Webwaves Encryption This is the first Webwaves column for 2019, and Members should see requests-to-view Exploration Geophysics papers and Preview articles served from the ASEG’s new publisher, Taylor & Francis, rather than CSIROP. Access is much simpler in 2019, since tokens are not required to be passed to the publisher from the website. After (renewing membership and) logging in, Members should navigate to https://www.aseg.org.au/publications/ publications-members-only and follow the link https://www.aseg.org.au/ publications_tnf. Naturally, should Members run into issues, please send an email to webmaster@aseg.org.au describing what you were trying to do so that problems can be addressed. The main theme of this Webwaves is encryption, which is the process of encoding a message or information in such a way that only authorised parties can access it, and those who are not authorised cannot (Wikipedia 2019a). Although they are somewhat related, encryption differs from data protection in that while data may be acquired by unauthorised parties, strong encryption can protect that data whereas weak (or no …) encryption cannot. These differences are recognised by Australia’s NDB regulations, which were enacted 12 months ago. Users are not required to be notified if there is no danger, for example, because data are strongly encrypted. It should be noted that“strong”simply means that the method of encryption can resist attacks long enough to protect the encrypted information for a useful length of time. It does not mean“uncrackable”since advances in cryptography (or computer hardware) can substantially reduce the effort required to decrypt data. Late in 2018, the Australian Parliament passed a bill (The Access and Assistance Bill, detailed at https://bit.ly/2AmI0ct) designed to give intelligence agencies more power to access individual’s encrypted conversations. Where a warrant has been issued to intercept telecommunications, the head of an interception agency can issue a“technical assistance notice”for a company to help decrypt said device. Such notices are interpreted to mean that companies providing telecommunication services pro-actively work to build mechanisms to help authorities collect information, in other words, intentionally weaken encryption. Much communication, commercial and personal, nowadays takes place through virtual private networks (VPN), which is an encrypted tunnelling protocol. Indeed, Australia’s last Prime Minister famously used WhatsApp which sets up a VPN between parties. VPN’s are used because they offer secure communication so that business can be kept confidential. For this reason, attempts to weaken encryption will have the opposite effect, and businesses will move to stronger encryption algorithms (Schneier 2012). Indeed, a major feature of Apple’s iPhone is the ability to encrypt data strongly enough to thwart the USA’s FBI (Wikipedia 2019b). Contrary to Turnbull’s (ZDNet 2017) assertion (reminiscent of the Indiana Pi Bill of 1897) that“the laws of Australia will trump the laws of mathematics”, weak encryption will be considered a bug, and cease to be used. Rather than weaken encryption algorithms, Munroe (2019) suggests the alternative in Figure 1. While the debate around encryption plays out, the ASEG will continue to try to protect Member’s data, and ensure that, after logging in, ideally using strong passwords (Annetts 2018), they have access to all Member publications. References Annetts, D. 2018. Webwaves. Preview 195: 38. Munroe, R. 2019. https://xkcd.com/538. Accessed January 14, 2019. Schneier, B. 2012. Liars and Outliers. John Wiley. Wikipedia. 2019a.“Encryption.”https:// bit.ly/2HbHtj6. Accessed January 14, 2019. Wikipedia. 2019b. FBI-Apple encryption dispute. https://bit.ly/240X4qq. Accessed January 16, 2019. ZDNet. 2017. https://zd.net/2QMJYsx. Accessed January 16, 2019. Dave Annetts ASEG Webmaster david.annetts@csiro.au Figure 1.  Idealised vs practical decryption (Munroe, 2019). 29 PREVIEW Webwaves FEBRUARY 2019