Slashdot Mirror
Australian Industry and Tech Groups Unite To Fight Encryption-Busting Bill (zdnet.com)
A new encryption bill that's expected to be passed in Australia is facing strong opposition from tech heavyweights. A new group called "Alliance for a Safe and Secure Internet" has been formed by Australian industry, technology, and human rights groups to persuade the country from passing the bill, reports ZDNet. "The membership of the new alliance consists of Australian Communications Consumer Action Network, Access Now, Ai Group, Australian Information Industry Association, Amnesty International Australia, AMTA, Blueprint for Free Speech, members of Communications Alliance sans NBN, DIGI, Digital Rights Watch, Future Wise, Hack for Privacy, Human Rights Law Centre, Internet Australia, IoT Alliance Australia, and Liberty Victoria." The Guardian also notes that Google and Facebook are part of the group. From the report: The Bill is currently before the Parliamentary Joint Committee on Intelligence and Security, with a minuscule three-week window for submissions closing on Friday, October 12 and a hearing set for Friday, October 19. The proposed legislation would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content interception agencies want access to.
"This Bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia," said board member of Digital Rights Watch and alliance spokesperson Lizzie O'Shea. "The rushed processes coupled with the lack of transparency can only mean that expert opinions from Australia and abroad are being disregarded, and deep concerns about privacy erosion and lack of judicial review have simply been tossed aside."
"This Bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia," said board member of Digital Rights Watch and alliance spokesperson Lizzie O'Shea. "The rushed processes coupled with the lack of transparency can only mean that expert opinions from Australia and abroad are being disregarded, and deep concerns about privacy erosion and lack of judicial review have simply been tossed aside."
nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content interception agencies want access to.
What's up with that? When the police orders you to do something you do it or face the consequences. Safeguards often called warrants or monitoring permits are in place for protecting the citizens against this slippery slide of "asking nicely."
If they pass this, just stop doing business there.
When their entire country is crippled because none of the communication works maybe they will reverse this dumb decision.
It's not like they can prevent safe encryption from existing. Since their fascist state does not extend to the entire universe, and proper encryption is by definition indistinguishble from random noise. (Including the noise floor in any natural signal.)
Certainly open source software will not add backdoors, and choose to operate outside fascist state boundaries.
The general problem is more pressing: That in the last 10-15 years all states around the world, from all spheres, decided to becom extreme totalitarian fascist dictatorships. Western pseudo-democratic, eastern former pseudo-communist, east-Asian, African, South-American, you name it. Seemingly for no reason. ... how?? And if it is, then ... why??
If that isn't planned, then
Similar to how environmentalist use California to force their truthy feel good environmentalism on the world. Australia as a vassal of the five eyes have been told to pass this law to break encryption for the western world.
Who could've possibly foreseen that deliberately stoking irrational anti-government paranoia and developing technology explicitly designed to prevent governments from executing one of their core functions - all for the sake of selling more phones/apps/ads - would lead to those governments fighting back by regulating this technology? Now we get to see whether tech corporations or elected governments *really* run the world, and neither answer leads to anything good in this case.
All Apple had to do was unlock the fucking phone.
opposition to this legislation is probably warranted from everyone, but "strong opposition from tech heavyweights", instead of strengthening the case for such opposition, is suspicious and needs explaining, given the joined at the hip relationship between all the main "tech heavyweights" and surveillance apparatus of government of usa.
it is quite possible that what "tech heavyweights" really don't like is the open scrutiny and democratically accountable oversight of surveillance (especially by non usa government entities) they already implement on their users( and in some cases non registered users) for their own private benefit and usa intelligence agency benefit.
proponents of privacy, and opponents of surveillance, should be wary of "tech heavyweights" at all times and muct keep them at a distance.
Less competition in IT is certainly something the rest of the world could well use. Because if you're not allowed to encrypt in your country, the very first thing that will happen is that ANYONE who has remotely any data worth protecting will FLEE your country. Any data storage will happen abroad. And since I probably won't even be allowed to transport data in encrypted format into your country, I will make sure that anything remotely important will NOT touch your soil in any way.
In simple terms, so even politicians can grasp it: Pass this bill and kiss R&D, finance and IT good bye.
Because no backdoor is "government only" for long. At least not YOUR government-only. Such a back door is the holy grail, the gold ticket, the fast pass to industrial espionage. Do you think countries like North Korea would be above kidnapping the loved ones of someone holding that key and blackmail them so they don't get killed? Do you think your backdoor will be secret for long? And do you think anyone who's not completely insane will do any research or data storage in your country anymore?
