Australian Government Passes Law Forcing Tech Companies To Break Encryption

from the nice-one,-idiots dept

The Australian Parliament has passed a law ordaining compelled access to encrypted devices and communications. The legislation was floated months ago and opened up for comment, but it appears the Australian government has ignored the numerous complaints that such a law would violate civil liberties and otherwise be an all-around bad idea. But that's OK. It's completely justified, according to the Prime Minister.

Scott Morrison, Australia’s prime minister, told local radio on Thursday that encryption laws were necessary to target Islamist terrorism, paedophile networks and organised crime. “These laws are used to catch the scum that try to bring our country down and we can’t give them a leave pass,” he said.

Sure, and if innocent people find their communications compromised by government-mandated holes, so be it. The law was rushed through Parliament in a late evening session since every moment wasted was just one more leave pass for scum. Legislators promise to review the law in 18 months to ensure it hasn't been abused or created more problems than it's solved, but let's be honest here: how often does legislation like this get clawed back after a periodic review? It's never happened in the history of the laws governing our surveillance programs, even after leaked docs exposed unconstitutional practices and widespread abuse of surveillance authorities.

Here's a short summary of the new powers the legislation hands over to law enforcement and national security agencies:

The law enables Australia’s attorney-general to order the likes of Apple, Facebook, and Whatsapp to build capability, such as software code, which enables police to access a particular device or service.

Companies may also have to provide the design specifications of their technology to police, facilitate access to a device or service, help authorities develop their own capabilities and conceal the fact that an agency has undertaken a covert operation.

This law will go into effect before the end of the year. How it will go into effect is anyone's guess. The law provides for compelled access -- including the creation of new code -- but no one seems to have any idea what this will look like in practice. The new backdoors-in-everything-but-name will be put in place by developers/manufacturers at the drop of a court order, with the onus on the smart people in the tech business to iron out all of the problems.

The law only prevents the government from demanding that "systemic weaknesses" be built into devices or programs. Everything else is left to the imagination, including the actual process of introducing code changes in multi-user platforms or targeted devices.

An actual software developer, Alfie John, has put together a splendid Twitter thread pointing out the flaws in the government's assumptions about software development. Since the compelled participants are forbidden from discussing surveillance court orders with anyone (which would include coworkers, supervisors, the general public, etc.), these requested alterations would have to be implemented in secret. The problem is coding changes go through a number of hands before they go live. Either everyone involved would need to be sworn to secrecy (which also means being threatened with jail time) or the process falls apart. Changes ordered by a court could be rejected by those higher up on the chain. Worse, the planned encryption hole could see the compelled coder being viewed as a data thief or foreign operative or whatever.

Law enforcement is going to have to make everyone involved in the product/device complicit and covered under the same prison threat for this to work. The more people its exposed to, the higher the chance of leakage. And if the code will break other code -- or the request simply can't be met due to any number of concerns -- the government make ask the court to hold the company and its personnel in contempt for their failure to achieve the impossible.

To make matters worse, the company targeted with a compelled access request may be monitored for leaks before and after the request is submitted, putting employees under surveillance simply because of their profession.

In some cases, the only weakness that can be introduced will be systemic, which will run contrary to the law. How will the government handle this inevitable eventuality? Will it respect the law or will it simply redefine the term to codify its unlawful actions?

Even if all of this somehow works flawlessly, users of devices and communications platforms will be put at risk. Sure, the compelled access might be targeted, but it will teach users to distrust software/firmware updates that may actually keep them safer. The government may even encourage the forging of credentials or security certificates to ensure its compelled exploits reach their targets. And just because these backdoors theoretically only allow one government agent in at a time, that doesn't mean they aren't backdoors. They may be slightly more difficult for malicious actors to exploit, but once the trust is shattered by compelled access, other attack vectors will present themselves.

It's a terrible law justified by the spoken equivalent of a bumper sticker. And it's going to end up doing serious damage -- not just in Australia, but all over the world. Bad legislation spreads like a communicable disease. If one democracy says this is acceptable, other free-world leaders will use its passage as a permission slip for encryption-targeting mandates of their own.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, backdoors, compelled access, encryption, moral panics, secrecy, software development, terrorism


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Ninja (profile), 10 Dec 2018 @ 9:40am

    So any security conscious person has to avoid Australia and its products like the plague and cyber criminals know where to make easy money now.

    " Bad legislation spreads like a communicable disease."

