Slashdot Mirror
Australia To Compel Technology Firms To Provide Access To Encrypted Missives (reuters.com)
Australia on Friday proposed new laws to compel companies such as U.S. social media giant Facebook and device manufacturer Apple to provide security agencies access to encrypted messages. From a report: The measures will be the first in an expected wave of global legislation as pressure mounts on technology companies to provide such access after several terror suspects used encrypted applications ahead of attacks. Australia, a staunch U.S. ally, is on heightened alert for attacks by home-grown radicals since 2014 and authorities have said they have thwarted several plots, although Prime Minister Malcolm Turnbull said law enforcement needed more help. "We need to ensure the internet is not used as a dark place for bad people to hide their criminal activities from the law," Turnbull told reporters in Sydney. "The reality is, however, that these encrypted messaging applications and voice applications are being used obviously by all of us, but they're also being used by people who seek to do us harm."
Ever!
are also being used by people who mean us harm. Shall we shut them all down?
If there's no place for terrorists to hide then there's no place for *anyone* to hide, and that is unacceptable considering how valuable it is to hide from oppression or the abusers of the system used to ensure there are no hiding spots, those who operate the system are disproportionately advantaged and with access comes the capability of concealing themselves, censoring, framing content and concealing context, etc.
This idea is ridiculous and imbalanced off the bat.
Twinstiq, game news
The link doesn't match the summary.
P.S. Malcolm Turnbull is an idiot.
Get rid of the Muslims. Deport them all to the sharia hell-holes they come from and richly deserve
Apparently Australians are a bunch of pussies, despite their macho posturing, because they allow their government to fuck them regularly.
IIRC, the Bouncy Castle crypto package , developed to get around the 90's US export controls on strong ciphers, originates from Down Under. Funny their govt is now expecting developers to install Magic Good-Guys-Only Backdoors into their software so the Five-Eyes Panopticon can snoop as wanted.
only outlaws will have it? cease fire stand down,, there's moms & babys in every town..
Anyone remember when it was illegal in the US to export encryption technology? This really needs to stop. From a bird's eye perspective, governments are trying to throw out the baby with the bath water. Or, is it all about $$$? I just want to live in peace please.
Quit letting people from terrorist prone countries or parts of the world into YOUR country...where they refuse to assimilate and become pots of festering terrorist ideology waiting to unleash itself into the host country.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I repeat:
Jean has a big moustache.
Aunt Marie is doing well.
I repeat:
Aunt Marie is doing well.
These where the message from Radio Free Internet.
Don't fight for your country, if your country does not fight for you.
because it's not gonna happen...
I have often remarked that no nation would ever really tolerate free speech. Here we have government offering an excuse to eliminate free speech completely. Frankly there are numerous issues mixed in with this. Criminal activity is now so common that we simply can not detain, arrest or imprison more people. There are already problems concerning which laws get enforced and against whom they are enforced. if we had high quality investigation of all our people the nation would collapse due to the vast number of people who would be in the justice system. For example how many people have cheated on their income tax or made false statements to insurance companies? How about hunters or fishermen who cheat a bit on size or number of animals taken? Frankly most small businesses also commit crimes. For example even some McDonald's chain stores alter time cards to make certain no worker can get full time status. That is criminal fraud but who knows of a single case of such a store being padlocked? Arrest and prosecution has a lot to do with who you are.
Does the Australian government know that even if they could compel companies like Apple access to their systems, they won't get access to what their users send especially if users are using end-to-end encryption.
And then there's the issue of once they get access to one thing, another app would soon appear that would thwart their suvelliance
Short summary of the issues
Well, there's spam egg sausage and spam, that's not got much spam in it.
We had similar encrypted channels already in IRC, where some clients provided facilities to encrypt a query with a shared key on both ends.
Currently, with the centralized messenger services running through the infrastructure of big companies, there is a big attack vector on the privacy of communication: Go directly to the provider of the infrastructure. If the encryption runs totally on the client side piggy-backing on the "official" infrastructure, a big single point of failure is removed, although it is still easy to determine when and with whom you communicate.
The obvious response of technology firms is to structure their encryption so that it becomes impossible for them to decrypt the content because they don't have the keys themselves. The security guys at pretty much every such company would prefer to build such systems anyway. They generally don't because doing so adds some additional layers of complexity. It's simpler and more cost-effective to instead build a key management system that is secure against compromise even by internal attackers, relying on the typical tools (secure hardware, affirmative control, responsibility splitting, etc.).
