Slashdot Mirror
Australians Who Won't Unlock Their Phones Could Face 10 Years In Jail (sophos.com)
An anonymous reader quotes the Sophos security blog:
The Australian government wants to force companies to help it get at suspected criminals' data. If they can't, it would jail people for up to a decade if they refuse to unlock their phones. The country's Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia's existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn't strong enough...
[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....
The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."
[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....
The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."
Dangerous shift...
Ten years for forgetting my pin number. I have done that.
They might just as well lock everyone up in advance, just in case.
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
How about an app that does one click 10-year encryption?
Can one "plead the fifth" in Australia?
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."
With such capabilities, how could the courts prove the evidence was not tampered with, invented whole-cloth, planted by the police, or merely stored on the target device by a third party for purposes of framing or obfuscation?
I'd shoot up the government if it tried to do something to me like this. 10 years means my life is basically over so I have nothing to lose taking out a bunch of authoritarian assholes.
This is an act of establishing fascism, where ultimately the citizens have no rights and the government can do whatever it likes to them. The time to for a decisive "no" to the authoritarian scum making laws like this would be now, but the citizens are deeply asleep.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
So everyone with an interest in privacy will use steganographic tools, while everyone else has no privacy. Well done, Australia!
This is fucking awful.
I bet they wouldn't like it the public got access to THEIR phones, but its ok for them to get access to ours?
Fuckers.
Isn't that just a big penal colony?
If the guards want to toss your cell, what's to stop them?
Have gnu, will travel.
C'mon Stephanie - give me the code to unlock your diary - we have to know if you had sex with Griffin.
Imagine a function built in to Android or IOS which re-encrypts the storage with a transient key which it then throws away.
It could be triggered by entering a special pin code or something similar.
Where are we going and why are we in a handbasket?
How do we, the public, fight this?
The phone needs two keys - one unlocks it and the other wipes it and then unlocks it.
Why even bother with the cat and mouse game?
The problem from the courts point of view isn't that they are able to forcibly obtain evidence from a persons phone. The problem is evidence is required at all.
Just do away with that requirement. It's just as easy, the government created that requirement in the first place, so if it's in the way of their primary goals, just get rid of it.
Then they can lock up whoever they want much easier.
It also has the benefit that lets the cops catch all of those criminals who follow the law to the letter.
I know that sounds like a contradiction, but that seems to be their thinking already. If they feel, not know, but feel that you are a criminal, then evidence be damned you are a criminal and deserve the worst that's coming to you.
Since they believe a person following all the laws and not breaking a single one is nothing more than a criminal smart enough to not get caught yet, that further shows the governments own rules requiring proving guilt and having evidence are the very things getting in the way for the government getting what they really want.
Remove that requirement and they don't need to worry about encryption at all, they don't need to decrypt it to get evidence if evidence isn't needed any longer.
Then you just declare them a criminal and lock them away, the one and only thing desired by the government here, no fuss no muss.
That sound you hear is a collective middle finger from every tech company on the planet towards Mr Malcom Turnbull and buddies. In reality, Australia is too small a market for them to give two shits about and any company could withdraw from the Australian market and it wouldn't change a pixel of their bottom line. Sure, it would piss the Australian people off if they couldn't get an iPhone or decent Android, but there are only 25 million of us.
Hellstra and Optarse would release their own branded devices again, with a fully compliant mobile operating system on them and those would be the two choices of device you have.
I don't count Microsoft in the collective, they've shown time and time again, they'll screw their custo... products over at the whim of governments.
Although we might not yet have the tech to do this, I can easily imagine a password system in the not too distant future that is tied with a wetware mechanism that analyzes the state of mind of the person entering the password to determine who is entering the password and their emotional state while they are entering it. If the person is under any duress while they are entering the password, then it will not unlock.
Thus, it would be provable that you have no ability to unlock it for them.... what would they do about that, exactly?
File under 'M' for 'Manic ranting'
This was actually an issue for agents during WW2. Marks got agents to stop using memorized encryption keys and instead use one time codes written on silk, with instructions to burn each piece after use.
That way the Nazis could not torture there code out of them and then read their back traffic, which could be very serious.
As usual, I'm willing to bet that our government and other rich people will somehow find ways to exempt themselves over national security or other reasons.
If access to a phone is required to solve a case, then the evidence doesn't exist anyway.
I do agree though that after a guilty conviction has been made, it should be possible to make this request, to help determine if the conviction is too leniant
Because history shows that the first people who get spied on by an eavesdropping outfit are violent criminals, the political class, and journalists. Why should these lowlifes not get what they deserve?
Time to Nuke Australia, before this cancer spreads.
It's disgraceful.
