The Australian Security Intelligence Organisation is “gradually ‘going dark’” on its telecommunications intercept capabilities, referring to the challenge law enforcement have intercepting peer-to-peer, web and Skype like communications.
The spy agency highlighted its efforts to tackle the problem in its report to parliament this week, detailing its work with police and other operational agencies to “develop proposals to mitigate the impact [of going dark] on agencies’ interception capabilities”.
“[B]oth ASIO and law enforcement agencies are gradually ‘going dark’ in terms of their telecommunications interception capabilities” to tackle outdated legislation and increasingly sophisticated technology.
ASIO unclassified report does not explain how it is tackling the ‘going dark’ challenge, but points to successes its NiTAC (The National Interception Technical Assistance Centre) pilot has had in improving interception at the Commonwealth level.
Australian authorities are not the first to complain about targets ‘going dark’ to evade traditional eavesdropping techniques.
This week several German states admitted to using trojans to get around Skype encryption. To bypass its encryption, the trojan enabled state police to capture data, including browser screenshots, from a target’s computer prior to its transmission.
In the US, the FBI’s general counsel Valerie Caproni extensively detailed “the going dark problem” had on its interception activities, lobbying to have the US Communications Assistance for Law Enforcement Act, updated to cover web-based communications tools covered alongside internet telephony services that are interconnected with the public switched telephone network.
ASIO’s director general David Irvine last month complained that the pace of technological change had left intelligence agencies struggling, defending recent legislative amendments to improve intercept capabilities and the proposed Telecommunications Legislation Amendment (Cybercrime Convention) Bill 2011.
The proposed bill would would allow the agency to demand a carrier preserve telecommunications until a warrant to access to the content of those communications had been issued.
ASIO has considerably changed its attitude towards cyber in the past five years. In 2003 a senior ASIO officer claimed the issue of cyber terror was “overstated”, pointing out that while computer network attacks were cheap, they were not cost effective due to their lack of immediate impact.