    Or it'll produce so much damage it will be that case-study to be mentioned for years that will put an end to any new "going dark" discussion that involves weakening encryption.

    Also, sine when Australia became a prototype for totalitarianism?

    link to this | view in thread ]

  2. identicon
    Anonymous Coward, 10 Dec 2018 @ 9:50am

    The tech companies best technical approach would be remove ALL encryption from ALL devices while posting a method for the end user to place what encryption on the device from none to unbreakable by anyone they desire. This places the government burden where it should be between the user and the government.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 10 Dec 2018 @ 9:55am

    Re:

    ...Or just remove themselves from Australia.

    link to this | view in thread ]

  4. identicon
    Anonymous Coward, 10 Dec 2018 @ 9:58am

    time for 'the likes of Apple, Facebook, and Whatsapp' to do a google and pull out of Oz! what a shame that keeping their coffers boosted as much as possible is more important than protecting their customers!!

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 10 Dec 2018 @ 10:06am

    Ok, you go first

    So, I have said this before: why don't we start with the dear members of parliament that have voted for this nonsense.

    Force them to use backdored versions of e-mail programs, web browsers, instant messaging, photo sharing, etc.
    All the things they use for private communications.

    And, if there are no problems, complaints, leaks or stolen identities, the general population will follow in a couple of months...

    link to this | view in thread ]

  6. icon
    John85851 (profile), 10 Dec 2018 @ 10:09am

    Just wait until it happens to them

    The only way this law will get clawed back is if something bad happens to them.
    Let's say Google actually installs a government-mandated back door in the Android operating system. How long will it be until "bad guys" (meaning anyone against this dumb law) takes advantage of the back door and hacks into every government phone?

    And like you said, bad laws spread. How long will it be until China, Iran, or even England says US companies have to install back doors for use in their countries as well?

    link to this | view in thread ]

  7. icon
    That Anonymous Coward (profile), 10 Dec 2018 @ 10:14am

    So the Australian Government is going to offer full transparency of their communications now right?
    They have nothing to hide do they?
    They should be at the forefront of opening themselves up to review, I look forward to the texts telling you this was a good idea, your lucky numbers of the day, & your horoscope.

    link to this | view in thread ]

  8. icon
    Uriel-238 (profile), 10 Dec 2018 @ 10:19am

    Now we get to see if it wrecks the economy.

    My thought exactly, Australia has decided to be the test case for crypto mandates.

    I'm curious what happens when a company such as Apple makes a system that is difficult to break (takes decades) and then is mandated to help law enforcement break it.

    At any rate, it's good cause for such corporations to move all assets out of Australia.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 10 Dec 2018 @ 10:19am

    I think tech companies should just take their ball and go home. What would happen if all major tech industries just left Australia?

    link to this | view in thread ]

  10. icon
    Ninja (profile), 10 Dec 2018 @ 10:23am

    Re: Now we get to see if it wrecks the economy.

    "At any rate, it's good cause for such corporations to move all assets out of Australia."

    Yeah, this should be another aspect to watch. If it costs them financially it'll be another incentive not to apply it to other countries.

    And also which companies have the spine to simply move out instead of capitulating to the insanity.

    link to this | view in thread ]

  11. icon
    Ninja (profile), 10 Dec 2018 @ 10:25am

    Re:

    Easier said than done. And in the end the lack of encryption would end being shooting themselves in the foot because people would blame the companies for the problems not the govt. This is stupid politicians screwing up. They should be the ones taking the heat.

    link to this | view in thread ]

  12. icon
    Ninja (profile), 10 Dec 2018 @ 10:27am

    Re: Just wait until it happens to them

    It would be a whole new level of dumb if they didn't exclude govt stuff. But hey, they approved a dumb law so who knows.

    link to this | view in thread ]

  13. identicon
    WysiWyg, 10 Dec 2018 @ 10:29am

    Won't the "bad guys" just switch to uncompromised encryption?

    link to this | view in thread ]

  14. identicon
    theycanpoundsalt, 10 Dec 2018 @ 10:44am

    screw them

    what the hardware companies/tech manufacturers should do is design hardware/software to allow the user to set their own encryption standard. Then no one but the end user can crack it.. .screw them.

    link to this | view in thread ]

  15. icon
    Uriel-238 (profile), 10 Dec 2018 @ 10:46am

    The "Bad Guys"

    The actual bad guys might, but if Australian law enforcement is like US law enforcement they don't really want to catch them. Rather they're going for the low-hanging fruit of people who post their ill-gotten gains on Facebook.

