is clear is the problem will remain as long as the current net exists and many will defend its right to longevity.

4.8.2      In such a fluid context, to mandate processes is a questionable course as it will not automatically direct or prevent the conduct to which they are directed. Professor Dennis Longley observed, 'the Internet can always refigure itself around restrictions or regulations'. 54 There have already been knee-jerk reactions in various parts of the world to developments on the Internet but reasonably clear indication that few, if any, of those proposals will work and the dangers they are intended to avert or contain may sometimes have been over- stated.

4.8.3      The anarchic nature of the Internet may have conditioned the United States Administration's approach to cryptography policy. As recently as 25 July, FBI Director Louis Freeh said if the current 'voluntary' policy failed, he would seek mandatory domestic controls on cryptography, while conceding these too may not work - they were simply the logical progression of his thinking. 55 If one had to pick a single characteristic which epitomised public policy, pragmatism would beat logic every time. Dorothy Denning, a staunch advocate of the American 'law and order position', argued in a web debate that an encrypted Global Information Infrastructure is without precedent in world history. That is right , and so is the GII itself. The public discussion needs to offer more than the prospect of losing one's encryption keys and/or facing the depredations of organised crime and terrorism before general support for government arranged key management infrastructure wills be elicited. It is a question of balance.

4.8.4      There are powerful benefits to be reaped by our citizens and our community from the ready availability of encryption in terms of privacy, commerce, the range of on-line services which might be accessed from home, inquiries which may be initiated discreetly, payments made and a range of others. There remain, for law enforcement agencies, concerns about the legally unclear (in terms of the TI Act) role of Internet service providers, jurisdictional confusion as to service of warrants, uncertainty about the telecommunications market in Australia after 1 July 1997, the potential for people to use satellite telephones which transmit and receive directly from satellites located over South-east Asia and other matters. LEAC, supported by an annual telecommunications interception conference, should provide the avenue for meeting these concerns or feeding them into other established channels.

Footnotes:

38 See Attachment 6 of the Barrett Report.

39 PGP - Pretty Good Privacy - a strong encryption package that utilises RSA, designed by Paul Zimmerman and published on the Internet. The US Government charged Zimmerman with breaching export controls but dropped the suit after more than two years when it could not establish if Zimmerman placed PGP on a server or someone stole it.

40 Crypto Law Survey, Version 4.2, July l996, available http://cwis.kub.nl/~frw/people/koops/lawsurvy.htm

41 The first of two statements released by the White House on 12 July 1996, titled Administration Statement on Commercial Encryption Policy July 12 1996, is shown at Annex C of this report. The second statement issued on the same date was titled US Cryptography Policy: Why We Are Taking the Current Approach.

42 EPIC Alert, Vol. 3.16, September 12, 1996, item 4. p 4. (http://www.epic.org/)

43 The first use of key escrow, dubbed Clipper. was in 1993. Clipper was a hardware chip that allowed digital telephone users to make secure calls but also allowed the government. under lawful authority, to intercept calls.

44 The full text of the Vice-President's statement is shown at Annex F of this report.

45 The only way of finding out if Smith or Jones is using double encryption (with a non-escrowed key) would be by decrypting their files/communications with their escrowed keys and observing the decrypted data is still unintelligible. Warrants would have to be obtained to verify people are playing by the rules or else their privacy would be violated.

46 Annex F, which contains the statement issued by US Vice-President Al Gore on 1 October 1996, states that access to confidentiality keys alone will be sought/authorised.

47 Paper on Regulatory Intent Concerning Use of Encryption on Public Networks, issued by the Department of Trade and Industry, 11 June 1996. This paper is repeated at Annex D.

48 A solution first advanced by the Royal Holloway group of the University of London.

49 A draft Australian Standard on Strategies for the Implementation of a Public Key Authentication Framework in Australia was issued for comment by Standards Australia on 1 April 1996 and was released as a Miscellaneous Publication (MP75) on 5 November 1996.

50 See Annex D

51 Statement of the Vice-President, AI Gore, released by the White House on 1 October 1996. Copy attached at Annex F.

52 cf conclusion at 1.1.19 of this report.

53 The Need for a Global Cryptographic Policy Framework - An IBM Position Paper, August 1996.

54 Professor Dennis Longley, Director Information Security Research Centre, Queensland University of Technology, in a presentation to the Joint Australian/OECD conference on Security Privacy and Intellectual Property Protection in the Global Information Infrastructure, 7-8 February 1996, Canberra.

55 Louis J Freeh, Director of the FBI, testimony before the Commerce Committee of the Senate of the United States Congress. 25 July 1996, quoted in Epic Alert, Volume 3.14 of August 1, 1996.


CHAPTER 5

STRIKING A BALANCE

5.1      A Matter of Proportion

5.1.1      There is a broad split among the advanced industrialised countries of the world between those where governments have taken policy initiatives concerning cryptography and those who have simply watched developments. Even at this stage, it is an instructive question to ask whether the latter have suffered any disadvantage from a law enforcement, national security or privacy point of view. The answer seems to be an emphatic negative.

5.1.2      The moral authority of government is easily exhausted in treating such a public policy issue and more quickly if this is done in less than candid and even-handed fashion. As this report noted at its commencement, the issues touch on the central relationship between the individual and the state and there is need to ensure government is not substituted for state in that context. To attempt to play a modern-day Canute, as those who seek to ban unrestricted access to the Internet and restrict imports of encryption materials have done, is simply futile in an age of seamless communication and electronic marketplaces. Those like the United States and Great Britain who have urged so strongly their preferred positions on the international stage, eventually announcing them in the middle of 1996 as official policy, appear to have viewed the issue as primarily a security and law enforcement issue and secondarily a privacy issue. The British Government, curiously, stated early in its paper that the policy had been decided on after detailed discussion between Government departments, adding in the final paragraph that formal consultation will be undertaken prior to the introduction of legislative proposals. 56

5.1.3      In the United States, the Department of Justice and the FBI early moved into the van and never retired from that position. Whatever may have been their original intention, the impression given is they have sought to dominate public discussion of the issue. The British Government showed a little more finesse in its campaign strategy with the Department of Trade and Industry formally picking up the torch.

5.1.4      The consequence of these 'transparent' efforts by the law enforcement and security communities in those countries, supported by some academics and advocates who have argued the cause of data retrieval or sketched images of unbridled terrorism and organised crime, is the sizeable suspicion that the key management proposals are intended primarily to benefit their sponsors. Privacy advocates and guardians, electronic commerce, offices of budget and management within government, the IT industry itself have not been as effective in their advocacy though, arguably, they have more at stake.

5.1.5      Strong support for the broad policy position taken by the present Australian Government, and its predecessor, was evident through the Review consultations. In view of the continuous rate of change, technology development and changing cost structures, there is much to be said for watching developments. None argued prescription, much less the mandating of requirements, was a useful approach. And while one or two might see cryptography as a rare opportunity to cock a snook at the state, there was general recognition that as a community we must address the looming problem in the law enforcement and national security areas. What can we do?

5.1.6      It would be sensible now to generate a more informed and broader discussion of the situation in the Australian community. Those consulted almost universally presumed the outcome of this Review would be used as a trigger in that process. While the tax evaders and black economy participants may rub their hands in glee at the comfort encryption may afford them, the majority are likely to treat the matter seriously, recognising the loss of the law enforcement function across a range of fields such as narcotics and counter- terrorism and further restriction of the funds available for public works, community services and health care will affect the type of society we enjoy and hope to leave to our children. In today's context, any ideal outcome based on a key management system advocated elsewhere or an amalgam of various systems could too easily be circumvented by organised crime or terrorists with reasonable capability and the intention to shield their plans from the investigative agencies of the state. As such systems are primarily intended to meet the needs of public safety, it would be futile to impose requirements which are costly and/or which have a harmful privacy impact but which fail to address their fundamental purpose.

