Australian Law Enforcement Pushes Against Encryption, Advocates Data Retention 88
angry tapir (1463043) writes "Australia is in the middle of a parliamentary inquiry examining telecommunications interception laws. Law enforcement organisations are using this to resurrect the idea of a scheme for mandatory data retention by telcos and ISPs. In addition, an Australian law enforcement body is pushing for rules that would force telcos help with decryption of communications."
Does not exist (Score:4, Interesting)
Using software that explicitly makes it impossible for you to comply with the law is not defense against the law.
It's not that the software doesn't comply with the law. It's just that the things that your are asked to provide in the first place simply DOESN'T EXIST (provably, per math and crypto science).
Like said by gnasher719 [slashdot.org] somewhere else [slashdot.org] among the comments on this /. entry :
It's like two shops, one with a video camera running and one without. The shop with the video camera must hand recordings over to the police if there was a crime in front of the camera. The shop without the video camera doesn't need to do anything, and doesn't have to install a camera just in case someone gets stabbed in front of the shop.
The second doesn't have any record to disclose if ordered by the court. There just don't exist any recording that they could hand over. There security relies on some completely different scheme (say, a heavily armed bouncer/guard) which doesn't involve any camera nor any recording that could be handed over.
OTR relies on a completely different form of encryption (perfect forward secrecy, powered by ephemeral diffie-hellman) that doesn't involve permanently stored passwords. So there's nothing that you could hand over, even if asked by court.
It can potentially be defense against revealing your secrets in the face of "rubber-hose" decryption attempts, but unless your secrets are *really* important you're unlikely to appreciate being unable to reveal them under duress.
The goons who are going to beat you, to obtain a password, even if no password exists, are probably going the same goons who are beating you into revealing a password to get access to your huge stash of monney, even if you're actually broke. You know, just beat you in case there's a slight chance to get some money. Don't listen that you don't have a password, or that you don't have money. Maybe they should beat you a bit more. You know, in case you're bluffin and you actually have a password, or actually have money (hidden by another password that you haven't caugh up yet). Or maybe you gave them money, and they'll beat a bit more just to see if you don't have more of it. Who knows what they are going to get if they keep beating you? More money? Or plain more fun while beating you ?
There's no point of anything. Brutal goons who have decided to beat are going to beat your poor soul out, no matter what. Either you have a password or not. Either you already gave a couple of passwords or not. Either you have money or not. Either you already gave some money or not. They'll make you miserable even a bit more just in case.
Cryptography is only a defence against lawful individual. Who follow law and have to follow due process. They can't require you to provide something that provably doesn't exist. And modern day cryptography helps you bring irrefutable proof that the password doesn't exist.
(gnasher719's camera doesn't exist, so you provably don't have any records to bring to court).