Slashdot Mirror
Australia To Pass Bill Providing Backdoors Into Encrypted Devices, Communications (theregister.co.uk)
An anonymous reader quotes a report from The Register: The Australian government has scheduled its "not-a-backdoor" crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December. All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session: "Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies."
Apart from the dodgy technological sophistry involved, this belief somewhat contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind). "We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so," he said (emphasis added). If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the "government wants a backdoor" problem. And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of "greater assistance to agencies."
Apart from the dodgy technological sophistry involved, this belief somewhat contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind). "We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so," he said (emphasis added). If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the "government wants a backdoor" problem. And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of "greater assistance to agencies."
That's bound to cause a bit of confusion. Mind if we call you Bruce?
Companies may have to comply, but people can tell the government where to go. There will be scripts that will setup VPNs, crypto social networks, encrypted devices with no backdoor. The analogy of this is drinking, underage people can not go to bars or buy, but they can always find a way around the law. Only if Australia wants to have the same distinction as China will they even come close to preventing crypto.
They can pass all the legislation they want, it will NOT change reality. 'Backdooring' encryption of ANY kind RUINS it. Proper encryption CANNOT be broken easily, if it can then it's garbage.
Sorry I mean, AAAAAHAHAHAHAHAHAHHAHAHAHAHHAHAHAahahahahahahahhahaAHAHHAHA!!!hah haha heh. Oh fuck they're serious.... AAAAAHAHAHAHAHAHAHAHAHAHAHAH!!!!
The good news is that if they are pushing for these backdoors they either dont exist yet or they fergot to tell the aussies...
*This product is not available in Australia.
This story says 'Australia to pass bill'. No, the bill is scheduled for debate and the government will hope to pass a bill, but they have a weak majority. It's likely to be contentious, I would not bet on it passing at all.
Secondly, there's the implication of a encryption backdoor. This is lifted from the TFA which is an opinion piece. So far the only real source is a political speech made by Angus Taylor (minister for law enforcement and cyber security) in June. The Register (TFA) implies encryption backdoor, despite the minister's own words ("This Government is committed to no 'backdoors' ... We simply don’t need to weaken encryption in order to get what we need.").
That said, the TFA is right to be concerned because elsewhere Taylor says "We need access to digital networks and devices, and to the data on them", which does imply an attack on encryption. Now, I'm no fan of our current government, or regressive right-wing government in general, but I have to say, the speech demonstrates a fair bit more understanding than previous efforts in Australia, the UK and recently the US, aimed squarely at encryption. There's only one group arguing for golden keys, and that's the spooks. If a government listens to spooks *and* industry, they usually come to understand why it's not practical. Angus comes out and says industry has moved towards encryption, and that's good, that tech giants oppose weakening encryption, and that's not what they government wants to do. He spends more time talking about that, than the clumsily worded line that implies he's lying in all the other bits.
I find myself in the unlikely position of defending the government in this narrow sense because miscategorising their position makes it harder to present a reasoned opposition when it is needed.
The Register has, I think, the right of the real goal here. To ensure that end devices are breakable. Of course they dog whistle about phones shipping with 'root kits', but before we all get hysterical... this is what law enforcement already does. When they nab crooks, they break into their phones. I suppose if I was an American I'd be worried because it's pretty clear the US gov will want to systematically break into everyone's phone when they enter the country... but most of the industrialised world isn't there yet. We all worry about law enforcement overreach, we all know breaking or weakening encryption is impractical, regardless of what any one nation state desires (barring nuclear options available to systems like China's GFW).
There are, however, probably some reasonable cases when you want law enforcement to be able to break into stuff. I don't know where the line is, I guess we'll be worrying about this for decades but it'd be nice if it wasn't categorised as a binary proposition. We get enough of that in politics.
That's amazing, I've got the same combination on my luggage!
Took a huge battle. Both Labor and Liberals (conservatives) were for it. But in the end the huge backlash won.
That said, Labor will agree with any government moves on security. Tough on terror. Labor will have the worst aspects watered down, but will not disagree.
You see, they have been invited to top secret security briefings in top secret rooms in which top secret people gravely discuss vague threats. Works every time.
There has been steady increase in the power of security forces at the expense of our rights with no real justification as to why they are suddenly necessary. I do not see this as being any different.
Australia: "Please work with us to create this software."
Company Programmers: "No."
Australia: "Well then, you won't be able to sell your products here."
Companies: "Okay. Bye."
Australia: "Wait..."
[End Of Line]
Australia is a very small market, so this is the PERFECT opportunity for every device maker to say, "Sorry, no. We just won't sell devices into your market"
Once the supply computing devices dries up in AU, the public pressure will mount for the govt to rescind the stupid mandate. Let Australia get by on its own indigenous mobile device industry :P
Unless makers want to bend over in a special way for EVERY authoritarian agency out there, and there are dozens of governments who want their own special form, you have to say "no". If you won't, then don't complain when the next country has demands which harm you in other ways.
