[Cryptography] Who Is the Encryption Working Group?
Alfie John
alfie at alfie.wtf
Thu Feb 20 08:04:23 EST 2020
Here's an article that popped up today:
https://www.zdnet.com/article/watchdog-ponders-tougher-independent-oversight-for-australias-encryption-laws/
From the article:
Renwick rejected the idea that the encryption debate comes down to a choice
between two binary opposites, however.
He cited the comments by the "distinguished" Encryption Working Group (EWG)
assembled by the Carnegie Endowment and Princeton University. EWG called for the
debate to abandon two straw men.
"These are, first, that we should stop seeking approaches to enable access to
encrypted information, but second, that law enforcement will be unable to protect
the public unless it can obtain access to all -- and I emphasise the word all --
encrypted data through lawful process," Renwick said.
As EWG wrote, "[These are] absolutist positions not actually held by serious
participants, but sometimes used as caricatures of opponents."
The "not actually held by serious participants" is troubling. Having never heard
of the EWG, I looked them up:
https://carnegieendowment.org/programs/technology/cyber/encryption
Here's an incomplete member list from their website:
• Jim Baker - Former General Counsel, Federal Bureau of Investigation
• Katherine Charlet - Program Director, Technology and International
Affairs, Carnegie Endowment for International Peace
• Tom Donahue - Visiting Fellow, George Mason National Security Institute,
and former Senior Director for Cyber Operations, National Security
Council, White House
• Ed Felten - Robert E. Kahn Professor of Computer Science and Public
Affairs, Princeton University
• Avril Haines - Senior Research Scholar at Columbia University’s
Columbia World Projects and former Deputy Director, Central Intelligence
Agency
• Susan Hennessey - Executive Editor, Lawfare, and Senior
Apart from Ed Felten, that's a few names there I wouldn't want to be on the same
ist as...
Looking at the group's "Moving the Encryption Policy Conversation Forward" article
[1], it reads like the thin end of the wedge. I found the section "Branch 4:
Focusing on Approaches That Involve Key Escrow, Rather Than Delivery of Code Updates
to a Phone" chilling:
"As scoped so far, there are two primary ways in which law enforcement could
theoretically gain access to a mobile phone. One of these is to develop an
approach involving key escrow, in which copies of encryption keys are held
securely so that, in certain circumstances, an authorized third party can access
them. The second would be for law enforcement to ask or compel service providers
to send a uniquely designed software update that would enable law enforcement to
surreptitiously access data on a specific, targeted phone."
Now remember... this is an organisation called the *Encryption* Working Group
brainstorming how to sidestep encryption?! I feel like they need to rebrand.
Is the EWG, at all, representative of the cryptography and computer security
community (i.e "serious participants"), rather than the feeling I get that they're
a think tank backed by law enforcement trying to gain mindshare when articles refer
to them as "distinguished"?
Alfie
PS: I also wanted to raise this as a comment on the article, but it looks like
Stilgherrian (I'm guessing also a member of EWG given that he writes for them as
stated in the article) banned me for asking the following in the comments:
As far as I can tell, Dr James Renwick CSC SC is not an Ombudsman in line with the
definition of "Ombudsman" within the Ombudsman Act of 1976.
Given "ASIO gave him access to all documents", it would be interesting to see if there
was a breach of "317ZF Unauthorised disclosure of information"[2].
[1] Moving the Encryption Policy Conversation Forward
https://carnegieendowment.org/2019/09/10/moving-encryption-policy-conversation-forward-pub-79573
[2] Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018
https://www.legislation.gov.au/Details/C2018A00148
--
Alfie John
https://www.alfie.wtf
More information about the cryptography
mailing list