    Actual terrorists with real encryption, real guns and real agendas? Better to just let that fire burn.

    link to this | view in thread ]

  16. identicon
    Capt ICE Enforcer, 10 Dec 2018 @ 10:49am

    Easy solution

    Access to every computer on and off the internet in 2 steps.

    1) USERNAME: ADMIN
    2) PASSWORD: 12345

    link to this | view in thread ]

  17. icon
    Bt Garner (profile), 10 Dec 2018 @ 10:50am

    Re:

    I was thinking the exact opposite, that now is a great time to move to Oz and join the IT Organized Crime Illuminati (ITOCI).

    link to this | view in thread ]

  18. icon
    Uriel-238 (profile), 10 Dec 2018 @ 10:55am

    Forcing open source

    Considering the rules requiring that the companies must give law enforcement access to the code and standards, this will encourage the companies who do comply to make their standards resistant to exploitation.

    Given enough eyes, all bugs are shallow. But when some eyes are known to be adversarial, we might be even more driven to find and fix exploits.

    link to this | view in thread ]

  19. identicon
    President Skroob, 10 Dec 2018 @ 11:03am

    Re: Easy solution

    Hey I have the same combo on my luggage.

    link to this | view in thread ]

  20. icon
    ShadowNinja (profile), 10 Dec 2018 @ 11:27am

    Re: Now we get to see if it wrecks the economy.

    Honestly, it wouldn't surprise me if some big tech companies would just say "screw it, we aren't putting our users & employees at risk" and just voluntarily pulled out of Australia.

    Australia's economy is simply not that big, and not that many people live there. They don't have the clot or money that the entire EU had to effectively enforce GDPR on the planet.

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 10 Dec 2018 @ 11:33am

    Re: Re: Just wait until it happens to them

    how would they exclude govt stuff? are they going to require google write a separate version of android without the vulnerability they required google to build into android, or do these tech-illiterate bureaucrats plan on sitting down and writing their own operating system to be used on all government electronics?

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 10 Dec 2018 @ 11:33am

    The "companies" affected by this will do whatever it takes to maintain the highest possible profit margins, that is their mandate to the shareholders, that is how it works.

    There are people in those "companies" that have been working those scenarios for years. Top People.

    link to this | view in thread ]

  23. icon
    Ninja (profile), 10 Dec 2018 @ 11:38am

    Re: Re: Re: Just wait until it happens to them

    Why wouldn't they? If you are not the one lifting the weight why not ask everything? Same with copyright. They want all the cake with minimum effort.

    link to this | view in thread ]

  24. identicon
    Anonymous Coward, 10 Dec 2018 @ 11:43am

    Re: The "Bad Guys"

    All the better to use the next 'incident' to demand more stupid "Tough New Laws", won't somebody think of the children, blah, blah, blah.

    link to this | view in thread ]

  25. identicon
    Anonymous Coward, 10 Dec 2018 @ 11:47am

    Re:

    Murdoch would like that, then the advertisers will return to traditional media & spend some of their $3 billion at News Corpse.

    If Murdoch can't get a publishers tax on Google for linking to News Corpse then this will do quite nicely.

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 10 Dec 2018 @ 11:52am

    "We want 1+1 to equal 3."

    "That's mathematically not possible."

    "What if we just made 2 illegal?"

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 10 Dec 2018 @ 12:29pm

    Re: Re:

    Who said anything about ending encryption?

    The tech companies can not compete against government.

    What the tech companies id provide information on who does provide encryption with out running afield of law.

    For example.
    XYZ sell you a phone.
    XYZ then suggest that you would be better served by downloading, for free, encryption from QRS, WER, ERT, et who are members in the ENC Encryption network.
    Also, XYZ makes donation and provides technical expertise to the ENC Encryption network.

    XYZ problem is solved. They provided an open phone. The user downloaded and install encryption after they purchased the phone. If there is some problem with this it is between the purcher and government not the manufacturer and government.

    link to this | view in thread ]

  28. identicon
    Anonymous Coward, 10 Dec 2018 @ 12:34pm

    Re: Now we get to see if it wrecks the economy.

    Australia has decided to be the test case for crypto mandates.

    It's not so new. America had its export prohibitions in the 90s, while crypto was basically illegal in France. Then there was (is) RIPA in the UK.

    link to this | view in thread ]

  29. icon
    ECA (profile), 10 Dec 2018 @ 12:46pm

    REALLY??

