Australia To Pass Bill Providing Backdoors Into Encrypted Devices, Communications

An anonymous reader quotes a report from The Register: The Australian government has scheduled its "not-a-backdoor" crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December. All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session: "Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies."

Apart from the dodgy technological sophistry involved, this belief somewhat contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind). "We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so," he said (emphasis added). If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the "government wants a backdoor" problem. And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of "greater assistance to agencies."

Re:Is your name not Bruce?

[saloomy]

This really, really, REALLY doesn't matter. The cat is out of the bag. If Australians won't rise up against their tyrannous government, they can have SKUs with all of our protections ripped out. But there will be many dead men turning over in their graves before the US succumbs to such a law. We've seen this encroachment before, and it has never passed.

Open source crypto to the rescue

[SysEngineer]

Companies may have to comply, but people can tell the government where to go. There will be scripts that will setup VPNs, crypto social networks, encrypted devices with no backdoor. The analogy of this is drinking, underage people can not go to bars or buy, but they can always find a way around the law. Only if Australia wants to have the same distinction as China will they even come close to preventing crypto.

Re:Open source crypto to the rescue

[brunes69]

Unless said things are made illegal.

If unbreakable encryption is illegal then ISPs can tell law enforcement of anyone using it on their networks. They don't need to be able to see whats inside to know you're using it.

Re:Is your name not Bruce?

[virtualXTC]

You really think what the people want in the US matters any more?

If someone wants this done, it will happen the same way the repeal of neutrality did, they will just keep bringing up a bill for it until the public begins to grow tired of calling their representatives, and then just magically find a reason to ignore the mountain of public comments.

Utter and complete IDIOCY.

[Rick+Schumann]

They can pass all the legislation they want, it will NOT change reality. 'Backdooring' encryption of ANY kind RUINS it. Proper encryption CANNOT be broken easily, if it can then it's garbage.

Re:Utter and complete IDIOCY.

[bloodhawk]

They can pass all the legislation they want, it will NOT change reality. 'Backdooring' encryption of ANY kind RUINS it. Proper encryption CANNOT be broken easily, if it can then it's garbage.

the laws don't require or request any such backdoor or breaking of encryption. What they appear to require is companies to provide what information they already have and the ability to force/compel them to comply.

AAAAHAHAHAHAHAHAHAHAHAHA!! Sorry, sorry..

[Highdude702]

Sorry I mean, AAAAAHAHAHAHAHAHAHHAHAHAHAHHAHAHAahahahahahahahhahaAHAHHAHA!!!hah haha heh. Oh fuck they're serious.... AAAAAHAHAHAHAHAHAHAHAHAHAHAH!!!!

Re:Is your name not Bruce?

[Miles_O'Toole]

Somebody living in the country that voted into law the so-called "Patriot Act" talks about what kind of encroachment on liberties won't pass in the US?

That's the funniest thing I've read all week. Also the saddest.

XYZthing*

[pubwvj]

*This product is not available in Australia.

Re:XYZthing*

[thegarbz]

*This product is not officially available in Australia.

FTFY. We haven't cared about what was available for many years, availability never stopped us.

The real situation

[Lurks]

This story says 'Australia to pass bill'. No, the bill is scheduled for debate and the government will hope to pass a bill, but they have a weak majority. It's likely to be contentious, I would not bet on it passing at all.

Secondly, there's the implication of a encryption backdoor. This is lifted from the TFA which is an opinion piece. So far the only real source is a political speech made by Angus Taylor (minister for law enforcement and cyber security) in June. The Register (TFA) implies encryption backdoor, despite the minister's own words ("This Government is committed to no 'backdoors' ... We simply don’t need to weaken encryption in order to get what we need.").

That said, the TFA is right to be concerned because elsewhere Taylor says "We need access to digital networks and devices, and to the data on them", which does imply an attack on encryption. Now, I'm no fan of our current government, or regressive right-wing government in general, but I have to say, the speech demonstrates a fair bit more understanding than previous efforts in Australia, the UK and recently the US, aimed squarely at encryption. There's only one group arguing for golden keys, and that's the spooks. If a government listens to spooks *and* industry, they usually come to understand why it's not practical. Angus comes out and says industry has moved towards encryption, and that's good, that tech giants oppose weakening encryption, and that's not what they government wants to do. He spends more time talking about that, than the clumsily worded line that implies he's lying in all the other bits.

I find myself in the unlikely position of defending the government in this narrow sense because miscategorising their position makes it harder to present a reasoned opposition when it is needed.

