I'm sure the Chinese, their largest trading partner, will approve of this and take a keen interest in all the compromised-by-design technology the Australians will use to "protect" their business interests. They'll probably end up supplying most of that technology anyway. The Australians should be worrying about the backdoors they haven't been told about yet by the Chinese.
choeger 10 days ago [-]
This. I wonder why everyone in the security apparatus acts as if they will never be affected by these kind of requests. I can only imagine two possible answers:
1. They trust in legal exceptions for themselves (look at EU chat control exceptions), which implies a thinking closer to the Soviet Union than a real republic.
2. They think they're already compromised by "the Chinese" or any other state actor and just feel incompetent themselves.
consp 10 days ago [-]
3. They are arrogantly ignorant and haven't listened to any actual experts or ignored them and think it simply doesn't apply to them.
freilanzer 9 days ago [-]
they don't care who else has access as long as they have access and are thus able to control their populace.
RachelF 10 days ago [-]
When a reporter asked [ex] Australian Prime Minister Malcolm Turnbull about encryption:
“Won’t the laws of mathematics trump the laws of Australia?”
Mr. Turnbull reportedly responded:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”
suprjami 9 days ago [-]
Malcolm Turnbull is the Minister of Technology who canceled a brand new fiber broadband network to reuse rusty copper to roll out more expensive VDSL2 to give Rupert Murdoch a few more years of cable TV sales. Doublespeak is his native tongue.
Like all his LNP cronies, he should be in prison for treason.
simondotau 9 days ago [-]
Turnbull also claimed that domestic 1Gb connections are absurd because consumers wouldn’t pay the cost of a guaranteed non-contended 1Gb connection.
red-iron-pine 9 days ago [-]
Abbot was the PM when that axe fell; Turnbull being his Tech minister itself wouldn't have mattered as anyone in that role would have rolled over.
Like, Abbot would have given Telstra and Murdoch the house regardless.
lostlogin 10 days ago [-]
This is so ridiculous I assumed it made up. It isn’t.
Funny you should say trump and laws in the same sentence :)
Zuiii 10 days ago [-]
This news is completely within the country's character and doesn't come as a surprise when you've been following Australian news. Their government can already legally coerce citizens who work for foreign companies into compromising their employer while gaging them from informing said companies.
I'd go as far to say that this is a good thing. This law makes the risk of using Australian products more explicit.
RachelF 10 days ago [-]
Yes, the wise will stay away from any Atlassian product like Confluence and Jira.
GoblinSlayer 9 days ago [-]
The law applies to e2ee products, old school client-server products were always compliant with such laws.
Terr_ 9 days ago [-]
> while [gagging] them from informing said companies.
Does Australian law permit something like "warrant canaries"?
Even more. I'm sure companies don't hire Australians because of the law you mentioned.
defrost 10 days ago [-]
Coming at it both ways, from the people that bought us ΛNØM Phones | Operation Trojan Shield.
Need a secure phone for your next shipping container sized cocaine and cash exchange? Want something so secure you can only get it from a made guy who knows a guy who knows a guy?
Why not get yours fourth hand from a joint five eyes task force?
Clipper chips are now all in software. It's called Mobile Services Manager on Android and it's probably installed on your phone. Carriers can push any executable to your device and run it, all in the background. That's not to mention who knows what your fully integrated Qualcomm SoC CPU and baseband is capable of internally.
> Carriers can push any executable to your device and run it, all in the background.
Only for those that opt in, which is most automatically even if they are not aware of it.
pyinstallwoes 9 days ago [-]
How do you opt out?
DEADMINCE 9 days ago [-]
Use something like e/os and fairphone or grapheneos.
greenavocado 9 days ago [-]
You can't opt out of the SoC baseband. Who knows what is pushed over the air to the modem?
ranger_danger 10 days ago [-]
> An editorial in the Washington Post argued that "smartphone users must accept that they cannot be above the law if there is a valid search warrant", and after claiming to agree that backdoors would be undesirable, then suggested implementing a "golden key" backdoor which would unlock the data with a warrant.