    "Scott Morrison, Australia’s prime minister, told local radio on Thursday that encryption laws were necessary to target Islamist terrorism, paedophile networks and organised crime. “These laws are used to catch the scum that try to bring our country down and we can’t give them a leave pass,” he said."

    1. do you think your Gov. reps will adhere to this, or walk around the Checkpoint??
    2. IF' I dont want you to scan my Phone, I wont take it.. I have this little compartment in my shoe, want a smell?? How many Micro SD do you think I can stuff in there..forget that, 1-256gig will do.
    3.Pedophilia?? Im more worried about your sheep..(old joke)
    4. Pedo..Generally its a family thing, unless you are Rich and can afford Slavery..A good lawyer, and your OWN PLANE.. and Bangkok is Right over there..

    This is just Justification, created by the Music/movie boards.. Anything to give the right/ability to Charge you with other crimes to circumvent the true USE/MEANING, that they will ADD to the end of this law.

    Australia is an international port..They are in the middle of ALL OF IT.. From Bollywood to Hollywood.. and the RIAA has created some interesting Agencies in other countries, JUST to get control of ALL the music created around the world..
    Which is strange, because FEW nations acknowledged OTHER countries COPYRIGHTS..

    link to this | view in thread ]

  30. identicon
    Ryu, 10 Dec 2018 @ 12:47pm

    Hmmm

    Another example of old People that don't understand the Internet. We should make laws to make know about the things before making laws about t

    link to this | view in thread ]

  31. icon
    That One Guy (profile), 10 Dec 2018 @ 12:59pm

    'Can't let those amateurs show us up after all.'

    Scott Morrison, Australia’s prime minister, told local radio on Thursday that encryption laws were necessary to target Islamist terrorism, paedophile networks and organised crime. “These laws are used to catch the scum that try to bring our country down and we can’t give them a leave pass,” he said.

    Great, so when can the australian public expect you to be arrested and fined extensively if not thrown into jail?

    ... oh, you meant scum attempting to bring the country down other than yourself. I see.

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 10 Dec 2018 @ 1:26pm

    Welcome to the Peoples Democratic Fascist Republic of Oztraya.

    link to this | view in thread ]

  33. identicon
    Anonymous Coward, 10 Dec 2018 @ 1:36pm

    Re:

    There is no "mandate" to shareholders. If not the fact that all the company execs are also shareholders there would be no major motivation for keeping shareholders happy. Because the C-level execs are shareholders there is every reason to do so but there is no law that says they must.

    link to this | view in thread ]

  34. identicon
    Anonymous Coward, 10 Dec 2018 @ 1:45pm

    You only scum compared to Krusty!

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 10 Dec 2018 @ 2:03pm

    Re: Re:

    Maybe not a law with criminal punishments, but it can be valid grounds to be sued.

    link to this | view in thread ]

  36. identicon
    Daydream, 10 Dec 2018 @ 2:04pm

    For eff's sake, we just HAD the state election...

    Any chance that we can re-do the election? If this is what the idiots do once their position is secured for 4 years...

    link to this | view in thread ]

  37. identicon
    Dan Under, 10 Dec 2018 @ 2:20pm

    Re: Re: Re: Re: Just wait until it happens to them

    The Australian Government isn't going to write their own operating system because, as with every other technology they seem to use, they just buy it in from elsewhere, usually from the USA.

    Those drongos haven't coughed up the brass razoos to support anything home-grown like that in the past and they won't do it now.

    Now if they could only install backdoors in bushfires, floods, cyclones, coal seam gas-caused water poisoning, and dust storms, they'd be on a winner.

    link to this | view in thread ]

  38. identicon
    Dan Under, 10 Dec 2018 @ 2:25pm

    Re: For eff's sake, we just HAD the state election...

    As SCOMO and his mates will be happy to tell you, a state-wide wipeout of the coalition parties doesn't matter federally because "those are only state issues", blah blah

    link to this | view in thread ]

  39. icon
    TruthHurts (profile), 10 Dec 2018 @ 2:36pm

    Say goodbye to technology companies Australia

    Technology companies, insurance companies, accounting companies, any company that relies on encryption (including encryption at rest / encryption for backups / encryption for databases) will be saying goodbye to Australia.

    Global fortune 100s, 250s, 500s, will all be shuttering operations in Australia because they will not be able to use "real" encryption. They'd only be allowed to use "phakencryption" which would violate all kinds of global laws that require real encryption to protect personal information like financial transactions, health information, identification information, etc.

