Slashdot Mirror
Australia To Compel Technology Firms To Provide Access To Encrypted Missives (reuters.com)
Australia on Friday proposed new laws to compel companies such as U.S. social media giant Facebook and device manufacturer Apple to provide security agencies access to encrypted messages. From a report: The measures will be the first in an expected wave of global legislation as pressure mounts on technology companies to provide such access after several terror suspects used encrypted applications ahead of attacks. Australia, a staunch U.S. ally, is on heightened alert for attacks by home-grown radicals since 2014 and authorities have said they have thwarted several plots, although Prime Minister Malcolm Turnbull said law enforcement needed more help. "We need to ensure the internet is not used as a dark place for bad people to hide their criminal activities from the law," Turnbull told reporters in Sydney. "The reality is, however, that these encrypted messaging applications and voice applications are being used obviously by all of us, but they're also being used by people who seek to do us harm."
are also being used by people who mean us harm. Shall we shut them all down?
If there's no place for terrorists to hide then there's no place for *anyone* to hide, and that is unacceptable considering how valuable it is to hide from oppression or the abusers of the system used to ensure there are no hiding spots, those who operate the system are disproportionately advantaged and with access comes the capability of concealing themselves, censoring, framing content and concealing context, etc.
This idea is ridiculous and imbalanced off the bat.
Twinstiq, game news
Will happen, eventually. But it will not solve the underlying problem of encryption technology being widely available. That stable door has been open for so long that the horse has bolted, galloped, cantered and eventually settled down to raise a family somewhere in Wyoming.
Please remain calm, there is no reason to pani... wait, where are you all going?
IIRC, the Bouncy Castle crypto package , developed to get around the 90's US export controls on strong ciphers, originates from Down Under. Funny their govt is now expecting developers to install Magic Good-Guys-Only Backdoors into their software so the Five-Eyes Panopticon can snoop as wanted.
I repeat:
Jean has a big moustache.
Aunt Marie is doing well.
I repeat:
Aunt Marie is doing well.
These where the message from Radio Free Internet.
Don't fight for your country, if your country does not fight for you.
You know, when we have radical Presbyterians running around, driving trucks through crowds on holidays, gunning down co-workers on Xmas party days, and bombing outside of concerts and just generally shooting and blowing up groups of innocent people....we can start worrying about those damned jihadist Christians then....but, until then, why don't we try to address the problems folks at hand now, eh?
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
Quit letting people from terrorist prone countries or parts of the world into YOUR country...where they refuse to assimilate and become pots of festering terrorist ideology waiting to unleash itself into the host country.
Someone should have told the Aboriginals & Native Americans that a long time ago
Pain is merely failure leaving the body
And it's also silly to think they won't just use an encrypted messaging program outside of Australian jurisdiction.
Sure, if you ignore the fact that most terrorists attacks are being done by native-born citizens or people not from countries on Trump's ban list but instead were radicalized years after immigrating.
Does the Australian government know that even if they could compel companies like Apple access to their systems, they won't get access to what their users send especially if users are using end-to-end encryption.
And then there's the issue of once they get access to one thing, another app would soon appear that would thwart their suvelliance
Short summary of the issues
Well, there's spam egg sausage and spam, that's not got much spam in it.
We had similar encrypted channels already in IRC, where some clients provided facilities to encrypt a query with a shared key on both ends.
Currently, with the centralized messenger services running through the infrastructure of big companies, there is a big attack vector on the privacy of communication: Go directly to the provider of the infrastructure. If the encryption runs totally on the client side piggy-backing on the "official" infrastructure, a big single point of failure is removed, although it is still easy to determine when and with whom you communicate.
This post is a joke right? American-born, non-Muslims kill more people in a year in mass shootings than all Muslim terrorist attacks combined.
Bad example...the Crusades were a reaction to the Muslims overtaking the "Holy Land"...and not letting Christians in....it was a defensive move back in the day.
