Australia To Pass Bill Providing Backdoors Into Encrypted Devices, Communications

An anonymous reader quotes a report from The Register: The Australian government has scheduled its "not-a-backdoor" crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December. All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session: "Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies."

Apart from the dodgy technological sophistry involved, this belief somewhat contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind). "We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so," he said (emphasis added). If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the "government wants a backdoor" problem. And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of "greater assistance to agencies."

Open source crypto to the rescue

[SysEngineer]

Companies may have to comply, but people can tell the government where to go. There will be scripts that will setup VPNs, crypto social networks, encrypted devices with no backdoor. The analogy of this is drinking, underage people can not go to bars or buy, but they can always find a way around the law. Only if Australia wants to have the same distinction as China will they even come close to preventing crypto.

Re:Open source crypto to the rescue

[brunes69]

Unless said things are made illegal.

If unbreakable encryption is illegal then ISPs can tell law enforcement of anyone using it on their networks. They don't need to be able to see whats inside to know you're using it.

Re:Is your name not Bruce?

[virtualXTC]

You really think what the people want in the US matters any more?

If someone wants this done, it will happen the same way the repeal of neutrality did, they will just keep bringing up a bill for it until the public begins to grow tired of calling their representatives, and then just magically find a reason to ignore the mountain of public comments.

Utter and complete IDIOCY.

[Rick+Schumann]

They can pass all the legislation they want, it will NOT change reality. 'Backdooring' encryption of ANY kind RUINS it. Proper encryption CANNOT be broken easily, if it can then it's garbage.

Re:Is your name not Bruce?

[Miles_O'Toole]

Somebody living in the country that voted into law the so-called "Patriot Act" talks about what kind of encroachment on liberties won't pass in the US?

That's the funniest thing I've read all week. Also the saddest.

XYZthing*

[pubwvj]

*This product is not available in Australia.

The real situation

[Lurks]

This story says 'Australia to pass bill'. No, the bill is scheduled for debate and the government will hope to pass a bill, but they have a weak majority. It's likely to be contentious, I would not bet on it passing at all.

Secondly, there's the implication of a encryption backdoor. This is lifted from the TFA which is an opinion piece. So far the only real source is a political speech made by Angus Taylor (minister for law enforcement and cyber security) in June. The Register (TFA) implies encryption backdoor, despite the minister's own words ("This Government is committed to no 'backdoors' ... We simply don’t need to weaken encryption in order to get what we need.").

That said, the TFA is right to be concerned because elsewhere Taylor says "We need access to digital networks and devices, and to the data on them", which does imply an attack on encryption. Now, I'm no fan of our current government, or regressive right-wing government in general, but I have to say, the speech demonstrates a fair bit more understanding than previous efforts in Australia, the UK and recently the US, aimed squarely at encryption. There's only one group arguing for golden keys, and that's the spooks. If a government listens to spooks *and* industry, they usually come to understand why it's not practical. Angus comes out and says industry has moved towards encryption, and that's good, that tech giants oppose weakening encryption, and that's not what they government wants to do. He spends more time talking about that, than the clumsily worded line that implies he's lying in all the other bits.

I find myself in the unlikely position of defending the government in this narrow sense because miscategorising their position makes it harder to present a reasoned opposition when it is needed.

The Register has, I think, the right of the real goal here. To ensure that end devices are breakable. Of course they dog whistle about phones shipping with 'root kits', but before we all get hysterical... this is what law enforcement already does. When they nab crooks, they break into their phones. I suppose if I was an American I'd be worried because it's pretty clear the US gov will want to systematically break into everyone's phone when they enter the country... but most of the industrialised world isn't there yet. We all worry about law enforcement overreach, we all know breaking or weakening encryption is impractical, regardless of what any one nation state desires (barring nuclear options available to systems like China's GFW).

There are, however, probably some reasonable cases when you want law enforcement to be able to break into stuff. I don't know where the line is, I guess we'll be worrying about this for decades but it'd be nice if it wasn't categorised as a binary proposition. We get enough of that in politics.

Re:Is your name not Bruce?

[Aighearach]

Most Americans have no idea what "network neutrality" even is, and they certainly don't care about it as much as you do since you've decided that it is the type species for neutrality. When you say "neutrality," most Americans think of WWII, and those countries that were pretending to be "neutral" while helping to launder stolen gold.

