Australia Passes Anti-Encryption Laws [Update] (zdnet.com) 289
Earlier today, Australia's House of Representatives passed the Assistance and Access Bill. The Anti-Encryption Bill, as it is known as, would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content agencies they want access to. "While the Bill can still be blocked by the Senate -- Australian Twitter has been quite vocal over today's proceedings, especially in regards to the [Australian Labor Party's] involvement," reports Gizmodo. ZDNet highlights the key findings from a report from the Parliamentary Joint Committee on Intelligence and Security (PJCIS): The threshold for industry assistance is recommended to be lifted to offenses with maximum penalties in excess of three years; Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs) will be subjected to statutory time limits, as well as any extension, renewal, or variation to the notices; the systemic weakness clause to apply to all listing acts and things; and the double-lock mechanism of approval from Attorney-General and Minister of Communications will be needed, with the report saying the Communications Minister will provide "a direct avenue for the concerns of the relevant industry to be considered as part of the approval process."
The report's recommendations also call for a review after 18 months of the Bill coming into effect by the Independent National Security Legislation Monitor; TANs issued by state and territory police forces to be approved by the Australian Federal Police commissioner; companies issued with notices are able to appeal to the Attorney-General to disclose publicly the fact they are issued a TCN; and the committee will review the passed legislation in the new year and report by April 3, 2019, right around when the next election is expected to be called. In short: "Testimony from experts has been ignored; actual scrutiny of the Bill is kicked down the road for the next Parliament; Labor has made sure it is not skewered by the Coalition and seen to be voting against national security legislation on the floor of Parliament; and any technical expert must have security clearance equal to the Australia's spies, i.e. someone who has been in the spy sector." Further reading: Australia Set To Spy on WhatsApp Messages With Encryption Law.
UPDATE: The encryption bill has passed the Senate with a final vote of 44-12, with Labor and the Coalition voting for it. "Australia's security and intelligence agencies now have legal authority to force encryption services to break the encryptions, reports The Guardian. Story is developing...
The report's recommendations also call for a review after 18 months of the Bill coming into effect by the Independent National Security Legislation Monitor; TANs issued by state and territory police forces to be approved by the Australian Federal Police commissioner; companies issued with notices are able to appeal to the Attorney-General to disclose publicly the fact they are issued a TCN; and the committee will review the passed legislation in the new year and report by April 3, 2019, right around when the next election is expected to be called. In short: "Testimony from experts has been ignored; actual scrutiny of the Bill is kicked down the road for the next Parliament; Labor has made sure it is not skewered by the Coalition and seen to be voting against national security legislation on the floor of Parliament; and any technical expert must have security clearance equal to the Australia's spies, i.e. someone who has been in the spy sector." Further reading: Australia Set To Spy on WhatsApp Messages With Encryption Law.
UPDATE: The encryption bill has passed the Senate with a final vote of 44-12, with Labor and the Coalition voting for it. "Australia's security and intelligence agencies now have legal authority to force encryption services to break the encryptions, reports The Guardian. Story is developing...
Decrypt This Blockchain! (Score:4, Interesting)
I'd really like to see who they take to court to try and undo the encryption on the Monero et al. blockchains.
Re:Decrypt This Blockchain! (Score:5, Insightful)
Simple: Own Monero? Go to prison for as long as they like to lock you up! Proto-Fascist nations have no trouble ignoring mathematical reality.
Re: (Score:2, Interesting)
You know, socialism and fascism are not actually mutually exclusive in practice.
Re:Decrypt This Blockchain! (Score:5, Insightful)
Re: (Score:3)
Fascism = corporations own the government. Socialism = government own the corporations. For the poor and the middle class they look the same, for the rich and powerful it affects the address to put on the bribe.
FTFY. The people getting paid are exactly the same. Only the address of their offices changes.
Re: (Score:2, Insightful)
> Fascism = corporations own the government.
That is absolutely *not* what fascism is. Not even close.
Re: (Score:2)
In corporate socialism, and yes it exists, corporations own corporations.
In syndicalism, unions own the corporations.
In democratic socialism, the public own the corporations.
In anarchy (a form of socialism), nobody owns anything at all.
There are around 35 other forms listed on Wikipedia and political sites.
Only state socialism is involved in government ownership, and there's something like a dozen versions of that.
