And the not-for-profit group that claims to represent Internet users in the country, says the Government's “Facebook encryption letter” even contradicts the Government’s own advice for Staying Smart Online Week.
Criticising the action by the Government expressed in an open letter to Facebook signed by the Minister for Home Affairs, Peter Dutton - along with his counterparts from the US and the UK - Internet Australia (IA) said: “It is ironic that this entreaty for Facebook to NOT improve the security and confidentiality of its online messaging platform is made in StaySmartOnline Week, on the same day the government’s own cyber security centre revealed Australians are reporting cyber crimes every 10 minutes."
In a statement issued on Friday, Internet Australia chair Dr Paul Brooks said, “End-to-end encryption will not mask who a person is communicating with, the circle of acquaintances, the size of messages, dates, times and frequency of messaging, and other data valuable to law enforcement. These patterns and metadata about messaging behaviour can be as important, if not more important, than the content itself, in criminal investigations”.
|
“Under the heading ‘Protecting Conversations’, the ISM advises, “When sensitive or classified conversations are to be held using telephone systems, the conversation needs to be appropriately protected through the use of encryption.
“In the 21st century, the same advice applies to sensitive conversationsconducted over any third-party network, including online messaging systems,” Dr Brooks said.
The IA also noted that the Australian Cyber Security Centre had reportedly received more than 13,500 reports of cyber crime since July, with the Federal Government estimating “almost one in three Australian adults were affected by cyber crime last year”, with estimates by Microsoft that cyber security incidents cost Australian businesses up to $29 billion each year.
Dr Brooks said that the ACSC on its website identified that “1 in 5 Australians have experienced identity theft” – and these were just some of the very cyber crimes that encryption of messages were designed to thwart, by ensuring information was kept confidential from eavesdropping criminals seeking personal data that could be used to impersonate another trusted party.
“End-to-end encryption provides several more online safety benefits than simply protection against eavesdropping,” Dr Brooks said.
“It also provides assurance that the person or site at the other end isthe actual person or site that you intended to communicate with, and not an impostor or a ‘man-in-the-middle’ attacker.
Internet Australia said the ACSC had reported that "email compromise" was one of the top issues reported. However, Dr Brooks noted, “If we had moreencryption and authentication in applications, especially in email, most of the forms of reported cyber crime, such as phishing emails and bank scams, would be much easier to detect and avoid.”
IA also noted that the open letter from the three governments focused on law enforcement agencies’ loss of guaranteed access to the content of all messages, potentially hindering investigations into child exploitation and criminal activity.
“The reality is that that horse bolted many years ago,” notes Dr Brooks.
“Criminals, as wells as law-abiding citizens and businesses, can, and do, already communicate securely, using encryption apps to scramble messages before sending. Restricting ordinary users from easily accessing the same security benefits simply perpetuates the vulnerability of ordinary users to online criminals.
“Internet users across the globe have been educated to look for the ‘green padlock’ in their Web browsers, signifying a secure connection to their bank, to buy tickets, or conduct any sensitive transaction with their sensitive data protected by encryption – this Facebook proposal, which the three governments are asking to be stopped, would provide the same benefits to person-to-person messaging on those platforms,” Dr Brooks added.
Internet Australia also noted that law enforcement agencies would still be able to have access to metadata about messaging patterns, even if they no longer had access to the content.