The Register has, I think, the right of the real goal here. To ensure that end devices are breakable. Of course they dog whistle about phones shipping with 'root kits', but before we all get hysterical... this is what law enforcement already does. When they nab crooks, they break into their phones. I suppose if I was an American I'd be worried because it's pretty clear the US gov will want to systematically break into everyone's phone when they enter the country... but most of the industrialised world isn't there yet. We all worry about law enforcement overreach, we all know breaking or weakening encryption is impractical, regardless of what any one nation state desires (barring nuclear options available to systems like China's GFW).

There are, however, probably some reasonable cases when you want law enforcement to be able to break into stuff. I don't know where the line is, I guess we'll be worrying about this for decades but it'd be nice if it wasn't categorised as a binary proposition. We get enough of that in politics.

We beat web censorship, unlike UK

[aberglas]

Took a huge battle. Both Labor and Liberals (conservatives) were for it. But in the end the huge backlash won.

That said, Labor will agree with any government moves on security. Tough on terror. Labor will have the worst aspects watered down, but will not disagree.

You see, they have been invited to top secret security briefings in top secret rooms in which top secret people gravely discuss vague threats. Works every time.

There has been steady increase in the power of security forces at the expense of our rights with no real justification as to why they are suddenly necessary. I do not see this as being any different.

How This Will Work...

[IonOtter]

Australia: "Please work with us to create this software."

Company Programmers: "No."

Australia: "Well then, you won't be able to sell your products here."

Companies: "Okay. Bye."

Australia: "Wait..."

Re:Is your name not Bruce?

[Aighearach]

Most Americans have no idea what "network neutrality" even is, and they certainly don't care about it as much as you do since you've decided that it is the type species for neutrality. When you say "neutrality," most Americans think of WWII, and those countries that were pretending to be "neutral" while helping to launder stolen gold.

And Americans know darn well we don't want to be one of the wish-washy European countries. The only reason they got to keep any of that money is that the Americans defeated the Germans before the Germans ran out of enemies in Europe. Another couple years, and the "neutral" countries would have been gobbled up as well.

But the American people do know what a government backdoor to a security system is. It is just like in one of the action-adventure heist movies, where some thief pays off the security consultant and now they're controlling the cameras that are supposed to be protecting your vault full of gold. Easy to understand. Plus, what would Fat King George have done with that power? Yeah, exactly! We can understand that shit, easy. What would Fat King George do to us without network neutrality? Nothing, the government isn't really even involved in the networking. Maybe the companies will suck, but companies do that sometimes. See how different these things are from the American perspective?

Re:Is your name not Bruce?

[ZorinLynx]

As a fellow techie, I'm really curious as to why do you oppose net neutrality. Do you want providers to start selectively prioritizing traffic that benefits their financial interests? I'm wondering how you think the public benefits from that, because it WILL happen without net neutrality. It's only a matter of time.

Re:Is your name not Bruce?

[novakyu]

There's a distinction between being forced to provide money for military (to draw a hasty analogy) and being forced to quarter troops at your home. The former might be distasteful and objectionable, but ultimately not protected against in our system of laws. The latter is distasteful, objectionable, and prohibited by our supreme law of the land.

If they try to prohibit secure end-to-end encryption here (because that's what this amounts to), you can bet somebody will make a (successful) First-Amendment-based argument.

Re:Australia is a small market...

[Lurks]

Wow, a post that's so off it's not even wrong.

A quick recap. Australia isn't asking for anything special. The USA is a "lot further along. 'Every' device manager? Out of the world's top ten phone makers, one is American, the majority are Chinese. And you think Australia will ask them to do something China isn't? Finally, the 'small' market of Australia is loosely equivalent to Canada, or all of Scandinavian countries combined. A market of tens of millions of relatively high end devices. Not a lot of scope for a principled stand by a mobe maker.

Because bureacrats can't configure a carrier netwo

[raymorris]

I'm not the one you asked, but I can answer for me. You asked why a techie opposed the Wheeler rules, and I can answer that.

I'm definitely a nerd / techie - name in the kernel changelog and all that.

One techie thing I've done is spend hundreds of hours learning how to configure large networks. I've studied literally thousands of pages, and I'm still nowhere near an expert. Just one of my low-level certs, CCNA routing and switching, is about 1300 pages of material. CCNA Security was a bit less. CCNA is an entry-level cert. If I wanted to study a few thousand pages more, I could go for a CCNP, and another few hundred hours of study could get me a CCIE. In ten or twenty years I could get mutiple CCIE certs in different areas of carrier network configuration and operations. It's THAT complicated.

Again, I'm not an expert by any means. My ~1500 pages of reading is only enough for me to realize how much I don't know. There are multiple levels of certifications higher than mine.

I see no reason to believe that Wheeler ever read the first chapter of the first book. The regulations that were in effect for 18 months or so, and the proposals I have read, don't evidence any knowledge of networking. As one might expect, the rules as written utterly fail to make any sense when you try to apply them to very large networks.