What if there WAS a golden key of sorts, but it was split up (like "Shamir secret sharing") among several entities so that all of them would be necessary to decrypt the data (while also allowing for due process in cases of disagreement)? Obviously great care would have to be used when choosing the right entities and whom do not have any conflicts of interest or ulterior motives, as well as finding a way to prevent all the keys or whatnot from ever being in the same place at the same time, so that the golden key could never be stolen in its entirety.
I know that's not ideal and could still likely be compromised, but what other options are there for "tech companies to do more" in assisting law enforcement? I know CALEA/FISA/etc. is a thing in the US, but I'm talking about a possible "accountable encryption" implementation, which while may be impossible to be bulletproof, might be "good enough"?
saganus 10 days ago [-]
The problem is not a technologic one, it's societal.
It doesn't matter if you give a piece of the key to the ACLU, one to the EFF or whatever other entities one might think as "impartial" or "without conflict of interest".
As long as there is a law that allows the governnent to send Men With Guns® to these entities, they can and will be coerced.
FISA is the prime example. You can have all the laws you want, but as long as "they" have things like NSLs which prevent you from even having a lawyer without clearance to defend yourself, you are royally fscked.
(This case is in Australia so they might not have FISA or similar, but the point is the same)
> In 2018, the heads of Australia’s law enforcement and intelligence agencies were given broad powers by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018,1 or TOLA Act, to gain access to encrypted communications.
> ...
> The most controversial section of the TOLA Act amended the Telecommunications Act 1997 to create “frameworks for voluntary and mandatory [communications] industry assistance to law enforcement and intelligence agencies.”
> ...
> Three kinds of notices or requests sit at the core the TOLA Act framework:
> * Technical Assistance Requests (TARs), which are “voluntary” requests for a “designated communication provider” to use a decryption or other data access capability they already have;
> * Technical Assistance Notices (TANs), which are compulsory notices for a designated communication provider to use a capability they already have; and
> * Technical Capability Notices (TCNs), which are compulsory notices for a designated communication provider to build a new capability, so that it can fulfil subsequent Technical Assistance Notices and Requests.
> The definition of “designated communication provider” runs for three pages, and includes everyone from the major telecommunications carriers down to an entity that “provides an electronic service that has one or more end-users in Australia,” anyone who “develops, supplies or updates software used, for use, or likely to be used, in connection with” such a service, and “manufactures or supplies components for use, or likely to be used, in the manufacture of customer equipment for use, or likely to be used, in Australia.”
olliej 10 days ago [-]
What entities would have those keys?
Different branches of the same government means there’s only a single entity with all the keys. Pretending otherwise is maliciously naive.
Every entity or group of entities I can think of you suggesting has a pretty well documented history of undermining the legal rights their countries ostensibly provide.
Before you of course get to the elephant in the room: governments are notoriously bad at keeping super critical shit like this under wraps, and once it inevitably leaks literally everyone is fucked.
My suggestion for any nonsense laws like this would be: if the keys are ever leaked, misused, shared with any other entity, the country shall be required to pay full cost of replacement of every impacted device. They shall be liable for all downstream costs. The management and directors of every agency that had access to the material are personally liable for costs as well, as is every elected official that supported or approved the legislation. Claiming that they can’t be responsible for the mistakes of others is not permitted as a defense: there is already a defense against mass invasion of privacy and these incompetent fuck ups are constantly trying to pass legislation like this that removes that defense.
Eddy_Viscosity2 9 days ago [-]
> My suggestion for any nonsense laws like this would be: if the keys are ever leaked, misused, shared with any other entity, the country shall be required to pay full cost of replacement of every impacted device. They shall be liable for all downstream costs.
Police in the USA routinely destroy houses and other property of innocent people by accident (they made a mistake about an address or person). In many cases courts decide that the victim receives no compensation.
If that's how it works for obvious cases of incompetence and obvious easily quantifiable damages of physical property, there is no chance they will do anything about digital.
lm411 10 days ago [-]
100%.
A system like this is bound to be compromised and abused.
candiodari 9 days ago [-]
Well, this is government. Once these keys exist every year there will be new organizations that get access. Secret service, police, justice system, IRS, youth services, ... all will be added one after the other.
xyzzy123 10 days ago [-]
This kinda already happened for Telcos, LE got convenient backdoors and portals they can access.