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I submitted the following critique of the proposed Bill during the feedback period:
Greetings Honourable Members,
I am a active professional in the Information Technology industry for 30 years, I offer a critique of the The Assistance and Access Bill 2018 herein "this Bill".
The first and most obvious contradiction is that this bill cannot achieve its intended objection of monitoring paedophiles and terrorists because there is nothing to stop these parties from writing their own software. There is nothing extra-ordinary about exchanging media and messages and this is not difficult software to create. This would also apply to organised crime, there is very little from stopping them from developing their own software to exchange messages. Attempting to police this act is effectively a limitation on the innovative engines of our economy that drives business, the creation of software.
So whilst it is clear the Bill is attempting to enable access to communications for law enforcement and intelligence agencies, there is questionable benefit if it is unenforceable or ineffective for its legislative purpose.
The premise for not introducing "backdoors" and vectors for attacking systems is very shallow. Instead it is clear from 317C and 317D that any and all computer infrastructure deployed in Australia will have to have governmental monitoring subsystems installed in them, possibly by multiple government agencies. None of these clauses will stop, capture or decode messages by anyone determined enough to send them.
Consequently, criminal actors will now have a well defined target that they know exists and only has to be found for it to be used, making their task of covertly capturing data on average Australian citizens much easier. Criminals certainly won't be concerned about breaking laws if they already are. For those reasons once the infrastructure this Bill implies is established and deployed it will put the honest person and businesses at a disadvantage when they comply because the governmental monitoring subsystems will be a known target within their infrastructure.
Cyber crime, identity theft and other fraud against Australians are more likely to succeed with the taxation dollars from ordinary Australians used to build the means to defraud them of assets and income. I am very concerned that passing this Bill will lead to increased fraud against the average everyday Australia who is trying to use the internet to do everyday tasks and save time. No one will be spared, the Honourable Members themselves still have to interact in our society and will be exposed at some level.
There are much better ways for achieving law enforcement's objectives than with obtuse and overt access clauses as the main issue with deploying any kind of technology is unexpected side effects. The obvious unexpected side-effect of the government's proposed initiative is how they will be used against those companies who co-operate. If deployed world wide, which I see is something our government is championing, I cannot help but seeing it lead the world to some sort of digital feudalism broken down into virtual fifedoms.
I urge the government and all honourable members not to hand organised crime a weapon against our citizenry as powerful as this one. The intention of these laws is clearly for gathering data, which is exactly the goal of cyber-criminals. Instead the government could seek to protect its citizens by implementing technology laws that protect us from cyber-crime and fraud, in ways that lead to intelligence outcomes. Laws that use encryption technology to reduce opportunities for fraud against Australians as opposed to increasing them.
Thank you for taking the time to read this.
Regards
My ism, it's full of beliefs.
Why not just do a CALEA-like law where you have to build wiretapping into communication services? There's no good reason why an Australian company couldn't just make communication software that can route a copy of the traffic to an office in the corporate office, where police and a company lawyer can listen in when a valid court order is issued. It shouldn't have to be more complicated than that.
That was the wrong word. Should have read, "to dissuade the country from passing the bill" , or, " to persuade the country to not pass the bill". Since strings of infinitives can be a bit ugly, "to dissuade" would have been the better choice.
Welcome to the blacklist. I hope you won't need to apply for any job in the foreseeable future.
To me it seems futile to force a service provider to "bust encryption". If encryption can be "busted" then it is already broken and any reasonably competent "criminal" is not likely to implement it in the first place.
I can see how it would play out:
GOV: We need data on this individual.
ISP: Here it is, but it was generated using "unbreakable" end to end encryption.
GOV: Decrypt it for us.
ISP: We don't have that ability. Nobody does.
GOV: We don't care. decrypt it anyway.
ISP: We don't know how.
GOV: That's it. Your going to jail.
Either that, or the tech heavyweights know perfectly well that if they can bypass someone's encryption, so can the bad guys. Which means no more online purchases, or bill payment, or anything like that.
I think they can see this will collapse the online purchases paradigm. If the govt can get in, black hats can too. Everyone knows this except the general public and government.
The Bill intentionally says "No backdoors" however what it means is that govt wants front door access to be designed into what-ever software and infrastructure is produced which allowed prescribed agencies to trample all existing efforts to secure infrastructure.
TAN's "Technical Assistance Notices" are disruptive under 317MA. If business doesn't drop what they are doing and assist the government before the expiry period, you are assessed as non compliant and exposed to civil liability from the govts activities. Under clause 317G, if you are a coder or a sysadmin and you refuse to help with a "TCN" or Technical Capabilities Notice, you are labeled as "un-cooperative" and exposed to any civil liability arising from the govts activities.