Once again, the Muslims were the initial aggressors.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
The obvious response of technology firms is to structure their encryption so that it becomes impossible for them to decrypt the content because they don't have the keys themselves. The security guys at pretty much every such company would prefer to build such systems anyway. They generally don't because doing so adds some additional layers of complexity. It's simpler and more cost-effective to instead build a key management system that is secure against compromise even by internal attackers, relying on the typical tools (secure hardware, affirmative control, responsibility splitting, etc.).
But... it's not *that* much harder to build a system in which no one but the parties communicating have the keys. Compared to the legal and administrative costs involved in having to deal with an unending stream of government requests for data (which governments almost always expect companies to comply with at their own expense, as a cost of doing business), it's a no-brainer. Much cheaper to build the more complicated decentralized security model, enabling the company to respond to government requests with "Can't. Here's our security design. You can see that we have no access to the decryption keys."
Of course, the obvious response of legislators is then to mandate government-accessible backdoors. That, however, creates an entirely new public perception of the request, making it a very different game, politically.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Compare and contrast the number of terrorists from Iran (on "The List") vs. the number of terrorists from Our Friend And Ally, Saudi Arabia (not on The List) and Pakistan (also not). The List just gives Trump supports an illusion of Doing Something; never mind that it is useless and indeed counter-productive.
Most of the crazies have been home-grown (and many have been converts).
Indeed. Let this be a warning to current Australian society.
What the actual fuck is wrong with these gods-be-damned politicians that they don't understand the simple FACT that if you put a gods-be-damned 'backdoor' into ANY encryption algorithm, that your DESTROY it's ability to keep sensitive data out of the hands of the very people you're trying to 'protect' against!? Does the entire gods-be-damned WORLD have lead in it's drinking water? THIS is the sort of thing I'm talking about when I say "People are getting DUMBER". Don't these politicians have techical advisors who are (hopefully!) competent and intelligent, telling them precisely what I said above (and a million times already)?
Quit letting people from terrorist prone countries or parts of the world into YOUR country...where they refuse to assimilate and become pots of festering terrorist ideology waiting to unleash itself into the host country.
Someone should have told the Aboriginals & Native Americans that a long time ago
It wasn't until I read this that it occurred to me that handing out smallpox infected blankets was an act of terrorism.
He's getting rather old, but he's a good mouse.
It wasn't an act of terrorism, but it may have been an attempt at genocide with bioweapons...but it's not clear whether it was an intentional use of bioweaponry or not.
"When information is power, privacy is freedom" - Jah-Wren Ryel
Encryption, the best tool to detect ignorance on politicians.
We should all be using it to give politicians with stupid proposals the boot.
Yes and no, while an ISP can trivially block certain traffic they wouldn't be able to block encryption as a whole so easily. It would be a never ending game of cat and mouse as ISPs struggle to figure out every possible way to obfusicate encryption.,Not only does it not solve the problem, it's a huge expense to the ISPs to maintain if it becomes their legal obligation to do so, and if they're not required to maintain the law then it's simply ineffective to begin with. Even using a whitelist of "approved traffic" wouldn't fix this as there's simply too many ways to wrap unapproved traffic, and a blacklist is equally easy to circumvent.
There's no true solution outside of manually monitoring every single piece of traffic for new ways of getting around the law, and as we all know: criminals don't care that your law exists and will get around it.
I looked up the numbers and terrorists kill about 28,000 people a year worldwide. And most of them are likely Muslims that the terrorists don't think are in the "right" sect.
From the linked article: "More than 55% of all attacks took place in five countries (Iraq, Afghanistan, Pakistan, India, and Nigeria), and 74% of all deaths due to terrorist attacks took place in five countries (Iraq, Afghanistan, Nigeria, Syria, and Pakistan)."
Terrorism in countries like the US or Australia is actually vanishingly low. It's touted as a horrible threat by politicians to take away rights and to get themselves more power, but you're more likely to die in a car accident than from a terrorist. (There are 37,000 road accident deaths in the US per year and 1.3 million worldwide - Source.)
