Prime Minister Malcolm Turnbull has been reprimanded by one of the world’s most respected internet security professionals for his comments on encryption, and for his push to force tech companies to allow police access to encrypted communications, which critics say will not be possible to implement.
In a press conference in July announcing the draft legislation Mr Turnbull remarked, in response to a technology journalist’s question, that “the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia”.
“I’m a mathematician,” says McAfee fellow and chief scientist Raj Samani, “[and] the one thing about mathematics is that you know, it is binary, that’s what we love about it, right?
“So, look, good luck trying to change the law of mathematics, I would suggest.”
Speaking exclusively to Fairfax at the McAfee MPOWER cybersecurity summit in Las Vegas, Mr Samani asked Mr Turnbull to reconsider his approach when it comes to consultation, or lack thereof, with the technology community on his government’s upcoming bill, which aims to address the issue law-enforcement agencies are facing when criminals and terrorists “go dark” by utilising encrypted communications and devices.
Mr Samani says his advice to Canberra — should it continue to want to legislate against technology companies to compel them to assist with access to encrypted communications — was “to engage and consult with the firms that this will impact”.
He says that while it’s all well and good to make statements about trying to circumvent the law of mathematics, the government (and technologists) are bound to ensure that consumers and consumer devices are protected.
“What you are doing is you are defining the future of how people use technology, and more importantly, how people can trust technology. [We’re all] going to have to trust technology because our lives are going to be put into the hands of devices every single day,” he says.
“Whether it’s an internet-connected pump, or a pacemaker, these types of devices are dependent on ensuring that they are secure, and that there are no noticeable flaws or backdoors in them. We want to make sure that somebody can’t go in and compromise them. And so, have these discussions [with industry and consumers].”
Mr Samani — who who has assisted multiple law-enforcement agencies in internet-related crime cases — is a special advisor to the European Cybercrime Centre in The Hague. He has been recognised for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe Hall of Fame, Peter Szor award, and Intel Achievement Award, among others.
Breaking into devices not always possible, even if companies assist
“I don’t necessarily believe that these companies have a treasure trove of encryption codes,” Samani says.
“The way that the majority of these types of devices are architected means that you can’t take your phone into a Genius Bar or wherever and say, ‘Hey, can you put the master key into my phone and put in a secret code’ and all of a sudden they are into the phone. There’s a reason why you go into these places and they ask you for your password beforehand. It’s because they don’t have the ability to do that.”
What the Australian government seems to want is the equivalent of the master key airport security use to get into any suitcase, Mr Samani says, but such a device for encrypted communication would “compromise the integrity and the security of the devices we need. And to me, in my opinion, we have to live in a world where we have absolute trust in those”.
Instead of compromising the integrity and security of devices, Samani says governments should partner with industry to collaboratively tackle crime.
“There are agencies across the world that recognise the value of public-private partnerships, collaboration, and working together,” he says. “And my advice would be to look at the successes of these organisations. In the past 2 to 3 years there have been multiple efforts to disrupt criminal gangs and multiple efforts to make the world a safer place. And that’s been done with a public-private partnership and looking at the needs for the 21st Century.
“So, my view is that we need to work and collaborate with the public sector to create the safer environment. And a lot of what we do is with partnerships with [law-enforcement] agencies across the world. But that’s done without sacrificing and compromising the integrity of the devices that we rely upon in our everyday life.”
The author travelled to Las Vegas as a guest of McAfee