AusCERT2015

Connect with us   ​  

William Caelli

Emeritus Professor Bill Caelli is Director of International Information Security Consultants Pty Ltd. He has over 52 years of experience in the ICT industry as well as over 42 years in all aspects of cybersecurity. He was a founder of ERACOM Pty Ltd in 1979 which developed, manufactured and supplied cryptographic equipment with major activity in Europe. In 1988 he became the founding Director of the Information Security Research Centre, later the now disbanded Information Security Institute, at the Queensland Institute, later the Queensland University, of Technology. He has served both on expert groups in Australia’s Trusted Information Sharing Network (TISN) as well as the former Australian Science, Technology and Engineering Council (ASTEC). He is a member and former Chair of Technical Committee 11 (Information Security) of the International Federation for Information Processing (IFIP). He has published numerous papers in all aspect of cybersecurity and related policy issues including his recent book, “Cyber Conflicts and Small States”, with Professor Lech Janczewski of the University of Auckland. He was made an Officer in the Order of Australia in 2003. His current research interests are in all aspects of policy related to cybersecurity and cyberconflict, having worked with the USA’s Rand Corporation on this topic, as well as in hardened, trusted computer systems including SELinux and SEAndroid.

Presentation Title
Cryptowars Redux
Abstract

The presentation will outline a perspective on what has been often cited as the activity of national and international “cryptowars”. This refers to relevant policy and related legislative activity in a four way set of “battles”, usually within an individual nation state, involving; 
- non-expert users of ICT, including the “common man” but also including criminal/terrorist/activist/nation states and like groups, 
- privacy / “freedom” advocates, 
- ICT product, system and service providers and standards organisations, and 
- defence/intelligence and law enforcement interests. 
This presentation is based on over 40 years of business experience, research and education in cybersecurity and related commercial cryptography including the manufacture and supply of encryption sub-systems worldwide. It is also based on the recent published book “Cyber Conflict and Small States”, edited by L Janczewsky and W Caelli. The presentation will examine the situation from an historical perspective/timeline broadly separated into four separate periods namely 1960-1980, 1980-2000, 2000-2020 and 2020 and beyond. This timeline will encompass, but not be limited to, such phenomena as: 
1960 - 1980 : 
- David Kahn’s seminal book, “The Codebreakers” - crypto gaining public attention 
- the data encryption standard (DES), its associated US NBS/NIST standards and the attempts at internationalization of the cipher; 
- the publication and rise of public key cryptography; 
- export / import restrictions - COCOM, USA AECA/ITARs, national responses; 
- start and development of cryptology as an academic discipline in open universities. 
1980 - 2000: 
- PGP (pretty-good-privacy), SSLeay, open source crypto; 
- IETF and Internet RFCs 
- key escrow and the “Clipper” (Mykotronx MYK-78T) chip, “Skipjack” and “private doorbell”, AT&T TSD 3600E and Matt Blaze, Dorothy Denning et al; 
- rapid growth of cryptology in research and education at open universities; 
- crypto rises as a business (RSA Inc., Atalla, RanData, ERACOM, etc.) 
- from COCOM to Wassenaar Arrangement; 
- Australia’s “Walsh Report” on “..Policy relating to Encryption Technologies.” 
2000 - 2020: 
- decryption capacity for defence, intelligence and law enforcement (key access /plaintext access /intermediate access); 
- export (Australia’s DECO/DTCA, USA ITARs, Wassenaar, etc.) restrictions, enhanced dimensions (people); bilateral-multilateral agreements /arrangements; 
- IETF/IAB and “trust” in the Internet globally; 
- cryptography for the enthusiast, hobbyist, hacker (Raspberry Pi, Arduino, etc.); 
- cipher standards ( RSA, EC2, AES, etc.) and hardware (TPM 1.2); 
- MOOCs / open crypto education and training; 
- “nerds” vs policy “wonks” 
2020 - and beyond; 
- international and widespread competence in cryptography and its implementation /usage; 
- everyone codes on cheap hardware; 
- ICT “colonization” and its impact; 
- impact on policy and legislative instruments. 

Against that short timeline analysis, the following questions will be posed for further consideration; 
a. can use of crypto for confidentiality purposes be effectively banned, restricted or compromised as policy / legal parameters and thus as realistic and economic technologies and artifacts; 
b. can national governments impose any real structure and constraints in relation to integration of cryptographic systems and services into the global internet and its underlying products and systems; 
c. is international agreement on “backdoors” into encryption products and systems possible and are such “backdoors” even feasible, e.g. France/Netherlands - No ?, UK - Yes ?, USA - need help from industry (NSA Director), industry - Sophos-UK (“Weakening security with the aim of advancing security simply does not make sense.”), etc. 
d. will such activities as limitation / governance over cryptologic and associated cybersecurity research and associated international academic collaboration and publication achieve any marked affects, either positive or negative; 
e. as “everyone codes”, will software (free?) based encryption make any proposal to limit or restrict the technology be feasible; 
f. how can ICT “colonies” , such as Australia and New Zealand, actually effect any policy position in relation to cryptographic systems research, development, manufacture, supply and usage given total import dependence upon related cryptographic products; 
g. can ICT “colonies” develop and maintain competence at the required levels in the ability to assess imported encryption products and systems for commercial and public sector usage in an age of “digital disruption” and can appropriate cryptanalytic and related key management and integration protocols and APIs be created within national boundaries. 

Background: 
“Australia 'may do dumb things' with crypto in 2016: EFF / Australia's approach to all things digital may be more clueful under Prime Minister Malcolm Turnbull, but there's still scope for some humiliating cyber stupidity.” By Stilgherrian | January 8, 2016 (zdnet.com) 

REGISTER HERE!

Conference Highlights

New Venue
Don't miss the best cyber security conference in Australia at the Surfers Paradise Marriott, only 150 m from Surfers Paradise beach

Conference MC
Comedian and Mathematician Adam Spencer will host the conference, Gala Dinner and Speed Debate

Career Café
Retreat to the back of the exhibition away from the noise for a real coffee at the AusCERT2016 Career Café and chat with specialist Infosec recruiters