It's like discussing fruit when one person is determined that only oranges are the only sort.
Re: (Score:2)
You know, socialism and fascism are not actually mutually exclusive in practice.
And yet, so many socialist countries manage to own the means of production AND manage to pull the fascism hat out of their ass all at the same time. East Germany to Venezuela...some things never change.
Re:Decrypt This Blockchain! (Score:5, Informative)
You know, socialism and fascism are not actually mutually exclusive in practice.
And yet, so many socialist countries manage to own the means of production AND manage to pull the fascism hat out of their ass all at the same time. East Germany to Venezuela...some things never change.
The common trait you're looking for isn't fascism, it's authoritarianism.
Fascism is far right authoritarianism.
Communism is far left authoritarianism.
Fascism is a government based on ultra-nationalism, it simply needs authoritarianism to achieve this (read: to silence and suppress their opposition).
Re:Decrypt This Blockchain! (Score:4, Insightful)
I hate it when idiots redefine words.
Fascism must be authoritative. It's literally part of the definition. It also must be nationalistic, again, part of the definition.
Communism is an economic model. It doesn't have to be authoritative or nationalistic, but in practice, it seems to always head that way.
This is why I hate it when people label fascism as "right wing". All it does is means you have to make up two words that mean the exact same thing, but one for when it's right wing and another when it's left wing. And note, this whole "fascism is right wing" is a very recent redefinition of the word. Something like within the last 10 years. Historically, Stalin was considered fascist because that right wing requirement wasn't there. Fascism is neither right nor left. And as far as I can tell, the only reason the right wing thing got attached is because left wing idiots didn't want to be labeled fascists.
Re: (Score:2)
If you go far enough round the circle, does it matter which way you went? If you reach the north pole, how far east can you go?
Stalin was fascist, but he had ceased to be left-wing, Nor was he right-wing. All extremes are the same point.
Re: (Score:2)
If you reach the north pole, how far east can you go?
All the way to China, because that's where Santa's making his toys now.
Re: (Score:2)
Fascism is a government based on ultra-nationalism, it simply needs authoritarianism to achieve this (read: to silence and suppress their opposition).
And this is the bullshit they teach in school these days? Guess Europe has a real problem with all those communist ultra-nationalist groups for various regions that want independence. Just like the FLQ in Canada, who were communist-ultranationalists wanting a separate Quebec, and built on Marxist-lenninist beliefs.
Sorry, all those cases aren't authoritarianism. Those groups aren't right-wing either. "Fascism" isn't just far-right authoritarianism, amazing to see just how much word redefinition shit as g
Re: (Score:2)
Sorry, all those cases aren't authoritarianism. Those groups aren't right-wing either. "Fascism" isn't just far-right authoritarianism, amazing to see just how much word redefinition shit as gone through in the last 80 years and how many people have bought into the bullshit.
If anyone wants to know about Fascism, head over to Wikipedia and read about it. You'll be surprised that the article is longer than a few sentences.
Re: (Score:2)
Neither of those two was socialist by any recognized definition of the word. You are not Humpty Dumpty, words do not mean whatever you want them to mean, and I hate to break it to you, but you're not The Master.
Re: (Score:2)
"It wasn't true socialism!" Sure thing there. So why is it every country that goes full socialist without a capitalist society to back it up, repeatedly failing all over itself.
Re: (Score:2)
I'm not one to throw around insults, so this is just informational:
MAGA + maggot = magat
Re: (Score:2)
I take it you read FiveThirtyEight's analysis?
Re:Decrypt This Blockchain! (Score:4, Insightful)
Re: (Score:3)
I've heard one report that claimed employees may be forced to secretly implement backdoors in their employer's software, and go to prison if they tell their employer what they're working on in company time.
That is pretty insane if you ask me. Hopefully Australian companies take their code review seriously.
Re: (Score:3)
It does not work because you simply FOSS the encryption software, so you the individual, when you implement that open code, are the one not allowing a back door. The code it fully exposed and you simply compile and implement it, no back dooring possible. This is more targeted at social media, possible future generally encrypted email, more for legal reason than actual full encryption ie breaking the law when you decrypt it without permission of the sender. This law will just force people to encrypt all of t
Re: (Score:2)
I've heard one report that claimed employees may be forced to secretly implement backdoors in their employer's software, and go to prison if they tell their employer what they're working on in company time.