But... it's not *that* much harder to build a system in which no one but the parties communicating have the keys. Compared to the legal and administrative costs involved in having to deal with an unending stream of government requests for data (which governments almost always expect companies to comply with at their own expense, as a cost of doing business), it's a no-brainer. Much cheaper to build the more complicated decentralized security model, enabling the company to respond to government requests with "Can't. Here's our security design. You can see that we have no access to the decryption keys."
Of course, the obvious response of legislators is then to mandate government-accessible backdoors. That, however, creates an entirely new public perception of the request, making it a very different game, politically.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
In a free society, security does not overrule privacy. Period. Fuck those that take our individual rights in the name of security.
What the actual fuck is wrong with these gods-be-damned politicians that they don't understand the simple FACT that if you put a gods-be-damned 'backdoor' into ANY encryption algorithm, that your DESTROY it's ability to keep sensitive data out of the hands of the very people you're trying to 'protect' against!? Does the entire gods-be-damned WORLD have lead in it's drinking water? THIS is the sort of thing I'm talking about when I say "People are getting DUMBER". Don't these politicians have techical advisors who are (hopefully!) competent and intelligent, telling them precisely what I said above (and a million times already)?
Then some Missionaries came and told them how God is Great and to give up their Heretic Heathen ways or be crushed under the boots of progress.
Then they either died of disease (often brought by said missionaries, who then used it to convert people...) or were driven off their land/enslaved by 'righteous christian settlers', some of whom paid a token, some of whom dealt fairly, most of the whom dealt in horse and musket, whether selling, or using to take the land.
The only things that have changed are the methods, that sort of barbaric colonization still happens today, just under different names, like 'globalism', 'H1B', or 'The Great Jihad Against the White Devil, while also coveting the benefits of his lifestyle!', the latter rather not dissimiliar to the colonists taking of the beneficial aspects of the natives lifestyles while destroying any parts they didn't like. Oh cultural conquerors, what a crude beast are ye!
Encryption, the best tool to detect ignorance on politicians.
We should all be using it to give politicians with stupid proposals the boot.
Good luck legislating math.
"We need to ensure the Internet is not used as a dark place for bad people to hide their criminal activities from the law"
vs.
"We need to ensure the Internet is not used as a dark place for government organizations to abuse and violate citizens privacy by those who are above the law"
...and only criminals will have privacy.
Always bringing in those violent moslems, knowing what they'll do and how they'll try to get away with it, as an excuse to take freedoms and privacy away from the deep rooted and civil locals.
It's all about control.
I dream of the day when the corrupt power hungry elite will be rounded up by an armed and informed public and/or betrayed by their own security staff.
Australia is giving the US serious competition for the dumbass award this year.
All the more reason to use open source software that doesn't rely on third party corporate keyholders. Seriously, anyone really concerned about secure communication is not going to rely on a consumer oriented mass-market service run by a profit-making company. They'll use a custom one-time pad for encryption and some steganographic technique to send the encrypted message through an unconnected communication or not use the public Internet at all.
In Australia, every year, cops kill more people than terrorists do.
Dialectician. Archology.
The public doesn't need guns either. Ban them all!
-----BEGIN PGP MESSAGE----- Version: BCPG C# v1.6.1.0 hQEMA6aWSBoheq/wAQgAmlMhXPe8IFZS1FFJlZSi5vox+rp2ERjJ/tkZIoDm6eyg NA2GGzmWlI9mu1DKlP0nOINNZV7oY2M8ovqW2AuHd2BpWEaIa58GC/v1hL02xr2P a50tR/FzRG2MkKIFhnW/z+cGZA9CXycusD0tlAnzyve7HZlA08FVFmPnBQ/CbwLe pYzzAVXvSOs3wuPakv57hHErdY0XjarqkBxmnvVzO8WgV93KmZ4caRySzchiBiQ/ Wb9D5PTUIkgS93HWeoQngOTPA1blKKLmSWRk699Wu9MIlcykxgpiNaDjrI6aaZwp ckCTWAwnyhbR8KTqdYo0qlqK0D8t+SC9C+V6XKkA78lQ50pYeazywBvcSNA4OJmx Tif2voDW0VzvSQdbnITUpw/AfuJsMQTYqsTcQaKFQsdoMf9KJiCQGWjjj9Cl3GtT v+FwYAgCbdEjmCOx1XBHQrQ= =Kyq6 -----END PGP MESSAGE-----
Show me on the 1st Amendment bobblehead where the moderator touched you...
When mathematicians say something is impossible, they usually mean "logically inconsistent with published proofs, and those proofs are the basis of EVERYTHING".
When scientists say something is impossible, they usually mean "inconsistent with published models, and those models are good enough to take us to the moon and back".
When politicians say something is impossible, they usually mean "the current legislature will say no, but that can be changed".