The IDEALS of network nuetrality include some good things to ASPIRE to. Ideals like "fairness" and "openess".

But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel, or any complex system you aren't an expert in. Rules that have the force of law - it MOST be done just this way, anything else is unfair. It can't be done even by someone who is a world-renowned expert on the topic. Neither Congresscritters nor Wheeler are experts in configuring the various queues, and the rules for shaping and policing those queues, inside a Cisco router. I'd bet money Wheeler doesn't even know what the term "traffic policing" MEANS, nor shaping. They are incompetent to legislate how it must be done. Even if they were experts, you just can't write laws that define exactly how "fairness" is done, or "openness".

Even if you COULD, Cisco and others come out with new features and capabilities every year. What would the network neutrality laws require me to do in my configuration of the Tonsay Routing Protocol? That's going to be awfully difficult to write such detailed rules for since the protocol doesn't yet exist, but new protocols are being created all the time.

There do exist some laws like "unfair competition" and "restraint of trade" that could be applied to the kinds of things NN proponents are afraid of. Courts look at specific, actual cases and use some defined principles to determine if specific actions or policies are unfair.

My experience indicates that may be a better approach. The FCC, or preferably the FTC, could announce policy PRINCIPLES, telling companies "if you do these sorts of things, we'll likely throw the book at you, if instead you do these other types of things to be fair and open, that's what we want to see and we'll give you some latitude in how you implement fair policies". Then let the courts apply established principles to decide if *specific* policies are unfair in specific situations, rather than Wheeler trying to play network admin.

A completely separate issue is that under our system of Constitutional government, Congress makes the law. Congress specifically chose NOT to give the FCC authority to promulgate NN regulations, preferring that be handled under existing law. That may have been bad or it may have been good, but that was the decision Congress made. The executive branch doesn't have the authority to make law. They can only implement the laws passed by Congress, and where Congress tells them what needs to be done, agencies can decide on the details of HOW they will implement the law passed by Congress. Wheeler is not Congress. He was not elected Dictat

Re:Is your name not Bruce?

[quenda]

But there will be many dead men turning over in their graves before the US succumbs to such a law.

The US does not need laws to spy on its people. The NSA director committed perjury in front of congress, denying the surveillance program, and nothing happened.
And given the weak public reaction to the Snowden revelations, few people care.

Re:Who is the bogeyman in Australia?

[TheGratefulNet]

I think you hit a key issue, and a sort of proof of a kind.

the proof: that countries are power-grabbing on the anti-privacy thing. they love to snoop (people who are attracted to power tend to be that kind of person) and they love to control others. they simply can't stand being told NO, to things.

its not that they NEED to read our shit. but they feel left out if country A has this power and they don't.

this is all there is to it. the need to control is so strong, with those sociopaths that they use any excuse that they think will work. and fear certainly works. that's why they ALL are using it, even countries like australia that is just too far away for any 'terrorist' to really care about ;)

all countries are joining in, more or less, in this fight against citizen rights. when you look at it, this is what's going on. all other 'reasons' are just a smoke screen.

this is what humankind is like. its why we actually don't deserve to own the earth. no matter, we'll blow ourselves up in the next century, most likely. the universe won't have to carry us that much longer.

Something to think about. 1970s network not good

[raymorris]

> That's letting perfect be the enemy of good

That's certainly an important thing to think about! I'm glad you mentioned it. The thing is, the rules were not good.

One draft (not the final draft) was so outrageously stupid it made it illegal to refuse connections from well-known spammers generating millions of spams per day each. The final draft was slightly less stupid. Slightly.

I guarantee no national network was actually in compliance, because you can't run a carrier network, or probably even a mom and pop ISP, and actually comply. You'd be stuck with token ring or something, that level of technology, because that's about as deep as Wheeler understands.

I wouldn't be at all surprised if DOCIS (cable modems) were technically illegal, or IP. It's 2AM and I have to be up in a few hours, so no I'm not going to find and quote the subsection that accidentally makes IP illegal, but there's a pretty good chance it does. :)

Again, I'm all for the ideals that most people associate with the term network neutrality. I just don't think Washington is going to be able to legistlate it in detail, rather than letting the courts make some determinations based on more general rules. The technologies are too complex and change too fast. Even if you somehow magically legistlated configuration lines that work well in all situations currently, 5G, TLS1.3, and HTTP 2 are going to kick your ass next month.

Re:Because bureacrats can't configure a carrier ne

[AmiMoJo]

But now go try to sit down and write detailed rules of exactly how "fairness" has to be implemented within an operating system kernel

That's now how it would work. The law would simply state that accepting any form of payment to prioritise certain traffic is illegal, and that prioritising any particular service or web site is illegal. The precise definition of "service" or "website" isn't too important, a jury will make that determination if it comes to it.

It's not a technical issue, it's a business issue.