5.1.7      The approach of this Review is to strike a balance: to ensure the extant powers of law enforcement and national security agencies to access and intercept are relevant, to recommend a modest increase to those investigative powers, to afford some greater protection to their high risk activities and to acknowledge the benefit which encryption will bring to people and corporations in securing their data. The Commonwealth Privacy Act 1988 remains the only information privacy law in Australia with legally binding rules. 57 This statute implemented Australia's commitment to take the 1980 OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data into account in domestic legislation. 58 The Government has stated its intention of extending the application of the Privacy Act, which regulates Commonwealth government agencies and all users of consumer credit information and tax file numbers, to the private sector. 59 There would be much sense in avoiding, particularly during the period until legislation is introduced into the parliament, a perception that the privacy of the whole community was to be constrained to address a small sector need. This would leave the government better placed to act or intervene legislatively, if that should later be required.

5.1.8      As at October 1996, no 'magic' solution to this problem was in prospect. There is yet a short time available. The impact of encryption on the totality of law enforcement and national security interests in Australia remains fairly negligible, though the problem is only as far away as tomorrow. What should be done in the interval? Government should continue to monitor the situation and study the experience of others, as the practices eventually adopted by major players such as the European Union, the United States and the OECD will have trans-national impact. There are some practical steps both to strengthen and maintain the investigative capability of law enforcement and national security which should be undertaken and some greater protection given to the covert operational methods of law enforcement and national security agencies. These are discussed in more detail in Chapter 6.

5.1.9      The Privacy Commissioner, the New South Wales Anti- Discrimination Board and various lawyers and academics with a strong interest in privacy issues were concerned there should be no diminution of the stringent program of oversight and accountability where intrusive powers were exercised. 60 I concur entirely with that attitude. A view seemed to emerge that the Commonwealth's oversight and accountability arrangements were more effective than those of the States. The Review found general support for the approach of increasing, to some small degree, the warranted intrusive powers directed against persons the subject of serious investigations, rather than imposing a penalty on the whole community by attempting, in vain fashion, to limit or control the use of encryption.

5.1.10 Some consideration was given to the idea that the department vested with the driving and coordination function on cryptography policy might ensure Ministers were kept abreast of developments overseas and the changing situation and requirements for Australia. On reflection, it was felt this function would more effectively be discharged by a further review, on terms similar to this one. There is need for that degree of detachment in the conduct of a review so that all views may be garnered and synthesised into policy options. This is more readily extended to a reviewer than an official with daily responsibility for elements of the policy. A time of late 1997 would allow for the passage of 12 months since this review, a significant period of technological development, some experience of a deregulated telecommunications market and any impact on law enforcement and national security, the preparation by the AFP of the proposed submission on the impact of the loss of real-time access to voice and data communications 61, the conclusion of the OECD drafting exercise and legislative proposals being brought forward in Britain and the United States.

5.2      Export Controls

5.2.1      The Review was invited to examine the effectiveness of Australia's export controls on encryption technology. How this issue might be addressed depends very much on the interest being espoused. As the Review moved among its primary catchment area, parties representing privacy, law enforcement or national security interests, it was apparent no uniform judgement could be made. Few who spoke to the Review thought the issue of Australia's export controls could be divorced from the export controls of the United States. That the United States was but one of a number of signatory countries, first to COCOM and more recently to the Wassenaar agreement, seems generally to be ignored. Its super-power status and position as the principal global software manufacturer prompt an identification of those agreements with the national interest of the United States

5.2.2      The Australian government effects controls on the export of defence and related goods through the Customs Act 1901, the Customs (prohibited Exports) Regulations and, the guidelines Australian Controls on tile Export of Defence and related Goods - Guidelines for Exporters. issued in March 1994 and the Australian Controls on the Export of Technology With Civil and Military Applications - A Guide for Exporters and Importers issued in November 1994. The controls specify a range of cryptography products, such as cryptographic equipment, software controlling the function of cryptographic equipment, computers performing such functions, mechanical bits and pieces used in these processes and applications software for such purposes.

5.2.3      The context of the controls make it clear the government encourages the export of defence and related goods where these do not conflict with the national interest or Australia's external obligations. The Strategic Trade Policy and Operations Section of the Department of Defence considers export applications and makes recommendations on them. It also works closely with manufacturers, where possible, to advise on products and applications eligible for export.

5.2.4      From the vantage point of the Defence Department, and the Review's terms of reference require particular regard be paid to national security and defence interests, the principal defensive goal of export controls is the prevention of the proliferation of 'strong' encryption. Various commentators thought Australia's export controls may have had some effect in this regard though they suspected American export controls have much the greater impact. A claimed by-product or secondary benefit is that export controls may have aided the Australian cryptographic industry, enabling it to export and market more competitively in the region. This claim, couched in the subjunctive tense, was disputed by many but does not bear on the primary defensive goal of export controls.

5.2.5      From a strategic perspective of the IT industry in Australia, changes to United States export controls, certainly changes of the order advocated in the Republican bills before the Congress, were considered deleterious by sections of industry. This view was based on the premise that all strategic decisions of the industry have been predicated on the expectation that export controls, Australian and American, would not significantly vary. The more controlled relaxation of export controls announced by the United States Vice-President on 1 October 1996 mark a departure from that planning base but are less extreme than some have advocated. 62

5.2.6      There were, however, more particular indications of a negative side to export controls. Software and hardware manufacture is dominated by the United States, so business, IT or otherwise, has to ensure product compatibility when buying products. It was said, almost uniformly, Australian products tended to be more expensive (from small amounts to some thousands of dollars), less convenient (US software applications may be purchased in thousands of shops but hunting is often required to find the Australian equivalent) and problems of compatibility frequently arise with systems geared to American products and applications. Major banks have the capacity to step around this problem and purchase off-shore.

5.2.7      When particular judgements were offered about the impact of United States export controls, the point was always made that the United States was one of a considerable number of countries linked first under COCOM and more recently under the Wassenaar agreement and should not, therefore, be viewed as acting alone. This was uniformly countered with the view that the United States position as a military and economic super-power, combined with its dominant position in the software production market, gave it the critical voice in any grouping to which it belonged or sponsored.

It has to be said the continuing validity of export controls as a defensive strategy is open to question when import controls do not exist in most countries, where firms in countries covered by multi-lateral agreements on the proliferation of cryptography are able to circumvent United States' or Australia's export controls and buy the software of their choice in Asia or Europe and when easy access to the Internet is available to all.

5.2.8      Some irritation was expressed with the export licence system. Certainly, there was appreciation that 'continuing licences' had been introduced by DSD, enabling manufacturers to export to foreign countries or specified companies for a 12 month period, without reference back to the Directorate.

5.2.9      It is a truism to note that research and development take time. A strong view was put to the Review by the IT industry that incentives to undertake R&D in Australia are diminishing and likely to continue to do so. Even without the pressure which a relaxation of US export controls would cause, a migration of both technology and the research and development effort from Australia is likely. Any amelioration of the export control regime would likely hasten that trend.

5.2.10      A common banking industry view was that while Australian encryption products were always available, they did not always meet business needs. American products normally offered functionality, but their availability was frequently uncertain. End user licensing is seen as a problem for banks as the purpose is often wider than the commercial transaction and any part- escrowing of keys would render the system insecure. Consequently, banks are sometimes forced to rewrite software or undertake substantial work to link or cause to interface two separate products. Because some of these couplings are 'unnatural', the expected productivity benefits are reduced.

5.2.11      One consequence of the abolition of US export controls or substantial contraction of them is likely to be an outbreak of a condition which might be termed 'key length envy' - the assumption that by simply lengthening the key a greater degree of security is obtained. Of itself this contention is simplistic. What matters is the key space, or the pool from which keys are drawn, the soundness of the operating system and the operator's procedures. Providing the algorithm is sound, the operating standards are high and functionality is not adversely affected, a longer key will offer more security than a shorter one. Key length estimates are normally geared to what is required in 20 years' time and that is considered adequate protection against concerted efforts to discover them. There is a general wariness in some business circles of the enormous amount of idle time which exists for the computing power of large-scale corporations and the purposes to which that power might be put, but that, as they say, is another story.

