We keep hearing statements that legislation will be passed to enable
authorities to read encyphered traffic.
These systems are what is known as end to end systems.
The encryption is done using mathematical methods.
One is known as prime number encoding.
The message is typed in plain language on the senders machine.
It is then encyphed using the cypher program and two keys, the senders
and the receivers keys. The original is then destroyed.
Then the machine connects to the receivers machine and sends the
encyphered message. Am email attachment could be used instead.
The receiver then disconnects his machine from the transmission medium
and using the senders public key and his own private key decyphers the message.
Even if ASIO/Police etc get the source code program from the software
maker they cannot decode the message and the software company
cannot read the messages either.
There is probably a number of different programs available but they
will all have that problem.
One of the earliest such programs, PGP was broken with a brute force
attack on it but it took about 50 computers running all night after
everyone went home for about a year from memory to win the $1000 prize.
No doubt many very long keys are now used to turn the brute force
attack into hundreds of years to crack it.
So what is going on with all this chat by the pollies ?

Think Enigma !

Bazz I agree we must, no buts, face some loss of privacy to aviod loss of heads
A madness inhabits some protectors of rights, blind to the rights of future victims and there will be future victims
Some in my mob protect those rights, a special kind of mad blindness
Will watch the current senate inquiry in the hope we will see sane out comes

Hi Bazz,

Who are they going to target and when?
Where are they going to store it and for
how long?

I don't think that it will work. Usually police
and security forces get involved after the fact.
Can you imagine what an appealing target all
that data would make, especially to the very
criminals and terrorists against whom it
was supposedly collected in the first place?

Forced decryption may make a country look
oppressive, backwards looking, or a risky choice
for future economic investment. This is true in
an era of concerns about industrial espionage
and other anti-competitive behaviour.

Individual,
Enigma was a doddle compare to what they face today.
That PGP program that I mentioned used a key length of 1024 bits.
It took a long time to crack it. A key of over 10,000 bits may take
longer than the time to reach the end of the next ice age.
That is where brute force decoding breaks down, we will all be dead by
the time it is decoded.
There is some hope that quantam computers may speed that up but none
have been built yet.

The enigma had three rotators and they just tried every possible
combination until the bombe stopped with a possible decode.
The Lorenz machine a radio teletype system had 12 rotators, so they
had to build the first computer Colossus as the enigma method was too slow.
The only hope is a mathematical solution.
The Iphone was claimed by the FBI to have been broken but that might
have been by removing the parts from the phone which they had.
Apple stated that they could not decode the message as ordeded by the judge.

Yes Belly I agree we must sacrifice privacy for the sake of someone
elses life. Trouble is the horse has bolted and these programs are on
any phone or computer. Hacking into the targets computer might be the
only way to do it, but they are aware of that and have expert advise.
I am pessimistic about it.

Foxy,
well obviously the terrorist networks would be on top of their list.
Other intelligence operations are also targets and criminal gangs
international arrangements for drug shipments.
The traffic would be stored on their own computers. It is easy to make
them unhackable, just do not connect them to the internet.
I think you are confusing hacking with decyphering unhidden traffic.
Traffic analysis would provide a lot of knowledge about who is
chatting to whom. but there are systems that make that difficult.

I think the authorities only hope is to hack into the targets computer.
That might be possible if the targets use Windows but would be harder
if they use Linux. Still possible but the source code is available
so checking for hacking might be easier for clever programmers.

As I understand it Bazz is correct, real encryption can't easily be broken.

I think there are other security vulnerabilities and built in backdoors to gain control over smartphones, tablets and PCs etc.

So many built in apps and components make them run such as chosen keyboards.

Do an online search for 'X agent pegasus'.

Sacrificing privacy for the sake of someone else's life may e superficially attractive, but it would have unintended consequences. If we introduce security vulnerabilities, hackers will exploit them. Note "will" rather than "might" - those who take the latter view are overly optimistic!

Where there's a threat, police and ASIO should break encryption when they can - but they should not rely on being able to do so, and they certainly shouldn't force the public to only use insecure software.

"What is going on with this chat by pollies?" "..quantum computing".

Australian of the Year 2018 has a Centre for Quantum Computer Technology. "..Since then she has established a large research group dedicated to the fabrication of atomic-scale devices in silicon and germanium using the atomic precision of a scanning tunneling microscope. Her group is the only group world-wide that can make atomically precise devices in silicon: they have developed the world’s first single atom transistor and the thinnest conducting doped wires in silicon."

?

If police are able to crack or backdoor programs the terrorists will simply communicate another way.

We have given up too much in the name of war on drugs and terror.

More people die from being homeless than by terrorists in Australia,
let's have a war on homelessness.

