Slashdot Mirror
Aussie Attorney General's War On Encrypted Web Services
Bismillah writes "If Attorney-General Brandis gets his way in the process of revising Australia's Telecommunications Interception Act, users and providers of VPNs and other encrypted services will by law be required to decrypt government intercepted data. Because, 'sophisticated criminals and terrorists.' New Zealand already has a similar law, the Telecommunications Interception and Computer Security Act. Apparently, large Internet service providers such as Microsoft and Facebook won't be exempt from the TICSA and must facilitate interception of traffic."
I don't think this will stop any terrorista.
The attorney-general can write a law to defy gravity, but putting a signature on such law will not make people fly.
In other words: madness.
To Terminate, or not to Terminate, that's the question - SCSIROB
How would one claim plausible deniability?
"Your honor, I was simply transmitting random ASCII to a friend! He replied with random PETSCII!"
READY.
PRINT ""+-0
So they would ban the use of Perfect Forward Secrecy. Using PFS it is impossible to decrypt the intercepted content even with the Certificate's private key.
Yes Mr. Contractor, for the new ultra-hardened backdoor with super-duper locks I'd like you to leave the key over there under that rock. No, I'm sure only our RSA, NSA, TLA certified guys will be using it. How would anyone else know it's there?
Look where all this talking got us, baby.
Just once when a bad guy says "2 choices" I'd like the lead character to go "No, that's 1 choice between 2 options!" punching the guy in the face on each number.
Don't worry, it's just a shit summary. TFA talks about Microsoft in the context of being a webmail provider.
The department argues the obligation on service providers would merely "formalise" existing arrangements.
This is fallout from the Snowden leaks.
What was once done in secret is now being brought into the light.
I guess I was hoping they'd just stop, instead of legalizing the invasive spying programs.
[Fuck Beta]
o0t!
People in power trying to stay in power ?
This is more of a result of the recent hysteria by the Australian Federal Police and Australian Crime Commission over local criminals using Phantom Secure phones to coordinate contract hits allegedly. http://www.abc.net.au/news/201... Brandis might have good intentions, but he's about as illiterate as they get in the NLP on such technology matters. These gangs don't rollover. Even rivals will not roll on rivals. This is a naive idea and will fail miserably in practice, if it ever sees the light of day. Given the makeup of the current senate, not any time soon.
Area51 - We are watching...
Every time a government forces a company to make or create a back door or hand over keys to them, it makes it easier for countries like China to hack the hell out of our companies. Utter stupidity.
People in power trying to stay in power ?
Almost, but this guy doesn't have the brains to think that far.
George Brandis is s sneering scumbag and lying rodent who wants to be Dick Cheney when he grows up, but lacks the compassion, gun skills and wit.
He used taxpayer money to go to a friend's wedding, but has accepted the task of writing a ministerial code of conduct. He's also told the Australian arts community that they don't have the right to refuse funding from corporate sponsors whose ethical values conflict with those of the artists, and plans to punish them if they don't comply.
"I've got more toys than Teruhisa Kitahara."
The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions. The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.
...issuing authorities should be able to authorise an agency to issue ‘intelligibility assistance notices’, requiring a person to provide information or assistance to place previously lawfully accessed communications into an intelligible form, as discussed by the PJCIS at Recommendation 16...
...
Where issued to a service provider, such notices would formalise existing arrangements....
When issued to a person other than a service provider, such as the subject of a warrant, the Department’s preliminary view is that a notice would operate in a similar fashion to orders made under section 3LA of the Crimes Act 1914. Section 3LA permits agencies that have seized physical hardware, such as a computer or an external hard drive, under a search warrant to apply for a further warrant requiring a person to ‘provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form.
Recommendation 16
The Committee recommends that, should the Government decide to develop an offence for failure to assist in decrypting communications, the offence be developed in consultation with the telecommunications industry, the Department of Broadband Communications and the Digital Economy, and the Australian Communications and Media Authority. It is important that any such offence be expressed with sufficient specificity so that telecommunications providers are left with a clear understanding of their obligations.
