Slashdot Mirror
Australia Passes Anti-Encryption Laws [Update] (zdnet.com)
Earlier today, Australia's House of Representatives passed the Assistance and Access Bill. The Anti-Encryption Bill, as it is known as, would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content agencies they want access to. "While the Bill can still be blocked by the Senate -- Australian Twitter has been quite vocal over today's proceedings, especially in regards to the [Australian Labor Party's] involvement," reports Gizmodo. ZDNet highlights the key findings from a report from the Parliamentary Joint Committee on Intelligence and Security (PJCIS): The threshold for industry assistance is recommended to be lifted to offenses with maximum penalties in excess of three years; Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs) will be subjected to statutory time limits, as well as any extension, renewal, or variation to the notices; the systemic weakness clause to apply to all listing acts and things; and the double-lock mechanism of approval from Attorney-General and Minister of Communications will be needed, with the report saying the Communications Minister will provide "a direct avenue for the concerns of the relevant industry to be considered as part of the approval process."
The report's recommendations also call for a review after 18 months of the Bill coming into effect by the Independent National Security Legislation Monitor; TANs issued by state and territory police forces to be approved by the Australian Federal Police commissioner; companies issued with notices are able to appeal to the Attorney-General to disclose publicly the fact they are issued a TCN; and the committee will review the passed legislation in the new year and report by April 3, 2019, right around when the next election is expected to be called. In short: "Testimony from experts has been ignored; actual scrutiny of the Bill is kicked down the road for the next Parliament; Labor has made sure it is not skewered by the Coalition and seen to be voting against national security legislation on the floor of Parliament; and any technical expert must have security clearance equal to the Australia's spies, i.e. someone who has been in the spy sector." Further reading: Australia Set To Spy on WhatsApp Messages With Encryption Law.
UPDATE: The encryption bill has passed the Senate with a final vote of 44-12, with Labor and the Coalition voting for it. "Australia's security and intelligence agencies now have legal authority to force encryption services to break the encryptions, reports The Guardian. Story is developing...
The report's recommendations also call for a review after 18 months of the Bill coming into effect by the Independent National Security Legislation Monitor; TANs issued by state and territory police forces to be approved by the Australian Federal Police commissioner; companies issued with notices are able to appeal to the Attorney-General to disclose publicly the fact they are issued a TCN; and the committee will review the passed legislation in the new year and report by April 3, 2019, right around when the next election is expected to be called. In short: "Testimony from experts has been ignored; actual scrutiny of the Bill is kicked down the road for the next Parliament; Labor has made sure it is not skewered by the Coalition and seen to be voting against national security legislation on the floor of Parliament; and any technical expert must have security clearance equal to the Australia's spies, i.e. someone who has been in the spy sector." Further reading: Australia Set To Spy on WhatsApp Messages With Encryption Law.
UPDATE: The encryption bill has passed the Senate with a final vote of 44-12, with Labor and the Coalition voting for it. "Australia's security and intelligence agencies now have legal authority to force encryption services to break the encryptions, reports The Guardian. Story is developing...
I wonder how many they will lock up when they're told "it would take more computing power than is available in the universe"
Has been stopped for now: Govt sacrificed it in the Senate, because Opposition parties wedged them with a Bill to get Medical transfers for refugees detained offshore, which would have passed in the Reps, embarrassing the minority Govt - Now very likely to have an Election in March which Labor will probably win - and then it may start up again...
I'd really like to see who they take to court to try and undo the encryption on the Monero et al. blockchains.
Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
I wouldn't be a bit surprised if this bill was a backroom deal between the desires of the five eyes and the Australian Government.
Breaking encryption for one government breaks it for all.
I just means there will be a plethora of hidden encryption apps used exclusively by those who plan to do evil.
Wait until someone adds machine learning to the process of communicating meaning and watch people's messages disappear entirely.
As it's not words that information gathers wish to capture, but the meanings being conveyed.
The Australian government have escalated the information war, and don't understand the consequences of doing so.