    I can't wait for all their government secrets to be exposed because they switched to "phakencryption" for all of their services to use.

    link to this | view in thread ]

  40. icon
    TruthHurts (profile), 10 Dec 2018 @ 2:43pm

    Re: Easy solution

    lol - easier circumvention

    USERNAME: admin
    PASSWORD: !@#$%

    link to this | view in thread ]

  41. icon
    TruthHurts (profile), 10 Dec 2018 @ 2:48pm

    Re:

    I work for a large global corporation that employs thousands of Australians.

    They are already looking at what it will take to exit Australia entirely because following Australia's "phakencryption" law will make us liable to global lawsuits and security audit findings that could cost us billions in fines.

    ie - Most countries outside of Australia require "real" encryption that cannot be broken by outside entities.

    Australia has just made itself the bane of global corporations.

    link to this | view in thread ]

  42. identicon
    J5892, 10 Dec 2018 @ 2:54pm

    Basically, Australia just made tech companies illegal.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 10 Dec 2018 @ 2:58pm

    Re: Re: Re:

    Did you miss the bit where the government can demand the manufacturer to update the device. The government says to the manufacturer provide use with the decrypted data from the device using our key by uploading a suitable program to the phone, and it does not matter what encryption is being used.

    On possible effect of this law is the Government insisting that the device manufacturers provide an update channel that the user cannot see or turn off.

    link to this | view in thread ]

  44. identicon
    DOlz, 10 Dec 2018 @ 3:19pm

    This is apparently the Australian governments plan to attract Amish immigrants.

    link to this | view in thread ]

  45. identicon
    idiots, 10 Dec 2018 @ 3:26pm

    the idiots we had to have

    sco mo is doing badly at the polls and are going to be wiped out. this is the last ditch stand that they thought could give them traction at the next election. unfortunately for them labor also supported this bad legislation. they are doomed at the next election and now dont have an ace up their sleeve like they thought they would have. this is why the world is not safe.

    link to this | view in thread ]

  46. identicon
    Anonymous Coward, 10 Dec 2018 @ 3:56pm

    I find it highly amusing that anyone would still think that making any sort of encryption workaround or side access won't come back to bite them.

    People, groups, and nation states are CONSTANTLY attempting to break into things... as of right now, all the time... affecting devices that are considered secure... and many times succeeding. Once it is known that exploits or external/"public" keys exist the bad people attempting to break in to anything/everything will see an exponential growth in success.

    Regardless of who controls or maintains the code/keys/software/etc. someone will eventually figure it out and exploit it. Look how long it normally takes for new DRM to be cracked and circumvented, or how ridiculously quick the Pwn2Own tournaments produce root level access to devices. And the Aussie government wants to make it even easier??

    link to this | view in thread ]

  47. icon
    TruthHurts (profile), 10 Dec 2018 @ 4:37pm

    Re: Say goodbye to technology companies Australia

    Hmmm, perhaps "phrankencryption" would be a better "term" to use for what the Australian government will call encryption after it's been dismembered, and all the dead pieces are put together with an "Abbie Normal" brain.

    link to this | view in thread ]

  48. identicon
    Capt ICE Enforcer, 10 Dec 2018 @ 4:50pm

    Response to: Anonymous Coward on Dec 10th, 2018 @ 11:52am

    Umm. 1+1 does equal 3. If you don't use a condom. Shoot. Sometimes it can even equal 4 or more. I know... Mind blown.

    link to this | view in thread ]

  49. icon
    TruthHurts (profile), 10 Dec 2018 @ 5:50pm

    Re: Forcing open source

    backdoor = exploitable, period, end of discussion.

    There aren't enough eyes, hell, there haven't been enough eyes on the combined numbers of humans ever alive to make "backdoored" encryption safe.

    It's statistically impossible to do with software (which includes software tokens, and hardware tokens are just customized hardware running software token code).

    At some point in the distant future, when they've stabilized n-factor qubits, they may be able to send physical encryption/decryption keys, one with vendor, one with device/software, one for NSA, one for KGB, one for 5-eyes, etc, drek-cetra, one thousand for hackers round the world for a pittance of the proceeds.

    link to this | view in thread ]

  50. icon
    TruthHurts (profile), 10 Dec 2018 @ 5:55pm

    Re:

    Hmmm - perhaps they were thinking string, then string to binary conversion?