The Department’s preliminary view is to support recommendation 16 in principle.
- Comprehensive revision of the Telecommunications (Interception and Access) Act 1979, Submission 26
No more need be siad.
Here's the third: Take your business elsewhere.
The world is a large place. Someone might want to tell Mr. Bigwig that his laws mean jack in all but one country.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You mean, like, say, end to end encryption?
What a novel idea, you should patent it...
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
dumdidum.. they provide server hosting and internet services..
world was created 5 seconds before this post as it is.
Above is the whooshiest whoosh ever to have wooshed.
Dick Cheney? Gun skills? That's pretty hilarious. Assuming you are aware of the fact that he managed to shoot his buddy, wearing a bright orange vest no less, while attempting to murder quail -- and no, firing buckshot at hapless tiny birds does not count as "hunting". Apparently the bastard never even apologized.
More power to him if he really was using buck shot (which i seriously doubt) - reduces the chance of hitting the bird radically compared to bird shot... Spot the difference
What about firm which communicate using VPN ? No entities are in Australia , just maybe a worker or two communicating with a german firm for example.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
This is pretty stupid, for two reasons: First, there are enough cases where keys exist temporarily and cannot be reconstructed (e.g. all DH-established keys) and second, it allows users to find out what exactly was intercepted, by using a new key for every unit of data.
That it is also completely unethical and only worthy of a totalitarian regime (where the "sophisticated criminals and terrorists" have taken over the government) is just the icing.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Land of the seriously fucked.
Your wildlife all wants to kill you, your government wants to turn you back into one big penal colony.
Viva la revolution!
This is actually business as usual. If the population of a country forgets to kick their "representatives" in the face whenever they develop delusions, then the government slowly morphs into totalitarianism. The problem is that ordinary people are highly susceptible to manipulation and governments are getting better at it. The "we did not know what was happening"-excuse that so many Germans used after Nazi-Germany was overthrown will not fly this time.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
God save the Queen and the fascist regime.
Tony Abbott and his strong arm tactics.
He uses secrecy for the governments actions
and is pushing his conservative, fascist agenda.
Go well
Abbott and his mates can legislate Pi to be 22/7 for all I care though they will have to convince the senate. Anyone who depends on modern technology to conduct business will just move elsewhere just as manufacturing has. The poor bastards like me who are too tied down to consider moving will just work around their stupidity as we always have. Fortunately unless my fellow Australians have gone completely insane he will be out after one term and the Libs can take a broom to the arsehole conservatives who have poisoned their party and get back to their core values of individual liberty, free from the tyranny of government interference.
The "five eyes" group sharing national security information under the ECHELON program is also sometimes called "Auscanzukus" for Australia, Canada, New Zealand, UK and US. I wouldn't trust any of these when it comes to signals intelligence.
New Zealand is going (maybe) to get a new flag (new FLAG, I said, oh what this isnt 4chan, nevermind) well anyway the Enzedders are planning a nice black flag with a silver fern leaf. Like the logo of their football team, the All Blacks. Classy.Very nice.
I would like to see as new Australian flag which replaces the English cross (the combination of wales england and scotland crosses) (oh there's a thought... what if Scotland _does_ leave the United Kingdom. Does this mean all the ex-commonwealth countries have to remove the scottish part of the english cross that would make it a standard double cross rather than the superb triple cross that says 'UK - once we had an empire but we still own all the banks').
So lets put a red kangaroo up there instead, makes it very friendly a la Qantas (Tony, if you are on slashdot tonight for policy ideas, how about licensing the red roo logo from Qantas say $250m per year. Joycey is awaiting your call...)
Yes a nice friendly welcoming kangaroo (unless you're trying to sneak passed the Abbot drones. Refugees: "Nobody wants us, because we didn't come by Qantas")....