Some corrupt scumbag could have you arrested, toss a burner phone in with your stuff, and when you won't unlock it, it's off to jail for you.
Or your neighbor is pissed off at you, dumps a locked phone in your car, calls cops and says you're a pedo. You're off to jail.
Thus, it would be provable that you have no ability to unlock it for them.... what would they do about that, exactly?
Possible, though they could likely give you something to help get you in the right state of mind.
In Australia they seem to be going to far, while in America you just seem to have a mess. Justice is based on how much you can pay. If you can pay enough you stand a pretty good chance of getting off. Hell if your president you can obstruct justice blatantly, the most recent being him flat out saying the case against manafort was wrong and sad while the non sequestered jury was in deliberations. I doubt he spends a day in jail and no matter what happens will probably make a lot of money on his time in the presidency, but forgetting your pin number in australia and its 10 years.
Laws are supposed to punish people based on the harm they have inflicted on society. Somehow we have missed that. Those that inflict the biggest harm tend to get off scott free while police regularly kill people they really don't need to.
So far Canada seems the most likely place to move to one of these days. Sure its colder, but you can largely deal with that. It might be fun to do something like build a perfectly round 2 story house using a bunch of monotrusses. Say around 47 monotrusses for 30' in diameter, a 2x6 basement, 2x4 top, maybe 4 inch exterior foam. At each monotruss end point the wall would curve around 7 degrees. It be a quite simple design, even if the roof would add to the cost. Yep, you know you love your country when you dream of what you will do when you leave it.
Oh please
Australia has jumped the Marxist shark.
They cannot keep any personal information secret because the gov equates accusation with guilt and you have to prove yourself innocent.
They cannot express a dissenting political or social opinion without violating "hate speech" laws.
They are disarmed and they cannot rollback to democracy, let alone defend themselves from thugs and terrorists who ignore weapons laws. When seconds count the police are only minutes away. In the outback HOURS away, if they come at all..
Which country do they migrate to?
Running with Linux for over 20 years!
... just take a shit and give it to them.
I think all phones should come unlocked, and if manufacturers/carriers refuse to sale unlocked phones they should be put in jail.
Arrest someone your government dislikes, take phone, demand pin, change pin, tell detainee their pin doesn't work so you must have lied, put in jail for 10 years.
is cancer.
so apple will pull out but will cave in china!
If they gave you something to artificially try and induce a cooperative state, then the tech should be able to discern that you were not in a normal frame of mind, and could still refuse access.
The principle behind using such mechanisms would be that if a would-be snoop knows in advance that such mechanism are in place, then they would not try to coerce someone to give them access in the first place because they know ahead of time that any effort they might undertake will fail.
File under 'M' for 'Manic ranting'
Nothing but a police state there. Forget about them. The real fight is the one closest to home.
They wouldn't do it if they needed access to the information.
But, if they simply wanted a convenient excuse to put someone away for ten years, or to serve as an example for others who might think of putting this on their phone...
A more practical objection might be that this could also prevent use of the phone when you are very upset due to something completely unrelated to abuse of power by police. For example because there was an emergency and you need to call for help.
Seems platypus earned a seat at law making in Australia.
Just get an app that has 2 codes, one that unlocks the phone, and another that wipes the phone. If they are requiring the phone un locked to look for evidence how can they prove that it was there in the first place ? The only thing I keep on my phone is the contact list, I delete call history, received, and outgoing, as well as all my text history on a daily basis already.
errr....umm...*whooosh* *whoosh* Is this thing on ?
Oh the irony, the current Australian government responsible for this is the conservative right wing LNP, verging on far right. If you were even reasonably informed you would know this, but your paranoia about duh Marxist does not allow you to conceive that this is the work of the right wing, as was the removal of a lot of guns by the same parties as currently in government.
Virtually nobody here cares about owning guns, and those who live in the country on farms frequently do have weapons on hand.
You are pretty much wrong in every single point, your lack of any knowledge is disturbing, tell me which part of the US are you from?
How encryption work.
That in end 2 end encryption the service provider does not have any keys whatsoever.
In fact any modern day encrypription uses session keys that are assigned automaticallly and that NOBODY knows.
This is insane.
I value my privacy more than the letter of your laws. I'll gladly sit in prison on the tax payers dime for 10 years.
In other news, Australian authorities now requiring safe manufacturers to provide backdoor access, says they are 'too secure'.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
When everyone is a suspect , where are your freedoms gone to ???
Just like slaves you become.
tell them to join the far queue
Go well
God help you if they finally unlock the journalist's phone and find Fake News!
One password for your phone.
Other passwords for your apps.