To put the cherry on the cake, under 317R, they tell *you* what is technically feasible on your infrastructure. More so 317T allows govt to install software and infrastructure which business must maintain to remain compliant. 317X govt can vary scope, specification and responsibilities connected with "eligible activities". 317ZF make individuals personally responsible for any unauthorised disclosure and makes it a criminal offense for IT professionals to disclose anything even to their colleagues. Even on you're own infrastructure, it's a diabolical double bind, psychologically.
I could go on, I'm just picking random notes from the exposure draft I have beside me. There just isn't anything good anywhere in this bill if you are in IT. You either spy on your users or they have the option to destroy your entire business. Everything I've pointed to here is in the first 50 pages of a 176 page bill.
I've been analysing these Bills for over 20 years, this is the worst Bill I've ever seen. If you can, please help raise awareness, politely write to your representatives and tell them you object to this incursion to your free speech rights. Consider that this Bill imposes criminal liability for pretty much the entire audience of slashdot if you do not co-operate. Tell your friends, social media - whatever you think is appropriate, just do something. My critique of the Bill is elsewhere in this thread - feel free to copy it and use it.
Have no doubt, this is heading to the UK/US/Canada and NZ. Australia's Attorney General is in international consultations *right now* about implementing this in all five eyes countries.
So this is heading your way.
My ism, it's full of beliefs.
In simple terms, so even politicians can grasp it: Pass this bill and kiss R&D, finance and IT good bye.
I asserted those points in my critique of the bill I sent to the government. However you should keep in mind that Australia's Attorney General is currently in negations with all Five Eyes, Echelon, SIGINT countries to implement the same laws in those countries.
All these countries ministers were invited to the Gold Coast last month to discuss implementation in their respective countries.
My ism, it's full of beliefs.
they can't even choose the right name for their group...
not
"Alliance for a Safe and Secure Internet"
but it should have been
"Alliance United for a Safe and Secure Internet for Everyone"
Welcome to the blacklist. I hope you won't need to apply for any job in the foreseeable future.
I've been on the blacklist for my entire career. Govt know's exactly who I am. I have a four page letter from the AG arguing my position and letters from politicians thanking me for raising awareness and bringing the issues to their attention.
If I didn't have a job, I'd be a bigger pain in the ass than I am now. Frankly most of the time advising the government means diverting them from doing something stupid that will cause economic damage to the country. This and prevention of fraud is a completely valid criticism of the Bill, even after all free speech issues have been considered.
Once this bill is passed Mr AC you will cease to exist.
My ism, it's full of beliefs.
Australia is now a colony of China. Get used to it.
This. The authorities should investigate this individual, and freeze his bank accounts in the meantime.
I think it's time we need to start pushing to add the words "privacy" and "encryption" our our various countries' constitutions/charters so that we can put this issue to rest for good.
A government is a body of people notably ungoverned - AC
Calm down Ivan. Go get you vodka bonus.
You people really are blinded by your delusions
welcome to the NWO
you mention calea like it's even remotely acceptable. you probably fund the IRs like a suck ass too, don't you?
On the one hand, it's vital that the Australian tech industry is heard and understood.
On the other hand, if they're not, then I guess we'll see what the real-world effect is of totally buggering and gutting encryption.
So... it's the ASS Internet organization? Yep, that sounds Australian!
Cant be worried about pesky individual liberties when we got commie chink bastards to have a war against!
#freedumbs
#h2owrongway
Also, the ability of the Chinese government to force nationals to do the bidding of their intelligence agencies was cited as a reason to ban Huawei and ZTE from supplying 5G equipment.
It created a possible legal conflict of interest where a Chinese run company might be required to, but not able to abide by both Chinese and Australian law.
The Australian government are deepening divide of personal and national security. Tech companies caught in the middle.
It created a possible legal conflict of interest where a Chinese run company might be required to, but not able to abide by both Chinese and Australian law.
I guess the Aussies never heard of NSL.
Every American company you do business with has this risk already. A single NSL will compel them to violate Aussie law or go to American jail, and they cannot tell you about it.
Yet you don't see Cisco banned in Australia.
Banning Huawei and ZTE was so obviously just a tribute to the Aussie overlord, i.e. Trump, in supporting his trade war with China. It has nothing to do with security.
You tell 'em, Comrade Wang! Now those American dogs will really be confused!
"When encryption is outlawed, only paedophiles and terrorists will use encryption."
-Adapted from a gun rights advocacy slogan.
And really... if exceptions are carved out for a few limited forms of traffic, like financial transactions in specific channels, the only encrypted traffic would point right at the criminals. Of course, no more playing 'stateless-anonymous' games on the Internet. Very few regular people will have a problem with that.