Horse has to return to the barn. If this takes off everywhere, we lose computing for good to the authoritarians. One wants it, then another and another.
>"and that takes us back to the "government wants a backdoor" "
And if there are back doors, they *will* be found and used by everyone. Your government, private industries, malware, other governments, terrorists, everyone. Period.
What a stupid headline.
How about "Australia to DEBATE bill"?
As an American, I think I know who I'm supposed to be afraid of and that justifies government intrusion. It doesn't mean I believe it, but at least it seems plausible -- we've been bombing and killing plenty of people, so really any group fills in.
How about Australians? I know there have been 1-2 incidents with Muslims, but is it that big a fear thing there? Or is a secret cabal of Chinese? Some kind of panic over a wave of Indonesians? Some kind of organized crime thing?
It just seems odd that there would be all that much to be paranoid about in Australia that the government could get away with the same kinds of BS that they do here. I thought maybe besides not enough rain or no shrimps for the barbie there wouldn't be much to be worried about.
There may well be a day when a slimebag(s) finds the backdoor and compromises consumer data. The Australian gov't would then have egg on its face.
But, lawmakers tend to think short-term, perhaps because constituents mostly only reward them for the short-term. The "tough on crime" angle seems to win votes more often than the side-effects of "tough on crime" lose votes. The second requires the attention span to understand nuance, while the first has a direct guttural feel to voters, along the lines of "burn the witches!"
Table-ized A.I.
The reason why is that while the gov can mandate being a middle man in encrypted channels between international ISPs as well as data going through international pipes - they can't prevent you from encrypting your data before it reaches the ISP. So we'll just end up adding an additional encryption layer on top of whatever layer they want to be able to inspect.
Not even going to bother arguing about the fact that if the government is a middleman, there is no doubt that hackers and corrupt officials will be able to take advantage of such a system to destroy any hope of legitimate private communications. If the gov goes foward with this measure, Australia can enjoy having a smaller presence in the global economy as well as the information economy.
It looks to be mostly about getting IPSs to help the government conduct man-in-the-middle attacks rather than backdoors (initially).
There is better coverage of it at itnews;
https://www.itnews.com.au/news...
Three types of notices;
1. Request for Voluntary assistance
2. Technical assistance (within their current capability, eg handover known keys)
3. Technical capability notice (build/provide new capability)
The third type is obviously most dangerous, especially the following can-of-worms;
- Substituting, or facilitating the substitution of, a service
- Removing one or more forms of electronic protection that are, or were applied by, or on behalf of, the provider
- Facilitating or assisting access to whatever law enforcement wants: a facility, device, service and any software used in conjunction with those things
And ISPs have to wear some of the cost, and do their work;
- Assisting with the testing, modification, development or maintenance of a technology or capability
- Notifying particular kinds of changes to, or developments affecting, eligible activities of the provider
I have written two encryption communication programs that use Tor. So how is Austria going to get a backdoor into my American programs? The authorities are clueless.
get it's nasty anti-consumer "tough on crime" bills like this through? In America we use racism to drive an undercurrent of fear, but I didn't think Australia had very much of that. Why would they put up with it? Or is it just relying on rural voters who either don't understand or don't care?
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'm not the one you asked, but I can answer for me. You asked why a techie opposed the Wheeler rules, and I can answer that.
I'm definitely a nerd / techie - name in the kernel changelog and all that.
One techie thing I've done is spend hundreds of hours learning how to configure large networks. I've studied literally thousands of pages, and I'm still nowhere near an expert. Just one of my low-level certs, CCNA routing and switching, is about 1300 pages of material. CCNA Security was a bit less. CCNA is an entry-level cert. If I wanted to study a few thousand pages more, I could go for a CCNP, and another few hundred hours of study could get me a CCIE. In ten or twenty years I could get mutiple CCIE certs in different areas of carrier network configuration and operations. It's THAT complicated.
Again, I'm not an expert by any means. My ~1500 pages of reading is only enough for me to realize how much I don't know. There are multiple levels of certifications higher than mine.
I see no reason to believe that Wheeler ever read the first chapter of the first book. The regulations that were in effect for 18 months or so, and the proposals I have read, don't evidence any knowledge of networking. As one might expect, the rules as written utterly fail to make any sense when you try to apply them to very large networks.
The IDEALS of network nuetrality include some good things to ASPIRE to. Ideals like "fairness" and "openess".
