Slashdot Mirror

← Back to Stories (view on slashdot.org)

Australians Who Won't Unlock Their Phones Could Face 10 Years In Jail (sophos.com)

Posted by EditorDavid on from the not-passing-Go dept.

An anonymous reader quotes the Sophos security blog: The Australian government wants to force companies to help it get at suspected criminals' data. If they can't, it would jail people for up to a decade if they refuse to unlock their phones. The country's Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia's existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn't strong enough...

[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....

The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."

27 of 223 comments (clear)

  1. Great ... by Misagon · · Score: 4, Insightful

    Ten years for forgetting my pin number. I have done that.
    They might just as well lock everyone up in advance, just in case.

    --
    "We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
    1. Re: Great ... by thundercattt · · Score: 2

      I keep my password on a written piece of paper in my wallet. It's 25 digits long, numbers letters symbols. Upon being arrested, I ate said paper.

    2. Re:Great ... by Kjella · · Score: 3, Funny

      Ten years for forgetting my pin number. I have done that. They might just as well lock everyone up in advance, just in case./quote

      Uh, you're in Australia. You just haven't noticed. /s

      --
      Live today, because you never know what tomorrow brings
    3. Re:Great ... by Vinegar+Joe · · Score: 3, Funny

      Maybe instead they'll just transport them to the UK. That'd be a fate worse than death.

      --
      "The average reporter we talk to is 27 years old......They literally know nothing." - Ben Rhodes
    4. Re:Great ... by misnohmer · · Score: 2

      You are missing a bigger picture. Someone you pissed off manages to grab your pin (video tape you entering it, or just peek over your shoulder), then changes it, calls in an anonymous tip to the police, you can't unlock it, bye-bye for the next decade. Easier than framing someone for a crime.

    5. Re:Great ... by Scarletdown · · Score: 3, Funny

      So, when arriving in Australia and the Customs guys ask if you have any criminal history (if they ask such a thing), is asking back, "Is that still a requirement?" safe or unwise?

      Is that something they hear all the time? :D

      --
      This space unintentionally left blank.
    6. Re: Great ... by rtb61 · · Score: 3

      Very unlikely, once subject to constitutional challenge the law will be scrubbed because you can not by law force any one to remember anything, to do so, would be the direct equivalent of torturing to force a confessions. You can not make legal demands of memory, not constitutional, sure write in a crap law temporarily until it is challenged constitutional, then it fails. Very tricky to try to prove someone remembered something, without them proving they remember it by remembering it in court, so you would be only guilty of the crime if you denied remembering it and then changed your mind but wait sometimes memory works like that, stress does weird things with memory.

      So charging someone with a crime for having a bad memory or an accident or suffering from stress it would be interesting in the Australia High Court, trying to prove someone remembers something, hmm, brain surgery and inserted torture probes I guess perhaps.

      --
      Chaos - everything, everywhere, everywhen
    7. Re: Great ... by sg_oneill · · Score: 5, Interesting

      [blockquote]I don't know how much you know about the Australian constitution, but good luck on that one. We already have secret quasi-courts with Star Chamber powers, such as the power to compel testimony and imprison silent witnesses, in the form of the various state anti-corruption commissions.[/blockquote]
      Its worse than that. The Libs (for our american friends, our Liberal party is equivilent to your Republican party, I know, confusing right?) gave the industrial relations courts have those powers too, as a way to get unions to hand over membership lists and the like. Doesn't work though, getting done for contempt of court for refusing to snitch on your unions considered a badge of honor for many in the movement,

      The worst part is , its tradition now that whenever a state or federal Liberal party gets power, the first thing they try to do is drag the labor party through the same court process to try and find out what sort of sneaky politicians have been nice to unions, or whatever the thoughtcrime allegation of the week is. Those and the Royal commissions that the libs like to do to intimidate labor never really find much except a few politicians that have fucked some reciepts for taxi fares or whatever, but its not about finding guilt, its about intimidation.

      We have a *very* anti-democratic conservative movement here.

      --
      Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
    8. Re:Great ... by Zarhan · · Score: 2, Insightful

      Actually, I have forgotten my PIN.

      11 hour redeye flight from Helsinki to Osaka, Japan after a badly slept previous night.

      Turn on cellphone, drowsy as hell, after customs. Enter PIN. Reject. WTF. Try again, still reject. Try again, once more reject. SIM now locked, please enter PUK code. Crap.

      I was able to call my telco from the hotel and get the SIM unlocked. Then it hit me - after the flight, I had kept typing in the PIN for my credit card. No wonder it didn't work since it was the completely wrong PIN.

      Point being: If someone brings you your phone after a night in cell you *honestly* could forget. Especially if some nasty officer is grilling you in an interrogation room.

  2. In AU it's worse than that by Artem+S.+Tashkinov · · Score: 2

    Can one "plead the fifth" in Australia?

    1. Re:In AU it's worse than that by thegarbz · · Score: 4, Informative

      It's worse than that in most countries. Don't normalise America's constitution on the internet, you only represent 5% of the world.

  3. Fruit of the poisonous tree by Anonymous Coward · · Score: 5, Insightful

    "[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."