Footnotes:

56 Paper on Regulatory Intent Concerning Use of Encryption on Public Networks, issued by the Department of Trade and Industry. London. 11 June 1996, paragraph 2 and paragraph 16. See Annex D.

57 Nigel Waters, 'Street Surveillance and Privacy" in Privacy Law & Policy Reporter, Vol 3, No 3, June 1996, p 49.

58 The OECD Guidelines are attached as Annex E to this report.

59 A discussion paper to this effect was issued by the Attorney-General in September 1996.

60 While these views have been made clear in publications and writings, they were repeated to the Review during discussions in Sydney on 10-11 July 19%.

61 See finding 1.2.19.

62 The United states Vice President's statement on encryption is set out in Annex F


CHAPTER 6

COORDINATING PROCESSES AND INVESTIGATIVE CAPABILITY

6.1      Policy Primacy and Coordination

6.1.1      Many departments and agencies have an interest in cryptography policy. Some of the range was outlined in Chapter 1. The issue of policy primacy now needs to be established so Ministers and departments are aware of whom with which they need to consult when policy issues overlapping the cryptographic area surface and so one Minister and department is viewing the issue of cryptography policy from a holistic point of view. There is fair indication that neither of these functions is currently being performed. Inside and outside the bureaucracy there is some bemusement that no department has or is even claiming ownership of this policy area. That diffidence, should it be that, can only confuse. Because of the pervasive impact of cryptography policy issues on every sphere of activity, not least the way commerce and government will engage in business, the matter should be taken to Cabinet promptly for a decision on policy ownership.

6.1.2      It has become self-evident that decisions taken in the areas of IT industry development, export schemes, broadband communication policy, intellectual property, criminal justice or law enforcement. each bear on policy issues associated with encryption, so it is only sensible that one Minister and one Department coordinate those issues while several may have responsibility for particular areas. The mystification within government and in the private sector at the apparent lack of policy coordination is accentuated by the plethora of committees, working groups and other forms of review looking at policy issues which embrace or impact upon cryptography policy issues. Clearly the questions of policy primacy and coordination go together and, when settled, need to be advised widely.

6.1.3      Which department should have the policy responsibility is an issue for decision by Ministers. Some of the issues are mentioned at paragraphs 3.4.3-5.

6.1.4      The option of the Attorney-General's Department was suggested in light of its interaction with the IT industry, academics, its organising role in the joint Australian Government/OECD conference on Security Privacy and Intellectual Property Protection in the Global Information Infrastructure in February 1996 and its continuing function as chair of the Ad Hoc Group of Experts tasked with developing draft Guidelines on Cryptography and leader of the Australian delegation, as well as its protective security policy, law and legal policy interests. As an alternative, Cabinet may decide to give it to a sub- committee of Ministers, but the chair of that sub-committee would likely be decided on the same basis as a single responsible Minister - congruence with portfolio interests, best positioned to represent the whole of government interests and subject to counterbalancing pressures which would likely produce balance and perspective.

6.2      Maintaining Investigative Capability

6.2.1      Technology continues to develop at an astonishing rate, rendering inadequate or anachronistic the scope of statutes whose original purpose may be yet clear but whose specification of the means by which ends are achieved has rendered them nugatory. The clearest example of this are the listening device provisions in the AFP Act which specify the purpose to be for carrying voice transmissions. This degree of specificity about means in the statute precludes their use to transmit video or other images, or electronic signals. There is a need to amend the provisions and, just as clearly, to ensure all these forms of intrusive investigation are couched solely in terms of purpose or objective, not the means by which those purposes may be realised. This is important to take account of the constant changes in technology and the political sensitivity which always surrounds the introduction to and amendment of such measures by the parliament.

6.2.2      The steadily growing level of dependence of business on computer and information technology has seen, not surprisingly, a proliferation of computer and communications crime. That trend is only likely to become more pronounced. The AFP needs to be able to deploy whatever it judges from a propriety and operational point of view to be the appropriate means. It is unable currently to use listening devices against these categories of crime because of their classification. It seems clear the criteria of Class 2 offences in section 12(B) of the AFP Act should be widened to enable it to do so.

6.2.3      That increasing reliance on computers for communication, file storage, word processing and publishing, among other uses, affects the subjects of investigation of the AFP, the NCA and ASIO as much as the rest of the community. Computers may be used to prepare for the commission of Commonwealth offences and assist in the commission of those offences. While investigative agencies may be unable to introduce human sources, listening devices or conduct searches because of the standard of protective security observed, the limited time available or the risk of destroying the integrity of the investigation, it may be open to them, if the authority existed, to defeat the access controls on the target's computer and enter the system.

The capacity to 'hack', under a Justice of the Peace or Magistrate's warrant, would harmonise the search provision of the Crimes Act 1914 to today's standard form of storage.

6.2.4      Some anomaly is perceived in the different way obligations are levied on telecommunications carriers and service providers. The class licensing system of service providers has not worked as well as might have been hoped. Dealing with the specific interest of this Review, it has proved ineffective in dealing with those service providers whose activities frustrate law enforcement or the preservation of national security. A system of enrolment as provided in s.225 of the Telecommunications Act 1991 has been canvassed by LEAC. It was hoped the services to be specified as subject to this requirement would include the supply of switched services, reselling capacity on leased lines to the public, reselling airtime on mobile networks, supply of voice mail and electronic mail services where those services include the provision of infrastructure, supply of paging services and the operation of private networks with more than 5,000 lines or which provide links between more than five distinct places, and providers of Internet services. The two major drivers of concern for law enforcement and national security are access to customer information and the kinds of services which could potentially be legally intercepted. The Department of Communications and the Arts (DOCA) has opined that a general requirement for registration of service providers would destroy the integrity of the class licensing system and it fears further obligations placed on service providers, whether through a system of enrolment or Ministerial direction, could deter some from entering or remaining in the industry.

6.2.5      There is broad support for a form of registration/enrolment from AUSTEL, the service providers themselves and the law enforcement and national security agencies. The delicate policy question with which DOCA, in particular, has to grapple is that actions not be taken which may prove inconsistent with the deregulated environment after 1 July 1997. This is a strong public interest argument here - but so, too, is the public interest in the maintenance of law and order and the protection of national security. Some form of registration or enrolment seems justified.

6.2.6      There has been a need for clear legislative authority for tracking devices (beacons) for some years. Proposals for draft legislation have, been considered but never advanced to the stage of a bill being listed.

The absence of this investigative tool is a privation for the AFP, the NCA and ASIO. It has proved its effectiveness in Britain, the United States and Canada. It has obvious application in counter-terrorist situations, in narcotics investigations and in cases of kidnapping of dignitaries. There is a need quickly to revive this legislative proposal on which bipartisan support would likely exist.

6.2.7      The Crimes Act 1914 contains no explicit provision for a covert search to be undertaken by any constable. It simply speaks of entry being made 'at any time', with necessary assistance or force as required. It is understood the execution of a search warrant was intended to be a transparent process so the owner or occupier might check the details on the warrant, confirm they were a correct description of his/her property and then monitor the search and seizure to ensure compliance with the terms of the warrant. No doubt the powerful place which property occupies in the common law had something to do with this approach. It is possible, presumably, for the police to delay execution of a search warrant until no person is present. That may not offend the terms of a warrant in a literal sense but it does frustrate the extant intention of the statute. The issue is raised as occasions will occur when a search of premises may well enable an investigation to be focussed more sharply, the privacy of others to be protected from unnecessary intrusion, a prosecution to be achieved and resources to be saved and directed to other priority tasks.

