The Walsh Report was an Australian cryptography policy review undertaken for the Australian government by Gerard Walsh, initially released in 1996 and then withdrawn before its sale to the public. Electronic Frontiers Australia (EFA) obtained a redacted copy under freedom of information laws and published it on EFA's website. Subsequently, an unredacted copy was found and the redacted parts were added to the EFA copy.
The Walsh Report was an Australian cryptography policy review undertaken at the request of the Secretary of the Attorney-General's Department [1] by Gerard Walsh, the former deputy director of the Australian Security Intelligence Organisation (ASIO). [2] The report included a broad analysis of cryptography issues from an Australian context. [3]
The report, titled Review of Policy relating to Encryption Technologies, is popularly called the Walsh Report. [2]
In his report, Walsh found that there was a lack of coordination in the government over the establishment of cryptography policy. Walsh also reported no clarity as to which department and which minister was responsible for cryptographic policy. Consequently, there was a danger that policy would be developed without being coordinated. [2]
The main advice given by Walsh in the report was that major legislative action to safeguard law-enforcement or national security was not required at the time.
No specific options were recommended in the report for legislation on cryptography, nor did the report recommend mandatory key recovery. [4]
Recommendations in the report for minor legislative and other actions included:
Walsh was invited to undertake his review following on from the Barrett Report, which concluded: "while Australian agencies all report that encryption has not been a problem to date, it is likely to become one in the future." [1]
The Walsh Report was issued on 10 October 1996. [2]
After being printed, deposit copies of the report were lodged by the Australian Government Publishing Service (AGPS) [5] [ dead link ] with around 40 university and public libraries under a free deposit scheme. [6]
The report was listed for sale in January 1997 by AGPS. Three weeks later, Electronic Frontiers Australia (EFA) enquired why it was not actually available. [1]
In February 1997, [4] before the Walsh Report was publicly released, the Australian Attorney-General's Department embargoed it and withheld the report from commercial sale. [2] [5]
In March 1997 EFA applied for the release of the Walsh Report under the Freedom of Information Act 1982. [1] [5] [7] [8]
Initially, the request was denied. Following a review that was requested by EFA, [1] in June 1997 [1] EFA obtained a copy of the Walsh Report that had been redacted [2] [3] on national security, [3] defence, international relations, internal working document, law enforcement and public safety grounds. [1]
EFA then published the redacted version of the Walsh Report on its website. [8]
In December 1998 [5] an uncensored copy of the Walsh Report was discovered in the State Library of Tasmania by Nick Ellsmore, a university student in Hobart. [2] [6] [7] [9] [10] Ellsmore alerted EFA to the availability of the report. [1]
By comparing the redacted and unredacted copies it was possible to identify the censored sections of the report. [9]
EFA added the redacted parts to its copy on the Internet, [2] and highlighted them in red. [1]
Following the discovery of the uncensored copies of the Walsh report, The Australian newspaper revealed the censored recommendations. [6] Release of the complete report was also covered by Hobart's Mercury , Melbourne's Sun-Herald , The Sydney Morning Herald , many Internet news sites and radio stations in Perth and Sydney. [1]
On 10 February 1999, after The Australian's revelations, the Australian Government Information Service (AusInfo), the government publisher, wrote to the deposit libraries. The AusInfo letter, said that the "Attorney-General's Department wants all copies recalled" and asked that copies of the report be returned to AusInfo.
A spokesperson for Daryl Williams, the Attorney-General, said that the release of the Walsh report had been discussed with AusInfo, but denied that the Government initiated the recall.
In February 1999, EFA cryptography committee chairman, Greg Taylor, said: "The bumbling attempts to censor the [Walsh] report have only served to focus international attention on it". [6]
Redacted observations included:
The censored recommendations included:
The Data Encryption Standard is a symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for applications, it has been highly influential in the advancement of cryptography.
In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.
A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.
Communications security is the discipline of preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients.
Bernstein v. United States is a set of court cases brought by Daniel J. Bernstein challenging restrictions on the export of cryptography from the United States.
The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.
Export of cryptographic technology and devices from the United States was severely restricted by U.S. law until 1992. The law gradually became eased until around 2000, but some restrictions still remain today.
Electronic Frontiers Australia Inc. (EFA) is a non-profit Australian national non-government organisation representing Internet users concerned with online liberties and rights. It has been vocal on the issue of Internet censorship in Australia.
Dorothy Elizabeth Denning, born August 12, 1945, is a US-American information security researcher known for lattice-based access control (LBAC), intrusion detection systems (IDS), and other cyber security innovations. She published four books and over 200 articles. Inducted into the National Cyber Security Hall of Fame in 2012, she is now Emeritus Distinguished Professor of Defense Analysis, Naval Postgraduate School.
The Cyberspace Electronic Security Act of 1999 (CESA) is a bill proposed by the Clinton administration during the 106th United States Congress that enables the government to harvest keys used in encryption. The Cyberspace Electronic Security Act gives law enforcement the ability to gain access to encryption keys and cryptography methods. The initial version of this act enabled federal law enforcement agencies to secretly use monitoring, electronic capturing equipments and other technologies to access and obtain information. These provisions were later stricken from the act, although federal law enforcement agencies still have a significant degree of latitude to conduct investigations relating to electronic information. The act generated discussion about what capabilities should be allowed to law enforcement in the detection of criminal activity. After vocal objections from civil liberties groups, the administration backed away from the controversial bill.
Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages; various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation are central to modern cryptography. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, electrical engineering, communication science, and physics. Applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.
Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, mandatory decryption laws force owners of encrypted data to supply decrypted data to law enforcement.
CryptoParty (Crypto-Party) is a grassroots global endeavour to introduce the basics of practical cryptography such as the Tor anonymity network, I2P, Freenet, key signing parties, disk encryption and virtual private networks to the general public. The project primarily consists of a series of free public workshops.
Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the BULLRUN classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.
Mass surveillance in Australia takes place in several network media including telephone, internet, and other communications networks, financial systems, vehicle and transit networks, international travel, utilities, and government schemes and services including those asking citizens to report on themselves or other citizens.
The Crypto Wars is an unofficial name for the attempts of the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).
The FBI–Apple encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected. There is much debate over public access to strong encryption.
J. Alex Halderman is professor of Computer Science and Engineering at the University of Michigan, where he is also director of the Center for Computer Security & Society. Halderman's research focuses on computer security and privacy, with an emphasis on problems that broadly impact society and public policy.
Human rights applied to encryption is an important concept for freedom of expression as encryption is a technical resource of implementation of basic human rights.
In December 1998, several uncensored copies of the Walsh Report, which constitutes an important review of Australian cryptography policy, were found in public and university libraries in Australia. These are believed to be deposit copies lodged by the Australian Government Publishing Service (AGPS) after the report was printed but before the 1997 decision by the Attorney-General's Department to withhold it from commercial sale. In March 1997, Electronic Frontiers Australia (EFA), applied for release of the report under the 1982 Freedom of Information Act.
A university student in Tasmania has stumbled across a pivotal government report on cryptography which was mysteriously withdrawn from public view two years ago. ... Online civil liberties group Electronic Frontiers Australia applied for the report's release under the Freedom of Information Act in March 1997.
Law enforcement agencies in Australia ought to be able to "hack" into corporate computer systems and change proprietary software to enable monitoring of communications, according to a 1996 report which had been censored by the Australian government but recently uncovered by a university student.
A HOBART university student has unearthed secret Federal Government plans to let Australia's top spy agencies hire computer hackers to break into the PCs of suspects.[ permanent dead link ]
