We keep hearing statements that legislation will be passed to enable
authorities to read encyphered traffic.
These systems are what is known as end to end systems.
The encryption is done using mathematical methods.
One is known as prime number encoding.
The message is typed in plain language on the senders machine.
It is then encyphed using the cypher program and two keys, the senders
and the receivers keys. The original is then destroyed.
Then the machine connects to the receivers machine and sends the
encyphered message. Am email attachment could be used instead.
The receiver then disconnects his machine from the transmission medium
and using the senders public key and his own private key decyphers the message.
Even if ASIO/Police etc get the source code program from the software
maker they cannot decode the message and the software company
cannot read the messages either.
There is probably a number of different programs available but they
will all have that problem.
One of the earliest such programs, PGP was broken with a brute force
attack on it but it took about 50 computers running all night after
everyone went home for about a year from memory to win the $1000 prize.
No doubt many very long keys are now used to turn the brute force
attack into hundreds of years to crack it.
So what is going on with all this chat by the pollies ?

Think Enigma !

Bazz I agree we must, no buts, face some loss of privacy to aviod loss of heads
A madness inhabits some protectors of rights, blind to the rights of future victims and there will be future victims
Some in my mob protect those rights, a special kind of mad blindness
Will watch the current senate inquiry in the hope we will see sane out comes

Hi Bazz,

Who are they going to target and when?
Where are they going to store it and for
how long?

I don't think that it will work. Usually police
and security forces get involved after the fact.
Can you imagine what an appealing target all
that data would make, especially to the very
criminals and terrorists against whom it
was supposedly collected in the first place?

Forced decryption may make a country look
oppressive, backwards looking, or a risky choice
for future economic investment. This is true in
an era of concerns about industrial espionage
and other anti-competitive behaviour.

Individual,
Enigma was a doddle compare to what they face today.
That PGP program that I mentioned used a key length of 1024 bits.
It took a long time to crack it. A key of over 10,000 bits may take
longer than the time to reach the end of the next ice age.
That is where brute force decoding breaks down, we will all be dead by
the time it is decoded.
There is some hope that quantam computers may speed that up but none
have been built yet.

The enigma had three rotators and they just tried every possible
combination until the bombe stopped with a possible decode.
The Lorenz machine a radio teletype system had 12 rotators, so they
had to build the first computer Colossus as the enigma method was too slow.
The only hope is a mathematical solution.
The Iphone was claimed by the FBI to have been broken but that might
have been by removing the parts from the phone which they had.
Apple stated that they could not decode the message as ordeded by the judge.

Yes Belly I agree we must sacrifice privacy for the sake of someone
elses life. Trouble is the horse has bolted and these programs are on
any phone or computer. Hacking into the targets computer might be the
only way to do it, but they are aware of that and have expert advise.
I am pessimistic about it.

Foxy,
well obviously the terrorist networks would be on top of their list.
Other intelligence operations are also targets and criminal gangs
international arrangements for drug shipments.
The traffic would be stored on their own computers. It is easy to make
them unhackable, just do not connect them to the internet.
I think you are confusing hacking with decyphering unhidden traffic.
Traffic analysis would provide a lot of knowledge about who is
chatting to whom. but there are systems that make that difficult.

I think the authorities only hope is to hack into the targets computer.
That might be possible if the targets use Windows but would be harder
if they use Linux. Still possible but the source code is available
so checking for hacking might be easier for clever programmers.