6.2.8      The ASIO Act provides for the issue of search warrants which may be executed covertly. 63 Such a provision recognises the value of a search as an investigative tool, rather than simply a means of publicly announcing the fact, and likely the conclusion, of the investigation. It also obviates the dilemma which those who execute a Crimes Act search warrant in covert fashion may face. That situation should be avoided. The Parliament has recognised the need for such a covert capability in relation to ASIO, there are strong grounds to extend that capability to law enforcement.

6.2.9      Tracking devices cater for locating or following the platform on which they are mounted. To investigate the offences enumerated in 6.2.6, the capacity to trace communications and identify the location of their source is just as, if not more, critical. There is extant authority for carriers, service providers and AFP, NCA or ASIO to cooperate in this regard. A problem would arise were carriers to confine the test of reasonable cooperation to life-threatening situations. This would seriously restrict the use of what would otherwise be a tool of immediate application, enabling the direction or diversion of resources. With the deregulation of the telecommunications market from 1 July 1997, this situation may well become more fraught. There is an issue of costs and the AFP and ASIO should carry a reasonable proportion for out-of-hours access to the service, but the, service needs to be available. The prospect of a growing incidence of encrypted communications will only increase the importance of this facility. LEAC, with its own reporting arrangements, would seem the most appropriate forum through which a new cooperative agreement might be negotiated.

6.2.10.      The opportunity may present itself to the AFP, NCA or ASIO to alter software located in premises used by subjects of intensive investigation or destined to be located in those premises. The software (or more rarely the hardware) may relate to communication, data storage, encoding, encryption or publishing devices. While some modifications may have the effect of creating a listening device which may be remotely monitored by means of the telecommunications service, for which purposes extant warranting provisions would provide, others may create an intelligent memory, a permanent set of commands not specified in the program written by the manufacturer or a remote switching device with a capacity to issue commands at request. The cooperation of manufacturers or suppliers may sometimes be obtained by agencies. When manufacturers or suppliers are satisfied the modification has no discernible effect on function, they may consent to assist or acquiesce in its installation. It will not always be possible, however, to approach manufacturers or suppliers or the latter may be in no position to consent to modification of proprietary software. When agencies are investigating a high priority target, practising effective personal and physical security, moving premises and changing telephone/fax regularly, an opportunity to access the target's computer equipment may represent not only the sole avenue but potentially the most productive.

6.2.11      Agency technical officers may be urged to effect such modification with the support, on the issues of personal and agency risk, of their management, senior officials of other departments and agencies and even Ministers. Such approval processes and support may not, however, address the liability implications of proceeding without the consent of manufacturer, supplier or owner. In the event of an equipment or software malfunction or failure to perform to full specification, an investigation of a complaint could lead to discovery of the modification. The issue of liability of the Commonwealth may then potentially arise. While agencies would not, presumably, employ techniques readily discoverable by physical or electronic search or which may interfere with functionality in any discernible way, in other words all reasonable means not to interfere in the contractual relationship between manufacturer/supplier and customer would be taken, the possibility of compromise cannot be excluded. Provision to limit the liability of the Commonwealth in these circumstances is a necessary protection for the officers and agencies engaged in this high risk area of technical collection.

6.2.12      Where sensitive operational sources, targeting or methods are likely to be disclosed in judicial proceedings, the Commonwealth commonly mounts a claim of public interest immunity (PII), arguing disclosure would adversely affect the operational capability of the agency concerned, render it ineffective in the performance of functions given it by the parliament, possibly place the lives or well-being of agency employees at risk or face the compromise of investigations employing similar means. It has been the experience of the AFP, NCA and ASIO in argument and cross-examination in support of applications for PII, that some information for which protection was sought under the aegis of those applications has, in fact, been disclosed. Indeed, it is not unknown for a judgement upholding a PII claim to be released, without restriction, when it contained information led in support of the application but intended to be protected bv the grant of that application.

6.2.13      Some more effective protection of sensitive operational sources and methods against disclosure is dictated or the risk must be faced either that prosecutions will not be pursued or the investigative capability of agencies will be progressively eroded. The advent of widespread use of strong encryption by the subjects of investigation of the AFP, NCA or ASIO will necessitate a range of high-risk, inventive and often costly investigative methods by those agencies to acquire keys or passwords and overcome that protection. Disclosure of the methods which may prove effective would quickly disadvantage those agencies and become common knowledge among criminals and terrorists. Protection of this narrow but critical edge might be afforded by incorporating a statutory protection in the acts of the various agencies.

6.2.14      A useful conceptual model is to be found in the ASIO Act. Part VA of the ASIO Act deals with the Parliamentary Joint Committee (PJC) on ASIO. After setting out the functions of the Committee, it proceeds to list what they do not include. Among them:

To that limitation on the function of the PJC is added the power of the Minister to issue a certificate advising a witness not to give or continue to give evidence or not produce a requested document for reasons relevant to security. Notwithstanding those two levels of protection, the legislature decided nothing should be left to chance when the Committee comes to report to the Parliament. It prescribed the Committee shall not disclose:

The statute then proceeds to enjoin the Committee to obtain the advice of the Minister whether the disclosure of any part of its report would meet the above or another criterion. 66

6.2.15      The model seems apposite as the restrictions intended to preserve effectiveness in the performance of function occur later in the same statute where the Parliament has given a range of intrusive investigative powers, subject to the application of the Director-General and the approval of the Attorney-General.

6.2.16      The need for a more reliable protection in judicial proceedings was asserted by all agencies. The particular need in the context of cryptography is to protect as long as possible any successful means devised by the AFP, the NCA or ASIO to obtain passwords or keys to encrypted data. This is not to suggest the validity of search warrants where data is seized should not be open to challenge, the provenance of seized electronic data should not be thoroughly scrutinised or the relationship between the key/password produced by the prosecution and the data seized under warrant should not be contested before the courts. The AFP, NCA and ASIO need to be able to produce a key which converts the data into intelligible form without being required to establish how the key came into their possession. To disclose those steps, unlike the audited evidentiary trail of the material seized, would be to erode the agency's capacity to conduct similar future investigations.

6.2.17      Invocation in judicial proceedings of such a statutory protection against disclosure of sensitive operational methods should properly be accompanied by a certificate from the head of the agency attesting to the nexus between that matter and the capability of the service to perform its functions and offset by a privacy oversight mechanism similar to one discussed later in this chapter.

6.2.18      As encryption has the potential to render intercepted communications unintelligible, it is critically important that the capability to intercept is provided with the delivery to the market-place of new telecommunications services. LEAC exercises a valuable role in bringing carriers together with law enforcement and ASIO to decide if that capability will be required. No less important is the licence provision requiring carriers to secure the approval of the Minister for the Communication and the Arts, who must consult with the Attorney-General, before approving the marketing of a service not susceptible to interception. It is understood a suggestion for consideration in the review of the Telecommunications Act is that this delegation might be exercised by the Minister without reference to the Attorney-General. Such an approach would risk failing to take account of law enforcement and national security requirements, which are located in the Attorney's portfolio. The experience with GSM should prove an effective deterrent to any inclined to move in this direction.

6.2.19      In summing up this section, there is a need to remedy some obvious deficiencies, to provide for new ways of doing old things and to preserve some existing capacities. The following list, which addresses concerns of Commonwealth agencies only, is not exhaustive, but illustrates the issues to be addressed.

6.2.20      Australian Federal Police Act 1979

6.2.21      Telecommunications Act

6.2.22     Crimes Act 1914 6.2.23      Clearly all proposals made in relation to the AFP (and the NCA) apply equally to ASIO, both for its security intelligence investigation purposes and its collection of foreign intelligence in Australia using its Special Powers.