But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel, or any complex system you aren't an expert in. Rules that have the force of law - it MOST be done just this way, anything else is unfair. It can't be done even by someone who is a world-renowned expert on the topic. Neither Congresscritters nor Wheeler are experts in configuring the various queues, and the rules for shaping and policing those queues, inside a Cisco router. I'd bet money Wheeler doesn't even know what the term "traffic policing" MEANS, nor shaping. They are incompetent to legislate how it must be done. Even if they were experts, you just can't write laws that define exactly how "fairness" is done, or "openness".
Even if you COULD, Cisco and others come out with new features and capabilities every year. What would the network neutrality laws require me to do in my configuration of the Tonsay Routing Protocol? That's going to be awfully difficult to write such detailed rules for since the protocol doesn't yet exist, but new protocols are being created all the time.
There do exist some laws like "unfair competition" and "restraint of trade" that could be applied to the kinds of things NN proponents are afraid of. Courts look at specific, actual cases and use some defined principles to determine if specific actions or policies are unfair.
My experience indicates that may be a better approach. The FCC, or preferably the FTC, could announce policy PRINCIPLES, telling companies "if you do these sorts of things, we'll likely throw the book at you, if instead you do these other types of things to be fair and open, that's what we want to see and we'll give you some latitude in how you implement fair policies". Then let the courts apply established principles to decide if *specific* policies are unfair in specific situations, rather than Wheeler trying to play network admin.
A completely separate issue is that under our system of Constitutional government, Congress makes the law. Congress specifically chose NOT to give the FCC authority to promulgate NN regulations, preferring that be handled under existing law. That may have been bad or it may have been good, but that was the decision Congress made. The executive branch doesn't have the authority to make law. They can only implement the laws passed by Congress, and where Congress tells them what needs to be done, agencies can decide on the details of HOW they will implement the law passed by Congress. Wheeler is not Congress. He was not elected Dictat
The draft bill is now available from the Home Affairs website. https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018 contains seem details and factsheets; the draft bill is here: https://www.homeaffairs.gov.au/consultations/Documents/the-assistance-access-bill-2018.pdf
Contains some provisions saying that the requests can't require a company to 'weaken' a cryptosystem or not-fix a flaw in the cryptosystem; that's presumably where the "no backdoors" thing comes in.
Not clear to me if the requests can compel a company to push a version of the software that intercepts data at the endpoint from a specific user though. Because otherwise I'm not really sure what they expect to get out of this. They can use it to have a company decrypt stuff they've encrypted and send it over (facebook messages? gmail contents?), but I don't think they could use it to get at Whatsapp messages, for example.
Also increases the penalties for not unlocking your phone for police, which is concerning.
"the laws of mathematics come second to the law of the land"
Australian Prime Minister Malcolm Turnbull
09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
"We simply don’t need to weaken encryption in order to get what we need."
While the minister for Law Enforcement has listened to the people, he hasn't said what will actually be required. Once again, I suspect it will be an escrow system run by Apple/SnapChat/WhatsApp and others.
Someone suggested it might be a screen-grabber 'easter egg', as a back-door by hardware or software vendors: This makes sense since federal LEOs have the power to plant or delete files as desired.
That's letting perfect be the enemy of good. Wheeler should have been left until a better standard could have been written to replace it with, rather than just tearing up the "we all know what this is Supposed to be telling us to do, so we'll do what it's Supposed to say" law. But then it's Really hard to get legislation through unless you've got deep pockets.
It has come to the knowledge of parliament members, that books and newspapers has become popular by terrorists as encryption tools.
Terrorists write code like 27,243 - meaning word 243 on page 27 on a pre-agreed books.
This is close to impossible to break, and since it is the right of government to know the thoughts of all citizens, books and newspapers are to be burned at the stake. The security of the state is important, and since people don't read physical books and papers anymore we also help preserve to trees of the world says the australian prime minister.
We know some people had to part with their books, so it has been decided to give a tax discount of 10p per book you had over. If you keep books or papers, the fine will be $500 per book. If you send what looks like encryptred messages, you will be considered a terrorist per default, and deported.
I'm sure the Chinese will provide you with such devices.
"See! We have them all backdoored already!"
Expect a bunch of people to have their lives ruined via this shit though.
Banking? Compromised.
Online spending? Compromised.
Chas - The one, the only.
THANK GOD!!!
> That's letting perfect be the enemy of good
That's certainly an important thing to think about! I'm glad you mentioned it. The thing is, the rules were not good.
One draft (not the final draft) was so outrageously stupid it made it illegal to refuse connections from well-known spammers generating millions of spams per day each. The final draft was slightly less stupid. Slightly.
I guarantee no national network was actually in compliance, because you can't run a carrier network, or probably even a mom and pop ISP, and actually comply. You'd be stuck with token ring or something, that level of technology, because that's about as deep as Wheeler understands.