Oh my what happened to common sense. How exactly could that work? The government is going to have secrety design meetings with employees, while the employees claim to be out sick. Then somehow come back to work and write code that no one else at the company can see?
Re: (Score:2)
Well, certainly not now it wont be.
Still, good news for the foreign companies Australian organisations outsource to. More work for them.
Re:Decrypt This Blockchain! (Score:4, Informative)
No, don't just make shit up. There are three forms of notices.
From the Governments OWN site;-
That is, the government can force Apple or Google to create a backdoor for the government to decrypt your messages.
Already we have had news that Apple might just pull out of the Australian market, just like Google did to China a number of years ago, because destroying their own technical infrastructure to comply with a relatively tiny market might not be worth the it. We've had a number of Australian tech stocks shit the bed because the international market won't be able to trust our technology.
And it won't even fucking work, because while your grandma will now be putting her credit cards in a web browser that might have a compromised SSL cert (And lets be honest, the Australian govt is incredibly leaky, that sort of backdoor will be in criminal hands within weeks) , the criminals and terrorists will just install Linux or use Signal and be completely immune to this shit.
Re: (Score:3)
The version I originally heard was that the government could demand an employee to insert a backdoor without the knowledge of the employer. From what I understand from you and others, that's not what this law says. If it was, that would be a whole new level of insanity on top of all the obvious stuff you mention.
But even without that, it's a pretty stupid and harmful law, that basically means nobody will buy Australian software for anything where security is an issue.
Re:Decrypt This Blockchain! (Score:4, Funny)
It's only a 128-bit AES key. We are running the following code to calculate the key:
for (long i=0; i0xffffffffffffffff; i++) { // something here
}
It's running now on our fastest computers. We estimate it'll only take a few dozen millennia to run the calculation, assuming Moore's Law holds for that long...
Oh, wait, did you say they used a 256-bit AES key...??! We can still help, but we'll need a few dozen eons for the calculation to finish -- actually the universe will probably end, restart and end a few more times before we have the key. When did you say you wanted this by?
Re: (Score:2)
We'll get quantum decryption before then?
And then we'll be back to One-Time-Pads for unbreakable encryption (transferred in couriers heads like Johnny Mnemonic?)
Re: (Score:3)
Don't need it. You just need to convey by multipath the coordinates of a pulsar and a precise range of times. It's a near-perfect source of random numbers. There's effectively an infinite number of windows and a very large number of pulsars. The odds of intercepting the four numbers, identifying their meaning and then collecting the radio data in the designated time, especially if you send the packets by differing routes, is pretty close to zero.
Re: (Score:2)
AES has known weaknesses and may well be broken at some point.
On a quantum computer, you can run any number of those calculations simultaneously. You don't need an exact number, if you can identify a region of keys such that you have reduced the effective key length to 40 bits, you can solve the problem in under half a second.
Re: (Score:2)
Re: (Score:2)
And who gets to decide if you've "provided as much technical assistance and information as possible"?
And on what basis will they make the decision?
Hint: it's probably not the hypothetical "you", and they'll decide based on whether you've provided the cleartext they asked for....
Wonder how long it'll be before the Aussie
Definitions (Score:2)
And who gets to decide if you've "provided as much technical assistance and information as possible"?
The prosecutor charging you with a crime presumably.
And on what basis will they make the decision?
Whether they got the information they were looking for of course.
Re: (Score:2)
In any case: for services that I make use of, I do not want the service provider to answer such requests with "We won't". The correct answer
Re: (Score:2)
I'd really like to see who they take to court to try and undo the encryption on the Monero et al. blockchains.
I'm waiting for all of the smart phones in Australia to be made by Huawei. [bbc.com]
Welcome to the advent of Big Brother in Australia (Score:5, Insightful)
Breaking encryption for one government breaks it for all.
I just means there will be a plethora of hidden encryption apps used exclusively by those who plan to do evil.
Wait until someone adds machine learning to the process of communicating meaning and watch people's messages disappear entirely.
As it's not words that information gathers wish to capture, but the meanings being conveyed.
The Australian government have escalated the information war, and don't understand the consequences of doing so.
Welcome Big Brother *from* Australia (Score:5, Interesting)
Watching the debate that is happening right now, the lies being used to convince the house to pass this Bill are just sickening.