6.2.24      The establishment of a statutory protection for investigating agencies from disclosure of sensitive information bearing on operational capability may exclude certain of those activities from the scrutiny of the courts or an oversight body charged with monitoring privacy protection. It is important that the privacy rights and civil liberties of persons the subject of investigations are preserved and seen to be preserved. There is, therefore, a need to put some special arrangement in place which will accommodate this need. A suggestion is made in the following paragraphs.

6.2.25      The task may be assigned to an Ombudsman, Inspector-General of Intelligence and Security or similar independent person experienced in the conduct and handling protocols of sensitive matters. The Inspector-General of Intelligence and Security has this function in his remit as far as ASIO is concerned. The IGIS Act prescribes the Inspector-General will act for the Human Rights and Equal Opportunity Commission in respect of the intelligence community. 67 As far as Commonwealth law enforcement agencies are concerned, I had been thinking in terms of the Ombudsman, but the function might be given to the proposed National Integrity and Investigations Commission.

6.2.26      This official concerned would be required to:

6.2.27      This outline is neither suggested as complete nor prescriptive, but merely an example of an attempt to walk a middle course at risk of some offence to both sides, yet offering a reasonable compromise.

6.2.28      There is obviously a functional overlap between the AFP and NCA and the police services of the States and Territories. The offences attracting the major investigative focus of those agencies are no respecters of borders, whether national or international. In a report where I urge new areas and forms of cooperation between the Commonwealth and the States and Territories, address a challenge which will tax the limited operational flexibility of those agencies either separately or acting in concert, and where there must be universal acknowledgement that involuntary or inadvertent disclosure of effective tradecraft by one will affect all adversely, the strongest call has to be made for parallel or complementary legislation between the Commonwealth, the States and Territories.

6.3      Coordination of Operational Capability

6.3.1      A modest but encouraging initiative was taken by DSD in the past year to bring together agencies facing common problems in the technical collection of intelligence, to provide a forum for frank exchange and to ensure coherence and the avoidance of duplication in the research and developmental work being undertaken by a number of agencies. This grouping did not involve any law enforcement agency representation. As the Review has not recommended the establishment of a separate decryption facility for law enforcement and in light of the reduction in Government outlays, there is an even greater need to ensure law enforcement agencies are included in this sort of forum and exchange, as they are likely to experience most acutely the problem.

6.3.2      This report has earlier (paragraphs 4.4.8-12) suggested the establishment of an inter-agency forum which would bring together the Commonwealth law enforcement agencies (AFP and NCA) ASIO and DSD, compliance agencies such as ACS and AUSTRAC and a coopted representative of a State or Territory police service. As the National Police Research Unit is involved in research on the impact of cryptography, it may be appropriate for an officer working on the project to represent the State and Territory police services.

6.3.3      It would seem sensible to coordinate work on profitable areas of technical attack among and between the investigative agencies, DSD and the Defence Science and Technology Organisation (DSTO). Again the forum would be able to provide the requisite level of coordination.

6.3.4      The relationship of these agencies with AUSTRAC may well prove crucial once encryption becomes more pervasive. Major subjects of investigation, whether they be narcotics suppliers or distributors, pornography distributors, money-launderers or terrorists, rely and will continue to rely on the banking system to provide value to their transactions. The 'money trail', provided by credit and smart-cards, not to ignore fly-buys, may well provide a continuously available hand-rail in a darkening investigative world.

6.3.5      This report has earlier noted the resources dedicated to the investigation of computer crime among law enforcement and national security agencies are impressive but seem very meagre. 68 There can be no doubt increasing demands will be made on these units. There is, in such specialist and technical areas a critical staffing and capital investment mass below which staff development and capability enhancement cannot be achieved or sustained. With agencies, some staffing and budgetary protection will be required if these purposes are to be met and failure through atrophy avoided. There would be merit in the proposed inter-agency forum on cryptography preparing, for the respective agency managements, a staffing, development and investment plan for the next 5 years. The aim of coordinating this through the forum would be to ensure its coherence, resource maximisation and the complementarity of its parts. The reason for proposing a 5 year time frame rather than the customary triennial basis is due simply to the pace at which the technology and circumstances change. In a field in which prediction of the operating context in 3 years time is hazardous, extension of the horizon to 5 years might lessen the risk of an inadvertent obstacle being placed in an agency's path by corporate decisions.

6.4      A New Legislative Approach?

6.4.1      The term normally used by the OECD to cover law enforcement, counter-terrorist and counter-espionage interests is 'public safety'. It is a useful and simple description of a class of interests which concern the community, with which the state must be concerned and which various agencies must investigate. The means employed to investigate the kidnapping of a distinguished visitor or internationally protected person, a threat to blow up an aircraft if demands are not met or money paid, a terrorist threat against Australian citizens or institutions or a major importation of narcotics are essentially the same. Putting aside the variety of overt means which may be employed, the covert ones may include various combinations of physical, audio and visual surveillance, the search of premises and possible seizure of items, the interception of various forms of telecommunications and possibly of the mail. They may include thermal imaging, call tracing, tracking devices, GPS, or even satellite imagery.

6.4.2      The powers which involve an intrusion into a person's privacy are located in various statutes administered by several federal Ministers. It has long been the case that amendment of the investigative sections of these statutes has been approached with considerable diffidence. Not because of lack of belief in the merit and necessity of particular amendments but rather because an excess of hyperbole appears to characterise these public discussions and often prevents reasoned explanation and ready acceptance by the community and carries, therefore, the risk of negative electoral impact. Sometimes that tendency has been positively encouraged with Orwellian titles to statutes like the 'Electronic Surveillance Act'. Criticism by a court or oversight body of the manner or circumstances in which some intrusive investigatory power was exercised appears to increase the degree of difficulty with which amendments to the relevant statutes are approached. It seems axiomatic in the Australian community that there is not and will never be a convenient time to introduce necessary amendments to the investigatory powers of these agencies. They are generally introduced in isolated fashion and often have to be argued defensively.

6.4.3      The chancing nature of crime, the proliferation of security threats with a capacity for violence, the extraordinary burgeoning of technology, all make regular review and amendment of the investigative capability of law enforcement and national security agencies a necessity. The increasing number of dignitaries invited by the Government to visit the country who face the risk of violence, the rising incidence of attacks against the institutions of the state and the imminent arranging of a major world event such as the 2000 Olympic Games suggest a different conceptual approach might prove rewarding.

6.4.4      All the intrusive investigative powers have to do with the preservation of 'public safety' in the broad definition given earlier. The approach suggested is to incorporate all these powers into one statute which would provide in its title an easily understood purpose, quite separate from any agency. It might, for instance, be titled the 'Aid to Public Safety Act'. Such a title would be precise in terms of objective, reassuring in terms of community expectation and positive in its statement. The various investigatory powers should be couched in purpose or objective terms. The specification of the means by which any particular purpose may be realised should be eschewed. For example, the problems created by the current definition of a listening device in the AFP Act when the purpose should simply be stated as being for 'the transmission of data'.

6.4.5      The ready availability of strong data encryption and increasing difficulty associated with interception, likely to be exacerbated in a deregulated environment, threatens both the availability and viability of traditional investigative methods. This will place, for instance, much greater emphasis on tracing, intercepting and data logging of calls through multi-carrier and multi- national networks and the local authority to enable these measures. The suggested statute would be able to make clear the common purpose and inter- relationship of the various investigative powers. Oversight or review mechanism procedures could be collocated in the statute or cross-referenced.

6.4.6      In presentational terms, explanatory memoranda and second reading speeches could be situated against a clearly drawn public safety backdrop - threats of kidnapping,, of violence directed against institutions of the state, of bombing of public buildings, of terrorism directed against aircraft, of explosive devices in public places. There are, regrettably, examples in any six month period and the Atlanta Games proved yet a-ain the drawing power which major events retain for the violent and the deranged. A schedule might indicate to which departments and agencies the statute applied and then specify particular provisions by part, section, paragraph or sub-paragraph.

