Will Australia's Encryption Law Kill Privacy in Name of Safety?

images (1).jpg

Government leaders & law enforcement are trying to force tech companies to put backdoors in encryption in the name of public safety. There are 750,000 law enforcement employees & 1/2 million US intelligence agencies community employees who may use those backdoors, & likely many others worldwide. Strong encryption is available throughout the world. If businesses & general public are forced to use encryption with back doors, will cybercrooks will be the only ones using strong encryption; those the backdoors were intended to be used on to begin with? How will Australia’s new law requiring encryption backdoors impact data security & privacy? Who has oversight of that law? How will it impact other countries? Does any evidence prove encryption backdoors have improved safety/security? Rebecca discusses these and related issues with Dr. Katina Michael, Arizona State University director of the Centre for Engineering, Policy and Society. Katina is also a privacy and uberveillance pioneer.

Source: Katina Michael with Rebecca Herold, 5 February 2019, “Will Australia’s Encryption Law Kill Privacy in the Name of Safety?”, Data Security and Privacy: Voice of America, https://www.voiceamerica.com/show/episode/112884

Data Expert Warns Encryption Laws could have Catastrophic Outcomes

encryption.jpg

A University of Wollongong data expert has labeled the government's proposed encryption laws delusional and warns they could have catastrophic consequences.

The changes would force technology companies to help police access encrypted messages.

Professor Katina Michael, from the School of Computing and Information Technology says the powers are unprecedented and have no oversight.

She is speaking to ABC reporter Kelly Fuller.

Citation: Katina Michael with Kelly Fuller, “Rushed Encryption Laws Herald a Watering Down in National Security”, ABC Illawarra: Radio, 6 December 2018, https://soundcloud.com/kelfuller/data-expert-warns-encryption-laws-could-have-catastrophic-outcomes

What to do if a border agent demands access to your device

pincode.jpg

University of Wollongong professor Katina Michael discusses what to do if a border agent demands access to your digital device. It comes after Customs NZ clarified rules in which officers can demand a 'digital strip-search'.

Citation: Katina Michael with Wendyl Nissen, October 11, 2018, “What to do if a border agent demands access to your device”, RadioNZLive: The Long Lunch https://www.radiolive.co.nz/home/on-demand/long-lunch/2018/10/the-long-lunch--in-case-you-missed-thursday--111018.html

Dashcams Used to Gather Evidence of Adverse Driver Behaviour: Police Encourage Reporting by Citizen

dashcams.jpg

Dashcams are proliferating. In some states of Australia, more than 10% of vehicles are fitted with this technology, and about 50% more want it. There has been a boom of followers of dashcam data, one Facebook site has about 200K members. Police in some states are encouraging people to store data that might be used toward prosecuting those involved in adverse driving behaviour, while in other states like Victoria, police are more circumspect about the use of dashcams and body-worn video recorders. Cameras can have an equiveillance effect, power by police is countered by citizen power through crowdsourced sousveillance. Yet, while footage might have been recorded, it is not always readily available given records management cycles and the like. It becomes particularly unappealing when law enforcement do not hand over important data on its officers, and the whole purpose of data retention comes into question. Complaints against officers have allegedly decreased as a result of body worn video recorders used by police forces, and evidence for the "use of force" by police have been supported by camera evidence. However, visual data is not unbiased as most would have it believe. It is contextual and like any data it can be used to misrepresent cases.

Tim Holt and Katina Michael. January 31, 2015, "Dashcams Used to Gather Evidence of Adverse Driver Behaviour: Police Encourage Reporting by Citizens" ABC South East NSW Radio: Mornings with Tim Holt (2015), Available at: http://works.bepress.com/kmichael/516/

Is RFID safe and secure?

Elizabeth Latham, Radio Comms journalist

We've heard a lot about RFID - it's used in supermarkets, implanted in pets and even by blood banks - but is it actually secure? Is the information we put on these chips safe from hackers? RFID is a very useful technology, especially in production because it is usually non-line-of-sight (nLOS). This means that cartons or pallets do not require a particular orientation  or scanning, unlike bar codes. This aids in the automation of many tasks throughout the supply chain that have typically been labour intensive, such as checking and scanning incoming
inventory.

Organisations also have an accurate picture of stock levels, which in turn means lower inventory costs and fewer out-of-stock occurrences. 

Can you trust the RFID to hold your information? 

Dr Katina Michael, senior lecturer in the School of Information Systems and Technology, Faculty of Informatics, University of Wollongong, believes it's all a matter of context, but would not advise the use of RFID for access control types of applications.

"Security has to be identified as the number one disadvantage of RFID. Although it should be stated that researchers are working hard to overcome this hurdle, offering a variety of partial solutions," Michael said. 

While standards are beginning to emerge like EPCglobal, there is a great number of proprietary specific RFID standards on the market. The standard denotes how a message is stored, the length of a message (for example 128-bit) and a sequence of bits that tell a reader when to start and stop reading, as well as additional error-checking bits. 

How does information get tampered with?

 "It is as simple as acquiring the relevant reader and working out what each bit in the message means, and interpreting that information correctly. Bits can be encoded using a particular scheme, but once the scheme is identified, the  information can be read," Michael said. 

"Given RFID is wireless, you need be in the proximity of 90 centimetres (dependent on the range requirements of the tag) to intercept the radio signal. So once you have read the chip you can simply play back the signal you picked up and pretend to be someone you are not."

This has major implications for active tags because it means the hacker cannot only read information but write to the tag as well, and even change variables

"When a new technology enters the market, hackers are presented with a new challenge. And so the race begins for who can 'crack the code' so to speak," Michael said.

How can you protect yourself from hackers?

There are many options to choose from when trying to protect data. For example, it is possible to kill off the RFID tag after a certain time and datestamp on the chip. The information on the chip can also be encrypted and passwords placed on the tags.

Two main approaches have been adopted by researchers: either a separate piece of hardware is required (hard solution), or a software-based solution is adopted (soft solution). Blocker tags (such as ancillary RFID tags) can also help solve the problem of hacking by preventing
unauthorised scanning of items. 

It is also possible to use antennae energy analysis to gauge the distance of a reader from a tag or storing a biometric onboard the RFID chip. "All the RFID security-privacy solutions being proposed are only partial solutions and each has its benefits and limitations. At the crux of the
matter is the unique ID of the actual RFID tag, how this information is stored and whether or not passwords have a role to play and how anonymity is ensured," Michael said.

More recently, developments for human-centric applications have seen RFID go into the subdermal layer of the skin in the form of a transponder. "The argument for this latest development to 'protect' information is simple - if it's beneath the skin the ID chip cannot be stolen, is with you everywhere you go, is lightweight, it cannot be duplicated, a perpetrator
does not know you have something implanted, and the RFID chip can be accessed at crucial times with your prior consent," Michael said. 

Michael warns that the benefits of the above method of protection are misleading. Chips can still be read by persons in close proximity to an implantee, or even by unobtrusive readers that can trigger the device to emit a signal.

So, you decide. Is the risk worth it? What information is on the RFID chip and do you want someone to have access to it?

Citation: Elizabeth Latham, 2006, "Is RFID Safe and Secure?", Radio Comms, February 12, 2007: http://www.radiocomms.com.au/radiocomms/feature_article/item_022007a.asp