Surveillance capabilities are IMHO, absolutely a slipperly slope.
If you build this multi-key thing and there is capability for direct access without going through company legal and staff for each request, the next thing that happens is they write policy or legislation so access requires 2 keys, theirs and a judge or oversight officer - who rubber stamps every request.
You can't really trust them, because they can change the rules.
_ah 10 days ago [-]
I have always thought the best solution is strong encryption, plus weak encryption.
Every user has their data encrypted with a unique, zero-knowledge, weak key. Then it's encrypted again by the service provider with a strong key.
When the government shows up with a warrant, they get the strong key. But the weak key is known only to the user, not the service provider. So now the government has to go spend CPU time to brute force the weak key.
Economics enforces good behavior. Governments with lots of resources can afford to break into any single user's data. But they can't afford to break into EVERYONE'S data and go fishing. It's the same as hiring detective to do a stakeout... you can follow anyone but you can't follow everyone.
hcfman 10 days ago [-]
There's a funny/sad story about the first person in the UK to be jailed for not giving up his password under new at the time laws in the UK. He was a person crossing the channel with mental health problems. He was stopped and he had some este model rocktry rockets. He was found to have a couple of micrograms of an explosive on him that could have come out of the search dogs fur. He refused to give up his passwords and so he was jailed. He did give up one password to a truecrypt volume, but it had another encrypted truecrypt volume inside it. He was jailed for a year for that.
stiray 10 days ago [-]
You can do whatever you want when you are the only player on encrypting data. The problem is interoperability and I imagine "backdoor" that cops want as a way to decrypt tls (which is quite doable, with reasonable safety in mind, to each request you add symmetric key used in data encryption, encrypted with supercop-public-key, distributed on daily bases).
WarOnPrivacy 10 days ago [-]
Some surveillance may be unavoidable but disproportional surveillance is not. Surveillance in one direction is by design.
The agenda and expectation of modern governments is that the most possible surveillance be deployed outward, toward us - while obfuscating every possible avenue to peer back (and hold them accountable).
Gov officials (especially LEO) never, ever voluntarily submit to being viewed, monitored and examined. That demand is placed exclusively upon us.
This is not ethical.
hcfman 9 days ago [-]
Accountability is everything. They talk about accountability but they don't even want that for themselves.
Here in the Netherlands, I was caught in the crossfile of unaccountability way against marijuana. My neighbor was arrested, procesecuted and convicted for growing weed in 2005, unknown to me the authorities were using my other neighbor to harrass and spy on him even after he was convicted. Because I complained I was then also targetted for more than 10 years. The authorities told the police not to respond to any of my calls and they trashed all of my police reports, allowing this guy to steal from me, vandalise my property and more. It only stopped when I started protesting at the town hall.
Then... after it stopped, they perverted the course of justice all of the way to the courts when a prosecutor who was involved with the stalker together with the other prosecutor he worked with made sure that the stalking case failed (By lying to the judge, withholding evidence etc). Then he retired, but the other prosecutor is now the president of the court of Maastricht and implicated in another case for sending 9 innocent people to jail.
And guess what. I tried like hell to sue the government, this is only viable through your legal insurance. They said no chance. No second opinion lawyer said decent chance. The insurer said again I can't make a case, they are allowed to do all this. The government lied and published that this was a neighbor conflict but I've seen police files that show he was involved and letters from the government that prove the involvment.
But I still haven't been able to get any journalist to publish my story. Without journalists wanting to publish stories, democracy doesn't have a chance in hell.
The chief editor of the New York times came to the Netherlands to do a talk about how journalism was the savior of Democracy. I told her my story, but she ignored it. So much for that then.
This country is screwed if a six part documentary can be broadcast showing how 9 people were framed for something they didn't do, a young one committed suicide and they can even publish the name of the responsible prosecutor and still nothing happens and that prosecutor becomes the president of the court of Maastricht. That's how much the government of the Netherlands act with impunity facilitating years long criminal offences against innocent people not involved in any crimes.