6.4.7      It is not suggested such an approach would overcome all problems which have been experienced, but once enacted the process of review and amendment should be greatly facilitated. Under administrative arrangements Ministers are responsible for specified statues and it may not be possible or desirable to bring all intrusive investigative powers into the one Act. It would, however, make much sense for the law enforcement and national security related powers which are located in the Attorney-General's portfolio to be so combined.

6.4.8      Together with the benefit of adopting this new conceptual arrangement for the aggregation of intrusive investigative powers, there is a case for simplifying the warranting process. Currently, separate warrants exist for the interception of telecommunications, of mail, for the installation of listening devices, for search. In section 6.2 of this report, additional investigative activities are recommended for inclusion in the warranting system: the authority to search electronically computer systems whether from proximate or remote locations; to undertake covert searches; to alter proprietary software; and to conduct tracing and install tracking devices. All these activities by law enforcement and national security agencies may be seen to involve one of two forms of intrusion into the privacy or civil liberties of persons: the interception of communications or the entry into property. There would be administrative efficiency, clarifying benefit in the description of purpose and ease of oversight in reducing the multiple types of warrant to these two types.

6.4.9      As a discussion paper was issued in early September 1996 by the Attorney-General on the extension of the Privacy Act to the public sector and strong elements of preservation of privacy and individual liberty exist in the public safety purpose of those various investigatory powers, it may be sensible to couple the matters for legislative consideration. The security and protection demands associated with staging the 2000 Olympics in Sydney were always going to be a heavy burden. They have not been lightened by the loss of the TWA flight from New York to Paris just before the Atlanta Games nor the bomb which exploded in Centennial Park at the Games site. It is already evident from media commentary and public discussion that the community regards the provision of effective security arrangements not only as a national obligation but also a matter of national honour, reflecting the distinctive nature and values of our society. This backdrop should assist acceptance of such an approach.

Footnotes:

63 Australian Security intelligence Organization Act 1979, s. 25 (3) 'A warrant...may, if the Minister thinks fit, provide that entry may he made, or that containers may be opened, without permission first sought or demand made and authorize measures that the Minister is satisfied are necessary for that purpose.'

64 Australian Security Intelligence Organization Act 1979. s.92C (4)(c).

65 ASIO Act, s. 92N(I)(b).

66 ibid, s.92N(2).

67 Inspector-General of Intelligence and Security Act 1986, s.8 (1)(a)(v)

68 cf. paragraphs 3.5.4 and 4.4.7


ANNEX A

TERMS OF REFERENCE

The Review is to examine whether legislative or other action should be taken to safeguard national security and law enforcement interests in the light of the rapid development of the global information infrastructure and the continuing need to safeguard individual privacy.

2.     The objective of the review will be to present options for encryption policies and legislation which adequately address national security, law enforcement and privacy needs while taking account of policy options being developed to address commercial needs.

3.    Key factors to be addressed include:

4.     The review is to have regard to the Government's existing encryption policies, the work of the OECD Committee of Experts on Security, Privacy and Intellectual Property Protection in the global information infastructure on the development of international crypography guidelines and the work of the Information Policy Task Force on the implementation of open encryption standards which address commercial needs.


ANNEX B

Extract from AUSTRALIA ONLINE,
statement on media issues
published by the Coalition Parties
prior to the 1996 federal election.

Personal Privacy and Commercial Security

New information technology has the capacity to generate a torrent of information on the preferences, lifestyles and financial details of all Australians.

Labor's consistent neglect of the issue of personal privacy is shown in its attempted introduction of the Australia Care, its consistent advocacy of large- scale "dataveillance" of citizens, and its creeping expansion of the use of the tax file number in stark contrast to Mr Keating's own solemn assurances to the Parliament. To quote a recent senior Labor Minister, "privacy is a bourgeois right, related to the concept of private property".

Such an ethos makes a mockery of Labor's "commitment" to genuine information privacy safeguards. In contrast, the Coalition regards personal privacy as a cherished right in a free society.

Whilst the implementation of the principle of informed consent provides citizens with some defence, widespread trading of information and the power of new technology to collate previously unrelated pieces of information will enable the construction of highly revealing profiles on individuals. Often this can be done without individuals knowing that these profiles even exist.

The Coalition accepts that organisations have the right to certain information about their clients, provided this information is used for the purpose for which it is originally offered. However, the Coalition is opposed to such information being used for purposes for which it was not intended, unless the consent of the individual is obtained.

With the development of extensive electronic commerce networks, this issue has a commercial security dimension as well. Encryption technology is essential to electronic commerce. Transactions will not be initiated unless people are confident that personal and financial information is protected from unauthorised interception. Heavy-handed attempts to ban strong encryption techniques will compromise commercial security, discouraging online service industries (particularly in the financial sector) from adopting Australia as a domicile. This would result in a substantial economic loss to the country.

An inquiry into the extent of information gathering in the public and private sectors, current administrative and regulatory regimes for protection of privacy, and the need for reform will be launched by the Coalition.

This inquiry will present arguments and options to a Coalition Government on privacy policies which will strike a balance between the legitimate interests of public and commercial organisations on the one hand, and the legitimate rights of individuals on the other.

The IPTF will also be required to present options for the implementation of open encryption standards which address commercial needs. The recently released European Union Privacy Directive, which regulates trans-national data flows, has made it imperative that Australia's privacy legislation is updated before our access to overseas information resources is curtailed.

The results of these inquiries will provide input to the deliberations of the Online Government Council on the issues of privacy. In particular, the merits of a national Privacy Code of Practice, binding both public and private sectors will be considered by the Council.

The requirements of security agencies to monitor network traffic are a particularly difficult problem. The rights of private individuals to encrypt messages and commercial transactions have been the subject of heated debate in the United States. ]be Coalition, with its strong pro-privacy bias, takes the view that the onus is on security agencies to demonstrate that the benefits of mandating "crackable" codes (as has been attempted in the USA with the "Clipper" chip technology) outweigh the social and economic consequences of the loss of personal privacy and commercial security that this would entail.

[extract of pages 15.1-16.2. Emphasis
shown as in original statement.]


ANNEX C

ADMINISTRATION STATEMENT ON COMMERCIAL ENCRYPTION POLICY

July 12, 1996

The Clinton Administration is proposing a framework that will encourage the use of strong encryption in commerce and private communications while protecting the public safety and national security. It would be developed by industry and will be available for both domestic and international use.

The framework will permit U.S. industry to take advantage of advances in technology pioneered in this country, and to compete effectively in the rapidly changing international marketplace of communications, computer networks, and software. Retaining U.S. industry's leadership in the global information technology market is of longstanding importance to the Clinton Administration.

The framework will ensure that everyone who communicates or stores information electronically can protect his or her privacy from prying eyes and ears as well as against theft of, or tampering with, their data. The framework is voluntary; any American will remain free to use any encryption system domestically.

The framework is based on a global key management infrastructure that supports digital signatures and confidentiality. Trusted private sector parties will verify digital signatures and also will hold spare keys to confidential data. Those keys could be obtained only by persons or entities that have lost the key to their own encrypted data, or by law enforcement officials acting under proper authority. It represents a flexible approach to expanding the use of strong encryption in the private sector.

This framework will encourage commerce both here and abroad. It is similar to the approach other countries are taking, and will permit nations to establish an internationally inter-operable key management infrastructure with rules for access appropriate to each country's needs and consistent with law enforcement agreements. Administration officials are currently working with other nations to develop the framework for that infrastructure.

In the expectation of industry action to develop this framework internationally, and recognizing that this development will take time, the Administration intends to take action in the near term to facilitate the transition to the key management infrastructure.

The measures the Administration is considering include:

1.     Liberalizing export controls for certain commercial encryption products.

2.     Developing, in cooperation with industry, performance standards for key recovery systems and products that will be eligible for general export licenses, and technical standards for products the government will purchase.