This applies to Australian companies who won't SIM unlock people's phones, right? Let's send Telstra to gaol for 10x20M = 200 million years!
Australians love those laws. They believe they keep them safe. They will happily embrace them. The laughable minority of enraged nerds who think they can oppose this will be ignored at first, and then scrutinized by the authorities later. To Australians, the Boot is Good and they enjoy being stomped on, as long as they can feel safe.
Another in Slahsdot's lets half-lie about Australia articles that have been running rampant of late. You can only be compelled to unlock your phone by a court order approved by a magistrate, if there is reasonable suspicion that your phone contains evidence pertaining to a crime. Source:https://www.sydneycriminallawyers.com.au/blog/can-police-demand-the-password-to-my-phone-or-computer. The raising of the current penalty from 2 to 10 years for not obeying that court order is being put to public consultation. Ask yourself when is the last time your country asked the public about the crafting of its laws.
I still occasionally still get people thinking porno with A-cup tits is illegal down here, that was a minister running his mouth off about 10 years ago. It never came in and was a source of public ridicule for the former Rudd governement and especially the former senator Stephen Conroy. People think Trump invented fake news, this website has been pushing it for years.
Australia really is just upside-down America. I thought it was just a weird coincidence of cartography, but... nope. Good thing I had no burning desire to go there. Wonder what they'll think up next? My guess is lifetime imprisonment on a giant island for just being Australian... oh, wait... they already HAVE that. LOL-Failstrailia.
Our reign has gone on long enough. Indeed. Summon the meteors.
If I can't protect my data with encryption then I have to go to other means. Data that cannot be found cannot be demanded.
Here people will say "but that isn't how I do things right now"... always the way with everything since always. We don't do things a certain way until we do.
Easy enough to do... does require pushing the data to secured remote servers or obscuring the data on the phone such that it doesn't appear to be data... at least enough so that the investigators and courts don't notice it.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
If governments are going to pass something like this, then the fair way to balance it out is to have a penalty for abuse of this law be something like 25 years for all involved.
Example.
If a cop falsifies information to obtain a warrant that was then rubber stamped by a judge, the cop, the judge and anyone else that touched the request down to the clerks should all be held in contempt and sentenced.
To discourage corruption, abuse of laws should always be at least twice as mean as the law prescribes for the normal case.
Another one willingly put themselves on the "shit country" list, great job australia!
Next year it will be 10 years for possession of a phone.
Sent from my ASR33 using ASCII
Freedom~
10 years in prison. Jupiter years.
Yes, they could still do that, of course. But at that point they are arresting a person because they want to, and could not even try to make the argument that they were arresting the person because they posed any threat to public safety or security unless they had other evidence to go on.
File under 'M' for 'Manic ranting'
Sieg Heil, Australia!
I would never consider visiting your fascist police state. I was ready with approved documents to immigrate to Australia in the late 60's. I decided to stay in Texas instead. Thank God for that decision!
Well Andoird should now implement plausible deniability encryption now. Same as it was in truecrypt. Give one passcode you get fake partition that has nothing special and another that open proper version.
Full disk or file encryption outlawed.
It's literally called "memory". Since when do goverments think they have the right to access one's memory ?!
With all the uproar over access to private / personal data that is stored on a smartphone, I am shocked they don't simply secretly upload said data periodically to a cloud server instead and call it a backup.
Then they just have to bribe . . . . er. . . promise lucrative contracts to the Telco for access.
Then again, they may already do so and the rest of this is just misdirection.
Oh, and one more point... if you need to call emergency, then you don't need to unlock the phone in the first place. Same as it is right now.
File under 'M' for 'Manic ranting'
If your phone is up and powered, far more likely you did NOT forget your pin number, you are just trying to avoid a lengthy prison sentence. See in some country when the police says you "open that safe" , "i forgot the code/key" is not an excuse.
a country that far gone through the rabbit hole of fascism, does not need that. Just go to the culprit home and drop a bundle of child porn in mag form, photo of what "could" look like the suspect having sex with a child, et voila, and contrary to a phone that does not leave potential electronic evidence like changing the pin (which may have been logged). Or heck as xkcd said, just take a crowbar and hit them, or make them disappear in an early grave (pun intended). Frankly you are thinking of complicated solution when there is far more easier.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
Here you go. Just press the wipe and unlock button, and the phone is all yours!
Why aren't you out with pitchforks and torches already?
from being criminals to being criminals
Time for the Honey Pot app. Log in with the special "wrong" pin and you get the fake partition instead of the real one. Maybe it DUMPS the real on...
So, now there should be two versions of devices: the "S" model for secure and the "C" model for the compromised version you can carry in countries that just spy on your stuff without inhibition.