Someone needs to tell Apple. ----- Original Message ----- From: "Kim Holburn" To:"EFA Privacy List" , "Link mailing list" Cc: Sent:Thu, 13 May 2021 08:54:53 +1000 Subject:[LINK] Australian Crime Commission: Only Criminals Use Encrypted Communications
https://www.zdnet.com/article/acic-believes-theres-no-legitimate-reason-to-use-an-encrypted-communication-platform/ > > ACIC believes there's no legitimate reason to use an encrypted communication platform > > The Australian Criminal Intelligence Commission has said an encrypted communication platform is not something a law-abiding member > of the community would use. > > By Asha Barbaschow | May 6, 2021 -- 06:33 GMT (16:33 AEST) | Topic: > Security > > The Australian Criminal Intelligence Commission (ACIC) believes there is no legitimate reason for a law-abiding member of the > community to own or use an encrypted communication platform. > > "These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to obscure > the identities of the involved criminal entities and enable avoidance of detection by law enforcement," the ACIC declared. "They > enable the user to communicate within closed networks to facilitate highly sophisticated criminal activity". > > *Consistency, at least: Cops are the only ones being lawful on the dark web, AFP declares > * > > The comments were made in a submission > [PDF] to the Parliamentary Joint > Committee on Intelligence and Security (PJCIS) as part of its inquiry into the /Surveillance Legislation Amendment (Identify and > Disrupt) Bill 2020/. > > It told the committee it intends to use the powers extended to the ACIC under the Bill to focus efforts on understanding and > gathering intelligence on SOC groups who are using encrypted communication platforms to conceal their criminal activities. > > The Bill, if passed, would hand the Australian Federal Police (AFP) and ACIC three new computer warrants for dealing with online > crime. > > The first of the warrants is a data disruption one; the second is a network activity warrant; and the third is an account takeover > warrant. > > The ACIC said the Bill would allow it, through the collection, assessment, and dissemination of criminal intelligence and > information, to inform national strategies to address transnational serious and organised crime. > > "To deliver on this purpose, the powers and capabilities of the ACIC must keep pace with technological trends and emerging threats > to ensure the agency is able to adequately tackle serious cyber-enabled crime and sophisticated criminal groups using encrypted > platforms," it said. > > "The agency must be enabled to support law enforcement outcomes to protect Australians against the most sophisticated and > high-threat actors, who increasingly utilise advanced communications technologies to mask their criminal activities." > > *Elsewhere: ACIC running into jurisdictional data troubles with new national firearms database > * > > According to the ACIC, the disruption, intelligence collection, and account takeover powers contained within the Bill complement > the agency's existing powers by providing new avenues to gather information and respond to serious crime occurring online and to > criminals using dedicated encrypted communication platforms. > > "The measures in the Bill are grounded in the principle that the powers granted by Parliament to the agencies charged with > enforcing the criminal law should not be eroded by advances in technology," it wrote. "The Bill is designed to provide the ACIC > and AFP with the ability to protect the Australian community from harms online in the same way they protect Australians in the > physical world." > > The ACIC believes the Bill addresses gaps in current electronic surveillance powers. > > Network activity warrants provided by the Bill will "immediately transform the ACIC's ability to discover and understand serious > criminal groups using the Dark Web and encrypted communication platforms to undertake and facilitate serious crimes". > > "Currently, while the ACIC might be able to detect criminal behaviour on a hidden website or computer network, we cannot identify > all the individuals participating in the criminal behaviour," it explained. "For this reason, we require the ability to target and > infiltrate the network, or class of computers, in which the crime is occurring so the members of the criminal group can be > identified and the full nature and extent of the criminality can be detected through the collection of intelligence." > > Data disruption warrants, meanwhile, would enable the ACIC to interfere with the data held on online criminal networks or devices, > in order to frustrate the commissioning of serious criminal offences. > > "This will be particularly powerful in the context of disrupting criminal activity which is largely occurring online," it wrote. > > Lastly, account takeover warrants, it said, would allow the agency to take control of an online account in conjunction with other > investigatory powers, labelling it an "efficient method for agencies to infiltrate online criminal networks". > > "This will play a crucial role in uncovering the identities of otherwise anonymous criminals, as well as gathering evidence of the > initiation and commissioning of serious offences online, including