3.     Launching several key recovery pilot projects in cooperation with industry and involving international participation.

4.     Transferring export control jurisdiction over encryption products for commercial use from the Department of State to the Department of Commerce.

Administration officials continue to discuss the details of these actions with experts from the communications equipment, computer hardware and software industries, civil liberties groups and other members of the public, to ensure that the final proposal balances industry actions towards the proposed framework, short-term liberalization initiatives, and public safety concerns.

The Administration does not support the bills pending in Congress that would decontrol the export of commercial encryption products because of their serious negative impact on national security and law enforcement. Immediate export decontrol by the U.S. could also adversely affect the security interests of our trading partners and lead them to control imports of U.S. commercial encryption products.

A Cabinet Committee continues to address the details of this proposal. The Committee intends to send detailed recommendations to the President by early September, including any recommendations for legislation and Executive Orders. The Committee comprises the Secretaries of State, Defense, Commerce and Treasury; the Attorney General; the Directors of Central Intelligence and the Federal Bureau of Investigation; and senior representatives from the Office of the Vice President, the Office of Management and Budget, and the National Economic Council.


ANNEX D

PAPER ON REGULATORY INTENT CONCERNING USE OF
ENCRYPTION ON PUBLIC NETWORKS

1. Summary

The Government recognises the importance of the development of the Global Information Infrastructure (GII) with respect to the continuing competitiveness of UK companies. Its aim is to facilitate the development of electronic commerce by the introduction of measures which recognise the growing demand for encryption services to safeguard the integrity and confidentiality of electronic information transmitted on public telecommunications networks.

2. The policy, which has been decided upon after detailed discussion between Government Departments, involves the licensing and regulation of Trusted Third Parties (hereafter called TTPS) which will provide a range of information security services to their clients, whether they are corporate users or individual citizens. The provision of such information security services will be welcomed by IT users, and will considerably facilitate the establishment of, and industry's participation in, the GR, where trust in the security of communication has been acknowledged to be of paramount importance. The licensing policy will aim to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of encryption keys, under safeguards similar to those which already exist for warranted interception under the Interception of Communications Act.

3. The Government intends to bring forward proposals for legislation following consultation by the Department of Trade and Industry on detailed policy proposals.

2. Background

4. The increased use of IT systems by British business and commerce in the last decade has been a major factor in their improved competitive position in global markets. This reliance on IT systems has, however, brought with it increased security risks; especially concerning the integrity and confidentiality of information passed electronically between trading bodies. The use of encryption services on electronic networks can help solve some of these security problems. In particular TTPs will facilitate secure electronic communications either within a particular trading environment (eg between a bank and its customers) or between companies, especially smaller ones, that do not necessarily have any previous trading relationship.

5. In developing an encryption policy for the information society, we have also considered how the spread and availability of encryption technology will affect the ability of the authorities to continue to fight serious crime and terrorism. In developing policy in this area, the Government has been concerned to balance the commercial requirement for robust encryption services, with the need to protect users and for the intelligence and law enforcement authorities to retain the effectiveness of warranted interception under the Interception of Communications Act (1985).

6. Consideration by Government has also been given to the requirement for business to trade electronically throughout Europe and further afield. The inter-departmental discussions have therefore taken into account draft proposals by the European Commission, concerning information security (which include the promotion of TTPS), and discussions on similar issues taking place within the OECD.

3. The Government's Proposals

(a) Licensing

7. By their nature, TTPS, whatever services they may provide, will have to be trusted by their clients. Indeed in a global trading environment there will have to be trust of, and between, the various bodies fulfilling this function. To engender such trust, TTPs providing information security services to the general public will be licensed. The licensing regime would seek to ensure that organisations and bodies desiring to be TTPs will be fit for the purpose. The criteria could include fiduciary requirements (eg appropriate liability cover), competence of employees and adherence to quality management standards. TTPs would also be required to release to the authorities the encryption keys of their clients under similar safeguards to those which already exist. We would expect organisations with existing customers, such as banks, network operators and associations (trade or otherwise) to be prime candidates for TTPS.

8. The Government will consult with organisations such as financial services companies, who have made existing arrangements for the use and provision of encryption services, with the intention of avoiding any adverse effects on their competitiveness. It is not the intention of the government to regulate the private use of encryption. It will, however, ensure that organisations and bodies wishing to provide encryption services to the public will be appropriately licensed.

(b) Services Offered

9. The services which a TTP may provide for its customers will be a commercial decision. Typically, provision of authentication services may include the verification of a client's public key, time stamping of documents and digital signatures (which secure the integrity of documents). TTPs may also offer a service of key retrieval (typically for documents and files that have been encrypted by employees) in addition to facilitating the real time encryption of a client's communications.

10. Licensed TTPs operating within a common architectural framework, on a European or even a global basis, will be able to facilitate secure communications between potential business partners in different countries. Providing the respective clients trust their TTPS, secure electronic commerce between parties who have not met will become possible because they will have confidence in the security and integrity of their dealings.

(c) Architecture and supporting products

11. It is envisaged that a common architectural framework will be needed to support the information security services being offered by TTPs in different countries. Clearly this will be a matter for negotiation between interested parties taking into account developments in international standards organisations. The architecture would need, however, to support both the provision of integrity and confidentiality and therefore be capable of verifying public encryption keys and escrowing private ones. There is no reason why it should not also support a choice of encryption algorithms, such as those on the ISO (International Standards Organisation) register.

12. In support of such an architectural framework we would envisage manufacturers developing software or hardware products for use by the business community. Such products will need to be consistent with whatever standard (or standards) are arrived at to enable TTPs to interoperate. The type of algorithm used for message encryption, and whether it is implemented in hardware or software, will be a matter of business choice.

(d) European Union

13. The Government is working closely with the European Commission on the development of encryption services through their work on information security. Arrangements concerning lawful interception and the regulation of TTPs in that context are matters for Member States to determine. However, the Commission has an important role in facilitating the establishment of an environment where developments in the use of TTPs can be fostered. The Commission should soon be in a position to bring forward a programme of work involving, for example, the piloting and testing of TTP networks.

(e) OECD

14. The Government are also participating in discussions at the OECD on encryption matters. Where possible we will encourage the development of networks of TTPs which facilitate secure electronic trading on a global basis.

(f) Export Controls

15. Export controls will remain in place for encryption products (whether in hardware or software form) and for digital encryption algorithms. However, to facilitate the participation of business and commerce in the information society the Government will take steps, with our EU partners, with a view to simplifying the export controls applicable to encryption products which are of use with licensed TTPS.

4. Consultation

16. Officials from the Department of Trade and Industry have already held preliminary discussions with various industry groups on the general concepts surrounding the provision of encryption services through TTPS. A more formal consultation on the Government's proposals will be undertaken by the Department of Trade and Industry with all interested parties prior to the bringing forward of legislative proposals. The Government recognises that the successful facilitation of electronic commerce through the introduction of information security services by TTPs either in the UK or in Europe, will, to a significant extent, depend on their widespread use across business. It will therefore be important to secure the broad acceptance of the business community for the Government's proposals. The Department will pay particular attention to this during the consultation process.



Department of Trade and Industry London

Last updated on Tuesday, 11 June 1996


ANNEX E

OECD Guidelines

Annex to the Recommendation of the Council of 23rd September 1980

GUIDELINES GOVERNING THE PROTECTION OF PRIVACY AND TRANSBORDER FLOWS OF PERSONAL DATA

PART ONE. GENERAL

Definitions

1.
For the purposes of these Guidelines:

a)
"data controller" means a party who, according to domestic law, is competent to decide about the contents and use of personal data regardless of whether or not such data are collected, stored, processed or disseminated by that party or by an agent on its behalf;

b)
"personal data" means any information relating to an identified or identifiable individual (data subject)

c)
"transborder flows of personal data" means movements of personal data across national borders.