For US, UK, NZ, Canadian citizens their governments can access the powers via existing intelligence agreements.
The Australian government have escalated the information war, and don't understand the consequences of doing so.
Fraud. They talk about not building backdoors, they just want the keys to the front door by coercing IT professionals with fines, liability and jail time.
its just RIPA with more legal wangles (Score:5, Interesting)
its pretty much the same as Regulation of Investigatory Powers Act 2000 (c.23) (RIP or RIPA) is an Act of the Parliament of the United Kingdom
they don't try and break encryption they simply ask that you hand over the Keys so they can break into the stream
the same thing as the :
United States Foreign Intelligence Surveillance Court (FISC, also called the FISA Court) is a U.S. federal court established and authorized under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants.
so americans do you want to examine your own systems because the people who Cant Infiltrate Anything simply go to court...
Re: (Score:3)
IIUC the difference is that RIPA has judicial oversight written into the law.
Re: (Score:3)
The FISA court can only issue a warrant against an american when that american is communicating with foreign sources
Nice point...that is useless, because there is a "Two Hop Rule". The get a warrant against me, because I visited Prague earlier this year.
Now they can survey you, because I'm communicating with you here.
Now they can survey EVERYONE in your company, because you communicate with them.
The 2-Hop Rule completely immasculates the FISA warrant restrictions. A graph of who 2-hops from me gets to probably covers half the worlds population (including Kevin Bacon).
Five Eyes, Five Ears... (Score:5, Insightful)
It has been a dream for any one of the five eyes countries to pass laws like this. Once the agencies are able to get a foot in the door, precedence will be used as a reason the other four courts should also have access to the data. "The tools to are already created" argument will now exist in a courtroom . This is going to open a whole plethora of doors for all countries.
This will quickly spill over into the rest of the world. Once you see the democracies of the world go this route, the flood gates will open. There will be laws made all over the world that will copy this word for word. Entire turn-key packages to look all of this up will be sold to the highest bidders.
In the end, I see a market being created for stolen country keys and hacked law enforcement portals. Those keys will be nearly priceless. One key for all of whatsapp? Done. One portal for all of proton-mail? Done. The next question will be, "How would you like your secrets served up today sir?"
--
Be mindful when it comes to your words. A string of some that don't mean much to you, may stick with someone else for a lifetime. - Rachel Wolchin
Re: (Score:2)
... that is, unless all the tech companies grow some balls and agree to all tell Australia to go f**k itself. If Australia finds itself suddenly drop-kicked back to the technological stone age by every major
Re:Welcome to the advent of Big Brother in Austral (Score:4, Insightful)
The depths of utter stupidity our species is capable of astounds me. It's no wonder, if there are actually starfaring alien civilizations in our galaxy, that they would refuse to reveal themselves to us. Things like this are an embarassment.
Law did not pass (Score:2)
Re: (Score:2)
The senate just passed the bill [theguardian.com] without the amendments.
Ayes 44
Noes 12
The bill is passed.
Australia’s security and intelligence agencies have legal authority to force encryption services to break the encryptions.
Shit.
Australia has the most stupid tech laws... (Score:5, Insightful)
I mean how can you ignore experts on a question that only experts can understand? It does not get much more stupid than this.
Re:Australia has the most stupid tech laws... (Score:5, Informative)
I mean how can you ignore experts on a question that only experts can understand? It does not get much more stupid than this.
As someone who analysed all 176 pages and make a two part 80 page submission to the PJCIS among many others my sense is that the government wants these powers and they are bulldozing anyone or anything that gets in the way.
This law is about as offensive to any person who holds free will and freedom of association as one of the fundamental tenants of democracy.
I wouldn't call it stupid. I'd call it intentionally deceptive and calculated to completely broadside the electorate. The government has gone back on all of its assurances to push this into 2019 and review the Bill properly. To give you an idea of the deception involved, over 100 pages of amendments were presented at 09:00am this morning and at the end of the day no one has even had a chance to look at what the amendments are.
Furthermore, about 10 minutes ago the so called "opposition" has just revealed that it won't support it's own amendments to the Bill. This is about as a disgusting travesty or so called "democracy" I have ever seen.
Have no doubt this bill has global ramifications via intelligence sharing agreements.
Now being voted on in the Senate (Score:3)
The "opposition" has just moved to drop their own amendments to the Bill. The Division bell is now ringing. The greens attempted to move the "oppositions" amendments however leave was not granted for them to do so.