It was sent back to the senate, they added some more amendments, but didn't get time to vote on those due to another bill being filibustered.
It's out until February 2019.
The senate had to pass back the bill to the house of representatives to accept its amendments, and the government has called it quits for the year in order to avoid allowing asylum seekers to be transferred from island prison camps to australia to receive medical care
I mean how can you ignore experts on a question that only experts can understand? It does not get much more stupid than this.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Watching the debate that is happening right now, the lies being used to convince the house to pass this Bill are just sickening.
For US, UK, NZ, Canadian citizens their governments can access the powers via existing intelligence agreements.
The Australian government have escalated the information war, and don't understand the consequences of doing so.
Fraud. They talk about not building backdoors, they just want the keys to the front door by coercing IT professionals with fines, liability and jail time.
My ism, it's full of beliefs.
The consequence is an even heavier imbalance of information asymmetry. The governments gets to know much more about you without you knowing anything at all about 'it'. Information is power, and now they have more information. The ideal for any government is total information awareness while completely suppressing any civilian knowledge.
The higher they build this tower the less likely a civil uprising can happen. A good goal for a government is that a civil uprising is basically impossible since there's no communication network they can't shut down, and no way to avoid subjective laws which can be applied to anyone they deem a threat. Once the military is largely running on AI they won't even have to worry about morals or ethics and the computers will happily kill anyone they don't like with gay abandon. Those killings will be blamed on "malfunctions"..."deliberate malfunctions".
Farming humans seems to be quite technically involved.
They are attempting to pass the Bill in the senate at this very moment. I am watching them debate passing it it *right now*.
This is about all software.
My ism, it's full of beliefs.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
It has been a dream for any one of the five eyes countries to pass laws like this. Once the agencies are able to get a foot in the door, precedence will be used as a reason the other four courts should also have access to the data. "The tools to are already created" argument will now exist in a courtroom . This is going to open a whole plethora of doors for all countries.
This will quickly spill over into the rest of the world. Once you see the democracies of the world go this route, the flood gates will open. There will be laws made all over the world that will copy this word for word. Entire turn-key packages to look all of this up will be sold to the highest bidders.
In the end, I see a market being created for stolen country keys and hacked law enforcement portals. Those keys will be nearly priceless. One key for all of whatsapp? Done. One portal for all of proton-mail? Done. The next question will be, "How would you like your secrets served up today sir?"
--
Be mindful when it comes to your words. A string of some that don't mean much to you, may stick with someone else for a lifetime. - Rachel Wolchin
https://www.abc.net.au/news/20...
MAKE AUSTRALIA GREAT AGAIN
Already on it.
The "opposition" has just moved to drop their own amendments to the Bill. The Division bell is now ringing. The greens attempted to move the "oppositions" amendments however leave was not granted for them to do so.
So for all of the effort from industry and individuals the Bill now stands before the Senate to be passed as originally presented in its flawed form.
This is disgusting.
My ism, it's full of beliefs.
https://en.wikipedia.org/wiki/... wrote this.
That is all. Unless government does away with property law, all expressions of communications shall henceforth be considered works of art and property which cannot be regulated under encryption acts. Art and property must be outlawed next. Your move Five Eyes.
ISDS means a US company harmed from unreasonable government regulation can sue their sorry asses. As well as other ISDS agreements.
So any leak of master keys, leaked modules, exploits, code signature bypasses means brandname reputational damage. As Australia is the ONLY country - therefore the leak must have come from Australia. Unlike Phillip Morris, technicalities won't get them off the hook.
As garden variety state police get to play, various Motorcycle gangs are going to get free copies of the payloads first. They will make a lot when they sell the first open bootloader for Apple and Samsung. If that happens, a global firmware would have to be initiated.. Who will pay for that?.
its pretty much the same as Regulation of Investigatory Powers Act 2000 (c.23) (RIP or RIPA) is an Act of the Parliament of the United Kingdom
they don't try and break encryption they simply ask that you hand over the Keys so they can break into the stream
the same thing as the :
United States Foreign Intelligence Surveillance Court (FISC, also called the FISA Court) is a U.S. federal court established and authorized under the Foreign Intelligence Surveillance Act of 1978 (FISA) to oversee requests for surveillance warrants.
so americans do you want to examine your own systems because the people who Cant Infiltrate Anything simply go to court...