Scope of Guidelines

2.
These Guidelines apply to personal data, whether in the public or private sectors, which, because of the manner in which they are processed, or because of their nature or the context in which they are used, pose a danger to privacy and individual liberties.

3.
These Guidelines should not be interpreted as preventing:
a)
the application, to different categories of personal data, of different protective measures depending upon their nature and the context in which they are collected, stored, processed or disseminated;

b)
the exclusion from the application of the Guidelines of personal data which obviously do not contain any risk to privacy and individual liberties; or

c)
the application of the Guidelines only to automatic processing of personal data.

4.
Exceptions to the Principles contained in Parts Two and Three of these Guidelines, including those relating to national sovereignty, national security and public policy ("order public"), should be:

a)
as few as possible, and

b)
made known to the public.

5.
In the particular case of Federal countries the observance of these Guidelines may be affected by the division of powers in the Federation.

6.
These Guidelines should be regarded as minimum standards which are capable of being supplemented by additional measures for the protection of privacy and individual liberties.

PART TWO

BASIC PRINCIPLES OF NATIONAL APPLICATION

Collection Limitation Principle

7.
There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject.

Data Quality Principle

8.
Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date.

Purpose Specification Principle

9.
The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.

Use Limitation Principle

10.
Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except:

a)
with the consent of the data subject; or

b)
by the authority of law.

Security Safeguards Principle

11.
Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.

Openness Principle

12.
There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller.

Individual Participation Principle

13.
An individual should have the right:

a)
to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him;

b)
to have communicated to him, data relating to him

i)
within a reasonable time;

ii)
at a charge, if any, if that is not excessive;

iii)
in a reasonable manner; and

iv)
in a form that is readily intelligible to him;

c)
to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and

d)
to challenge data relating to him and, if the challenge is successful, to have the data erased, rectified, completed or amended.

Accountability Principle

14.
A data controller should be accountable for complying with measures which give effect to the principles stated above.

PART THREE

BASIC PRINCIPLES OF INTERNATIONAL APPLICATION:
FREE FLOW AND LEGITIMATE RESTRICTIONS

15.
Member countries should take into consideration the implications for other Member countries of domestic processing and re-export of personal data.

16.
Member countries should take all reasonable and appropriate steps to ensure that transborder flows of personal data, including transit through a Member country, are uninterrupted and secure.

17.
A Member country should refrain from restricting transborder flows of personal data between itself and another Member country except where the latter does not yet substantially observe these Guidelines or where the re-export of such data would circumvent its domestic privacy legislation. A Member country may also impose restrictions in respect of certain categories of personal data for which its domestic privacy legislation includes specific regulations in view of the nature of those data and for which the other Member country provides no equivalent protection.

18.
Member countries should avoid developing laws, policies and practices in the name of the protection of privacy and individual liberties, which would create obstacles to transborder flows of personal data that would exceed requirements for such protection.

PART FOUR

NATIONAL IMPLEMENTATION

19.
In implementing domestically the principles set forth in Parts Two and Three, Member countries should establish legal, administrative or other procedures or institutions for the protection of privacy and individual liberties in respect of personal data. Member countries should in particular endeavour to:

a)
adopt appropriate domestic legislation;

b)
encourage and support self-regulation, whether in the form of codes of conduct or otherwise;

c)
provide for reasonable means for individuals to exercise their rights;

d)
provide for adequate sanctions and remedies in case of failures to comply with measures which implement the principles set forth in Parts Two and Three; and

e)
ensure that there is no unfair discrimination against data subjects.

PART FIVE

INTERNATIONAL CO-OPERATION

20.
Member countries should, where requested, make known to other Member countries details of the observance of the principles set forth in these Guidelines. Member countries should also ensure that procedures for transborder flows of personal data and for the protection of privacy and individual liberties are simple and compatible with those of other Member countries which comply with these Guidelines.

21.
Member countries should establish procedures to facilitate:

a)
information exchange related to these Guidelines, and

b)
mutual assistance in the procedural and investigative matters involved.

22.
Member countries should work towards the development of principles, domestic and international, to govern the applicable law in the case of transborder flows of personal data.


ANNEX F

STATEMENT OF THE VICE-PRESIDENT OF THE
UNITED STATES ON ENCRYPTION
OCTOBER 1, 1996

President Clinton and I are committed to promoting the growth of electronic commerce and robust, secure communications worldwide while protecting the public safety and national security. To that end, this Administration is consulting with Congress, the information technology industry, state and local law enforcement officials, and foreign governments on a major initiative to liberalize export controls for commercial encryption products.

The Administration's initiative will make it easier for Americans to use stronger encryption products - - whether at home or abroad - - to protect their privacy, intellectual property and other valuable information. It will support the growth of electronic commerce, increase the security of the global information, and sustain the economic competitiveness of U.S. encryption product manufacturers during the transition to a key management infrastructure with key recovery.

Under this initiative, the export of 56-bit key length encryption products will be permitted under a general licence after one-time review, and contingent upon industry commitments to build and market future products that support key recovery. This policy will apply to hardware and software products. The relaxation of controls will last up to two years.

The Administration's initiative recognizes that an industry-led technology strategy will expedite market acceptance of key recovery, and that the ultimate solution must be market-driven.

Exporters of 56-bit DES or equivalent encryption products would make commitments to develop and sell products that support the key recovery system that I announced in July. That vision presumes that a trusted third party (in some cases internal to the user's organization) would recover the user's confidentiality key for the user or for law enforcement officials acting under proper authority. Access to keys would be provided in accordance with destination country policies and bilateral understandings. No key length limits or algorithm restrictions will apply to exported key recovery products.

Domestic use of key recovery will be voluntary, and any American will remain free to use any encryption system domestically.

The temporary relaxation of controls is one part of a broader encryption policy initiative designed to promote electronic information security and public safety. For export control purposes, commercial encryption products will no longer be treated as munitions. After consultation with Congress, jurisdiction for commercial encryption controls will be transferred from the State Department to the Commerce Department. The Administration also will seek legislation to facilitate commercial key recovery, including providing penalties for improper release of keys, and protecting key recovery agents against liability when they properly release a key.

As I announced in July, the Administration will continue to expand the purchase of key recovery products for U.S. government use, promote key recovery arrangements in bilateral and multilateral discussions, develop federal cryptographic and key recovery standards, and stimulate the development of innovative key recovery products and services.

Under the relaxation, six-month general export licenses will be issued after one-time review. contingent on commitments from exporters to explicit benchmarks and milestones for developing and incorporating key recovery features into their products and services, and for building the supporting infrastructure internationally. Initial approval will be contingent on firms providing a plan for implementing key recovery. The plan will explain in detail the steps the applicant will take to develop, produce, distribute, and/or market encryption products with key recovery features. The specific commitments will depend on the applicant's line of business.

The government will renew the licences for additional six-month periods if milestones are met. Two years from now, the export of 56-bit products that do not support key recovery will no longer be permitted. Currently exportable 40- bit mass market software products will continue to be exportable. We will continue to support financial institutions in their efforts to assure the recovery of encrypted financial information. Longer key lengths will continue to be approved for products dedicated to the support of financial applications.

The Administration will use a formal mechanism to provide industry, users, stand and local law enforcement, and other private sector representatives with the opportunity to advise on the future of key recovery. Topics will include:

-
evaluating the developing global key recovery architecture
-
assessing lessons learned from key recovery implementation
-
advising on technical confidence issues vis-a-vis access to and release of keys
-
addressing interoperability and standards issues
-
identifying other technical, policy and program issues for government action.

The Administration's initiative is broadly consistent with the recent recommendations of the National Research Council. It also addresses many of the objectives of pending Congressional legislation, while protecting the public safety and national security. But this export liberalization poses risks to public safety and national security. The Administration is willing to tolerate that risk, for a limited period, in order to accelerate the development of a global key management infrastructure.




The White House
Office of the Vice-President
October 1, 1996