The recently released exposure draft of the Assistance and Access Bill 2018  redefines the future of government interception of electronic communication. Left unchanged it will have far reaching consequences for the security and privacy of Australian’s. The legislation is both long and complicated; it raises a number of questions and concerns, which so far have not been adequately addressed. The following is a look at the legislation from the perspective of a techie; I am not a lawyer. My analysis is based on viewing the legislation as a technical document, looking for gaps and inconsistencies, since that is so often where the greatest threat lies. My opinion is that the greatest threat stems not from the compulsory notices, but the voluntary requests, which have greater scope and less oversight.
The recent news of Cambridge Analytica’s alleged usage of facebook data should act as wake-up call to us all. It may seem like the amount of data in question is large, the number of individuals certainly seems to be, however, when taken in the context of wider data collection it is just the tip of the iceberg. We are increasingly leaving ever more detailed digital footprints, it’s not just the data we choose to share; every aspect our digital lives is monitored, recorded, and profiled in excruciating detail. From what websites we visit, to what we buy, the music we listen to, through to the people we know. It is all used to build an in-depth profile of who we are and what we can be influenced by.
The public are largely unaware of the losing battle security researchers have been fighting against western governments for the last 30 years. Ever since the creation of modern cryptography, western governments have sought to undermine and outlaw its use and distribution. The tactics have ranged from subverting standards, in order to require short keys sizes (GSM, DES), banning the export and publication of cryptographic algorithms (PGP ), and more recently creating back-doored cryptographic components (DRBG).
Back in 2013/2014 I was working on vVote Verifiable Voting System, which involved implementing a number of threshold cryptographic protocols. At the time there was very little by way of examples or frameworks to learn/play with threshold crypto. Recently I had some time available to take what I had learnt over those years, and since, and put together a library of threshold cryptographic protocols. The library is open source and written in Java. It is not intended as a commercial use library, more something for those interested in threshold cryptography, and fellow academics, to play around with.
After many years of thinking about writing a blog I finally decided to do it. Primarily because I am increasingly finding that I have something to say about what is going on. The blog will focus on information security, privacy and electronic voting - the areas I currently do research on. There may be the occasional post about life as an academic and travelling, but they will be the exception not the norm.