And Americans know darn well we don't want to be one of the wish-washy European countries. The only reason they got to keep any of that money is that the Americans defeated the Germans before the Germans ran out of enemies in Europe. Another couple years, and the "neutral" countries would have been gobbled up as well.

But the American people do know what a government backdoor to a security system is. It is just like in one of the action-adventure heist movies, where some thief pays off the security consultant and now they're controlling the cameras that are supposed to be protecting your vault full of gold. Easy to understand. Plus, what would Fat King George have done with that power? Yeah, exactly! We can understand that shit, easy. What would Fat King George do to us without network neutrality? Nothing, the government isn't really even involved in the networking. Maybe the companies will suck, but companies do that sometimes. See how different these things are from the American perspective?

Re:Is your name not Bruce?

[ZorinLynx]

As a fellow techie, I'm really curious as to why do you oppose net neutrality. Do you want providers to start selectively prioritizing traffic that benefits their financial interests? I'm wondering how you think the public benefits from that, because it WILL happen without net neutrality. It's only a matter of time.

Because bureacrats can't configure a carrier netwo

[raymorris]

I'm not the one you asked, but I can answer for me. You asked why a techie opposed the Wheeler rules, and I can answer that.

I'm definitely a nerd / techie - name in the kernel changelog and all that.

One techie thing I've done is spend hundreds of hours learning how to configure large networks. I've studied literally thousands of pages, and I'm still nowhere near an expert. Just one of my low-level certs, CCNA routing and switching, is about 1300 pages of material. CCNA Security was a bit less. CCNA is an entry-level cert. If I wanted to study a few thousand pages more, I could go for a CCNP, and another few hundred hours of study could get me a CCIE. In ten or twenty years I could get mutiple CCIE certs in different areas of carrier network configuration and operations. It's THAT complicated.

Again, I'm not an expert by any means. My ~1500 pages of reading is only enough for me to realize how much I don't know. There are multiple levels of certifications higher than mine.

I see no reason to believe that Wheeler ever read the first chapter of the first book. The regulations that were in effect for 18 months or so, and the proposals I have read, don't evidence any knowledge of networking. As one might expect, the rules as written utterly fail to make any sense when you try to apply them to very large networks.

The IDEALS of network nuetrality include some good things to ASPIRE to. Ideals like "fairness" and "openess".

But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel, or any complex system you aren't an expert in. Rules that have the force of law - it MOST be done just this way, anything else is unfair. It can't be done even by someone who is a world-renowned expert on the topic. Neither Congresscritters nor Wheeler are experts in configuring the various queues, and the rules for shaping and policing those queues, inside a Cisco router. I'd bet money Wheeler doesn't even know what the term "traffic policing" MEANS, nor shaping. They are incompetent to legislate how it must be done. Even if they were experts, you just can't write laws that define exactly how "fairness" is done, or "openness".

Even if you COULD, Cisco and others come out with new features and capabilities every year. What would the network neutrality laws require me to do in my configuration of the Tonsay Routing Protocol? That's going to be awfully difficult to write such detailed rules for since the protocol doesn't yet exist, but new protocols are being created all the time.

There do exist some laws like "unfair competition" and "restraint of trade" that could be applied to the kinds of things NN proponents are afraid of. Courts look at specific, actual cases and use some defined principles to determine if specific actions or policies are unfair.

My experience indicates that may be a better approach. The FCC, or preferably the FTC, could announce policy PRINCIPLES, telling companies "if you do these sorts of things, we'll likely throw the book at you, if instead you do these other types of things to be fair and open, that's what we want to see and we'll give you some latitude in how you implement fair policies". Then let the courts apply established principles to decide if *specific* policies are unfair in specific situations, rather than Wheeler trying to play network admin.

A completely separate issue is that under our system of Constitutional government, Congress makes the law. Congress specifically chose NOT to give the FCC authority to promulgate NN regulations, preferring that be handled under existing law. That may have been bad or it may have been good, but that was the decision Congress made. The executive branch doesn't have the authority to make law. They can only implement the laws passed by Congress, and where Congress tells them what needs to be done, agencies can decide on the details of HOW they will implement the law passed by Congress. Wheeler is not Congress. He was not elected Dictat