"The problem now facing security agencies is one entirely of their own creation."Security agencies aren't happy about this. Outgoing Attorney-General of the Obama administration and lead whistleblower-persecutor Eric Holder recently accused unnamed companies -- viz, Apple and Google -- of, in essence, helping kidnappers and sexual predators with encryption (in the same way, presumably, car manufacturers help criminals who use cars). Holder wanted a "backdoor" built into encryption to allow governments to access users' data, an idea quickly demolished by security experts, who pointed out a backdoor could and would be used by anyone, not just police (which has happened). FBI director James Comey had also accused Apple of marketing a product that allowed people to "place themselves above the law". And the new director of the UK's spy agency GCHQ went entirely over the top, accusing firms like Apple and Google of "facilitating murder or child abuse" and accusing companies offering encryption of, in effect, helping terrorists. Some commentators are now talking about a new "crypto war"; in a hilariously dumb editorial, The Washington Post backed law enforcement, declaring that while a "backdoor" in encryption was undesirable, "perhaps Apple and Google could invent a kind of secure golden key they would retain", as if a "golden key" would be in any way different to a backdoor. The problem now facing security agencies is one entirely of their own creation. The mass surveillance systems the NSA and GCHQ created were an example of wild, do-it-because-we-can overreach, which led to massive abuse and then exposure by a brave whistleblower. As is now a matter of public record, such mass surveillance was unnecessary for preventing terror attacks. Now, this overreach has prompted a reaction as both companies and consumers look to protect themselves better against mass surveillance. In doing so, agencies have now created a very real version of their long-running complaint about "going dark" on phone data, only internet users are the ones taking their data beyond the gaze of authorities and retention schemes. The copyright cartel, which is similarly hostile to anonymisation tools, is also pushing back. It has pressured Netflix to stop Australians using VPNs to get around its geoblock (Hulu has already shut down access to well-known VPN nodes). And in a submission to the government's copyright inquiry earlier this year, BBC Worldwide demanded that ISPs assume VPN users were pirates. Where does that leave Attorney-General George Brandis and Communications Minister Malcolm Turnbull, who have repeatedly demonstrated their willingness to give security agencies and the copyright cartel whatever they demand? According to a report this week by Fairfax's Ben Grubb, the government will shortly consider a proposal to allow the copyright cartel to force ISPs to censor internet sites they claim are responsible for file sharing. Such a censorship scheme, which has demonstrably failed overseas, would be effortlessly thwarted by VPNs. Indeed, such a move would simply exacerbate the new "going dark" problem as the consumers who hadn't done so move onto VPNs (VPN companies' providers will be desperately hoping for Brandis and Turnbull to get their way.) And security agencies know that VPNs render data retention pointless for online metadata. As with data retention, which took several years to finally reach parliament in Australia, the push to Do Something about encryption and anonymisation may not happen immediately. Until recently, it's not been clear senior security agency officials fully understood what they were facing: in 2012, then-secretary of the Attorney-General's Department Roger Wilkins declared that the problem posed by Tor could be met simply by "demanding the encryption keys", when there are no permanent Tor encryption keys. The push is thus likely to grow stronger over time. But eventually, the same warnings of marauding sex predators and unsolved kidnappings and murders will be produced by police forces, the same dire warnings of coming terrorist attacks will be uttered by senior spies; the same mainstream media national security stenographers will run the same arguments as for data retention. And all for a problem created by security agencies themselves.
Keane: will Brandis and Turnbull go after encryption next?
The growing use of encryption and anonymisation tools by companies and consumers is infuriating security agencies and the copyright industry. When will they move against them?