I wouldn't be at all surprised if DOCIS (cable modems) were technically illegal, or IP. It's 2AM and I have to be up in a few hours, so no I'm not going to find and quote the subsection that accidentally makes IP illegal, but there's a pretty good chance it does. :)
Again, I'm all for the ideals that most people associate with the term network neutrality. I just don't think Washington is going to be able to legistlate it in detail, rather than letting the courts make some determinations based on more general rules. The technologies are too complex and change too fast. Even if you somehow magically legistlated configuration lines that work well in all situations currently, 5G, TLS1.3, and HTTP 2 are going to kick your ass next month.
But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel
That's now how it would work. The law would simply state that accepting any form of payment to prioritise certain traffic is illegal, and that prioritising any particular service or web site is illegal. The precise definition of "service" or "website" isn't too important, a jury will make that determination if it comes to it.
It's not a technical issue, it's a business issue.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
queue Russian occupation of Aussie cyberspace in 3, 2, 1...
The Australian government has passed a law banning the tides coming into effect on 1st September. A government official has announced that the new law will allow Australias to head to the beach at any time of the day this summer and be assured that there will be enough sand left to lie on.
"Australia to Pass Bill Providing Your Bank Account to HACKERS"
There, I rephrased the issue in terms even a bunch of kangaroo-fucking convicts should understand.
Before telling me what Wheeler's NN rules say, read them. Especially, read them and think about how you would comply with each point while operating:
A small "mom and pop" ISP providing service to schools, day cares, Mormon families, and others who want a family-friendly service.
OnStar
Also, how do you think web sites / web servers get connected to the internet?
Ditto
You asked why a techie opposed the Wheeler rules,
Noooooo, he asked why a techie would oppose network neutrality.
The nets have been neutral LONG before Wheeler ran the FCC. "Market forces" kept them that way when there was a bunch of competition, but the market has consolidated and the telecoms keep trying to break NN and the backlash keeps getting less and less meaningful. (ESPN360 or ESPN3 is a blatant violation, but people have started picking and choosing which battles to fight). With no competition, the standard alternative is regulation. There are TONS of ways to fuck up regulating the Internet and enforcing network neutrality. I liked Wheeler's Title II classification. (But it's at the whim of the FCC head... so that sucks)
The IDEALS of network nuetrality include some good things to ASPIRE to. Ideals like "fairness" and "openess".
That's not ideal for laws, but yeah, I agree in that's best in this case. I just have zero faith the lawyers and congressmen have any idea how this all works (like you said, it's hard even for the pros). So broad language is best. And the 1934 communications act establishing common carrier status works wonderfully.
What "Wheeler rules" do you have issue with, exactly?
Congress specifically chose NOT to give the FCC authority to promulgate NN regulations,
Uh.... what? The FCC regulations communcation, specifically telephones. BACK IN 1934! You'd have to be a dense fuck to no think that extends to the Internet and the airwaves.
preferring that be handled under existing law.
....Existing law for network neutrality? WHAT existing law for network neutrality?
What could happen legitimately would be that Congress could pass a law defining what public policy is generally - what NN means, legally.
I've no faith in congress to even do that. What would most likely happen is they'd ask their "friends" in the industry to write some policy for them, which they'd bring to the floor. ...Assuming the campaign money keeps flowing. And even those who honestly wanted to try and fix shit... jesus, I just don't think they know enough or have enough people around them that know enough not to be drowned out by a cacophony of lobbyist bullshit.
So I do largely support the ideals, the goals of network nuetrality
Boom. Done. Arguing about the details of implementation is fine. Expected. Good even. Something I expect from the people who know their shit (And I think you probably know more about networking than I do). But I've yet to hear of anyone who opposes network neutrality other than
1) Those who run telecoms
2) Those whom the telecoms have bribed.
3) Those who confuse NN with regulation enforcing NN. (political "frameing" campaigns are a motherfucking bitch and a half)
> The nets have been neutral LONG before Wheeler ran the FCC. "Market forces" kept them that way
Good point. Early on, companies like AOL, CompuServe, and Prodigy tried selling non-neutral services, featuring their partners. Purchasers, the market, chose neutral services instead.
It is time to replace all your leaders. Time to replace your government. All of them.
This sig intentionally left blank.
...how encryption works. So let's tell them all about it terms they can understand. Let's say you have a door with a lock that can only be opened with one key. Now let's say we're gonna replace that lock with one that can be opened with TWO different keys. Does that make it twice as secure or half as secure? And now let's say everyone, including the police, has to use the same kind of locks. Would we all be in favor of that?
And now we can all see that the market is fucked and the top telecoms are openly admitting they will not compete in each other's territory.
Without competition, there is no free market. With no choices, there are monopolies. Without these things capitalism doesn't work.
On that note, check out the New York City map. It's ridiculous. Three providers in five blocks, each with a franchise for that particular block.