The emu is one of Australia’s heraldic animals. The ratite cannot move backwards, which is supposed to show Australia’s hostility to progress. When it comes to cryptography, that’s not quite so true.
The so-called Five Eyes as well as India and Japan are launching a new campaign against encryption with a joint statement. The first victim of this revival of the “Crypto Wars” could be privacy coins like Monero, Dash or Zcash.
For governments, encryption has always been a curse and a blessing. On the one hand, of course, it is convenient to hide one’s secrets from the prying eyes of foreign enemies and domestic netizens. On the other hand, strong encryption allows citizens themselves to escape government surveillance, which, despite all professions of privacy, is not entirely desirable after all.
Good encryption and bad encryption
A joint statement from the so-called “Five Eyes” – meaning the U.S., U.K., Canada, Australia and New Zealand – as well as Japan and India expresses this ambivalent dissatisfaction with encryption:
On the one hand, they support “strong encryption” because it “plays a significant role in protecting personal data, privacy, copyrights, trade secrets, and cybersecurity.” Moreover, in repressive states, strong encryption protects “journalists, human rights activists, and other vulnerable people.” It is therefore “an existential anchor of trust in the digital world.”
But … but … you can also encrypt too badly! There is good encryption, and there is bad encryption. “Specific implementations of encryption technology pose significant challenges to public safety, including the most vulnerable members of society such as children who are sexually abused.” As a result, the governments are calling on companies to “respond to our serious concerns when encryption is applied in a way that completely prevents any lawful access to content.”
While preventing access to content under all conditions is exactly the purpose of strong encryption. Either you can break it, or you can’t; either Big Brother can read along, or he can’t. The fact that there is no gray area in encryption, only hard math, is something the cypherpunks wrote about back in the 90s (see the chapter on the “cryptographic divide” in my book on Bitcoin).
Nevertheless, governments are asking all tech companies to work with them to implement the following technical solutions: They should be able to take action against illegal content, such as deleting it, and to provide content to law enforcement in readable form if requested.
Obviously, end-to-end encryption, as applied by messangers such as Signal or as part of any meaningful email encryption through PGP, makes these desires fundamentally impossible. It “precludes lawful access to communications, posing serious risks to public safety”: it prevents tech companies from ensuring that their users comply with terms of service, and it prevents police from obtaining information for important investigations.
That’s why tech companies should “build mechanisms into the design of their encrypted products that allow governments to access the data in a readable format.” End-to-end encryption, then, is to become possible only in a way that the provider – and thus the government – can read. In other words, companies are supposed to build in the infamous backdoor.
Australia’s law against encryption
Of course, this concern contradicts the basic principle of encryption so completely that all the professions of privacy protection that precede the statement become mere empty words. Therefore, this government statement threatens the outbreak of a new “war on encryption,” as the U.S. government had already waged (and lost) in the 1990s. Or are we already in the middle of it? It seems so, at least if you look to Australia.
At the end of 2018, Australia passed the Assistence and Access Act, which stipulates that tech companies should help the state to view the content and communication data of their users. This also included the requirement to dispense with end-to-end encryption and to install backdoors, which the government can enforce by forcing companies to install surveillance software.
However, the law seemed relatively vague, which is why not much happened at first. Facebook, for example, blithely stuck to its plans to properly encrypt messages on Whatsapp, which is why even the Home Secretary Peter Dutton called on the company to move away from those plans and “implement a method by which there is lawful access to the content of communications to protect our citizens.”
Facebook, however, gave a thumbs down to this request. Fulfilling it would mean installing a backdoor, which could also give malicious actors access to the messages. Despite what appears to be moderate success so far, Australia appears to be becoming a hardliner in the new war on encryption. This is also confirmed by a startling development in the crypto market.
Privacy coins, no longer for Australians
At the end of August this year, several Australian exchanges removed so-called privacy coins, most notably Monero, Dash and Zcash, from trading. If you are from Australia and are looking for a new exchange, check out https://www.cryptocoupons.org/ and save some money when opening an account.
Exchange https://www.coinspot.com.au/, for example, wrote: “A regulatory update from our service providers regarding these Privacy Coins unfortunately makes it impossible for us to continue offering them for trading.” Similarly, the exchange https://swyftx.com/ announced it would have to delist all Privacy Coins “due to external regulatory and banking pressures.”
- While these two exchanges are based in Australia, Kraken is an American exchange. However, it too suspended trading of all Privacy Coins for customers from Australia at the end of August.
- The reason it cites, rather vaguely held, is a lack of “support for these assets from our commercial partners in Australia.”
- The specific reasons for the widespread delisting remain unclear. There are speculations that payment service providers such as Assembly Payments, which process Fiat payments with Australian dollars, could be behind this.
- However, it is also conceivable that the blockchain analyst Chainalysis, which the participating exchanges probably commission to monitor the payment flows, has its fingers in the pie.
Either way, however, it is still striking that the “commercial partners” involved are having such problems in Australia in particular. There may not be a direct connection to Australia’s law against encryption – but certainly an indirect one. Privacy Coins, one might suspect, serve as a kind of early warning system for a crackdown on digital freedoms.