[4141] in cryptography@c2.net mail archive
Danger: spooks at work
daemon@ATHENA.MIT.EDU (Julian Assange)
Fri Feb 5 13:29:47 1999
Date: Sat, 6 Feb 1999 01:27:07 +1100 (EST)
From: Julian Assange <proff@iq.org>
To: aucrypto@suburbia.net
Cc: ukcrypto@maillist.ox.ac.uk
Cc: cryptography@c2.net
Danger: spooks at work
by STEWART FIST
The Australian
2feb99
ONE standby of investigative journalism is the Freedom of
Information Act (the FOI) which sometimes allows reporters to
access documents that politicians or bureaucrats would prefer
remain hidden.
Australia wasn't the first to introduce such an act.
We copied the idea fairly recently and quite reluctantly from the
US, where, for 30 years the right of journalists to access
government information has been a mainstay of democracy.
The FOI movement came from the government's denial in 1954 that
nuclear bomb tests in the Pacific had resulted in lethal radiation.
Everyone knew they had, but the news media ran into a wall of
government silence.
As US President James Madison once said: "A popular government,
without popular information, or the means of acquiring it, is but a
prologue to a farce or a tragedy - or perhaps both. Knowledge will
forever govern ignorance, and a people who mean to be their own
Governors must arm themselves with the power which knowledge
gives."
The American Civil Liberties Union took up the matter, and in 1966
the US Congress passed the Freedom of Information Act which
"requires Federal agencies to make records available to the public
through public inspection and upon the request of any person for
any public or private use".
Two years ago, the US amended its act to allow for electronic
access (E-FOIA) which "includes improving public access to
government information and records . . . [and] reducing the delays
in agencies' responses to request for records".
It also redefined records as including electronically stored
information.
Some US states also have their own FOI Acts, and some have
quasi-judicial commissions that impose substantial penalties on
departments and individuals failing to produce documents.
Other states have what they cutely call Project Sunshines, which
work in association with local bar associations to ensure
government agencies respond to legitimate requests.
Connecticut's FOI Commission recently imposed fines of $1800 for
non-compliance on an agency, and warned the Oxford Board of
Education that failure to act would "result in the referral of this
matter to the appropriate state's attorney for criminal
prosecution".
This is technically a class-B misdemeanour.
In Australia, we are light years behind, although we've come a long
way since I was actively involved in television current affairs in
the late 1960s.
But politicians such as Jeff Kennett aren't particularly enamoured
of the idea of having journalists probe into their dealings.
Apart from banning his ministers and staff from talking to any
pinko ABC types, Kennett has now found an excuse to attack the
whole concept of FOI, and is threatening to legislate to block all
access.
This is casino capitalism with a totalitarian slant. Attacks of
this kind on investigative journalism surface every year or two,
yet many Australians don't appear to interpret them as personal
attacks on their right to know.
In the US, the FOI Act is used more by grassroots activists and
organisations than by journalists; but here it is too complex,
expensive and time-consuming for most non-journalists to bother.
It is instructive to lift the curtain of bureaucratic secrecy in
Australia to see what government agencies release and what they
censor.
This month we've been given an opportunity to do that, through the
online release of an uncensored copy of the Walsh Report by
Internet privacy campaign group Electronic Frontiers Australia
(EFA).
Gerard Walsh, a former deputy director of ASIO, and one of
Australia's spy-masters, names his report: Review of Policy
Relating to Encryption Technologies.
It was commissioned by the Federal Attorney-General's Department in
late 1996 as a background paper for an open public debate on
cryptography.
However, distribution was blocked at the last minute by unknown
bureaucrats in some unknown government agency - but only after the
report was in the hands of the government printer.
The EFA, which takes a serious interest in cryptographic matters,
applied for a copy under FOI, but the request was refused for "law
enforcement, public safety and national security" reasons.
EFA tried again in 1997, and finally scored a heavily censored
copy.
Cuts in FOI documents are accompanied by explanations of why the
material is said to be sensitive.
Unfortunately for the censors, a few original copies of the report
were sent to libraries, and a university student recently stumbled
across an unexpurgated version gathering dust in the State Library
in Hobart.
So it is now possible to make a comparison between the censored and
virgin copies, and evaluate the FOI process itself.
Walsh was proposing to open discussion on some legitimate questions
about the way criminals were able to use encryption to avoid
detection.
As befitting a spy master, he was willing to accept that Trojan
Horses and secret back doors into computer systems should be used
to keep the police informed of possible criminal activities.
Trojan Horses are virus-like utilities that can be planted in
software to transmit passwords and other information back to the
police or security services.
I have no desire to see criminals gain ascendancy over the police
by using new electronic technologies, but I do have reservations
about the casual way the police claim the right to use such
invasive technologies, and the way they ignore basic rights of
privacy.
But whether you agree with Walsh or not is beside the point.
You didn't ever get to see the background document, so these
discussion items were never seriously considered by the community.
They disappeared from public view courtesy of some bureaucratic
censor's scissors.
So it's fascinating now to compare the cut made with the claims as
to why they were made.
For example, a suggestion of design flaws in American and British
key-recovery proposals was cut out, despite the fact that the flaws
were well-known worldwide.
Also cut was a comment that export controls were of dubious value,
along with one that American agencies sought to dominate discussion
on encryption policy.
Since the US Government has banned the export of serious
cryptography under its Munitions Act and lined up police and
security services around the world to support it, this seems hard
to deny.
These cuts were ostensibly made for reasons of "national security,
defence or international relations", when obviously they were
casually censored so as not to hurt the delicate feelings of some
American or Pommy mates in brother security establishments.
Two other cuts purported to refer to internal working
documents. The first recommended that law enforcement agencies
should be allowed to hack into private computers without being
charged under anti-hacking laws (they do this all the time), and
the second suggested the authorities be given the legal right to
demand encryption keys (the secret key that permits decoding) from
suspects.
The first recommendation tries to legalise a common-but-illegal
police/security practice, and the second infringes the right of
citizens not to incriminate themselves.
With the above, you can credit the authorities with self-serving
rationality and a minuscule of efficiency, but the following are
almost beyond belief.
These cuts were made supposedly because they were capable of
"affecting enforcement of law and protection of public safety":
A statement that encryption is a looming problem.
A statement that strong encryption is widely available and can't be
broken.
Acknowledgment that more overt forms of surveillance carry
political risk.
A statement that communications interception is valuable.
A statement that criminals are using prepaid cards in mobile
phones.
These are so trivial they almost deserve cutting because they
patronise the intelligence of the reader. But the idea that they
could affect law enforcement or public safety is beyond
comprehension.
The bureaucrats also cut a bit of scuttlebutt that Australia might
need another crypto-analytical agency (probably protecting their
own department's pre-eminence in this area), and some motherhood
statements about the need for secret agencies to have special
privileges: protection from disclosure; the rights of covert entry
to premises; and exemption from the normal legal discovery process.
As Mandy Rice-Davies once said about some other figures of
authority caught in similarly compromising circumstances: "They
would say that, wouldn't they!"
This censoring of the Walsh Report makes a mockery of the Freedom
of Information Act.
The agency concerned has misused both the Act and the regulations
concerning national security classifications.
This is clearly a bureaucracy more anxious to avoid embarrassment
than to encourage genuine policy debate. The EFA report is at:
www.efa.org.au/Issues/Crypto/Walsh/index.htm
--
Julian Assange <proff@iq.org>
Patriots always talk of dying for their country, and never of
killing for their country.
- Bertrand Russel