The best way to encrypt a message is when nobody recognises that a message even exists. Anyone who is serious about hiding information won't have a file named "break-me" standing out, just ordinary files such as photos, movies, executables, game-data and voice, all operational so nobody could suspect anything. Obviously, one would also use their own encryption method, rather than some off-the-shelf one.

If you want to catch the terrorists and criminals who make our life miserable, they can all be found in Canberra, parliament house. They never cared about our safety, only for their own interests and remaining in power, so they invented the "terror" scare in order to divert our attention away from them.

It's ordinary people that they are after, who do not have anything as serious to hide, perhaps only small secrets, and are too innocent to use sophisticated encryption methods. It's only them they want to scare.

Right it is called Steganography.

Bazz history is full of advances in finding ways around such things even from ww2
In time, if we can keep the PC mice out of the way we will see this in this case too
We can only hope we evolve enough to over come the thought personal freedom is or ever will be a shield used against us by people who do not believe in such things even for their own

Indeed Yuyutsu, messages can be embedded in such things as photographs.
At normal resolutions the characters in the photo are not visable.
However it would only take seconds for software to find the characters
in the photo. One time pads can be used to encrypt what is in the photo.
However you do know that there is a message hidden which is half the battle.
To stop anyone sending encrypted messages you would have to stop the
transmission of all binary files.
The fact that a person is sending encrypted files would be of interest
but the chances of ever being able to decrypt them because of the time
it would take, even if you guess what software was used, it would be too late.

I think the only way in would be to work out the way the program works
but having done that, you would would have to do the arithmetic in reverse.
Probably impossible !

Nick, the lady uou mentioned made a gate. It is a long way from there
to a functioning computer.

Bazz ( alias Xb 45-bytesize)

We can read the canberra code ( DuttonVmUpgradHelpere.exeX-Tunnel) and they know something. Would they mislead us ?

Then there is the simple book code,
A and B have access to thousands of books, via their local libraries.
They agree on a particular book for next weeks messages, et al, page and the number of letters in from the left or right margins etc. and it's uncrackable without knowing the book; permutations are virtually endless as well.

Some OLO posters use broken English or enigmas in agw denial.

Bazz quote "At normal resolutions the characters in the photo are not visable.
However it would only take seconds for software to find the characters
in the photo."

You do not know what you are talking about, please learn how something works before commenting like that.

Steganography look for a program then try it and come back with a more reasoned response.

Further, if you want to hide something real secret, hide it in a pornographic image, then hide that image in something bigger: even if someone suspects the larger object, they will think that you were merely hiding the pornographic image and won't look any further.

Messages are embedded in photos all the time, a simple one is for glamour shots in magazines to be embedded with the word 'sex' and like short words, particularly of the four letter variety, such embeds were exposed as an advertizing gimmick at least fifty years ago.

This is more up to date:
http://www.psychologistworld.com/influence-personality/subliminal-advertising

Please read before posting nonsense, what Yuyutsu and I are talking about is Steganography.

To simplify it you have a file any file you want to hide it you can hide it inside the data of another file.

For example you want to send someone a .txt document or a .jpg photo (remember any file you like) your file to hide is say 500k in size you get any other file say a .mp4 movie a .bmp picture file a Steganography program will hide the file so people only see 1 file unless you tell them something is inside it they will not know.

A 500k file can easily be hidden inside BUT the smaller the size of the other file the greater the chance of it being detected.

A 1K .txt file in a 20mb music file is going to draw no suspicion,

whereas a 5mb .txt file in the same 20mb music file would be suspicious.

Just read this link, for more info and programs.
http://hackersonlineclub.com/steganography/

Is Mise,
The book code was used a lot in the wartime.
It has a problem in that you have to agree on page line etc personally
as if you send it by mail, telephone etc etc.
With the PGP style programs you just exchange public keys by email.
Everybody has a public key and everyone can send messages to everyone
but no one else in the group can read each others messages.

Philip S, yes I know nothing about Stenography, never used it but even
bits in a sound recording could be found. In a 500kb file it would be
susceptible to a brute force attack, would it not ?
The text of course could be encyphered before input to the sound file.

Bazz Only an idiot would would put something large in a 500kb file.

To use brute force to find something first you have to know which file it is in then you have to know which of the many programs was used to hide something, good luck checking thousands of files.

Also brute force uses word dictionaries, some programs don't use passwords they can use files as the password some even use a password + a file or files + a set of numbers.

Most people would encrypt the .txt file before hiding it, if it was very sensitive info.

Dear Bazz,

For information within a sound recording to be found, first one needs to suspect the sound-recording. Say you have 100's or 1000's of these on your computer and they all sound reasonable, then how would you come to suspect them in the first place?

Then of course, the files within can be encrypted as well, and if you are good at it, then it will be using your own encryption and embedding programs on both levels rather than commercially-available ones, then your opponent would even need to suspect that you have such a program then find where it is (which would probably reside on the cloud and even be encrypted itself).