    "1" + "1" = 11 (binary) - convert to "3" (decimal)??

    That seems to be the level of unthinking that the Australian government is shooting for.

    Maybe they'll call that OzBinDecMath? I'd think it would better to call it "MethMath" as only someone on drugs would think that was right.

    Has anyone checked the Australian government peeps homes for meth labs in their basements?

    link to this | view in thread ]

  51. identicon
    Anonymous Coward, 10 Dec 2018 @ 7:39pm

    Re: Response to: Anonymous Coward on Dec 10th, 2018 @ 11:52am

    Actually due to meiosis, Reproductive cells only have half the chromosomes of a normal cell.

    So it's more like .5+.5=1

    Twins and any higher counts of fetuses in the womb won't help that map match your numbers.

    for three babies, it would be .5+.5+.5+.5+.5+.5 = 3
    Or 3(.5+.5) = 3

    link to this | view in thread ]

  52. icon
    Bergman (profile), 10 Dec 2018 @ 7:44pm

    Re:

    We can only hope that the communicable disease is so swiftly fatal that the rest of the world quarantines the plague-ridden before it can spread.

    link to this | view in thread ]

  53. icon
    Bergman (profile), 10 Dec 2018 @ 7:48pm

    Re: Re: Re: Re:

    Yeah, but how would the manufacturer of the device decrypt the data when they don't have a key to it, never had a key to it and never will have a key to it?

    At worst the manufacturer might be able to give the government the encrypted files, but they'd already have that from seizing the device itself.

    link to this | view in thread ]

  54. identicon
    Smartassicus the Roman, 10 Dec 2018 @ 10:14pm

    Justa Thought

    mSsBXb3CgQc7h50qb6pq
    vEkc9JOGVkdvGEhIsJyF
    6R1oxQyNRAHNcTS9h1nI
    qUcXeedsID2N8c8eGNBY
    JzWQo0gkRfmxLhNMfGl1
    KMLbIIzdUvfuj5Sqakba
    izCLPZIMbo4zGEumDS7j
    uzDNtjjptlbZC2B6org4
    f4a1iAlh3Wx54ahqNFN5
    zjDt8IbHRm9jjcwRYnCW
    AT6oBtSNoWzLC4Wi3zkG
    0scQyNzt9yWusn0FB6RO
    gNmIotRFvFVJB4gUpaps
    lQMIsgjtfNTAcYMlU2m1
    mhMd8nhOvr8TCS44kNOk
    UGk6LKxvCUA3tBdk8SVh
    8pkuYxaUOW57lucivpzC
    o8jpLgSk3Rzmng1cuV1x
    yi3pYBmIlivp4GV2pHfb
    BH4sGD9QnqTDgGFqJwkk

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 10 Dec 2018 @ 10:17pm

    Re:

    So any security conscious person has to avoid Australia and its products like the plague and cyber criminals know where to make easy money now.

    If you haven't already removed any and all TLS certs issued by Australian CAs from all trust stores* under your control you're at risk.

    Further, if any security agency / CA doesn't pull out completely from Australia and refuse to abide by any of their requests or send their people there, distrust them as well*.

    Also start keeping tabs on Microsoft, Apple, Google, Mozilla , Samsung, any device manufacturer, OS distro developer, etc. If anyone of them start issuing "updates" that contain pre-compromised code, distrust them*, disable automatic updates (you've done that already right? And uninstalled Windows 8 & 10?), and make their treachery known far and wide. Shout it from the roof tops if you have to, because preventing this disease from spreading requires a populous to disobey the assholes implementing it. Civil disobedience is the word, and if it's a fight these assholes want, they've found one.

    *: Assuming you're able to with things like Secure Boot and it's ilk around. God, that's painful to say. We're going to need exploits just to get rid of the Australian's, and soon to come others', exploits.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 11 Dec 2018 @ 12:09am

    Re: Re: Response to: Anonymous Coward on Dec 10th, 2018 @ 11:52a

    Considering it was an "ICE Enforcer" that posted the comment you responded to, you're allowing yourself to be pre-occupied by refuting their attempt at distorting reality to uphold their own bullshit.

    Please stop that. Much like them the only thing productive you're doing is creating hot air.

    link to this | view in thread ]

  57. icon
    The Central Scrutinizer (profile), 11 Dec 2018 @ 1:10am

    Prime Minister Scott Morrison, un-elected king of the muppets.
    A bunch of technologically illiterate morons sound the klaxon call of the four horsemen of the apocalypse; pedophiles, terrorists, drug dealers and criminals (I would have have thought they all fall under the heading of criminals, but no matter).