It seems it's been too long since we've had to work for our freedom and pay for it in blood, both our enemies' and our own.
That which comes free and is considered to be a given rarely has any worth in the eyes of people.
We are descending into totalitarianism again, one way or another, and at some point we will be sick enough of being enslaved, also one way or another, that we'll rise up, heads will roll and we'll install another ruling class, one we trust, to slowly grow complacent and enamored with their power.
The cycle is alive and well and we merely markers on it.
That's something the German attempts at data retention laws have taught me. Politicians will always try to pass some BS w/o thinking the implications through. It usually comes crashing down. In my experience Supreme Courts have a habit of wanting reasoning, procedures, redress procedures, limitations and implementations explained to them. Then the inconsistencies come to light in a forum they cant bullshit their way out of. I've seen numerous instances were courts asked the government if they had a severe case teh dumb.
Panic and autocratic name calling should be reserved for when the supreme court says a law is OK. Until then keep talking about the BS inconsistencies.
The tech companies I mean ?
I can see how a local telco like Telstra might have to do it, but the tech giants like Apple/Google/MS etc don't.
They could just say "Sorry Ozs, no more iGadgets, Windows, Android, Amazon, Instagram etc for you ! If you want explanations why, just ask your politicians."
There would be rioting in the streets in a day ! The orgy of pathetic grovelling coming from Parliament House would be a sight to behold.
So, why couldn't they just remove their products from the Oz marketplace ?
Likely ??
The ones in power I presume has the most to hide... I aint shit to hide sir... soon you'll find most people are like that.... except for the ones at the top. This may be your downfall....
[($)]
The German government learned from its previous failed attempts. Our politicians refined how they approach laws that used to create a lot of backlash. They simply reframe them so their former critics now actively defend them and call it a win.
Censorship laws? Just reframe it as "fight against hate speech". Mass surveillance? Just reframe it as "environmental protection".
If you for-the-children laws hard enough you can get away with anything. Just tell your critics it serves their purposes and they'll stop fighting it.
Just don't work with the Australian government. If these companies have Australian presence, pull out so you aren't subject to their laws. There obviously must be a grace period for compliance outlined. If they don't have a presence, who gives a shit about backwater places? Let them block the services in their ISPs. How many services blocked before people start bitching about how they can't use the things they want to use? The platforms they used to be on before the government started meddling where it doesn't belong?
The first duty of an agency that wishes some unknown data to be decrypted would be to prove that it was, in fact, an encrypted message. If they were presented with a file containing random numbers they couldn't just say "you must provide the key to decrypt that" as they have not shown that such a key actually exists.
Of course, the only way to prove that such a key exists would be to use it to decrypt the data. But until the transmission of blocks of random junk becomes widespread and well known (possibly with the occasional encrypted message inserted, as government agencies do it) the "reasonable man" criteria would apply and courts would assume that all apparently random data is actually encrypted messages.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Actually, the right supports privacy and encryption. The left supports a lack of privacy, and no encryption, because it's important that the rights of the government exceed the rights of the individual, which is actually fascism.
A lot of people say this won't work, but it will work. Mostly companies will just block encrypted traffic, or force people to use encryption that can be easily broken. Use of strong encryption will be pretty much tantamount to an admission of guilt for whatever they accuse you of. If there's money to be made, and as small a country as Australia is, there is actually money to be made out of 20+ million people, then it's big enough that companies will work to help the Australian Government enforce it's laws, just how American, European and Chinese companies all charge people GST for Australia now, even though it was said that it wouldn't work, and would be impossible to enforce.