If people want to ban all Muslims because of the tiny risk of terrorism, why aren't we banning all motor vehicles to combat the higher risk of automobile-related deaths?
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Timeline of Irish National Liberation Army actions: https://en.wikipedia.org/wiki/...
Incident No.
Injury 47,541
Shooting incident 36,923
Armed robbery 22,539
People charged with paramilitary offences 19,605
Bombing and attempted bombing 16,209
Arson 2,225
Good luck legislating math.
...and only criminals will have privacy.
In Australia, every year, cops kill more people than terrorists do.
Dialectician. Archology.
GET /c51f657cd28a29a207d827267934226b59bf44e8.html
/alphabet/monkey/snorkel/crotch/scam/dead/muppet/orgy.php
Host: slashdot.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5 (.NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
c51f657cd28a29a207d827267934226b59bf44e was actually a piece of encrypted data. How would an ISP block this without blocking the entire IP, server name, or banning all HTTP transactions not to a machine on a whitelist thereby killing access to most of the web? Assume that c51f657cd28a29a207d827267934226b59bf44e8 can be replaced with any string of characters, including paths or even further "encoded" as recognizable dictionary words, i.e. GET
When mathematicians say something is impossible, they usually mean "logically inconsistent with published proofs, and those proofs are the basis of EVERYTHING".
When scientists say something is impossible, they usually mean "inconsistent with published models, and those models are good enough to take us to the moon and back".
When politicians say something is impossible, they usually mean "the current legislature will say no, but that can be changed".
When politicians hear "secure encryption with back doors is impossible", they hear "impossible" in legislative terms when it's really at least in scientific terms, and very close to mathematical terms.
To a Lisp hacker, XML is S-expressions in drag.
Or
host c51f657cd28a29a207d827267934226b59bf44e.slashdot.org
No need for http
http://michaelsmith.id.au
It wasn't until I read this that it occurred to me that handing out smallpox infected blankets was an act of terrorism.
It wasn't an act of terrorism, but it may have been an attempt at genocide with bioweapons...but it's not clear whether it was an intentional use of bioweaponry or not.
It was neither an act of terrorism nor an attempted genocide because it didn't happen. The entire story is a fraud, perpetrated by a former "ethnic studies" professor named Ward Churchill.
The High Plains Smallpox Epidemic of 1837 was caused by personal contact with infected passengers from the riverboat St. Peter's, owned by a fur trading company. The epidemic on the High Plains centered around Fort Clark which, despite the name, was not a military installation. It was a privately owned fur trading post. The boss of Fort Clark was Francis Chardon, a fur trader. His personal diary survived to this day, one of numerous eyewitness accounts preserved from the time.
Not only were infected blankets not distributed, but correspondence from Joshua Pilcher, the Indian Bureau's sub-agent to the Sioux, Cheyenne, and Ponca at Fort Kiowa, just south of Fort Clark, to Mr. Chardon describes one particular problem interfering with attempts to contain the epidemic that is curiously relevant to today. A smallpox vaccine existed in 1837, but Mr. Pilcher noted "it is a verry delicate experiment among those wild Indians, because death from any other cause, while under the influence of Vaccination would be attributed to that + no other cause[.]"
Sound familiar?
In 2006, Ward Churchill was found guilty of seven counts of research misconduct by the University of Colorado Ethics Committee. He was fired in 2007. He promptly filed suit, and won a jury trial for wrongful dismissal. The jury followed the instructions to the letter in coming to their conclusion, but recognized Churchill for the lying shitheel he was and awarded him precisely $1.00. (One juror denied any such motivation in a public interview.) A judge vacated the jury verdict on the grounds that the (state) university enjoys quasi-judicial immunity. The Colorado Court of Appeals upheld that decision. The Colorado Supreme Court agreed to hear an appeal and in 2013 agreed with both the first judge and the Court of Appeals that the university was immune to suit in these circumstances. The US Supreme Court declined to get involved.