    Then the legislation needs to be passed "to keep us all safe over Christmas/New Year". What a steaming pile of merde. No one is going to actively back door their hardware or software in the next 2 weeks. Ain't gonna happen.

    Do I really need to go on?

    It'll break the Internet, maybe not tomorrow or next week, but it wiil.

    Also, hang you head in Shame, Bil Shorten.

    link to this | view in thread ]

  58. icon
    That One Guy (profile), 11 Dec 2018 @ 1:19am

    Re: Say goodbye to technology companies Australia

    No worries, I'm sure a mass-exodus of companies from the country will in no way cause a massive hit to the economy, or have any other significant impact at all. And really, if they're so determined to 'try to bring [the] country down' as to be that dedicated to working encryption then Australia will surely be better off without them anyway.

    link to this | view in thread ]

  59. icon
    The Central Scrutinizer (profile), 11 Dec 2018 @ 1:35am

    Also, this idiot government is conducting the biggest industrial experiment in our history. They get to make business decisions for companies, saying "we want you to put this in your product".

    link to this | view in thread ]

  60. identicon
    Anonymous Coward, 11 Dec 2018 @ 3:48am

    Re: Re: Re: Re: Re:

    If they can force code onto your machine they have access to the decoded data, and can also capture keys when entered etc. Also, they can bypass any encryption that you have installed. The more locked down the operating system, the easier it is for them to take over your machine and control what it does, and what it send to whom.

    That is to say encryption becomes an illusion if somebody else can control your machines.

    For text only email an offline encryption decryption system based on the likes of Arduino would be very hard to compromise, as you control all the code from reading the SD card upwards, and changes in program size when you compile, on an offline Raspberry pi would also be visible.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 11 Dec 2018 @ 6:39am

    I am going to Be RICH.

    STEP1 Open Australian bank account.
    Step2 wait for website backdoor to be compromised
    Step 3 sue the bank and the Australian goverment for malfeasance.
    Also sue the prime minister personally since you can BET he has people taking advantage of these back doors for
    illegal
    profitt.

    link to this | view in thread ]

  62. identicon
    T March-Hare ("I'm Late!"), 11 Dec 2018 @ 9:53am

    Always amusing to see unrealistic views!

    1) No large corporation is going to pull out of Australia for this or any other gov't law.

    2) Corporations do not share your weenie concerns, are totally amoral. Only motive is profit. If reduced, that'll annoy, but it'll be short term at most.

    3) Technically, won't require much beyond a master decryption key. Do-able, even easy. Refer to 2 above for the zero that corporations care about your privacy.

    4) You don't know that corporations haven't prepared for / are doing this already, direct cahoots with gov't. You just assume not.

    5) You should by now know that most "smartphones" can be gotten into by new gadgets, within hours. It's practicaly moot, anyway.

    Examples prove my view: Apple and Google, two of the largest corporations in world, which preen themselves on purity of liberal / libertarian / free speech / democracy and whatever else their PR departments put out, are TIGHTLY connected to Communist China, the most brutal and repressive gov't on earth. Apple for hardware built in factories that require suicide nets, and Google customizing the "Dragonfly" engine specifically to report dissidents.

    link to this | view in thread ]

  63. icon
    Uriel-238 (profile), 11 Dec 2018 @ 10:22am

    Mandated quiet device update vector.

    Sounds like Australia is going to be the land of the jailbroken phones.

    Appropriate!

    link to this | view in thread ]

  64. icon
    Uriel-238 (profile), 11 Dec 2018 @ 10:29am

    Backdoor = exploitable

    Sure, for the backdoored layer of encryption.

    But we already have public-access unbreakable encryption, and a number of open source implementations.

    So any business that wants to stay in business in Australia will either replace default backdoored crypto with available secure crypto, or will layer the secure crypto underneath it.

    When the postern only gets you into the gatehouse, it makes the sabotage mission really short.

    link to this | view in thread ]

  65. identicon
    Anonymous Coward, 11 Dec 2018 @ 9:31pm

    Re: Always amusing to see unrealistic views!