What you really need to worry about.... Australia has long been a testing ground to work out if new ideas will be accepted in the US.
I can't imagine you have thought this through. Clearly they have this problem in NZ as well. Sounds like the voters want to hand this power to just anybody, or do they?
Surely this news must be from the censor king: CHINA, right? Right?!
Okay honey, let me go pass a law to make them exist for you.
So what you're saying is Australians are joke of a people and a nation. Got it. Cryptocurrencies can never be legal there then I guess because no central authority controls the encryption. Truly sad.
Australia is the enemy of the free world. Trump needs to go after the Democrats,and release the FISA warrants. Australians were involved on that spying thorough the 5 eyes. Do something about this Aussies. You're better than that.
Start cracking the passwords and tell them you'll let them know when it's done.
With whatsapp it should take quite along time to crack.
Please stop saying "Australia" did these things, it's our batshit politicians not the people.
Aussies are all for compression. They compress words lie:
Sraya for Australia
Assie for Australian
Avro for Afternoon
Brickie for Bricklayer
Brolly for umbrella
etc..
Since encryption messes with compression. They are culturally averse to it.
So the government approaches you:
1) Tell them to go away - What can they do if you refuse any kind of contact?
2) Tell them you won't do it - What will they do if you just flat refuse to do it?
3) Agree to do it, don't do it - Possible out?
4) Agree to do it, do it...
How do I:
* Get my code reviewed and accepted by peers?
* Pass code through CI/CD with automated checks?
* Get the backdoor past DevOps?
* Not be queried by any other team mate who has to merge my code into theirs later?
Let alone how I explain my time on non-sprint activity...
The minute you get the call from the Gov for this is the moment you've lost your job.
Maybe we need some kind of canary code in our applications so that if the code is removed the company knows that a backdoor has been installed an that the employee can't tell you it has been done and doesn't want to get fired for it... The company will know who made the change and will maybe forgive.
If any roots exist they should be immediately pulled from data stores.
All intermediate CAs of any companies operating in Australia should be revoked immediately.
Generally there are two ways this will work:
1. Companies/corporations that build or provide services using uncrackable encryption get fined and then sanctioned until they either build in backdoors or go out of business/leave the country.
2. Users of such services get fined or imprisoned until they render their passwords. Use of hard encryption first becomes evidence of wrongdoing, and then conclusive proof of it.
Will eventually be rolled into the omnibus citizen-slave bill.
Actually, the right supports privacy and encryption.
Of course they do.
Ezekiel 23:20
No one will even notice... except them.
hold back an OS and telco who have to help a 5 eye gov/mil?
Domestic spying is now "Benign Information Gathering"
So, does this law mean https:// in general, bitcoins of most of the world, etc and apps like WhatsApp and Telegram will just now not be available in Australia?
PGP just died in Australia too, unless you include a key from the government. Do they release publicly the key to include?
It usually comes crashing down. In my experience Supreme Courts have a habit of wanting reasoning, procedures, redress procedures, limitations and implementations explained to them. Then the inconsistencies come to light in a forum they cant bullshit their way out of. I've seen numerous instances were courts asked the government if they had a severe case teh dumb.
No, only if the law is unconstitutional.
The law now says that if you, as an IT professional, do not comply you are deemed not in compliance and subject to fine ($60,000) and jail terms (up to 10 years). Additionally, you are subject to the liability from users who take legal action to recover damages if they were the victim of a subsequent crime because the government's actions - how is that for a stroke of cuntishness if you want to try to protect you users privacy.
If you do comply you are obliged to keep the actions you have complied with secret or face ($30,000) and 5 years jail and the users have no recourse to recover damages as a result of the consequences.
My ism, it's full of beliefs.
Perhaps my understanding of encryption is lacking, but don't some companies use "end to end" encryption in their products (eg. iMessage). And don't such forms of encryption only allow the sender or receiver to encrypt/decrypt?
How can Australia "force" Apple to decrypt this type of data when it is intercepted?
Or am I missing something?