OK where were we? that flag idea? The way this mob of sheeple here are so insipid, probably they'll go for a upgrade on the Southern Cross to the Southern Swastika (subtle eh?). Rupert would LOVE it.
Cryonics - Keep cool and carry on.
This will probably be the next step.
1. Make VPN services illegal in Australia.
That will be fun! This will only work if SSH is banned as well. That means they can only use Telnet. I'm all for it. Let them do this and let us have a good laugh! ;-)
Here's the third: Take your business elsewhere.
The world is a large place. Someone might want to tell Mr. Bigwig that his laws mean jack in all but one country.
Except that this trend towards increased government surveillance of the general populace by government intelligence and LE agencies, often in blatant violation of their nations' own laws and founding documents & principles, is a global phenomenon, particularly in the West, and no longer limited to a handful of dictatorships and totalitarian nations.
Blowing this stuff off because "just switch to a foreign provider" is short-sighted.
Individual freedom around the world, particularly digital privacy/security against intrusive, and often illegal by their own laws, digital spying by governments against their own citizens, is on a downward trend as the US and other Western nations grow increasingly paranoid and authoritarian.
The struggle against such invasive surveillance must likewise be global as these regimes work together both in the actual surveillance and also on the political side to increase their scope and power ever further.
This is particularly true among "Five Eyes" nations like Australia. What good would it do to switch to using services outside the country you're in if all the practical alternatives are just as bad or worse?
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
"One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors." ~ Plato
lol at the arts funding, he didn't tell them they "don't have the right to refuse funding from corporate sponsors whose ethical values conflict with those of the artists", he just said that if they do refuse corporate donations, the government shouldn't be filling in the fiscal shortfall due to the protest they are making.
If artists want to make a stand over something, good for them, it's their right to do so, but they shouldn't then be able to just fall back on taxpayer dollars by shaking the money bucket, every time they feel their purity is under threat. And even then, the government is the progenitor of this stand that they're taking, considering it's asylum seeker detention which they are against, so taking government money would, in a sense be, hypocritical.
After all, only the impotent are pure...
No problem: This photo exhibit on environmental damage caused by oil spills is sponsored by Exxon and BP.
Any insufficiently advanced magic is indistinguishable from technology.
What a novel idea, you should patent it...
Shhh don't give him any stupid ideas.
> "Because, 'sophisticated criminals and terrorists.'"
When speaking in post-l33tspeak, one wouldn't put a comma between "because" and the unqualified phrase because stupid.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
He wishes.
256-bit block ciphers are merely difficult to attack.
That is incorrect. It is impossible to brute-force a cipher like that, and it is extremely unlikely that someone has found a cryptanalytic break for modern ciphers like AES.
Unlike a block cipher, you can prove that a one-time pad is unbreakable, but that proof depends on the assumption that the random bits of the pad are completely unpredictable. Turns out that's a non-trivial problem to solve, and an especially difficult one to test.
These efforts are a call to arms for private citizens to build their own networks far away from the prying eyes of government. The technology is now a commodity. Anyone who wants to do this, has the ability.
Seems to me that would prevent decryption, just just tunnel over top of the VPN. If the provider would decrypt the data, but it would still be encrypted with your private key.
encrypt your message, send it in clear, no one but no one can decrypt it unless you give up the key. Never heard of one time pads? Google it.
What about VPNs hosted outside of Australia? I'm guessing that this is pushback by the Aussie branches of content providers. Too many people are bypassing their local high prices by getting iTunes and Netflix from the USA over VPNs.
If they think that 'bad guys' are going to rely upon a service's key management for nefarious communication, they are nuts. All the criminals/terrorists are going to use end to end encryption on top of any other transport service.
Have gnu, will travel.
You're right. Considering how computer-savvy our patent office is, he might just get it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
You mean, like, say, end to end encryption?
