British signals intelligence agency Government Communications Headquarters (GCHQ) can crack end-to-end encrypted messages sent using WhatsApp and Signal, according to Australian attorney-general George Brandis.
Brandis made the claim speaking to the Australian Broadcasting Corporation's AM program, on the occasion of Australia announcing it would adopt laws mirroring the UK's Investigatory Powers Act. Brandis said the proposed law will place “an obligation on device manufacturers and service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis where it is necessary to interdict or in the case of a crime that may have been committed.”
Asked how Australia's proposed regime would allow local authorities to read messages sent with either WhatsApp or Signal, Brandis said “Last Wednesday I met with the chief cryptographer at GCHQ ... And he assured me that this was feasible.”
Brandis is infamous for being unable to articulate an accurate or comprehensible definition of “metadata” when asked to do so during a live television interview, so his understanding of cryptographic concerns cannot be trusted without qualification, which The Register is seeking.
But there's no doubt about the intent of Australia's proposed laws, as Brandis later said in a joint appearance with prime minister Malcolm Turnbull that Australia's law enforcement agencies want access to encrypted traffic for three reasons.
The first is that Brandis says Australia already has mechanisms to allow law enforcement authorities to intercept electronic communications. Extending that power to encrypted traffic just brings that power up to date, he argues.
The second is that the Australian Federal Police says it has seen “rapid growth in the amount of encrypted traffic from around three per cent a couple of years ago to now over 55, 60 per cent of all traffic.”
Lastly, Turnbull said that encrypted messaging services are used by ordinary citizens, they are also used “ … by people who seek to do us harm. They're being used by terrorists, they're being used by drug traffickers, they're being used by paedophile rings.”
Bad people using encryption means the law needs to be modernised, with a definitely-not-a-backdoor that sees device makers and service providers co-operate with Australia in as-yet-unspecified ways to provide access to end-to-end encrypted messages when warrants are produced.
Pushed on how encrypted messages could be read when service providers don't hold the keys necessary decryption, and Turnbull had this to say:
Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia.
Your Sydney-based correspondent looks forward to an attempt at repealing gravity so we can see if the laws of Australia override the laws of physics, too.
But we digress.
Brandis and Turnbull said the law will reach Parliament “in the Spring sessions” which commence on August 8th. Just what it will compel device-makers and service providers to do has not been revealed, nor has how Australia will access messages sent using services based offshore. Turnbull said “I'm not suggesting this is not without some difficulty” but hinted that in discussions at last week's G20 Leaders' Summit the participants agreed that member nations should be able to rely on colleagues to sort things out with companies resident in their respective jurisdictions. ®
Sponsored: Webcast: Ransomware has gone nuclear