Viva la democracy de la Netherlands!
mrjin 10 days ago [-]
Oh dear, there is no such a thing as accountable backdoor. Encryption is there for a good reason, and its whole purpose is to prevent unauthorized 3rd party access. Adding backdoor will defeat the purpose as no one can guarantee it will only be used as intended to.
Eddy_Viscosity2 9 days ago [-]
This smiling politician said it would be secure and only the good guys will troll through your private information. He guarantees it!
olliej 10 days ago [-]
I “love” the now constant language of “accountability” from groups that have none, and have only ever demanded more power and less accountability.
How about a ban on additional powers until law enforcement and governments can demonstrate an ability to not constantly violate the rights of the subjects or the basic rule of law?
hcfman 9 days ago [-]
Seconded!
decremental 10 days ago [-]
[dead]
medo-bear 10 days ago [-]
> He argued the case for “accountable encryption” by telling the story of a recent operation involving an Australian who shared extremist content online and was suspected of having contacted terrorists to discuss plans for a violent act. Burgess said that after a “difficult, dangerous, time-consuming and resource-intensive” operation that involved “surveillance, human intelligence and other capabilities,” ASIO determined the individual “possessed the intent and capability to conduct an attack.”
In other words, he is just lazy to do policework and wants everyone to posses listening devices he can turn on at request. Moreover, why does he think that criminals will not adapt if backdoors are public knowledge
choeger 10 days ago [-]
Funny thing is that we already live in a world where theoretically no one should be accountable for what "their" devices are doing. How the eff am I supposed to know which messages my phone is sending? From hardware vendors over operating system vendors to messaging app vendors and potentially even the mobile network provider, there's a shitton of people that could be messing around with my phone already. The price for a targeted attack might still be significant, but it's not prohibitive for many scenarios.
So why would the content even be interesting for any law-enforcement agency?
hulitu 10 days ago [-]
> So why would the content even be interesting for any law-enforcement agency?
For the same reason a bag with Mary Jane or a picture of an underaged is "interesting for any law-enforcement agency" : they can treaten you and anything they want with you.
Welcome to totalitarism, my friend.
michelsedgh 10 days ago [-]
All this coming to light because X and Elon’s leadership didn’t bend the knee to them and said no we support the free speech. Gotta love the difference one person can make. All the other social media companies have complied with their requests.
throwaway2990 10 days ago [-]
[dead]
Terr_ 10 days ago [-]
More like "Unaccountable decryption."
xeornet 10 days ago [-]
One of the many reasons I am leaving Australia this year. Don’t get me started on all the other reasons.
I can't see anything about backdoors. Can someone elnigbten me on what I am missing?
alfiedotwtf 10 days ago [-]
Can’t wait to buy every Australian’s Medicare and Tax Office filing data on the dark web.
rstuart4133 9 days ago [-]
There are lots of comments here assuming they demanding breakable encryption. That's not what Burgess wants. He already has what he wants in the "Assistance and Access Bill (2019)". That bill allows his agencies to force software companies (eg, Google, Apple, Microsoft) to install spyware on devices like phones and laptops, so they can look at the data while it isn't encrypted.
It won't be a popular opinion here, but I think it's a fairly well targeted bill. It insists on Judicial oversight. It literally bans introducing "systemic weaknesses" that China could exploit, such as backdoor keys for encryption algorithms. My only problem with it is I think Australian citizens should be informed about how often the Australian government uses these power to spy on its own citizens, but the level of reporting it has is pitiful. That is easily fixed, and maybe some enlightened government will address it one day. Until it is fixed Burgess's “accountable encryption” is a fiction.
Reading between the lines, Burgess is complaining the software companies are stonewalling the requests they are making using the said bill. Quelle surprise. Still, he has the stick. I think this speech is him warning the software companies he's going to use it if they don't pick up their game.
Aah. Crypto wars again. "We must have Access to your communication because of [Y]."
moomin 10 days ago [-]
Between our knowledge of how much law enforcement abuses the powers they have, and our knowledge that algorithms really don’t care if you’re a good guy or a bad guy trying to break encryption, this is old, stale nonsense.
