[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) Censored Australian crypto report liberated

Sehr lesenswert, vor allem die rot markierten Textpassagen:


------- Forwarded Message Follows -------
Date:          Sat, 09 Jan 1999 19:12:06 +1000
From:          Greg Taylor <gtaylor@efa.org.au>
Subject:       Censored Australian crypto report liberated
To:            gilc-plan@gilc.org, icrypto@efa.org.au
Reply-to:      gilc-plan@gilc.org

EFA has obtained access to an uncensored copy of the "Review of Policy
relating to Encryption Technologies" (the Walsh Report) and this has
now been released online at:
The originally censored parts are highlighted in red.

The story behind this is a rather comical example of bureaucratic
incompetence.  Revisiting a little history, the report was prepared in
late 1996 by Gerard Walsh, former deputy director of the Australian
Security Intelligence Organisation (ASIO).  The report had been
commissioned by the Attorney-General's Department in an attempt to
open up the cryptography debate in Australia.  It was intended to be
released publicly and was sent to the government printer early in
1997.  However, distribution was stopped, allegedly at a very high
(i.e. political) level.  EFA got wind of this and applied for its
release under FOI in March 1997.  This was rejected for law
enforcement, public safety and national security reasons.  We
persisted, and eventually obtained a censored copy in June 1997, with
the allegedly sensitive portions whited out.  The report was released
on the EFA website, and in the subsequent media coverage the
department claimed that the report was never intended to be made
public, a claim that is clearly at odds with Gerard Walsh's
understanding of the objectives, as is obvious from his foreword to
the report. 

It has now come to light that the Australian Government Publishing
Service, which printed the report, lodged "deposit copies" with
certain major libraries.  This is a standard practice with all
Australian government reports that are intended for public
distribution.  The Walsh Report is quite possibly the first instance
where a report was withdrawn after printing but before any public
release.  It is believed that the Attorney-General's department was
unaware that not all copies had been returned to them.

To this day, the report remains officially unreleased, except for the
censored FOI version.  Interestingly, several Australian government
sites now link to the report on the EFA website.

Quite possibly, this situation would have remained unchanged,
except for an alert university student who recently stumbled 
across an unexpurgated copy of the report, gathering dust in the State
Library in Hobart.  The uncensored version has now replaced the
censored report at the original URL.

The irony of this tale is that the allegedly sensitive parts of
the report, which were meant to be hidden from public gaze, are
now dramatically highlighted.  The censored sections provide a 
unique insight into the bureaucratic and political paranoia 
about cryptography, such that censorship was deemed to be an
appropriate response.  The official case for strict crypto 
controls is now greatly weakened, because much of the censored 
material consists of unpalatable truths that the administration 
would prefer to be covered up, even though the information
may already be known, or at least strongly suspected, in the crypto

This apparent unwillingness to admit the truth is an appalling 
indictment on those responsible for censoring the report.
It is indicative of a bureaucracy more anxious to avoid embarrassment
and criticism than adhere to open government principles and encourage
policy debate.  Even worse, the censorship was performed under the
mantra of law enforcement and national security, a chilling example of
Orwellian group-think.  

There are also some controversial recommendations in the report that
demand attention, since they could well be still on the current policy
agenda, in Australia or elsewhere.  Examples are proposals for
legalised hacking by agencies, legalised trap-doors in proprietary
software, and protection from disclosure of the methods used by
agencies to obtain encrypted information, an apparent endorsement of
rubber-hose code-breaking. 

On top of all this is the matter of allegedly sensitive material being
released to public libraries.  It would seem that a number of copies
have been gathering dust now for at least a year.  So far the sky
hasn't fallen, nor has the country succumbed to rampant threats to
national security.

Attached is a brief summary of what seem to be the important 
censored items, including a few which make the Attorney-General's
Department look somewhat precious, to put it mildly.

The more interesting exercise is to scroll through the report until
you see red ;-)



Paragraphs censored for reasons of national security, defence or
international relations
-------------------------------------------------------------------- -
A statement that there are "design flaws" in US and British key 
    recovery proposals (1.2.52 and 1.2.57)
- An opinion that export controls are of dubious value (1.2.60, 3.7.6)
- Commentary that US agencies sought to dominate public discussion of 
    encryption policy (5.1.3)

Paragraphs censored because they are classified as "internal 
working documents"
-------------------------------------------------------------------- -
A recommendation that "hacking" by law enforcement agencies should 
    be above the law (1.2.28, 6.2.3)
- Recommendation that authorities be given the power to demand 
    encryption keys, in contravention of the principle of non 

Paragraphs censored by reason of affecting enforcement of law and
protection of public safety
- A statement that encryption is a "looming problem" (1.2.1) -
Statements that strong encryption is widely available and cannot be
    broken. (1.2.15 and 1.2.16, 3.5.1, 3.5.4)
- Acknowledgment that more overt forms of surveillance carry 
    "political risk" (1.2.22, 3.6.1, 4.3.1, 4.3.2)
- A recommendation that law enforcement and national security agencies
    should arrange to put back doors in proprietary software for
    surveillance purposes. (1.2.33, 6.2.10, 6.2.11, 6.2.22)
- A statement that communications interception is valuable (1.2.42) -
A statement that criminal elements are using prepaid SIM cards in 
    mobile phones (3.2.2)
- Speculation about forming another cryptanalytical agency to parallel

    DSD. (4.4.2)
- Commentary about the vulnerability of key escrow systems (4.5.8) -
Statement that agencies want protection from disclosure of how keys 
    were obtained (6.2.16)
- Recommendation that the Federal Police Act permit covert 
    entry to premises. (6.2.20)
- Recommendations for exemption of Federal Police from the normal 
    legal discovery process (6.2.20)