    China is Putin's friend with benefits. Donny's jealous!

    link to this | view in thread ]

  66. icon
    Anonymous Monkey (profile), 12 Dec 2018 @ 11:46am

    Re: Re:

    so swiftly fatal that the rest of the world quarantines the plague-ridden before it can spread

    Resident Evil zombie virus.

    link to this | view in thread ]

  67. icon
    Uriel-238 (profile), 12 Dec 2018 @ 12:43pm

    Re: Re: Re: Re: Re: Re:

    link to this | view in thread ]

  68. icon
    Uriel-238 (profile), 12 Dec 2018 @ 12:50pm

    Re: Re: Re: Re: Re: Re:

    If they can force code onto your machine they have access to the decoded data...

    This assumes the government knows what encryption the end user has installed, which is true if it's default.

    If it's not default then they're likely to get garbage, or worse, brick the phone.

    While this may catch some people off guard, any business operating in Australia larger than a mom-and-pop store is going to need to replace the default data encryption software with something else from outside Australia, or install a different operating system on the phone.

    Either that or risk being succeptable to attacks from rival companies, let alone Australian law enforcement.

    link to this | view in thread ]

  69. identicon
    Anonymous Coward, 12 Dec 2018 @ 3:19pm

    Re: For eff's sake, we just HAD the state election...

    This legislation had bipartisan support. So which of the party animals would you now trust. In the last few years, all the stupid draconian legislation had bipartisan support.

    Few, if any, of these politicians have any actual concern for the citizens of Australia.

    I have privately proposed that the way any legislation be passed is that it is mandatory for each member of parliament take each piece of legislation back to his or her electorate and get a response back from the electorate. An actual count of the Yes/No/No Response. From this, he or she will present this to parliament and a national count take place. Legislation only passes if the number of Yes votes exceeds the number of No votes and no Responses.

    One additional thing is that all legislation be fitted with a mandatory 3 year expiration clause that requires it to actually come before Parliament for renewal for another 3 years. again via the process of taking it to the electorate.

    Somehow, I think much legislation would never get passed and would simply disappear from the books. It would certainly make the pollies work for their quid quo pro.

    link to this | view in thread ]

  70. icon
    Scary Devil Monastery (profile), 28 Dec 2018 @ 6:53am

    Re:

    "The "companies" affected by this will do whatever it takes to maintain the highest possible profit margins, that is their mandate to the shareholders, that is how it works."

    Yup.

    And in this case that'll mean pulling out of australia if any part of what they do involves IT. Because if a multinational corporation has a branch in australia this new law now demands the entire corporation works without IT security.

    link to this | view in thread ]

  71. icon
    Scary Devil Monastery (profile), 28 Dec 2018 @ 7:09am

    Re: Always amusing to see unrealistic views!

    1) Yes they will. See, any company operating in australia must now operate without IT security - worldwide. Australia has now become a potential disaster without mitigation.

    2) Correct. Corporations are completely amoral. Hence why a law which mandates that NO corporate secret, price list, cost pricing, GM calculation and internal revenue sheet can be kept confidential will FORCE every company out of australia.

    3) You, sir, are an idiot. A master key means the second it leaks or is hacked for, EVERY encryption in australia is wide open to whoever holds a copy. Banks, Army, Government citizen indexes, etc. And that master key will be hot goods. Enough to be worth a billion USD in up front cash. It WILL leak.

    4) On the contrary, corporations will NOT operate with government on this. They can't. And by that I mean they literally can't. See above. Any company operating under this needs to accept having no secrets. At all. For any reason. Worldwide, if they have so much as a branch in Australia.

    5) Not really true. A smartphone is one thing because most people just won't secure it with more than a 4-digit pin or an easily subverted fingerprint reader. But smartphones aren't the issue here.

    "Apple and Google, two of the largest corporations in world, which preen themselves on purity of liberal / libertarian / free speech / democracy and whatever else their PR departments put out, are TIGHTLY connected to Communist China..."

    Not really true. Google and Apple are able to operate in China because they have agreed to screw their customers over with product limitations. If they had to issue a master key to their actual encryption then they'd have to leave. China knows this which is why no such master key has been requested. China, being paranoid, also does not want insecure encryption.

    Now go back and take a look at what lunacy Australia has demanded. That's right - an ubiquitous encryption backdoor which NOT EVEN CHINA was insane enough to ask for.

    link to this | view in thread ]

  72. identicon
    AJ, 8 Jan 2019 @ 7:10pm

    Re:

    The flaw with your statement is the assumption that this insane totalitarian law has anything to do ,beyond propaganda, with protecting people

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.