Bugtraq mailing list archives
Government report suggests backdoors for law enforcement
From: avalon () COOMBS ANU EDU AU (Darren Reed)
Date: Wed, 13 Jan 1999 21:32:36 +1100
After reading about things like Back Orifice, it is is somewhat amusing to read that similar tactics are being propositioned as a way for law enforcement officials to gain access to data. One wonders how long they could expect to keep such access "secret" and out of the hands of crackers. This email has been forwarded from aucrypto. Darren
By Gerard Knapp InternetNews.com Australia Correspondent [January 4, 1999--SYDNEY] Law enforcement agencies in Australia ought to be able to "hack" into corporate computer systems and change proprietary software to enable monitoring of communications, according to a 1996 report which had been censored by the Australian government but recently uncovered by a university student. The report also suggested that technology vendors could also be recruited to help modify software or hardware that they installed at a company's premises. However, Australian police agencies have not taken the advice, opting instead to concentrate their energies on interception of telecommunications by tapping into the systems of Internet service providers (ISPs). The report, entitled "Review of Policy relating to Encryption Technologies," was prepared for the Federal Attorney-General's Department by Gerard Walsh, a former deputy director-general of the Australian Security and Intelligence Organisation (ASIO). It had been released in 1997 with some passages omitted after a request by civil liberties group Electronic Freedom Australia. Greg Taylor, chair of the EFA's Crypto Committee, said a university student in Hobart had discovered an archival copy of the so-called "Walsh report" with the censored material intact. Censored recommendations included giving police and espionage agencies "the authority to 'hack,' under warrant, into a nominated computer system as a necessary search power," and "the authority to alter proprietary software so that it may provide additional and unspecified features." These additional features might include "the introduction of other commands, such as diversion, copy, send, [or to] dump memory to a specified site," the report said. The agencies might need to obtain the "cooperation of manufacturers or suppliers" to help with the insertion of these extra software agents. "When manufacturers or suppliers are satisfied the modification has no discernible effect on function, they may consent to assist or acquiesce in its installation," Walsh said in the report. The establishment of a separate agency to perform such work would approach AUS$500 million, Walsh estimated, but could be performed by the existing Defence Signals Directorate. The report recommended changes to the 1914 Crimes Act and the 1979 Australian Federal Police Act, but the only legislative changes in this area were made over a year ago in the Telecommunication Legislation Amendment Act 1997. This act enabled law enforcement agencies to access communications directly from ISPs, and for the resulting cost to be incurred by the ISPs. The non-censored version of the report is available on the EFA's Web site.
Current thread:
- Re: Keeping any up-to-date?, (continued)
- Re: Keeping any up-to-date? Ciaran Deignan (Jan 15)
- Re: Keeping any up-to-date? Peter May (Jan 15)
- Administrivia Aleph One (Jan 12)
- Tracing by uid u after root does setuid(u) D. J. Bernstein (Jan 12)
- Re: Tracing by uid u after root does setuid(u) Wietse Venema (Jan 13)
- Re: Tracing by uid u after root does setuid(u) Casper Dik (Jan 13)
- Re: Tracing by uid u after root does setuid(u) James Mathiesen (Jan 15)
- Re: Tracing by uid u after root does setuid(u) Gene Spafford (Jan 13)
- Solaris 7 naming... Isaac (Jan 12)
- [(PM) PM3s Die - Comfirmed DoS Attack (fwd)] David TILLOY (Jan 13)
- Government report suggests backdoors for law enforcement Darren Reed (Jan 13)
- Cyberspace Underwriters Laboratories Aleph One (Jan 12)