- The Strategist - https://www.aspistrategist.org.au -

Encryption: the perils of ‘going dark’

Posted By on August 22, 2017 @ 06:00

In June, Andrew Davies produced a pair of Strategist pieces (see here [1] and here [2]) on the encryption challenge to security, in the process succinctly explaining why our telecommunications intercept (TI) capability is ‘going dark’ [3]. Andrew’s second contribution paints a rather bleak picture of the future of this collection capability: ‘[T]he access to data through lawful intercept that our security agencies once enjoyed will never be possible again.’ The loss of TI effectiveness will hit the Australian law enforcement community particularly hard: it’s the fundamental building block for complex investigations. Before considering what ought to be done, it’s worth examining how an over-reliance on TI has shaped contemporary police thinking.

A number of dated assumptions underpin the Telecommunications (Interception and Access) Act 1979 [4]. While Andrew’s first instalment provided some insight into the prevailing technological conditions of the day, I’d argue that authorities at the time had also assumed the following:

  • The Australian government had a technological edge over the private sector and could arguably adopt technology rapidly (at least by the standards of the day) to any foreseeable change in the operating environment. However, that’s no longer the case.
  • Many Australians trusted their government to self-regulate its use of intrusive powers.
  • The government would maintain its monopoly control over the telecommunications industry. Deregulation and privatisation [5] have, for better or worse, dramatically changed that arrangement.
  • Law enforcement’s physical access to telephone communications was a relatively simple affair—a point made particularly clear by Andrew.

While successive governments have tinkered with the Telecommunications (Interception and Access) Act, they have at various stages failed to engage with the seismic paradigm shifts that have occurred.

Since 1979, we all got phones in our houses, and later in our pockets, while law enforcement got an effective and efficient intelligence collection capability. That capability offered police officers direct access to the most private of conversations between alleged offenders.

From 1979 until the 11 September 2001 terror attacks, Australia’s law enforcement agencies experienced significant pressures from governments to reduce expenditure. With cost-effective access to TI material a given, successive police commissioners found savings in the degradation of undercover and human intelligence capabilities. A series of high-profile inquiries into Australian police services in the 1980s and 1990s hastened that degradation: allowing police officers to engage with criminals became an unacceptable risk.

In an intelligence collection management sense, TI became so effective that many of the most basic principles of intelligence collection management were discarded in the law enforcement domain. Long-held principles, such as redundancy in collection efforts, in which more than one collection asset is tasked to ensure that information can be confirmed, were abandoned.

Until recently, no Australian law enforcement agency seemed to believe that going dark was possible. However, Andrew’s recent work reveals that we’re unlikely to be able to legislate our way out of the problem.

I struggled to find a contemporary and comparative going-dark case study until I reflected on the intelligence collection challenge of the ADF’s 1993 deployment to Somalia. Ready for contemporary operations, the ADF deployed tactical signals intelligence capabilities to Somalia to support the operations of a battalion group. With precious few transmissions to intercept, the battalion intelligence collection went dark. In response, it rapidly established [6] human source capabilities in the field. Over the years since that deployment, the ADF has developed a robust human intelligence collection capability that augments technical collection capabilities and provides protection against going dark.

With that vignette in mind, perhaps an alternative approach to going dark might be found in intelligence and investigations tradecraft.

Collection management is an often overlooked, yet critical, component of any successful intelligence endeavour. For law enforcement agencies, greater emphasis needs to be placed on adequately developing intelligence professionals who can approach the problem of collecting intelligence and evidence in an imaginative manner, using a combination of intelligence disciplines. There can be no doubt that in the emerging law enforcement operating environment the collection of evidence and information will be riskier and more difficult. But there appear to be few other options.

While collection management will provide a roadmap for where to go next, the loss of TIs will necessitate greater investment in alternative collection disciplines, which will be costly. At the very least, physical surveillance and undercover and human source capabilities will become increasingly important in our future TI-dark world.

While we may not be able to decrypt communications, we shouldn’t turn our back on technical intelligence or the exploitation of the electromagnetic spectrum. Through the study of communications using tried and tested techniques such as traffic analysis, intelligence value can still be drawn from identifying communication patterns.

TIs have provided police and intelligence agencies with a real advantage for almost 40 years. For my money, the secret now is not to lament the loss of that valuable capability but to innovate to the conditions of the day. While Andrew quoted Dylan, I’m going to refer to the sage words of ’80s popstar Kim Wilde [7] to describe the opportunity this presents: ‘And we were dancing. Dancing in the dark … Something’s gonna start’.



Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/encryption-perils-going-dark/

URLs in this post:

[1] here: https://www.aspistrategist.org.au/going-dark-strong-encryption-security-part-1/

[2] here: https://www.aspistrategist.org.au/not-dark-yet-strong-encryption-security-part-2/

[3] ‘going dark’: https://www.fbi.gov/services/operational-technology/going-dark

[4] Telecommunications (Interception and Access) Act 1979: http://www.austlii.edu.au/au/legis/cth/consol_act/taaa1979410/s191.html

[5] Deregulation and privatisation: http://www.emeraldinsight.com/doi/abs/10.1108/09685229610126986?journalCode=imcs

[6] rapidly established: http://www.au.af.mil/au/awc/awcgate/milreview/blackstone.pdf

[7] Kim Wilde: https://www.youtube.com/watch?v=TrsMQWVyip0

Copyright © 2021 The Strategist. All rights reserved.