Domain: homeaffairs.gov.au
Stories and comments across the archive that link to homeaffairs.gov.au.
Stories · 3
-
Australians Who Won't Unlock Their Phones Could Face 10 Years In Jail (sophos.com)
An anonymous reader quotes the Sophos security blog: The Australian government wants to force companies to help it get at suspected criminals' data. If they can't, it would jail people for up to a decade if they refuse to unlock their phones. The country's Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia's existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn't strong enough...
[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....
The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts." -
Australians Who Won't Unlock Their Phones Could Face 10 Years In Jail (sophos.com)
An anonymous reader quotes the Sophos security blog: The Australian government wants to force companies to help it get at suspected criminals' data. If they can't, it would jail people for up to a decade if they refuse to unlock their phones. The country's Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia's existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn't strong enough...
[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....
The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts." -
Australia To Pass Bill Providing Backdoors Into Encrypted Devices, Communications (theregister.co.uk)
An anonymous reader quotes a report from The Register: The Australian government has scheduled its "not-a-backdoor" crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December. All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session: "Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies."
Apart from the dodgy technological sophistry involved, this belief somewhat contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind). "We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so," he said (emphasis added). If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the "government wants a backdoor" problem. And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of "greater assistance to agencies."