When politicians hear "secure encryption with back doors is impossible", they hear "impossible" in legislative terms when it's really at least in scientific terms, and very close to mathematical terms.
To a Lisp hacker, XML is S-expressions in drag.
So are roads. And toilets. Especially toilets.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Present day modern cryptography already can be secure "forever" (i.e. unless somebody finds a fundamental weakness in the cipher itself, brute-forcing will not ever be possible). That war has long been lost by the government creeps that feel threatened by anything they cannot control. All they can do now is a lot of damage.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Here is the correct link: http://www.reuters.com/article...
I see Judge Dredd in the near future.
it's used for blackmail and industrial espionage.
"We need to ensure the world is not a dark place where bad people become authority figures to abuse the law,"
Fixed.
-----BEGIN TERRORIST CIPHER-----
A1D8B658 47D95C1D D2C56F6F DC39F3BA 0B35A581 784EC213 80A4CD51 E5722B6C
885786F4 B1137F31 D1BE63AF 476CC253 A1189926 B920AB01 7C2FDB67 02E12DB0
5F9C08B8 1FE8310D B1EC05B6 DE2F3017 C5B05543 E0898D31 FACA7122 8E95222C
25B698BA C3B6B912 E29FE1F3 9732783A C0A8A711 9515014B DD1F5639 B912D62E
8151B97F 4C14A2A7 3A8EB969 8648B905 206F525A 236705CC B77CBC38 69538CD0
79E2026A 2AAA26F9 A292223B 68C17CE0
-----END TERRORIST CIPHER-----
You are right, manufacturers will be forced to comply. I wrote to Brandis about this in 2015, it set the stage for what is happening now and was predictable. Not only is the state not interested in protecting her citizens, it is quite clear that monitoring the civilian population is a priority over everything else.
I see little sincerity in the Australian Government on this issue and judging from previous legislations this proposed one will contain as many flaws as the one I wrote about in 2015. We will have to wait and see what emerges in the proposed legislation.
Here is the 2015 letter:
Dear Honourable Minister,
First, my apologies that the available time and gravity of this Bill has not allowed me to write a proper paper based piece of mail that addresses you in a more appropriate manner.
I write to regarding the concerns that I have after reading Part One of "Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 as an Information Technology professional with roughly thirty years of experience, including experience as a Security Technologist, Technology Architect and Business Analyst. This Bill should not be passed at all and if introduced in its current form will expose Australia and her population to economic damage.
The most pressing of my concerns is the Bill introduces and inadvertently provides a significant vector for Australian citizens to be defrauded by organised crime in an automated manner. Additionally there are no protections for Australian Citizens who are subject to abuse of access to this data and no opportunity for relief through complaint mechanism such as the Privacy Commissioner or the Telecommunications Ombudsman.
No fraud protection measures are in place and the Bill casually exposes all Australians to a wide range of vectors for fraud such as banking, superannuation, insurance and, more serious threats such as identity theft and harassment This will first cost taxpayers a fortune, then again as a consumer, then again in economic fraud. Australians are being asked to pay for the systems that will be used as a vector for crime because criminal do not care about violating such systems to access the opportunities to raid Australians of their net worth.
From a business perspective, implementation of these type of systems poses significant technical challenges to business to comply with section 187AA the Bill to make it function. Any business who tries to implement such a system will be asked to pay for imposing severe capacity limitations on their infrastructure to grow their business whilst capturing the data tabled. A lot of mostly useless data will be generated for law enforcement. At a miserly 4 internet accesses per person per day such a system, nationally, would be required to record 7.3^10 accesses to retain 2 years data. I suspect that people will do more that 4 browser updates in a day.
The chilling effect of this is that many existing viable small businesses operating in and proposed for Australia that create a modern economy, will not be viable on Australian soil. The economic benefits of electronic commerce will progressively go to to other countries. Even a cursory examination of Sections 187AA.3A,3B suggest that any computing infrastructure can be subject to the Minister's scrutiny, subjected to a Communications Access Controller, the distraction of the machination of an Implementation plan and the unknown risk associated with non-compliance. The government will be responsible for driving away the very kind of business opportunities a 21st century Australia needs for economic growth.
The type and capacity of infrastructure to do the required data capture will be quite onerous and unaffordable for some businesses, even if they could access the expertise to implement it. Having created similar types of systems in my work for the worlds largest corporate businesses my assessment is the data collection requirements under this Bill are much more, now that I understand the propos
My ism, it's full of beliefs.
You don't understand Australians. We have a proud history as convicts, and you can't have criminals without laws. We simply make all these laws so we have even more opportunities to break the law.