    With such capabilities, how could the courts prove the evidence was not tampered with, invented whole-cloth, planted by the police, or merely stored on the target device by a third party for purposes of framing or obfuscation?

    1. Re:Fruit of the poisonous tree by thegarbz · · Score: 2

      With such capabilities, how could the courts prove the evidence was not tampered with, invented whole-cloth, planted by the police, or merely stored on the target device by a third party for purposes of framing or obfuscation?

      How can courts prove it currently for things not currently done "on a phone"?

  4. Steganography now mandatory in Australia by ffkom · · Score: 3, Interesting

    So everyone with an interest in privacy will use steganographic tools, while everyone else has no privacy. Well done, Australia!

  5. As an australian by Rainwulf · · Score: 3, Insightful

    This is fucking awful.

    I bet they wouldn't like it the public got access to THEIR phones, but its ok for them to get access to ours?

    Fuckers.

  6. One thing that might help by presidenteloco · · Score: 2

    Imagine a function built in to Android or IOS which re-encrypts the storage with a transient key which it then throws away.

    It could be triggered by entering a special pin code or something similar.

    --

    Where are we going and why are we in a handbasket?
    1. Re:One thing that might help by zm · · Score: 4, Insightful

      Imagine a function built in to Android or IOS which re-encrypts the storage with a transient key which it then throws away.

      It could be triggered by entering a special pin code or something similar.

      Then imagine another ten years in jail for tampering with the evidence.

      --
      Sig ?
  7. Two keys by JaneTheIgnorantSlut · · Score: 2

    The phone needs two keys - one unlocks it and the other wipes it and then unlocks it.

    1. Re:Two keys by Anonymous Coward · · Score: 2, Insightful

      Or more subtly than that... the second key just wipes any data marked "sensitive". That way, the authorities won't have an obvious cause to go after you for destroying evidence. They won't know what was there before you unlocked it with the second key, yet they'll still see a normal, functioning device.

    2. Re:Two keys by OpenSourced · · Score: 2

      A problem with this is that you erase all your valuable data for perhaps just a random check in some customs. If the check is not random, the fully erased data is easy to recognize and marks you as an enemy of the state too. Even if you only delete data from some contacts previously marked as "sensible", the oppressor state (I'm assuming of course that you are a brave reporter fighting for the freedom of Whateverstan, not a child trafficker) can probably check your calls and internet use and see if they match the records of the phone.

      Less drastic and probably safer would be to have each code enter a different user. You enter (in regular use) one or the other depending on the kind of sensibility of your contact. Contacts marked as "sensible" are automatically saved in your private user. Every exchange with a sensible contact should be matched in the public user, with a similar but random generated content. If you contend that random generated content is easy to recognize, I can offer the option of using smileys. I've seen conversations consisting only of smileys, that nobody could make sense of.

      Of course, detailed forensics of your phone would reveal that you have that option (multiple user) available in your phone, but if it becomes a widely distributed feature of a fork of Android, you can have plausible deniability of your knowledge of such feature. If your oppressor state still has a semblance of due process, that can be useful. If not, all protection is futile, as you'll be declared guilty anyway.

      --
      Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
  8. Silk and Cyanide by aberglas · · Score: 4, Informative

    This was actually an issue for agents during WW2. Marks got agents to stop using memorized encryption keys and instead use one time codes written on silk, with instructions to burn each piece after use.

    That way the Nazis could not torture there code out of them and then read their back traffic, which could be very serious.

  9. New means to supress dissent by currently_awake · · Score: 4, Interesting

    Arrest someone your government dislikes, take phone, demand pin, change pin, tell detainee their pin doesn't work so you must have lied, put in jail for 10 years.

  10. Re:Australia by Falconhell · · Score: 2

    How ironic, someone from a country with the highest imprisonment rate in the western world calling Australia penal colony. That has not been the case for over 200 years.

  11. Delusional drivel. by Falconhell · · Score: 3, Informative

    Oh the irony, the current Australian government responsible for this is the conservative right wing LNP, verging on far right. If you were even reasonably informed you would know this, but your paranoia about duh Marxist does not allow you to conceive that this is the work of the right wing, as was the removal of a lot of guns by the same parties as currently in government.
    Virtually nobody here cares about owning guns, and those who live in the country on farms frequently do have weapons on hand.
    You are pretty much wrong in every single point, your lack of any knowledge is disturbing, tell me which part of the US are you from?

  12. People Don't Need That Level of Security by mentil · · Score: 2

    In other news, Australian authorities now requiring safe manufacturers to provide backdoor access, says they are 'too secure'.

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
  13. Re:No doubt about it .. by Strider- · · Score: 4, Informative

    Australia has jumped the Marxist shark.

    This is much closer to fascist than anything else. Marxist is an economic ideology. Fascism is political/legal.

    --
    ...si hoc legere nimium eruditionis habes...
  14. Then the data must be hidden by Karmashock · · Score: 2

    If I can't protect my data with encryption then I have to go to other means. Data that cannot be found cannot be demanded.

    Here people will say "but that isn't how I do things right now"... always the way with everything since always. We don't do things a certain way until we do.

    Easy enough to do... does require pushing the data to secured remote servers or obscuring the data on the phone such that it doesn't appear to be data... at least enough so that the investigators and courts don't notice it.

    --
    I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.