Seriously, this has been going on for (at least) 30 years ago and politicians utter refusal to engage with the reality of the situation is disheartening (and I am plenty cynical already, believe me). They still keep on trying to come up with a new marketing slogan, e.g. accountable encryption for the same discredited ideas.
stiray 10 days ago [-]
I, as owner of equipment I have bought and is operating on my network, also want backdoor into https to see if companies are doing some child pornography or terrorist activity on my connection to the cloud or their own servers. /s
Joke aside, it wouldn't be a bad idea to demand by legislation, a requirement for companies, to allow to install your own CA certificate on any equipment in your home.
Terr_ 10 days ago [-]
Perhaps removing CAs too, which should be even less-controversial since it's harder for an attacker to abuse.
9 days ago [-]
blackeyeblitzar 10 days ago [-]
Australia is the last country I would trust with the ability to view private communications between citizens, given they are trying hard to normalize censorship of online content. They recently ordered Twitter to take down video of a stabbing, and required Twitter to do so even outside of Australia. Musk and Twitter are fighting the order, and correctly refusing to censor speech outside of Australian jurisdiction. Meanwhile the stabbing victim himself doesn’t want the video censored:
Backdoors or bans on encryption will only empower this censorship industrial complex.
defrost 10 days ago [-]
> and correctly refusing to censor speech outside of Australian jurisdiction.
Speech?
Regardless of any stance here on the matter the Australian Government isn't asking to censor any speech .. they want to dampen down the glorification of violent acts by asking social media to not carry the video of the stabbing.
You can write paragraphs about the event, transcribe what was said, the speech part isn't being asked to be censored here.
On the second point, coordinated five eyes actions requiring oversight from citizens of all countries involved and being kept in check is one thing; using the statements of Senator Jacqui Lambie (a fringe member of a finge political party (Clive Palmer, the Vogon offspring of Jabba the Hutt)) as representitive of Australian policy makes as much sense as taking Senator Ted Cruz a spokesperson for the USofA.
Pragmatically spies and cops might want encryption with backdoors, practically they're unlikely to get this .. "even in Australia".
DEADMINCE 9 days ago [-]
>the Australian Government isn't asking to censor any speech .. they want to dampen down the glorification of violent acts by asking social media to not carry the video of the stabbing.
Posting the video is a form of speech.
defrost 9 days ago [-]
Use your words.
Explain how, if "video is a form of speech" it is the case that
They specifically treat film | video in a manner distinct from the spoken or written word.
pseudalopex 9 days ago [-]
Miller's offense was mailing brochures. The Miller test has been applied to books. Paris Adult Theatre I v. Slaton distinguished businesses and homes according to the article.
defrost 9 days ago [-]
But I'm guessing we're agreed that video and books have been treated seperately and that limitations on availability have been applied to film|video content by a Federal US Government despite a "free speech" ammendment?
Which really is all that is sufficient to establish the point that free speech has categories and that video has been treated in as a seperate category to the spoken word and both to the written word.
The claim that free speech is equally and equivilantly { film , speech , writing } in the USofA is false in law.
They overlap to a large degree, but not perfectly.
There is precedent for limiting video content within a free speech society.
DEADMINCE 8 days ago [-]
So you're acknowledging video AND posting a video (which are not the same thing) are both forms of speech, and instead you are just quibbling over the fact that they are not the same as spoken or written speech, even though that wasn't something that was ever claimed?
defrost 8 days ago [-]
> So you're acknowledging video AND posting a video (which are not the same thing) are both forms of speech,
No.
Speech is talky talky audible words.
Video is moving pictures but not film.
> the fact that they are not the same as spoken or written speech,
Yes, that's the fact, both in real life and legally, as evidenced in transcripts of numerous cases before courts.
> even though that wasn't something that was ever claimed?
They typed in written form "Posting the video is a form of speech."
apparently not grasping what you have just agreed to as fact; moving pictures are not spoken words.
DEADMINCE 8 days ago [-]
> Speech is talky talky audible words.
Legally, it's much broader in scope.
At this point arguing further and not agreeing or acknowledging that basic truth is arguing semantics and nothing more, and not something I'm interested in continuing for the sake of it to to have a final say.
