[nikcub]

The story title mentions Australia but this is relevant to all the 5eye nations, as they're obviously pre-briefing the media on what the agenda will be and this is the first time that we're getting detail on what they'll be proposing (the UK proposals were vague)

What they seem to be talking around is implementing an app-level CALEA-like capability.

What I think how they think it would work: companies would be made to build lawful targeted intercept capability into their apps, in the same way telephony and other equipment is today. The app developer receives a warrant for an identifier and they're required to split off that traffic and change the keys, or encrypt it twice (the sender/recipient key and an intercept key - one per warrant (this happens with some net and tele warrants now)).

We all know the downsides of this approach, but it isn't technically impossible. What would be impossible is enforcing it, as it is more a regulatory hurdle. It is more possible today because of vertically integrated walled gardens being used for most app distribution - and backed by two of the largest companies in the world who may be susceptible to a compromise (especially as there is the large tax issues hanging over both their heads).

On a scale of how bad things can get - I think warranted targeted surveillance is better than device backdoors which is better than metadata retention which is better than the mass surveillance we have today (leading to cable splitting and DPI, or situations like Lavabit)

I don't see how, even if you're ok with warranted targeted surveillance, how a compromise is made here that doesn't lead to a wack-a-mole game where legitimate users are inconvenienced while the 'bad guys' are pushed onto alternate Android distributions and unofficial apps.

I also don't see how a CALEA-like capability is kept secure and safe - especially with apps (we saw the NSA use CALEA intercept to surveil political targets). Clapper et al always vaguely answer "key escrow" to this question without spelling out how that would work.

With subsequents backdowns in the scope of what these governments are wanting to do (and this latest proposal is again is a minor backdown) we might be reaching the finite conclusive point where comms do go dark and the new reality is that despite all of the tech we have law enforcement mostly relies on human intelligence and they'll have to scale back up for that. 3,500 terror suspects in the UK, 4,000 employees at MI5 - and notably in the recent attacks there were HUMINT warnings.

[pdkl95]

> that doesn't lead to a wack-a-mole game

Stored-program general purpose computers are a fundamentally a threat to any entrenched power that relies on being able to control any potential risk with physical, legal, economic, or social force. The only real way to control software that is no longer scarce is to find a way to hobble the "universal computing machine" so it is no longer universal.

Cory Doctorow's warning[1] about the War On General Purpose Computing received a lot of attention, but I suspect his far more important followup[2] about the looming Civil War over General Purpose Computing was had a much smaller audience. Dan Geer suggested[3] that this "Cold Civil War" has been ongoing for a long time already. With this new push by FVEY nations against crypto, it looks like the war is starting to heat up.

> where comms do go dark

That's just not true. Metadata is everywhere and will likely only get even more informative into the future. As Susan Landau explained[4] in her testimony to Congress, the only people "going dark" are the people trying to "preserve 20th century investigative techniques [while] our enemies are using 21st century technologies against us." Complaining about "going dark" is just misdirection away from a total failure to update investigative techniques to not just keep up with changing technology, but to take advantage of the new opportunities created by our growing sea of {,meta}data.

[1] http://boingboing.net/2012/01/10/lockdown.html

[2] http://boingboing.net/2012/08/23/civilwar.html

[3] http://geer.tinho.net/geer.blackhat.6viii14.txt

[4] https://www.youtube.com/watch?v=g1GgnbN9oNw&t=3h35m50s

[throwaway82344]

I rushed through the article but it didn't really say anything of value, other than justifications from the state for treating everyone as criminals (oh how convenient that would be).

You don't really need much for targeted surveillance, right ? One only needs to tap into the distributor and push a specific trojan update.

Even without that Telegram and Signal already have vulnerabilities by tying key-pairs to phone numbers via OTPs. GSM is broken, ergo so are these. If these agencies wanted to do targeted surveillance there is very little in their way IMO.

The argument presented in the article is a specious one in that they use the premise of targeted surveillance for instituting the structures for mass on-demand targeting.

This is a very slippery slope, and as usual the morons that form our 'forth pillar' have let us down badly.

[markvdb]

Following this logic, it's a question of time until GPG gets outlawed.

[Freak_NL]

It would mean outlawing any software implementing asymmetric encryption; it would essentially mean making a specific application of maths illegal. Because this would also imply outlawing TLS as we know it, a lot of resistance can be expected from citizens and (parts of) governments and corporations alike.

That doesn't rule out such silliness from happening, but it will be a tough fight, so for now they'll probably stick to going after the silos (e.g., WhatsApp) and simply get them to substitute true end-to-end encryption for some backdoored solution — it's easier and more effective now.

[Spooky23]

I think that you're spot on. My only surprise would be that it hasn't happened already.

Many of the major telecom-ish apps that were not subject to interception added the capability later via regulation or circumstance. Nextel Direct Connect, Skype and the mysterious purchase by eBay, and FaceTime after the patent suit come to mind.

[Asdfbla]

Thanks for your analysis, seems like a realistic reading ​of the situation.

I wonder if the threat of the net going dark is really anywhere as bad as the intelligence agencies pretend, considering that there is more information available than ever before outside of those encrypted messaging apps.