On top of this, I would time-bomb my encryption/embedding programs, so for example they take 36 hours to download, but are automatically destroyed within 24 hours unless two different people in different locations do something positive at least once a day to tell the cloud server to keep the files.

Those who have a serious reason will go through the trouble - the rest of us will have our own files used as evidence against us for jaywalking.

Bazz asked the question can it be done, I answered one he never asked should it be done.
Knowing Bazz,s background he knows a bit about the subject, it will not be easy
But it is my view it can be done, may already have been
And we will never know

Enigma was a doddle compare to what they face today.
Bazz,
That goes without saying, it is the mentality rather than the available technology. The real kick up the prverbial is yet to come though.
Because our insipd tax system all technology has been forwarded to China to produce goods cheaply.
Now this of course has handed China every trump card except the Trump card & they now have every bit of western technology at their fingertips. Just wait for the moment when all phones, computers etc will have a built-in worm activated.
Our incompetent & greedy bureaucrats have laid us bare to this in the insidious pursuit of the $.

Philip S & Yuyutsu,
The problem is not deciding which file to attack but the one emailed
to another person. Someone knowledgeable about what software was
available would not take long to work out which was used.
They could then mount an attack on the emailed file.
It comes back to the old story, if it takes too long the info is useless.
I do not know how vulnerable the cloud sites are but anyone monitoring
would see it uploaded.
Which gets me back to the original question, is it mission impossible ?
If so why the legislation request ?

Using the book system beats all the high tech stuff and if instead of a book an agreed daily newspaper is used then there is no need to mention the method ever, sequences can be memorized etc.

Dear Bazz,

Only amateurs would send just a single file by E-mail and only amateurs would use standard encryption programs. Professionals would have a bag of tricks, including at least to send or point to heaps of large files (such as movies) that look legitimate and normal and encrypt+embed (in just one of them) their secrets using their own software, itself hidden. Also, while even professionals might disclose their secrets under torture, an enforced delay in producing the keys will allow their colleagues (in other countries) to destroy the cloud-files before they can be downloaded.

So to catch real professionals, is mission-impossible, but that's not what government wants: they want to scare the rest of us into obeyance of their laws, ordinary people whose biggest crimes could be to fail to recycle their garbage or to illegally poison a tree in their yard or a possum on their roof. Yes, the proposed legislation will indeed help the councils to book them.

Bazz Terrorists are not going to email something like that it would be put on facebook or something like that, there are hundreds of millions of files uploaded to sites each day, mission impossible.

"If so why the legislation request ?" Control of people.

Politicians do not come up with the new laws except in very few cases, laws and regulations come from bureaucrats politicians are their instrument of implementation.

If they really wanted to stop things not entirely but to a large extent they could, simply put MONEY the banks are the way of putting the breaks on terrorists, corruption, etc.

Dear Philip,

I did not understand your suggestion about how money could be used to stop terrorism.

Of course, that is "If they really wanted to stop things", but they don't: both governments and the media gain from terrorism - it gives them a job! The proposed legislation would give them even more white-collar jobs.

Had governments and the media stopped to respond to and report terrorism, terrorists would no longer have anything to gain, so they would stop - killing a few people at random, in itself would not forward any of their goals: they are after terror, but without the reaction there won't be any.

Yuyutsu I should have worded it a bit better.

The banks help facilitate terrorism, corruption etc by allowing the transferring of funds, usually on a weekly bases there are stories even in MSM of banks involved in money laundering etc.

That is probably the only place to stem the flow of money from and to terrorists, corrupt officials and other crimes.

This has not happened in my opinion because there is too much money being made by people in high places and positions.

Would you agree or not?

Dear Philip,

I don't know enough in order to agree or not whether anti-laundering measures can be effective.

What I do know, is that they are a burden on ordinary innocent people.

If anything, it should not be the banks to decide and we should never need to tell our bank manager about our private reasons for transferring money. Also, banks often use "anti-laundering" as an excuse to keep our money longer.

Perhaps when we make an international transfer, we should get an electronic ticket that is independent of the bank, then the bank must immediately transfer the money to some clearing house, then IF we need to justify the transfer, we fill all the necessary details online, directly against some money-laundering authority without the bank's involvement and assuming there are no suspicious circumstances, approval should normally be immediate.

Silly Govt policies aid terrorism also.

This story to me adds to the government want to control people, use your phone as a license hand it to police and immediately they have it they did not have to ask you for your password, very sneaky.

http://au.news.yahoo.com/carrying-drivers-licence-soon-phased-112311501.html

Drivers in Sydney’s eastern suburbs are now able to sign up for a digital driver’s licence.