It took 19 years from when Churchill first published his fraudulent bullshit in 1994 to the time when the judicial system finished with the case. It could easily take four or five generations for his lie to finally exit the public consciousness. This despite the fact that humanity currently has the fastest, most ubiquitous communications systems in the history of the species.
"A lie can travel halfway around the world while the truth is still getting its boots on." —Mark Twain[1]
----
[1] Except Samuel Clemens never wrote that. He was first credited with saying it in 1919, though he had died in 1910. The earliest known version of the sentiment in English was written by Jonathan Swift in 1710. His version was, "Falsehood flies, and the Truth comes limping after it;".
I'm aware that Ward Churchill has fraudulently claimed that the 1837 outbreak was caused by an attempt at genocide by the US military using plague blankets. However, that was not the only incident. In fact there is hard evidence of intentional genocide using plague blankets as bioweapons against the native Americans by the British military.
"When information is power, privacy is freedom" - Jah-Wren Ryel
You are right, manufacturers will be forced to comply. I wrote to Brandis about this in 2015, it set the stage for what is happening now and was predictable. Not only is the state not interested in protecting her citizens, it is quite clear that monitoring the civilian population is a priority over everything else.
I see little sincerity in the Australian Government on this issue and judging from previous legislations this proposed one will contain as many flaws as the one I wrote about in 2015. We will have to wait and see what emerges in the proposed legislation.
Here is the 2015 letter:
Dear Honourable Minister,
First, my apologies that the available time and gravity of this Bill has not allowed me to write a proper paper based piece of mail that addresses you in a more appropriate manner.
I write to regarding the concerns that I have after reading Part One of "Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015 as an Information Technology professional with roughly thirty years of experience, including experience as a Security Technologist, Technology Architect and Business Analyst. This Bill should not be passed at all and if introduced in its current form will expose Australia and her population to economic damage.
The most pressing of my concerns is the Bill introduces and inadvertently provides a significant vector for Australian citizens to be defrauded by organised crime in an automated manner. Additionally there are no protections for Australian Citizens who are subject to abuse of access to this data and no opportunity for relief through complaint mechanism such as the Privacy Commissioner or the Telecommunications Ombudsman.
No fraud protection measures are in place and the Bill casually exposes all Australians to a wide range of vectors for fraud such as banking, superannuation, insurance and, more serious threats such as identity theft and harassment This will first cost taxpayers a fortune, then again as a consumer, then again in economic fraud. Australians are being asked to pay for the systems that will be used as a vector for crime because criminal do not care about violating such systems to access the opportunities to raid Australians of their net worth.
From a business perspective, implementation of these type of systems poses significant technical challenges to business to comply with section 187AA the Bill to make it function. Any business who tries to implement such a system will be asked to pay for imposing severe capacity limitations on their infrastructure to grow their business whilst capturing the data tabled. A lot of mostly useless data will be generated for law enforcement. At a miserly 4 internet accesses per person per day such a system, nationally, would be required to record 7.3^10 accesses to retain 2 years data. I suspect that people will do more that 4 browser updates in a day.
The chilling effect of this is that many existing viable small businesses operating in and proposed for Australia that create a modern economy, will not be viable on Australian soil. The economic benefits of electronic commerce will progressively go to to other countries. Even a cursory examination of Sections 187AA.3A,3B suggest that any computing infrastructure can be subject to the Minister's scrutiny, subjected to a Communications Access Controller, the distraction of the machination of an Implementation plan and the unknown risk associated with non-compliance. The government will be responsible for driving away the very kind of business opportunities a 21st century Australia needs for economic growth.
The type and capacity of infrastructure to do the required data capture will be quite onerous and unaffordable for some businesses, even if they could access the expertise to implement it. Having created similar types of systems in my work for the worlds largest corporate businesses my assessment is the data collection requirements under this Bill are much more, now that I understand the propos
My ism, it's full of beliefs.