Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aussie Attorney General's War On Encrypted Web Services

Posted by samzenpus on from the no-code-for-you dept.

Bismillah writes "If Attorney-General Brandis gets his way in the process of revising Australia's Telecommunications Interception Act, users and providers of VPNs and other encrypted services will by law be required to decrypt government intercepted data. Because, 'sophisticated criminals and terrorists.' New Zealand already has a similar law, the Telecommunications Interception and Computer Security Act. Apparently, large Internet service providers such as Microsoft and Facebook won't be exempt from the TICSA and must facilitate interception of traffic."

30 of 151 comments (clear)

  1. Gravity by scsirob · · Score: 4, Insightful

    The attorney-general can write a law to defy gravity, but putting a signature on such law will not make people fly.

    In other words: madness.

    --
    To Terminate, or not to Terminate, that's the question - SCSIROB
    1. Re:Gravity by Number42 · · Score: 2

      Madness? THIS! IS! AUSTRALIA!

    2. Re:Gravity by gweihir · · Score: 2

      Many in power that come from the legal profession do not realize that "the law" is just a bad crutch and cannot deliver most things it is supposed to deliver. Instead they think they are shaping reality. It is some specific form of serious mental disability. It is also a threat to society.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    3. Re:Gravity by gweihir · · Score: 3, Insightful

      Actually, he does not have the power to enforce a law defying gravity. He has a mandate to do so and he may be stupid enough to try though.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    4. Re:Gravity by KeensMustard · · Score: 4, Informative

      Thankfully the Attorney General only has the power to enforce laws, not to write laws (that's the job of the elected senators and ministers).

      Yes. How fortunate that Senator George Brandis isn't you know, a member of the Senate.

      But seriously, of all the inner circle of petrified, ideological nincompoops in the new government this guy is up with the best of them. He has no idea about law, how law should be made or enforced, the intent of law and the notion of correct legal practice and judicial ruling. Just the person you want, you know, for the attorney general.

      He was an Q & A the other night, arguing for the removal of the racial villification clauses form the Racial Discrimination acts. Why? Because one of his cronies had been found guilty under this section. He said it out loud. Other more apparently learned members of the panel schooled him on the notion of "the rule of law".

      No, George. It's not the role of the law to protect your racist buddies when they make false claims against named persons and then publish them, explcitly alleging that their alleged behaviour is typical of their race (or worse, racial mixture)

  2. Perfect Forward Secrecy by grahammm · · Score: 4, Informative

    So they would ban the use of Perfect Forward Secrecy. Using PFS it is impossible to decrypt the intercepted content even with the Certificate's private key.

    1. Re:Perfect Forward Secrecy by countach · · Score: 2

      By the sound of the article, they might be too stupid to ban it. Rather they'd write some law that says you have to hand over any keys you have, but inconveniently for them, there would be nothing useful to hand over.

  3. Genius by pitchpipe · · Score: 5, Insightful
    Yeah! Let's weaken security on networks that most major financial transactions travel over, because we really have no problems with criminals committing fraud over these networks.

    Yes Mr. Contractor, for the new ultra-hardened backdoor with super-duper locks I'd like you to leave the key over there under that rock. No, I'm sure only our RSA, NSA, TLA certified guys will be using it. How would anyone else know it's there?

    --
    Look where all this talking got us, baby.
  4. Snowden by TubeSteak · · Score: 3, Insightful

    The department argues the obligation on service providers would merely "formalise" existing arrangements.

    This is fallout from the Snowden leaks.
    What was once done in secret is now being brought into the light.
    I guess I was hoping they'd just stop, instead of legalizing the invasive spying programs.

    --
    [Fuck Beta]
    o0t!
    1. Re:Snowden by TapeCutter · · Score: 5, Insightful

      This is fallout from the Snowden leaks.

      No, Brandis doesn't need an excuse for this behaviour, he was like this before Snowden was born. His predecessor (and mentor) from the Howard government was Ruddock, Ruddock was the guy who threw out the Magna Carta in order to make a political prisoner out of David Hicks, it was the most shameful act of any Aussie AG I have witnessed in the last 50 odd years. I will be very surprised if Brandis does not sink even lower than Ruddock (assuming that's possible).

