https://www.zdnet.com/article/acic-believes-theres-no-legitimate-reason-to-use-an-encrypted-communication-platform/
ACIC believes there's no legitimate reason to use an encrypted communication
platform
The Australian Criminal Intelligence Commission has said an encrypted communication platform is not something a law-abiding member
of the community would use.
By Asha Barbaschow <https://www.zdnet.com/meet-the-team/au/asha-barbaschow/> | May 6, 2021 -- 06:33 GMT (16:33 AEST) | Topic:
Security <https://www.zdnet.com/topic/security/>
The Australian Criminal Intelligence Commission (ACIC) believes there is no legitimate reason for a law-abiding member of the
community to own or use an encrypted communication platform.
"These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to obscure
the identities of the involved criminal entities and enable avoidance of detection by law enforcement," the ACIC declared. "They
enable the user to communicate within closed networks to facilitate highly sophisticated criminal activity".
*Consistency, at least: Cops are the only ones being lawful on the dark web, AFP declares
<https://www.zdnet.com/article/cops-are-the-only-ones-being-lawful-on-the-dark-web-afp-declares/>*
The comments were made in a submission
<https://www.aph.gov.au/DocumentStore.ashx?id=0cfd0e34-ae76-42e4-9438-d8218c70b760&subId=706935> [PDF] to the Parliamentary Joint
Committee on Intelligence and Security (PJCIS) as part of its inquiry into the /Surveillance Legislation Amendment (Identify and
Disrupt) Bill 2020/.
It told the committee it intends to use the powers extended to the ACIC under the Bill to focus efforts on understanding and
gathering intelligence on SOC groups who are using encrypted communication platforms to conceal their criminal activities.
The Bill, if passed, would hand the Australian Federal Police (AFP) and ACIC three new computer warrants for dealing with online
crime.
The first of the warrants is a data disruption one; the second is a network activity warrant; and the third is an account takeover
warrant.
The ACIC said the Bill would allow it, through the collection, assessment, and dissemination of criminal intelligence and
information, to inform national strategies to address transnational serious and organised crime.
"To deliver on this purpose, the powers and capabilities of the ACIC must keep pace with technological trends and emerging threats
to ensure the agency is able to adequately tackle serious cyber-enabled crime and sophisticated criminal groups using encrypted
platforms," it said.
"The agency must be enabled to support law enforcement outcomes to protect Australians against the most sophisticated and
high-threat actors, who increasingly utilise advanced communications technologies to mask their criminal activities."
*Elsewhere: ACIC running into jurisdictional data troubles with new national firearms database
<https://www.zdnet.com/article/acic-running-into-jurisdictional-data-troubles-with-new-national-firearms-database/>*
According to the ACIC, the disruption, intelligence collection, and account takeover powers contained within the Bill complement
the agency's existing powers by providing new avenues to gather information and respond to serious crime occurring online and to
criminals using dedicated encrypted communication platforms.
"The measures in the Bill are grounded in the principle that the powers granted by Parliament to the agencies charged with
enforcing the criminal law should not be eroded by advances in technology," it wrote. "The Bill is designed to provide the ACIC
and AFP with the ability to protect the Australian community from harms online in the same way they protect Australians in the
physical world."
The ACIC believes the Bill addresses gaps in current electronic surveillance
powers.
Network activity warrants provided by the Bill will "immediately transform the ACIC's ability to discover and understand serious
criminal groups using the Dark Web and encrypted communication platforms to undertake and facilitate serious crimes".
"Currently, while the ACIC might be able to detect criminal behaviour on a hidden website or computer network, we cannot identify
all the individuals participating in the criminal behaviour," it explained. "For this reason, we require the ability to target and
infiltrate the network, or class of computers, in which the crime is occurring so the members of the criminal group can be
identified and the full nature and extent of the criminality can be detected through the collection of intelligence."
Data disruption warrants, meanwhile, would enable the ACIC to interfere with the data held on online criminal networks or devices,
in order to frustrate the commissioning of serious criminal offences.
"This will be particularly powerful in the context of disrupting criminal activity
which is largely occurring online," it wrote.
Lastly, account takeover warrants, it said, would allow the agency to take control of an online account in conjunction with other
investigatory powers, labelling it an "efficient method for agencies to infiltrate online criminal networks".