End to end encryption doesn't give anywhere near the security many people think. If adversaries (including the government) have access to the communication lines, they can intercept software updates, or take advantage of other vulnerabilities to install software (such as keyloggers, memory sniffers with key extractors, etc.) on the endpoint machines. In fact, they need only compromise one of the computers participating in the communication. So, end to end encryption, although a great idea in theory, really doesn't give much security in practice.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
The catch is that massive data collection and observation allows all kinds of progress. Is it really so wrong that your car insurance company can tell how fast you drive and whether you leave bars late at night? Or how about a medical insurance or life insurance discount because it is clear that you eat a lot of green leafy vegetables and not Spam sandwiches for lunch? Or how about knowing where your wife and kids have really been all week? Or how about linking cancer rates to locations or habits or even knowing your DNA and how it will tolerate such behaviors? And for crime prevention and punishment it is hard to beat heavy duty surveillance.
The crack smoking is strong in this one.
Really, you shouldn't take what Georgio says too seriously, after all America passed a law that effectively made VPNs illegal (exact language was it was illegal to obscure the source and destination of a transmission). The result of which was absolutely bugger all. The reason for that being that today, without VPNs, everything would fall apart. Georgio takes it a little differently saying that you have to let us in to your VPN so we can unencrypt your transmission. This is also patently stupid and shows a complete lack of understanding of technology. Georgio mate, the thing is with encryption, that the keys changed frequently to prevent morons (like you) cracking the encryption by brute force. Those keys are usually not recorded anywhere, so if you're intercepting our transmissions you're shit out of luck. If you want to legislate that all those keys must be recorded then you are doing that which Snowden was so critical of: undermining the security that protects the digital age.
Incompetence, they name is government.
"Written, Produced, and Directed by the National Security Agency"
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
I'm ashamed to be Australian today. These idiots don't represent most Australians. I'll have to contact my local member of parliament.
The catch is that massive data collection and observation allows all kinds of progress. Is it really so wrong that your car insurance company can tell how fast you drive and whether you leave bars late at night? Or how about a medical insurance or life insurance discount because it is clear that you eat a lot of green leafy vegetables and not Spam sandwiches for lunch? Or how about knowing where your wife and kids have really been all week? Or how about linking cancer rates to locations or habits or even knowing your DNA and how it will tolerate such behaviors? And for crime prevention and punishment it is hard to beat heavy duty surveillance.
"Those who willingly surrender freedom for security deserve neither and will lose both."
Not a student of history or human nature, are you? That's always the refrain of the tyrant; "It's for your own good".
Such beliefs have fueled some of the most horrible atrocities in the history of mankind and killed many tens of millions of people.
A Panopticon that's only available to those in power guarantees those in power become tyrants and the citizens become slaves.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
I'm ashamed to be Australian today. These idiots don't represent most Australians. I'll have to contact my local member of parliament.
Not as ashamed as I am as an American, whose nation is supposed to be at the forefront of individual liberty and as much freedom from government regulation of, involvement in, or monitoring of the average person's life as possible while still maintaining domestic order and performing the duties necessary to conduct foreign affairs.
The further the government of the US strays from and exceeds the powers and scope granted by it's Constitution, the worse things have and will get. Not only for the US and those in it, but for the entire world...economically, diplomatically, militarily,.and from the perspective of individual liberty and freedom as well.
Where does one seek asylum from persecution when the are no more nations of free people? If there are no more nations of free people, who will stand against the next insane megalomaniac tyrant bent on world domination? And, there *will* be another. Without fail. There always will be (at least until the human race achieves Ascension :) ). The rise and fall of such describes a large chunk of the entirety of human history from the beginnings of civilization until now.
My greatest fear is that the US collapses into a full-on totalitarian police state that sees foreign aggression as the only practical means at it's disposal to feed the beast, seeing as it's economy is shot, and becomes the next threat to the entire world like WW2 Germany, squared.
Strat
Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
Poor /.
The new right fascists are bilingual. They speak English and Bullshit.
Back before Qwest got bought out by CenturyLink, you could pick various DSL providers, and MS was one of them. Don't know if they still do that but MS definitely is an ISP with webmail, Azure, etc.