Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Offbeat

Legal

UK spookhaus GCHQ can crack end-to-end encryption, claims Australian A-G

Antipodean not-backdoors plan will mirror UK Investigatory Powers Act, ensure law of land trumps laws of mathematics

Simon Sharwood Fri 14 Jul 2017  //  01:49 UTC

British signals intelligence agency Government Communications Headquarters (GCHQ) can crack end-to-end encrypted messages sent using WhatsApp and Signal, according to Australian attorney-general George Brandis.

Brandis made the claim speaking to the Australian Broadcasting Corporation's AM program, on the occasion of Australia announcing it would adopt laws mirroring the UK's Investigatory Powers Act. Brandis said the proposed law will place “an obligation on device manufacturers and service providers to provide appropriate assistance to intelligence and law enforcement on a warranted basis where it is necessary to interdict or in the case of a crime that may have been committed.”

Asked how Australia's proposed regime would allow local authorities to read messages sent with either WhatsApp or Signal, Brandis said “Last Wednesday I met with the chief cryptographer at GCHQ ... And he assured me that this was feasible.”

Brandis is infamous for being unable to articulate an accurate or comprehensible definition of “metadata” when asked to do so during a live television interview, so his understanding of cryptographic concerns cannot be trusted without qualification, which The Register is seeking.

But there's no doubt about the intent of Australia's proposed laws, as Brandis later said in a joint appearance with prime minister Malcolm Turnbull that Australia's law enforcement agencies want access to encrypted traffic for three reasons.

The first is that Brandis says Australia already has mechanisms to allow law enforcement authorities to intercept electronic communications. Extending that power to encrypted traffic just brings that power up to date, he argues.

The second is that the Australian Federal Police says it has seen “rapid growth in the amount of encrypted traffic from around three per cent a couple of years ago to now over 55, 60 per cent of all traffic.”

Lastly, Turnbull said that encrypted messaging services are used by ordinary citizens, they are also used “ … by people who seek to do us harm. They're being used by terrorists, they're being used by drug traffickers, they're being used by paedophile rings.”

Bad people using encryption means the law needs to be modernised, with a definitely-not-a-backdoor that sees device makers and service providers co-operate with Australia in as-yet-unspecified ways to provide access to end-to-end encrypted messages when warrants are produced.

Pushed on how encrypted messages could be read when service providers don't hold the keys necessary decryption, and Turnbull had this to say:

Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia.

Your Sydney-based correspondent looks forward to an attempt at repealing gravity so we can see if the laws of Australia override the laws of physics, too.

But we digress.

Brandis and Turnbull said the law will reach Parliament “in the Spring sessions” which commence on August 8th. Just what it will compel device-makers and service providers to do has not been revealed, nor has how Australia will access messages sent using services based offshore. Turnbull said “I'm not suggesting this is not without some difficulty” but hinted that in discussions at last week's G20 Leaders' Summit the participants agreed that member nations should be able to rely on colleagues to sort things out with companies resident in their respective jurisdictions. ®
Send us news
100 Comments

Governments can't seem to stop asking for secret backdoors

Cut off one head and 100 grow back? Decapitation may not be the way to go

Apple drags UK government to court over 'backdoor' order

A first-of-its-kind legal challenge set to be heard this month, per reports

The software UK techies need to protect themselves now Apple's ADP won’t

No matter how deep you are in Apple's 'ecosystem,’ there are ways to stay encrypted in Blighty

Signal will withdraw from Sweden if encryption-busting laws take effect

Experts warned the UK’s recent 'victory' over Apple would kickstart something of a domino effect

Rather than add a backdoor, Apple decides to kill iCloud encryption for UK peeps

Plus: SEC launches new crypto crime unit; Phishing toolkit upgraded; and more

US lawmakers press Trump admin to oppose UK's order for Apple iCloud backdoor

Senator, Congressman tell DNI to threaten infosec agreements if Blighty won't back down

UK Home Office silent on alleged Apple backdoor order

Blighty’s latest stab at encryption? A secret order to pry open iCloud, sources claim

After Copilot trial, government staff rated Microsoft's AI less useful than expected

Not all bad news for Redmond as Australian agency also found strong ROI and some unexpected upsides

DeepSeek rated too dodgy down under: Banned from Australian government devices

As American big tech companies lashed for their slow efforts to prevent harms

Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’

Australian government staff mixed medical info for folk who share names and birthdays

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Is that a bird’s nest, a wireless broadband base station, or both?

Everything in Australia is deadly, in this case giant eagles guarding eggs in places wireless broadband techs need to reach