      People who thirst for the power that comes with the role of AG should somehow be banned from applying for the job.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  5. Re:Insanity by x0ra · · Score: 2

    People in power trying to stay in power ?

  6. Re:Insanity by ozmanjusri · · Score: 4, Informative

    People in power trying to stay in power ?

    Almost, but this guy doesn't have the brains to think that far.

    George Brandis is s sneering scumbag and lying rodent who wants to be Dick Cheney when he grows up, but lacks the compassion, gun skills and wit.

    He used taxpayer money to go to a friend's wedding, but has accepted the task of writing a ministerial code of conduct. He's also told the Australian arts community that they don't have the right to refuse funding from corporate sponsors whose ethical values conflict with those of the artists, and plans to punish them if they don't comply.

    --
    "I've got more toys than Teruhisa Kitahara."
  7. Re:Take your pants down by Opportunist · · Score: 2

    Here's the third: Take your business elsewhere.

    The world is a large place. Someone might want to tell Mr. Bigwig that his laws mean jack in all but one country.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  8. Re:We need a redesign by Opportunist · · Score: 3, Funny

    You mean, like, say, end to end encryption?

    What a novel idea, you should patent it...

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  9. Re:Srsly? by Opportunist · · Score: 2

    You know, I know, possibly he knows, but it seems to still work on the dimwits keeping him in office.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  10. Re:Srsly? by michelcolman · · Score: 2

    You mean Australians have terrorists as pets and in zoos?

  11. Re:wtf by gl4ss · · Score: 2

    dumdidum.. they provide server hosting and internet services..

    --
    world was created 5 seconds before this post as it is.
  12. Re:The Meat of It by Opportunist · · Score: 2

    Steganography is neither limited to data at rest nor to pictures. As long as you can transmit data that need not have a certain format to be considered "normal", you can transmit data hidden inside other data. If everything fails, transmit a lolcat pic that contains the data you want to transmit as a mail attachment.

    What's harder to hide is source and destination of your traffic, though with a bit of creativity and the use of international providers even that's not completely out of the question.

    Use international politics to your benefit. If you want to evade the government of country A, find out what countries would rather not aid them and try to use resources in those countries.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Re:Insanity by Anonymous Coward · · Score: 5, Funny

    Above is the whooshiest whoosh ever to have wooshed.

  14. Re:The Meat of It by grahamm · · Score: 2

    Hiding the destination need not be difficult. You just do the electronic equivalent of putting a coded small ad in a newspaper. Everyone can read it, but only the intemded recipient can decode it and there is no indication as to whom the message is intended for.

  15. Re:How is that supposed to work by SuricouRaven · · Score: 2

    I've been pondering if a VPN could be encrypted using a one-time pad. Obviously the amount of data transfered would be limited by the size of the pad, but with modern storage that might not be such an issue. A remote worker or someone going on a business trip could easily fill up on two hundred gig or so of random data at company headquarters - enough to last them through a couple of weeks of typical usage while they are traveling. So long as no-one can get access to their laptop long enough to copy it off (And if they can do that, any other form of VPN could be compromised just as easily), it'll be quite impossible to break.

  16. Re:Plausible deniability by sg_oneill · · Score: 2

    Don't. Just forget the password. They can't prove you haven't. In fact its actually really common for people under duress to forget passwords for real, since memory can get quite impaired by anxiety (Its part of why torture doesnt work. The more people are freaked out, the more the brain reverts to a fight-or-flight baseline with faster reflexes and diminished cognitive skills)

    --
    Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
  17. Re:Insanity by gweihir · · Score: 4, Insightful

    This is actually business as usual. If the population of a country forgets to kick their "representatives" in the face whenever they develop delusions, then the government slowly morphs into totalitarianism. The problem is that ordinary people are highly susceptible to manipulation and governments are getting better at it. The "we did not know what was happening"-excuse that so many Germans used after Nazi-Germany was overthrown will not fly this time.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  18. Re:The Meat of It by Opportunist · · Score: 2

    Well, in theory, yes, but it's not very practical. Not only do you and your recepient have to agree on a code, it can also be pretty suspicious if the person trying to eavesdrop on you knows a fair lot about you (e.g. that you'd probably not usually do a birth announcement in a newspaper because you're living alone).

