AustLII Home | Databases | WorldLII | Search | Feedback

Privacy Law and Policy Reporter

 Privacy Law and Policy Reporter (PLPR)
You are here:  AustLII >> Databases >> Privacy Law and Policy Reporter >> 1996 >> [1996] PrivLawPRpr 35

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

Greenleaf, Graham --- "The scrmable to develop encryption rules" [1996] PrivLawPRpr 35; (1996) 3(3) Privacy Law & Policy Reporter 54

The scramble to develop encryption rules

Graham Greenleaf

As outlined in last month's special issue of PLPR on encryption and privacy, the outlined in last month's special issue of PLPR on encryption and privacy, the technologically advanced countries of the world are scrambling to develop defensible policies on encryption which will balance interests of personal and business privacy on the one hand, and law enforcement and national security needs on the other. Some recent developments in Australia and the UK are noted in this article.

Australia -- too many cooks? At least seven different enquiries currently underway in Australia touch on the development of encryption policies. Most visible is probably the AUSTRAC-chaired inquiry into the law enforcement implications of electronic commerce (details below). Austel's Law Enforcement Access Committee (LEAC) is looking at the telecommunications interception aspects. The Online Services Task Force of the Attorney-General's Criminal Law Division, the Wallace review of the financial system, an inter-Department committee headed by the Tax Office, and an electronic counterfeiting study involving Tax, Customs and A-Gs, all include encryption issues in their ambit. Last, but probably not least, is a review being carried out by an adviser to the Attorney-General's Department, a former senior national security officer. In addition, Standards Australia, Australia Post and others are developing public key infrastructure proposals. From all of this, some coherent government policy is supposed to emerge.

IPTF now ITAC

Another player which is likely to put its hat in the ring on encryption policy - and privacy and censorship policies - is the Information Policy Advisory Council (IPAC), foreshadowed (under the name `Information Policy Task Force' - IPTF) in the Coalition's `Australia Online' policy (see 3 PLPR 1) as a `standing advisory committee' supported by a secretariat in the Department of Communications and the Arts, to replace Labor's National Information Services Council (NISC). IPAC is to be chaired by Terry Cutler, and the other appointments will be announced soon (see Communications Minister Alston's INTIAA speech at http://www.dca.gov.au/speeches/intiaa.html). Some interesting turf disputes between DoCA and A-Gs may well emerge.

AUSTRAC's Electronic Commerce Task Force

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has been asked by the Commonwealth Law Enforcement Board (CLEB -- see http://www.nla.gov.au/cleb/ if unfamiliar) to head an Electronic Commerce Task Force (ECTF) to investigate electronic commerce issues of concern to Commonwealth Law Enforcement. It is to report by November 1996. It is to cover e-cash, smart cards and other forms of `cyberspayments', both domestically and internationally. ECTF's Steering Committee is made of law enforcement agency representatives, who are to invite privacy, banking, consumer, industry, government and other groups to participate in working parties.

Ford on crypto policy

Peter Ford, First Assistant Secretary, Security Division, in Commonwealth Attorney-General's gives some interesting insights in the current thinking from that direction in `Information Security, Censorship and Privacy', a paper presented to an AiC Conference in June 1996 (available at http://www.anu.edu.au/people/Roger.Clarke/II/Ford960619.html). The paper is most interesting in its discussion of the options available to law enforcement and other agencies in the event of strong encryption being widely available in the absence of any compulsory `key escrow' (`trusted third party' or `TTP') schemes. It discusses legislative options to encourage wide use of trusted third parties (which are therefore easier to serve with warrants but maintain covert operations), and suggests (rather ingenuously, perhaps) that a compulsory TTP licensing scheme would `offer better consumer protection'. It also discusses possible amendments to laws concerning evidence, self-incrimination, warrants etc to facilitate investigations and prosecutions in such an environment.

UK to licence `Trusted Third Parties'

On 10 June 1996 the UK Government announced that it would legislate to licence anyone who provided `encryption services to the public' - `Trusted Third Parties' (TTPs). The proposal in full is appended, extracted from the Government's `Paper On Regulatory Intent Concerning Use Of Encryption On Public Networks'. Significant features of the proposal are that, although any activities by `third parties' will be licensed, `the private use of encryption' will be unregulated. However, it is only proposed that export controls on encryption products will be relaxed if they are `applicable to encryption products which are of use with licensed TTPs'. The paper says `The licensing policy will aim to preserve the ability of the intelligence and law enforcement agencies to fight serious crime and terrorism by establishing procedures for disclosure to them of encryption keys, under safeguards similar to those which already exist for warranted interception under the Interception of Communications Act 1985.'

Graham Greenleaf, General Editor.

AustLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback
URL: http://www.austlii.edu.au/au/journals/PrivLawPRpr/1996/35.html