So for all of the effort from industry and individuals the Bill now stands before the Senate to be passed as originally presented in its flawed form.
This is disgusting.
Re: (Score:2)
It has passed the second reading.
Re: (Score:2)
the government has just moved to block the greens from proposing the "oppositions" amendments to the bill, an opposition who is now voting against their own ammendments.
It is now before the senate in its original form.
I am reporting this to you in real time watch it for yourself [aph.gov.au]
Re: (Score:2)
The rejection of the amendments has just passed - they are now ringing the division bell to pass it.
Re: (Score:2)
I do hope I am reading the situation wrong and we get another chance to lobby against this bill.
Re: (Score:2)
Oh, the law is not stupid. It comes from people that want significant less freedom for everyone ans significant more power for the "authorities". Fascists and other authoritarians are not necessarily stupid. The ones approving this law are the ones I called stupid.
And once again, a part of the world is going into darkness...
Re: (Score:2)
Nicely put.
Re: (Score:2)
Thanks!
Re: (Score:2)
Re: (Score:2)
I don't see freedom faring any better in the big gun country.
Re: (Score:2)
In any country where you give up your guns, the rest of your freedoms will surely follow.
I didn't want to give up our firearms, we were compelled to on a wave of media hand wringing. The Port Arthur massacre was the impetus and it was conducted with an illegal firearm.
I noted this is where it started, followed by both sides of the lower House collaborating on aggregating the voting system used to count votes in the parliament to nobble the power of the independents. The Australian electorate had a funny habit of pissing the politicians off by not giving them what they wanted.
In that regard
Re:Australia has the most stupid tech laws... (Score:4, Interesting)
I didn't want to give up our firearms, we were compelled to on a wave of media hand wringing. The Port Arthur massacre was the impetus and it was conducted with an illegal firearm.
My criterion for the validity of the massacre argument for banning guns is that I would consider it a valid point the first time a gun were found to be autonomously walking around and firing at people.
I don't know what the stats are in Australia, but the problem in the US that we have no commonsense controls on the mentally ill. They can walk around wherever they want to, piling up in our cities as the "homeless problem," setting wildfires in the countryside, and annoying your children at public parks and libraries. Once we had mental hospitals where we could institutionalize people who would be a problem on the street. Even the assault mentally ill, those with high-capacity legal files of antisocial offenses, go free. All the rest of us can do is wait until the next one snaps.
Re: (Score:2)
No. Source: history. There have been many examples of people gaining freedom without using weapons including in the recent past.
The article is wrong (Score:2)
They are attempting to pass the Bill in the senate at this very moment. I am watching them debate passing it it *right now*.
This is about all software.
Re: (Score:2)
Actually the article said it had passed the house. It didn't say it has passed the senate.
I am watching it, in the Senate RIGHT NOW. I have shared the link has just passed the second reading [aph.gov.au]
Ruling class protecting itself (Score:5, Insightful)
Officially gotten to complacent (Score:5, Insightful)
It seems it's been too long since we've had to work for our freedom and pay for it in blood, both our enemies' and our own.
That which comes free and is considered to be a given rarely has any worth in the eyes of people.
We are descending into totalitarianism again, one way or another, and at some point we will be sick enough of being enslaved, also one way or another, that we'll rise up, heads will roll and we'll install another ruling class, one we trust, to slowly grow complacent and enamored with their power.
The cycle is alive and well and we merely markers on it.
Re:Officially gotten to complacent (Score:4, Interesting)
The problem is that about half the people vote for these asshats and actually agree with them.
There's an easy fix for that. Remove SSL from all Australian commercial websites, and enjoy the pandemonium as everybody gets hacked and loses their bank accounts and credit cards. Any public perception that encryption is only for the benefit of criminals and terrorists will quickly fade.
Re: (Score:3)
Or just modify all web browsers to automatically add a "This site is insecure, and may compromise your security. Are you sure you want to load this page?" message for every website in Australia, whether protected by TLS or not, under the assumption that TLS on Australian servers is inherently and irreparably compromised. Make it so that nobody outside of Australia is willing to do business with Aussie companies.
