Senate Committee Report - Regulation of Online Services

[Geoff Huston]

Simon Vandore highlights:

>"Recommendation 2: That the Government give consideration to making the use
>of strong encryption by service providers obligatory as a means of
>overcoming section 85ZE of the Crimes Act 1914. (para. 3.23)."
>
>Wow! Imagine mandatory crypto... One minute they're all against it, the next
>it's compulsory! I don't have a copy of the Crimes Act 1914 (sounds like a
>really Internet-aware document), but what concerns me here is that I've no
>idea how this could possibly be implemented -- I get the feeling the
>committee doesn't understand how encryption is used on the Net, they've just
>read sensible arguments that it's a Good Thing. And what happens if you
>encrypt all the mail, etc, coming out of one smallish country on an
>*international* network?!

Encryption (at least as I understand it in the Internet) is an end to end issue -
Very generally speaking I encrypt the transaction on my system using
reference to the intended recipient's public identity and my local information
to undertake the encryption, and the recipient uses a reference to my public
indentity and the recipient's local identity information to decrypt the transaction.

I may have missed something here, but where is the service provider (in a transmission
sense) involved in such encrypted transactions?
 

Thanks,

  Geoff Huston