This means someone is _forced_ to implement code required by the government under thread of imprisonment.
US: Nobody can do anything more embarrassing than us. Just look at the 'president' we've elected.
Australia: Hold my beer...
And who gets to decide if you've "provided as much technical assistance and information as possible"?
The prosecutor charging you with a crime presumably.
And on what basis will they make the decision?
Whether they got the information they were looking for of course.
Won't blocking encryption just make people hide their encryption, thereby the interwebs will create tools to enable hiding encryption easier. Everyone will just share what looks like cat videos.
There's a rather straight forward solution to this problem, but I doubt tech companies have the backbone to do it. Every tech company should stop selling their products and services to Australia until this law is reversed. Take away the iPhones, Facebook, Android, and every all website from anyone in Australia. Let the people of Australia decide if they want these gadgets or if they want a government that can break encryption.
So if this law passes, the USA, UK, Canada etc will forward all their traffic through Australia...
Are they going to pass a law preventing people from doing and learning abou discrete logrithic math altogether?
Companies bulding encryption into their product is absolutely worthless. I don't trust any app that provides its own security/encryption. I don't trust the company to not give it up. For example any cloud company wanting me to use their service. I'll encrypt my data locally using encryption tools that I control and upload a pre-encrypted blob to your cloud if I want to use your service.
Digital is, by definition, imperfect. Analog is the way to go.
Will this bill affect the secrete language my brother and I made upe as children? What if he lives in another country?
Obviously, after this, there is no encryption in publicly available apps in Australia. My questions is if the new law makes it a crime to user your own encryption. If it is, then encryption is totally broken in Australia. If not, for those who care, there will be ways around this.
Some settling may occur during posting.
For those needing it, personal watermark encryption will make this vote inoperative.
eprint.iacr.org/2018/212.pdf
How to Subvert Backdoored Encryption: Security Against Adversaries that Decrypt All Ciphertexts
Thibaut Horel et al
Abstract
In this work, we examine the feasibility of secure and undetectable point-to-point communication in a world where governments can read all the encrypted communications of their citizens. We consider a world where the only permitted method of communication is via a government-mandated encryption scheme, instantiated with government-mandated keys...
Let's get busy.
If your government outlaws something, just don't do it or move to another country. What is encryption to you that you should be putting your and your family's well-being at risk because of it? Obey the law, conform. It's not hard. Swallow your pride, you're one among many, a part of a community. Accept the rules. You would be surprised at how good life can be when you don't play rebel without a meaningful cause.
As long as it's only them using it or they have a backdoor.
Easy to cut them off from the world. Cut the cables to the island and end all travel to and from it. Done.
If the government takes your computer, or device, there will be nothing to decrypt.
Does the also require passwords to online storage?
Math
They deprive you of your rights to own a firearm without permission.
Now they deprive you of any right to privacy.
I don't think I like where this is headed. :|
Spooks and Cops have tried and failed a couple of times to pass "lawful access" provisions into law in Canada. Strong push-back on what has been euphemistically rebranded "awful access" has so far succeeded in shutting this down. See: http://www.michaelgeist.ca/tag...
Coded messages would float completely under the radar, they're not encrypted as far as any algorithm is concerned.
Or they could use encrypted or unencrypted messages embedded in something else. Steganography. Unencrypted would be fine and probably legal under the new law. If you set one bit in each word in a losslessly stored image such that the nth bit in the low-order nibble of the low-order byte is the nth bit in a message, but the message itself is not encrypted, then your storage is just a file system. An inefficient one, but still just a file system.
The people who suffer are small businesses, banks, eCommerce vendors, software vendors (since encryption is how you guarantee safe delivery), hospitals (since distributing medical records will now have to be done on paper) and aviation (Australian airlines cannot meet EU data protection standards for passenger records and cannot prove flight worthiness to EU standards).
The extent they suffer will be random, based purely on Dame Fortuna, Baccus and Randomus Factoria, not on common sense, rational thought or logic.