The technology is still being trialled, but if it’s successful your smart phone may soon be all you need to prove your identity.

“Smart phones have already become the de facto wallet,” Minister for Finance, Services and Property Victor Dominello said.

“You can already put movie tickets on them, do shopping on them, do banking on them.”

Now, you can use them as ID when asked by police or to gain entry into a licensed venue.

NSW Acting Superintendent Sam Crisafulli said it may also see a reduction in fraud and stolen mail.

A digital version is hard to fake because it contains animated logos and requires a PIN.

Drivers in the eastern suburbs can take part in the trial through a Service NSW online account.

The area has been chosen for the trial because it has hundreds of clubs, pubs and restaurants, as well as 140,000 licence holders.

“The people in the eastern suburbs are very connected, very tech-savvy,” Coogee MP Bruce Notley-Smith said.

“And I think they’d appreciate having a go at this.”

A similar pilot in Dubbo had an 83 per cent satisfaction rating.

The trial is open to drivers, learners and P-platers, but motorists are being urged to hang on to their plastic licence during the trial period.

If successful, any future roll-out will be “opt in” only.

Phillip S, Is Mise & Yuyutsu
I think you are assuming a level of sophistication which would be
reasonable for state security services, but criminal and terrorist
groups will not be at that sort of level.
An FBI case in the US was just one such. They used an encryption
provided by Apple for the iPhone, but Apple could not decrypt it
because they did not have the keys.
The sort of precautions that you all suggest would no doubt be used
by state intelligence services but that is not who they are tackling.
Is Mise mentioned that the book method could use newspapers.
That would fall down if to be used internationally as a different
edition could be sold in the destination area, and if not the time for
that issue to arrive at the remote location would give a significant
delay even if available.
Interesting I just entered a phrase out of the Economist into google
and it found it in less that a second.
You have to realise of course that a newspaper is being used.
It has to be a phrase in a fixed position so there is a place in every
issue so a brute force attack would be time consuming for the first
one but from then on it would be home & hosed.
It means checking the whole magazine or paper to find that place.
Hmm, how do you find the phrase location used and what is the phrase ?
Oh well an interesting exercise. I have learnt lots.

Yuyutsu When people leak info about criminal fraud etc, the higher ups in the bank you can bet knew about it but said nothing because of the amount of money they were getting. They know who the criminals are.

German police raid Deutsche Bank over suspected money laundering

A money laundering probe stemming from the "Panama Papers" has led police to Deutsche Bank, according to authorities. Prosecutors believe the bank helped clients "transfer money from criminal activities" to tax havens.

Federal police on Thursday raided the Frankfurt offices of Deutsche Bank. The Frankfurt prosecutor's office said the raids stemmed from an investigation into suspected money laundering at the German bank.

About 170 law enforcement agents took part in the operation. The investigation revolves around multiple Deutsche Bank employees, including two believed to still be working at the financial institution.

Deutsche Bank said it was "fully cooperating" with authorities. "The case is related to the Panama Papers," a spokesperson said.

'Criminal activities'

According to prosecutors, Deutsche Bank is suspected of helping some 900 customers set up offshore shell companies in tax havens to "transfer money from criminal activities." They said some €311 million ($354 million) are believed to have been laundered, citing information gleaned from the so-called Panama Papers.

Markus Meinzer, financial secrecy director at the Tax Justice Network, told DW he was "surprised that German officials would finally take action" on information garnered from the Panama Papers.

"It has been two years that they've been analyzing these files," Meinzer said. "We have seen in other situations that German prosecutors took very long to take action" against tax avoidance schemes and financial crimes.

** Rest of story at above link - This show what I said that the banks can stop a lot of illegal things if they wanted. **

Sorry link here.

http://www.dw.com/en/german-police-raid-deutsche-bank-over-suspected-money-laundering/a-46499349

Dear Philip,

I suppose that banks indeed COULD stop a lot of illegal things if they wants, but this is not and shouldn't be their roll. What I suggested is an independent public authority that reviews transactions (as necessary) for the purpose of preventing crime and do only this, swiftly and efficiently.

Quote "What I suggested is an independent public authority that reviews transactions (as necessary) for the purpose of preventing crime and do only this, swiftly and efficiently."

I agree but see 2 problems
1 They would need access to bank data they will not give them that.
Or the banks will manipulate things to avoid reporting or hide data and transactions.

2 Where will you find honest and trustworthy people to do it?
You can bet it would not take long before politicians got involved to protect themselves or friends

Crime will not diminish as long as there's no deterrent !
If Renee Lawrence has to spend time in prison here then she'd be a perfect person to ask regarding Prison in Australia being a deterrent in comparison to Indonesia.

Still think there is a very good chance they already have
And will never tell us
In fact saying they have not would be the default position surely
Until they could no longer hide the fact it has been done