>Date: Wed, 13 Jan 1999 07:52:41 +1000 >To: [EMAIL PROTECTED] >From: Greg Taylor <[EMAIL PROTECTED]> >Subject: Censored Australian crypto report liberated > >Declan, > >This may be of interest to you. > >Regards, > >Greg Taylor >Electronic Frontiers Australia > >---------------------------------------------------------------------- >EFA has obtained access to an uncensored copy of the "Review of Policy >relating to Encryption Technologies" (the Walsh Report) and this has >now been released online at: > http://www.efa.org.au/Issues/Crypto/Walsh/index.htm >The originally censored parts are highlighted in red. > >The report was prepared in late 1996 by Gerard Walsh, former >deputy director of the Australian Security Intelligence >Organisation (ASIO). The report had been commissioned by >the Attorney-General's Department in an attempt to open >up the cryptography debate in Australia. It was intended >to be released publicly and was sent to the government printer early >in 1997. However, distribution was stopped, allegedly at a very >high (i.e. political) level. EFA got wind of this and applied >for its release under FOI in March 1997. This was rejected >for law enforcement, public safety and national security reasons. We >persisted, and eventually obtained a censored copy in June 1997, >with the allegedly sensitive portions whited out. The report >was released on the EFA website, and in the subsequent media >coverage the department claimed that the report was never >intended to be made public, a claim that is clearly at odds with >Gerard Walsh's understanding of the objectives, as is obvious from >his foreword to the report. > >It has now come to light that the Australian Government Publishing >Service, which printed the report, lodged "deposit copies" with >certain major libraries. This is a standard practice with all >Australian government reports that are intended for public >distribution. The Walsh Report is quite possibly the first instance >where a report was withdrawn after printing but before any public >release. It is believed that the Attorney-General's department >was unaware that not all copies had been returned to them. > >To this day, the report remains officially unreleased, except for >the censored FOI version. Interestingly, several Australian >government sites now link to the report on the EFA website. > >Quite possibly, this situation would have remained unchanged, >except for an alert university student, Nick Ellsmore, who recently >stumbled across an unexpurgated copy of the report, gathering dust >in the State Library in Hobart. The uncensored version has now >replaced the censored report at the original URL. > >The irony of this tale is that the allegedly sensitive parts of >the report, which were meant to be hidden from public gaze, are >now dramatically highlighted. The censored sections provide a >unique insight into the bureaucratic and political paranoia >about cryptography, such that censorship was deemed to be an >appropriate response. The official case for strict crypto >controls is conseuently weakened, because much of the censored >material consists of unpalatable truths that the administration >would prefer to be covered up, even though the information >may already be known, or at least strongly suspected, in the crypto >community. > >This apparent unwillingness to admit the truth is an appalling >indictment on those responsible for censoring the report. >It is indicative of a bureaucracy more anxious to avoid embarrassment >and criticism than adhere to open government principles and encourage >policy debate. Even worse, the censorship was performed under >the mantra of law enforcement and national security, a chilling >example of Orwellian group-think. > >There are also some controversial recommendations in the report that >demand attention, since they could well be still on the current >policy agenda, in Australia or elsewhere. Examples are >proposals for legalised hacking by agencies, legalised trap-doors >in proprietary software, and protection from disclosure of the >methods used by agencies to obtain encrypted information, an >apparent endorsement of rubber-hose code-breaking. > >On top of all this is the matter of allegedly sensitive material >being released to public libraries. It would seem that a number >of copies have been gathering dust now for at least a year. >So far the sky hasn't fallen, nor has the country succumbed >to rampant threats to national security. > >Attached is a brief summary of what seem to be the important >censored items, including a few which make the Attorney-General's >Department look somewhat precious, to put it mildly. > >The more interesting exercise is to scroll through the report until >you see red ;-) > >Greg > >=================== > >Paragraphs censored for reasons of national security, defence or >international relations >-------------------------------------------------------------------- >- A statement that there are "design flaws" in US and British key > recovery proposals (1.2.52 and 1.2.57) >- An opinion that export controls are of dubious value (1.2.60, 3.7.6) >- Commentary that US agencies sought to dominate public discussion of > encryption policy (5.1.3) > >Paragraphs censored because they are classified as "internal >working documents" >-------------------------------------------------------------------- >- A recommendation that "hacking" by law enforcement agencies should > be above the law (1.2.28, 6.2.3) >- Recommendation that authorities be given the power to demand > encryption keys, in contravention of the principle of non > self-incrimination. > >Paragraphs censored by reason of affecting enforcement of law and >protection of public safety >--------------------------------------------------------------------- >- A statement that encryption is a "looming problem" (1.2.1) >- Statements that strong encryption is widely available and cannot be > broken. (1.2.15 and 1.2.16, 3.5.1, 3.5.4) >- Acknowledgment that more overt forms of surveillance carry > "political risk" (1.2.22, 3.6.1, 4.3.1, 4.3.2) >- A recommendation that law enforcement and national security agencies > should arrange to put back doors in proprietary software for > surveillance purposes. (1.2.33, 6.2.10, 6.2.11, 6.2.22) >- A statement that communications interception is valuable (1.2.42) >- A statement that criminal elements are using prepaid SIM cards in > mobile phones (3.2.2) >- Speculation about forming another cryptanalytical agency to parallel > DSD. (4.4.2) >- Commentary about the vulnerability of key escrow systems (4.5.8) >- Statement that agencies want protection from disclosure of how keys > were obtained (6.2.16) >- Recommendation that the Federal Police Act permit covert > entry to premises. (6.2.20) >- Recommendations for exemption of Federal Police from the normal > legal discovery process (6.2.20) > -------------------------------------------------------------------------- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to [EMAIL PROTECTED] with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --------------------------------------------------------------------------