It's a pity the UN can't ban stupidity. Sadly, they haven't the wits.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Looking in outstanding mode but have folk who
* Actually read the act
* Read amendments
* Informed debate on how this cascades
* Impact on companies and customers
Everything native wants to kill you. Including the government.
If I was any company potentially affected by this, and the data security of my customers was important to me, I'd probably pull my services out of Australia over this, and that's precisely what I'd recommend to any and all companies operating in Australia at this point in time. This is utter and complete bullshit from the Australian government and it should not be allowed to stand.
..and as others have pointed out in this instantiation of this subject, as in past conversations about it, as in many comments of my own in the past: now that encryption-for-all is essentially worthless in Australia, only Australian criminals, and terrorists, and other 'ne'er-do-wells' will have encryption -- and the idiotic Australian govenment will have no way to 'force' anyone to unlock any of that. Only legitimate communications, transactions, and data will be compromised.
The depths of utter stupidity our species is capable of astounds me. It's no wonder, if there are actually starfaring alien civilizations in our galaxy, that they would refuse to reveal themselves to us. Things like this are an embarassment.
First they confiscated guns,
- then they declared opposition and whistleblowers -- as mentally ill, and forced them in to psychiatric treatment
- then they forced everybody to declare and store their cache at government controlled banks.
- Now they removed electronic privacy protection
What's next Australia?
You need to think this through and not fall into a partisan trap. The left wants more power for a leftist government, and the right wants more power for a rightist government. Any candidate with enough integrity to be for the people won't get elected for the reason of avoiding gutter politics.
The IRA managed to operate for decades. There were no computers, there was no cellphones, there was no 256bit encryption.
Messages can be passed by the colour of a t-shirt someone wears, what news paper gets delivered, hell google "Numbers stations" to see how all of that is in the open, and yet indecipherable. It can be as simple as walking from left-right past a shop vs right-left, the ways to disguise communications are endless. Once these terrorists dump their cellphones, there will be no location data, no meta data, no phone tracking, nothing, the police have actually made their life HARDER.
This will be the US government having put pressure on Australia, because the US knows they will be given any keys, means of cracking that Australia gets, all without having to deal with the US legal system. The US government has simply off shored their problem with the constitution and will get what they want without involving the Legal system.
The Pure Slaves representatives sold them out to the queen again, such a pity. Anyone up for tea and crumpets?
Seems like it might be time for the queen to fire the government again.
-- begin thought --
ujrz ndj
-- end thought --
Socialism requires the democratic ownership of the means of production.
If there isn't democratic ownership of the means of production ... it's not fucking socialism.
So what were these "socialist experiments" if not socialism? They were capitalism, simple as that.
I tweeted last night an idea on how we could possibly get this repealed. I decided to put my money where my mouth is open source; open community; http://internetprotests.com/wh... If we the internet join together; I believe we could get it repealed. Guess that depends on how much the people are willing to do to work against it... Just complain or actually do something about it.
I like how it's ALWAYS the "leftists" fault. You've gotten used to standing in the conservative shit pile and don't even smell it any more. How about you take some of that personal responsibility you're always on about and stop blaming our side, ya know the side that lost the election. You had all the branches and didn't get a goddamned thing done but pay your donors off.
TRUMP WON GET OVER IT
The ruling class exist. They hold power because they own everything.
Voting is just a show to legitimize their total ownership of societies output.
You only ever get to pick between carefully screen candidates.
Real democracy would necessarily include the workplace. Currently we have workplace dictatorships, and bourgeois democracy.
Sorry that you've been brainwashed (by corporate media) into believing class doesn't exist. However society is split into two irreconcilable classes, and there is almost no mobility between the two.
Even in Oz there are people who think that simple legislation can change the value of pi to 3.000.
{+_+}
"It just means there will be a plethora of hidden encryption apps used exclusively by [strike] those who plan to do evil [/strike]" ... those who despise the government's surveillance. The only ones doing evil are the criminals acting in the name of this rubbish government.