    If that's what you plan to do, in this day and age it's probably less suspicious if you start a Facebook page, recruit a few thousand "friends" via some FB game that rewards you for having a lot of friends and post things that sound like they're part of your dull, boring life while actually being the code for your target audience.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  19. Re:Insanity by Travis+Mansbridge · · Score: 2

    The "five eyes" group sharing national security information under the ECHELON program is also sometimes called "Auscanzukus" for Australia, Canada, New Zealand, UK and US. I wouldn't trust any of these when it comes to signals intelligence.

  20. Re:Take your pants down by BlueStrat · · Score: 5, Insightful

    Here's the third: Take your business elsewhere.

    The world is a large place. Someone might want to tell Mr. Bigwig that his laws mean jack in all but one country.

    Except that this trend towards increased government surveillance of the general populace by government intelligence and LE agencies, often in blatant violation of their nations' own laws and founding documents & principles, is a global phenomenon, particularly in the West, and no longer limited to a handful of dictatorships and totalitarian nations.

    Blowing this stuff off because "just switch to a foreign provider" is short-sighted.

    Individual freedom around the world, particularly digital privacy/security against intrusive, and often illegal by their own laws, digital spying by governments against their own citizens, is on a downward trend as the US and other Western nations grow increasingly paranoid and authoritarian.

    The struggle against such invasive surveillance must likewise be global as these regimes work together both in the actual surveillance and also on the political side to increase their scope and power ever further.

    This is particularly true among "Five Eyes" nations like Australia. What good would it do to switch to using services outside the country you're in if all the practical alternatives are just as bad or worse?

    Strat

    --
    Progressivism (aka US 'Liberalism'): Ideas so good they need a police/surveillance-state to enforce.
  21. Re:Srsly? by gargleblast · · Score: 3

    You know what? We just about do.

    When a Lib/Nat government thinks it has a whiff of a terrorist, it goes crazy apeshit bonkers. The last "terrorist" they caught was Muhamed Haneef. A doctor, born in India. An ordinary, or better than average, guy. His crime? He "recklessly" provided a SIM card to a dimwit second cousin of his, who failed spectacularly at blowing up Glasgow Airport. Haneef was locked up for weeks until a magistrate said "hey police guys, this case is a crock of shit" and the DPP said "Oh my tittyfucking God you're right" and dropped the charges. The government then instantly cancelled his visa and deported him.

    Note that, while Haneef was detained, he was cause celebre in Australia. He was the AFP's prize possession. He may as well have been, as you say, an exhibit in a zoo.

    And that is the closest thing there is to an Australian terrorist.

  22. Re:You do know.. by Ly4 · · Score: 2

    256-bit block ciphers are merely difficult to attack.

    That is incorrect. It is impossible to brute-force a cipher like that, and it is extremely unlikely that someone has found a cryptanalytic break for modern ciphers like AES.

    Unlike a block cipher, you can prove that a one-time pad is unbreakable, but that proof depends on the assumption that the random bits of the pad are completely unpredictable. Turns out that's a non-trivial problem to solve, and an especially difficult one to test.

  23. Re:Plausible deniability by Wootery · · Score: 2

    No, the reason it doesn't work so well is that they don't know if you're just making shit up to avoid being tortured more.

    This really makes passwords an 'ideal case' for torture, if there can be such a thing: it can immediately be verified whether you're telling the truth.

    I've read some stories from WWII that makes waterboarding sound very tame

    Spoken like someone who's never been waterboarded.

  24. Re:Take your pants down by FirephoxRising · · Score: 2

    I'm ashamed to be Australian today. These idiots don't represent most Australians. I'll have to contact my local member of parliament.