"This will play a crucial role in uncovering the identities of otherwise anonymous criminals, as well as gathering evidence of the
initiation and commissioning of serious offences online, including on the Dark Web and where encrypted communication platforms are
in use," it said.
https://www.techdirt.com/articles/20210509/10235546763/australian-crime-commission-only-criminals-use-encrypted-communications.shtml
Australian Crime Commission: Only Criminals Use Encrypted Communications
<https://www.techdirt.com/search.php?tid=quotes&search=Search>
Say That Again <https://www.techdirt.com/search.php?tid=quotes&search=Search>
from the /stupefying-is-the-new-anti-encryption-normal/ dept
Tue, May 11th 2021 10:44am — Tim Cushing
<https://www.techdirt.com/user/capitalisliontamer>
Well, someone finally said the quiet part loud: some government officials actually believe the only people who need, want, or use
encryption are criminals. Here's Asha Barbaschow with the "encryption is for criminals" news at ZDNet
<https://www.zdnet.com/article/acic-believes-theres-no-legitimate-reason-to-use-an-encrypted-communication-platform/>.
/The Australian Criminal Intelligence Commission (ACIC) believes there is
no legitimate reason for a law-abiding member of the
community to own or use an encrypted communication platform./
/"These platforms are used almost exclusively by SOC [serious and organised
crime] groups and are developed specifically to
obscure the identities of the involved criminal entities and enable avoidance of
detection by law enforcement," the ACIC
declared. "They enable the user to communicate within closed networks to
facilitate highly sophisticated criminal activity"/.
This is part of the ACIC's comments <https://assets.documentcloud.org/documents/20701427/sub-23-acic.pdf> [PDF] on proposed
surveillance legislation that would grant Australian law enforcement new powers to disrupt data transmissions, surveil network
activity, and engage in takeovers of targeted accounts. Here's the money shot:
*/ACIC observation shows there is no legitimate reason for a law-abiding
member of the community to own or use an encrypted
communication platform./*
Well... holy shit. That's a take.
The ACIC believes today's criminals are too powerful and law enforcement too poorly-equipped. According to the Commission,
criminals are winning the tech war.
/The encryption and anonymisation that underpins the Dark Web and encrypted
communications has challenged existing powers and
allowed serious and organised crime (SOC) groups and individuals to more
effectively conceal their criminal activity. In
particular, the networks established on the Dark Web and via encrypted
communications have provided criminals with platforms
to easily and more confidently communicate anonymously about, and
obfuscate, their serious criminal activities/.
And yet, criminals continue to be prosecuted
<https://www.techdirt.com/articles/20191017/20492843214/dojs-latest-child-porn-site-takedown-shows-encryption-isnt-really-stopping-feds-fighting-child-porn.shtml>
and criminal activities disrupted
<https://www.techdirt.com/articles/20190507/16061142159/fbi-half-world-bust-operators-site-that-made-dark-web-searchable.shtml>.
But the successes aren't enough. The Commission apparently won't be happy until all criminal activity ceases.
/The electronic surveillance powers currently available to the ACIC, while
relied upon for investigating many aspects of
criminal behaviour online and criminal use of encrypted communications,
*are not sophisticated enough to identify and disrupt
the totality of activities SOC entities are undertaking* through the use of
modern anonymising technologies to conceal their
identities, their associate’s identities and the illegal activities being
undertaken by the network of individuals./
I've got bad news for law enforcement and the Commission: no matter what steps are taken and how many innocent people are
victimized by expansions of government power, it will still be impossible to "disrupt the totality" of illegal activity.
Sophisticated criminal organizations engaged in crime long before encryption was readily available and found creative ways to hide
their misdeeds from investigators. It's not going to change just because no one -- not even innocent people who would like to
protect their data and personal information from criminals -- has access to encryption.
The ACIC's broad declaration that no one has a "legitimate reason" to utilize encrypted communication platforms is at odds with
the paragraph directly preceding this truly baffling assertion.
/Encryption and anonymising technologies have a valuable role in protecting
the privacy and data of Australians. As such, the
ACIC notes new powers cannot be exclusively focused on subverting
encryption and anonymising technologies./
I'm not sure how you reconcile these two statements. And apparently the ACIC doesn't know either, because it simply claims no
non-criminal would need encrypted communications and immediately moves on to the discussion of the new warrant powers being proposed.
This is a horrifyingly ignorant claim for a government commission to make. The worst aspect is that someone with the power to
write laws is going to believe the ACIC. Those who already believe (without evidence) that encrypted communications are only used
by criminals are going to accept this assertion as evidence, even if the ACIC can't even be bothered to back up its own claim with
any data or research. "Based on observation" is meaningless if the Crime Commission does nothing but observe criminal activity.
This is stupid. And it would be laughable if it weren't so dangerous.
--
Kim Holburn
IT Network & Security Consultant
+61 404072753
mailto:[email protected] aim://kimholburn
skype://kholburn - PGP Public Key on request
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