on the Dark Web and where encrypted communication platforms are > in use," it said. > https://www.techdirt.com/articles/20210509/10235546763/australian-crime-commission-only-criminals-use-encrypted-communications.shtml > > Australian Crime Commission: Only Criminals Use Encrypted Communications > > > > Say That Again > > > from the /stupefying-is-the-new-anti-encryption-normal/ dept > > Tue, May 11th 2021 10:44am — Tim Cushing > > Well, someone finally said the quiet part loud: some government officials actually believe the only people who need, want, or use > encryption are criminals. Here's Asha Barbaschow with the "encryption is for criminals" news at ZDNet > . > > /The Australian Criminal Intelligence Commission (ACIC) believes there is no legitimate reason for a law-abiding member of the > community to own or use an encrypted communication platform./ > > /"These platforms are used almost exclusively by SOC [serious and organised crime] groups and are developed specifically to > obscure the identities of the involved criminal entities and enable avoidance of detection by law enforcement," the ACIC > declared. "They enable the user to communicate within closed networks to facilitate highly sophisticated criminal activity"/. > > This is part of the ACIC's comments [PDF] on proposed > surveillance legislation that would grant Australian law enforcement new powers to disrupt data transmissions, surveil network > activity, and engage in takeovers of targeted accounts. Here's the money shot: > > */ACIC observation shows there is no legitimate reason for a law-abiding member of the community to own or use an encrypted > communication platform./* > > Well... holy shit. That's a take. > > The ACIC believes today's criminals are too powerful and law enforcement too poorly-equipped. According to the Commission, > criminals are winning the tech war. > > /The encryption and anonymisation that underpins the Dark Web and encrypted communications has challenged existing powers and > allowed serious and organised crime (SOC) groups and individuals to more effectively conceal their criminal activity. In > particular, the networks established on the Dark Web and via encrypted communications have provided criminals with platforms > to easily and more confidently communicate anonymously about, and obfuscate, their serious criminal activities/. > > And yet, criminals continue to be prosecuted > > and criminal activities disrupted > . > But the successes aren't enough. The Commission apparently won't be happy until all criminal activity ceases. > > /The electronic surveillance powers currently available to the ACIC, while relied upon for investigating many aspects of > criminal behaviour online and criminal use of encrypted communications, *are not sophisticated enough to identify and disrupt > the totality of activities SOC entities are undertaking* through the use of modern anonymising technologies to conceal their > identities, their associate’s identities and the illegal activities being undertaken by the network of individuals./ > > I've got bad news for law enforcement and the Commission: no matter what steps are taken and how many innocent people are > victimized by expansions of government power, it will still be impossible to "disrupt the totality" of illegal activity. > Sophisticated criminal organizations engaged in crime long before encryption was readily available and found creative ways to hide > their misdeeds from investigators. It's not going to change just because no one -- not even innocent people who would like to > protect their data and personal information from criminals -- has access to encryption. > > The ACIC's broad declaration that no one has a "legitimate reason" to utilize encrypted communication platforms is at odds with > the paragraph directly preceding this truly baffling assertion. > > /Encryption and anonymising technologies have a valuable role in protecting the privacy and data of Australians. As such, the > ACIC notes new powers cannot be exclusively focused on subverting encryption and anonymising technologies./ > > I'm not sure how you reconcile these two statements. And apparently the ACIC doesn't know either, because it simply claims no > non-criminal would need encrypted communications and immediately moves on to the discussion of the new warrant powers being proposed. > > This is a horrifyingly ignorant claim for a government commission to make. The worst aspect is that someone with the power to > write laws is going to believe the ACIC Those who already believe (without evidence) that encrypted communications are only used > by criminals are going to accept this assertion as evidence, even if the ACIC can't even be bothered to back up its own claim with > any data or research. "Based on observation" is meaningless if the Crime Commission does nothing but observe criminal activity. > This is stupid. And it would be laughable if it weren't so dangerous. > -- Kim Holburn IT Network & Security Consultant +61 404072753 mailto:[email protected] aim://kimholburn skype://kholburn - PGP Public Key on request _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link _______________________________________________ Link mailing list [email protected] https://mailman.anu.edu.au/mailman/listinfo/link