Anti Encryption For ALL (Score:2)
Time to start sending blocks of random numbers (Score:4, Interesting)
The first duty of an agency that wishes some unknown data to be decrypted would be to prove that it was, in fact, an encrypted message. If they were presented with a file containing random numbers they couldn't just say "you must provide the key to decrypt that" as they have not shown that such a key actually exists.
Of course, the only way to prove that such a key exists would be to use it to decrypt the data. But until the transmission of blocks of random junk becomes widespread and well known (possibly with the occasional encrypted message inserted, as government agencies do it) the "reasonable man" criteria would apply and courts would assume that all apparently random data is actually encrypted messages.
Re: (Score:2)
Daddy I want a Unicorn for Christmas... (Score:4, Insightful)
Okay honey, let me go pass a law to make them exist for you.
Compression (Score:2)
Aussies are all for compression. They compress words lie:
Sraya for Australia
Assie for Australian
Avro for Afternoon
Brickie for Bricklayer
Brolly for umbrella
etc..
Since encryption messes with compression. They are culturally averse to it.
Will a quality VPN (Score:2)
Hold my beer! (Score:5, Funny)
Australia: Hold my beer...
Straight forward solution (Score:5, Interesting)
There's a rather straight forward solution to this problem, but I doubt tech companies have the backbone to do it. Every tech company should stop selling their products and services to Australia until this law is reversed. Take away the iPhones, Facebook, Android, and every all website from anyone in Australia. Let the people of Australia decide if they want these gadgets or if they want a government that can break encryption.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I wouldn't call the chance non-zero. Google may way see this a a thread to them, especially if it goes global. They have a vested interest in this not being a thing. Apple has already fought against this kind of thing in the US courts, so I wouldn't be surprised if they don't take a stand as well.
Here's how at least one part of Google feels about it: https://android-developers.googleblog.com/2018/05/insider-attack-resistance.html [googleblog.com].
TL;DR we're trying to make it technically impossible for us to decrypt user data on Pixel devices. Not to prevent law enforcement access, but to ensure that no insider, no matter how privileged, can do it. This has the -- pleasant, in my personal opinion -- side effect of making laws like this ineffective. Until/unless, of course, they attempt to force companies to build
This is why... (Score:2)
Companies bulding encryption into their product is absolutely worthless. I don't trust any app that provides its own security/encryption. I don't trust the company to not give it up. For example any cloud company wanting me to use their service. I'll encrypt my data locally using encryption tools that I control and upload a pre-encrypted blob to your cloud if I want to use your service.
Futile (Score:2)
For those needing it, personal watermark encryption will make this vote inoperative.
What if everything is encrypted and in the cloud? (Score:2)
If the government takes your computer, or device, there will be nothing to decrypt.
Does the also require passwords to online storage?
This is probably most informed comment section on (Score:2)
Looking in outstanding mode but have folk who
* Actually read the act
* Read amendments
* Informed debate on how this cascades
* Impact on companies and customers
Re:Let's see them try (Score:5, Funny)
Re: (Score:3)
This is Australia, where they "block" piratebay at the DNS level.
Re: (Score:2)
This is Australia, where the laws of the nation Trump the laws of mathematics.
Indiana [wikipedia.org] used to be the same way. Where's C.A. Waldo [wikipedia.org] when you need him?
Re: (Score:2)
In the end, technological measures cannot protect you; only the rule of law can. This bill compromises the rule of law, reduces accountability and transparency, and will cause long term civil and economic damage to Australia as a result.
Re:Let's see them try (Score:5, Insightful)
Well, that's not entirely true. What will happen in reality is that everything that relies on encryption, will either leave AU or be inherently insecure.
They will also find themselves an island in many more ways than they already are because they will be treated as a security hole. By both the good and the bad guys. They have no idea what they are in for.
Possible (Score:2)
Coded messages would float completely under the radar, they're not encrypted as far as any algorithm is concerned.
Or they could use encrypted or unencrypted messages embedded in something else. Steganography. Unencrypted would be fine and probably legal under the new law. If you set one bit in each word in a losslessly stored image such that the nth bit in the low-order nibble of the low-order byte is the nth bit in a message, but the message itself is not encrypted, then your storage is just a file system.
Re: (Score:2)
Unencrypted would be fine and probably legal under the new law.
It's irrelevant whether it's encrypted or not. The law requires the provision of "technical assistance" to access any encrypted or encoded content. If that means building a backdoor into your system then that's what you'll do. If that means updating the software such that it gives the appearance of encryption when in reality nothing is being encrypted, then you'll do that too. Refusing to do it will result in fines or jail time or both.
