Australian Industry and Tech Groups Unite To Fight Encryption-Busting Bill

A new encryption bill that's expected to be passed in Australia is facing strong opposition from tech heavyweights. A new group called "Alliance for a Safe and Secure Internet" has been formed by Australian industry, technology, and human rights groups to persuade the country from passing the bill, reports ZDNet. "The membership of the new alliance consists of Australian Communications Consumer Action Network, Access Now, Ai Group, Australian Information Industry Association, Amnesty International Australia, AMTA, Blueprint for Free Speech, members of Communications Alliance sans NBN, DIGI, Digital Rights Watch, Future Wise, Hack for Privacy, Human Rights Law Centre, Internet Australia, IoT Alliance Australia, and Liberty Victoria." The Guardian also notes that Google and Facebook are part of the group. From the report: The Bill is currently before the Parliamentary Joint Committee on Intelligence and Security, with a minuscule three-week window for submissions closing on Friday, October 12 and a hearing set for Friday, October 19. The proposed legislation would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content interception agencies want access to.

"This Bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia," said board member of Digital Rights Watch and alliance spokesperson Lizzie O'Shea. "The rushed processes coupled with the lack of transparency can only mean that expert opinions from Australia and abroad are being disregarded, and deep concerns about privacy erosion and lack of judicial review have simply been tossed aside."

Re:opposition from tech heavyweights?

[DMJC]

Or it could just be that tech firms don't want to deal with the complete nightmare that is hackable security. The situation is already almost at complete collapse already. Backdoors built in are the last thing anyone needs.

Good idea, Australia!

[Opportunist]

Less competition in IT is certainly something the rest of the world could well use. Because if you're not allowed to encrypt in your country, the very first thing that will happen is that ANYONE who has remotely any data worth protecting will FLEE your country. Any data storage will happen abroad. And since I probably won't even be allowed to transport data in encrypted format into your country, I will make sure that anything remotely important will NOT touch your soil in any way.

In simple terms, so even politicians can grasp it: Pass this bill and kiss R&D, finance and IT good bye.

Because no backdoor is "government only" for long. At least not YOUR government-only. Such a back door is the holy grail, the gold ticket, the fast pass to industrial espionage. Do you think countries like North Korea would be above kidnapping the loved ones of someone holding that key and blackmail them so they don't get killed? Do you think your backdoor will be secret for long? And do you think anyone who's not completely insane will do any research or data storage in your country anymore?

Critique of The Assistance and Access Bill 2018

[MrKaos]

I submitted the following critique of the proposed Bill during the feedback period:

Greetings Honourable Members,

I am a active professional in the Information Technology industry for 30 years, I offer a critique of the The Assistance and Access Bill 2018 herein "this Bill".

The first and most obvious contradiction is that this bill cannot achieve its intended objection of monitoring paedophiles and terrorists because there is nothing to stop these parties from writing their own software. There is nothing extra-ordinary about exchanging media and messages and this is not difficult software to create. This would also apply to organised crime, there is very little from stopping them from developing their own software to exchange messages. Attempting to police this act is effectively a limitation on the innovative engines of our economy that drives business, the creation of software.

So whilst it is clear the Bill is attempting to enable access to communications for law enforcement and intelligence agencies, there is questionable benefit if it is unenforceable or ineffective for its legislative purpose.

The premise for not introducing "backdoors" and vectors for attacking systems is very shallow. Instead it is clear from 317C and 317D that any and all computer infrastructure deployed in Australia will have to have governmental monitoring subsystems installed in them, possibly by multiple government agencies. None of these clauses will stop, capture or decode messages by anyone determined enough to send them.

Consequently, criminal actors will now have a well defined target that they know exists and only has to be found for it to be used, making their task of covertly capturing data on average Australian citizens much easier. Criminals certainly won't be concerned about breaking laws if they already are. For those reasons once the infrastructure this Bill implies is established and deployed it will put the honest person and businesses at a disadvantage when they comply because the governmental monitoring subsystems will be a known target within their infrastructure.

Cyber crime, identity theft and other fraud against Australians are more likely to succeed with the taxation dollars from ordinary Australians used to build the means to defraud them of assets and income. I am very concerned that passing this Bill will lead to increased fraud against the average everyday Australia who is trying to use the internet to do everyday tasks and save time. No one will be spared, the Honourable Members themselves still have to interact in our society and will be exposed at some level.

There are much better ways for achieving law enforcement's objectives than with obtuse and overt access clauses as the main issue with deploying any kind of technology is unexpected side effects. The obvious unexpected side-effect of the government's proposed initiative is how they will be used against those companies who co-operate. If deployed world wide, which I see is something our government is championing, I cannot help but seeing it lead the world to some sort of digital feudalism broken down into virtual fifedoms.

I urge the government and all honourable members not to hand organised crime a weapon against our citizenry as powerful as this one. The intention of these laws is clearly for gathering data, which is exactly the goal of cyber-criminals. Instead the government could seek to protect its citizens by implementing technology laws that protect us from cyber-crime and fraud, in ways that lead to intelligence outcomes. Laws that use encryption technology to reduce opportunities for fraud against Australians as opposed to increasing them.

Thank you for taking the time to read this.

Regards

Re:opposition from tech heavyweights?

[gweihir]

Unlike the politicians, the "tech heavyweights" at least listen to some degree to experts, or they go out of business in the long run. That means they are aware of the utter stupidity of this legislation. Quite a few companies would probably have to stop doing business in Australia to not endanger their global business.

Re:opposition from tech heavyweights?

[gweihir]

I agree. I just explain why these companies speak up.

These companies would have zero problems dealing with a surveillance state, a police state or any other authoritarian regime. Just look whether you can find them in China, for example. They are not opposed because of any moral grounds or because they care about individual freedoms. They are opposed because this legislation is so utterly stupid that it ignores technological reality and will cause a massive host of severe problems for their businesses.