Re:Let's see them try (Score:5, Insightful)
Once again, the wrench cartoon is unironically used in a situation where it actually indicates that the citizen ends up being protected against the most common and concerning attacks.
Here is why a $5 wrench does not completely compromise the privacy given by cryptography: it is impossible to hit someone with a wrench without them knowing about it. In fact, you can't even show a wrench to someone purely for intimidation purposes, without them knowing about it.
Massive slurping on an internet backbone, using wrenches? Can't do it.
Secretly investigating someone by wrench-cracking their crypto without them at least being able to talk to a lawyer? Can't do it.
It's a technological measure, and it works. Crypto nerds have already beaten the wrench is most conceivable scenarios. The situations where the defense doesn't work? Doesn't matter, because those scenarios are someone's silly movie fantasy.
Re: (Score:2)
There's another factor. If someone has something really significant, even if it's just money, the thief would have to kill you afterwards to keep you quiet. Same reason people will say anything -other- than the truth when tortured. There's no value in the truth, there's only value in keeping the other person busy.
Re: (Score:2)
it is impossible to hit someone with a wrench without them knowing about it
The new law mandates that companies which have provided "technical assistance" are not allowed to talk about it. You will be undermined by your IT platform (either the software you use or the services you use or both) and you won't know about it.
Massive slurping on an internet backbone, using wrenches? Can't do it.
It absolutely can be done, and this is what the new law enables. They will go to the backbone provider and hit them with wrenches until they provide the "technical assistance" required. That can be compromising encryption going forward or it can be building backdoor
Re: (Score:2)
Where power is asserted through violence and intimidation, law is a pretext.
In such a society, violence is circular as is the reasoning.
Where good law is asserted through mutual consent, government is a service.
In such a society, power is largely, though not entirely, superfluous and violence approaches but doesn't quite reach zero. You have whatever sized government you like but very little control in it. It's functional, not managerial.
It's ultimately about what society values.
Just users (Score:5, Interesting)
Generally there are two ways this will work:
1. Companies/corporations that build or provide services using uncrackable encryption get fined and then sanctioned until they either build in backdoors or go out of business/leave the country.
2. Users of such services get fined or imprisoned until they render their passwords. Use of hard encryption first becomes evidence of wrongdoing, and then conclusive proof of it.
Re:Update: (Score:4, Informative)
Has been stopped for now:
No it hasn't. It is being debated in the Senate right now [aph.gov.au].
Re: (Score:2)
Ever since the Salties escaped the swamps and lagoons, learned to dress and became politicians, you've had no chance.
It's a matter of finding the kryptonite they've been using. It's out there, somewhere...
Re: (Score:2)
Re: (Score:2)
I can see how a local telco like Telstra might have to do it, but the tech giants like Apple/Google/MS etc don't.
Bwahahahah! That's a good one. Yeah, I'm sure they're all just lining up to put principles ahead of profit.
All they have to do is a pop-up which says "In compliance with Australian regulation whatever it's called, your unique decryption key will be uploaded to and retained on our servers. Have a nice day."
Re:Not Even A Month Since Election (Score:4, Informative)
Actually, the right supports privacy and encryption.
Of course they do. [wikipedia.org]
Re: (Score:2)
You need to think this through and not fall into a partisan trap. The left wants more power for a leftist government, and the right wants more power for a rightist government. Any candidate with enough integrity to be for the people won't get elected for the reason of avoiding gutter politics.
Re: (Score:3)
It usually comes crashing down. In my experience Supreme Courts have a habit of wanting reasoning, procedures, redress procedures, limitations and implementations explained to them. Then the inconsistencies come to light in a forum they cant bullshit their way out of. I've seen numerous instances were courts asked the government if they had a severe case teh dumb.
No, only if the law is unconstitutional.
The law now says that if you, as an IT professional, do not comply you are deemed not in compliance and subject to fine ($60,000) and jail terms (up to 10 years). Additionally, you are subject to the liability from users who take legal action to recover damages if they were the victim of a subsequent crime because the government's actions - how is that for a stroke of cuntishness if you want to try to protect you users privacy.
If you do comply you are obliged to
Re: (Score:2)
FTFY.