Cheers.
pseudalopex 9 days ago [-]
You admit now video is speech?
> But I'm guessing we're agreed that video and books have been treated seperately
In a narrow and irrelevant manner only. Visual child pornography is extra illegal.
> There is precedent for limiting video content within a free speech society.
There is precedent for limiting all forms of speech.
defrost 9 days ago [-]
There is:
* Speech,
* Writing,
* Video,
* Dance,
* Morse Code,
and many many other forms of communication.
> Visual child pornography is extra illegal.
But written isn't? Clearly there are priors for Australia limiting video content.
blackeyeblitzar 9 days ago [-]
When people say “free speech”, they are talking about information in general. Video is speech under that definition. I understand that the Australian government wants to avoid glorifying violent acts, but I would argue that it is better to depict the world as it is, rather than try to hide the bad parts and pretend it’ll fix itself. If the Australian government isn’t authoritarian, at best they can politely ask media to not carry it, but they should not be able to force it. That’s only possible under authoritarian regimes where the government thinks they have a right to control information.
defrost 9 days ago [-]
What about under the definition of "speech" .. freedom to discuss.
With respect to video, let us note that even in the USofA the absolutist interpretation of the First Amendment (US) as applied to video pornography has never been sustained by the (US) Supreme Court.
It's a shit show there with 80+ years of bun fights and variation by state.
I understand the position that you're taking here, but it's not that clear cut in the US so why should it be in Australia?
Rendered at 18:41:23 GMT+0000 (Coordinated Universal Time) with Vercel.
1. They trust in legal exceptions for themselves (look at EU chat control exceptions), which implies a thinking closer to the Soviet Union than a real republic. 2. They think they're already compromised by "the Chinese" or any other state actor and just feel incompetent themselves.
“Won’t the laws of mathematics trump the laws of Australia?”
Mr. Turnbull reportedly responded:
“Well the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”
Like all his LNP cronies, he should be in prison for treason.
Like, Abbot would have given Telstra and Murdoch the house regardless.
https://www.independent.co.uk/news/malcolm-turnbull-prime-mi...
I'd go as far to say that this is a good thing. This law makes the risk of using Australian products more explicit.
Does Australian law permit something like "warrant canaries"?
https://en.wikipedia.org/wiki/Warrant_canary
Need a secure phone for your next shipping container sized cocaine and cash exchange? Want something so secure you can only get it from a made guy who knows a guy who knows a guy?
Why not get yours fourth hand from a joint five eyes task force?
https://en.wikipedia.org/wiki/Operation_Trojan_Shield
https://www.theguardian.com/australia-news/2021/sep/11/insid...
https://en.wikipedia.org/wiki/Clipper_chip#Technical_vulnera...
https://androidsrc.net/mobile-services-manager/
https://www.reddit.com/r/GalaxyS9/comments/o03pnx/what_is_mo...
https://www.androidpolice.com/what-is-mobile-services-manage...
https://www.reddit.com/r/lgv20/comments/6u0wnf/what_is_mobil...
Only for those that opt in, which is most automatically even if they are not aware of it.
What if there WAS a golden key of sorts, but it was split up (like "Shamir secret sharing") among several entities so that all of them would be necessary to decrypt the data (while also allowing for due process in cases of disagreement)? Obviously great care would have to be used when choosing the right entities and whom do not have any conflicts of interest or ulterior motives, as well as finding a way to prevent all the keys or whatnot from ever being in the same place at the same time, so that the golden key could never be stolen in its entirety.
I know that's not ideal and could still likely be compromised, but what other options are there for "tech companies to do more" in assisting law enforcement? I know CALEA/FISA/etc. is a thing in the US, but I'm talking about a possible "accountable encryption" implementation, which while may be impossible to be bulletproof, might be "good enough"?
It doesn't matter if you give a piece of the key to the ACLU, one to the EFF or whatever other entities one might think as "impartial" or "without conflict of interest".
As long as there is a law that allows the governnent to send Men With Guns® to these entities, they can and will be coerced.
FISA is the prime example. You can have all the laws you want, but as long as "they" have things like NSLs which prevent you from even having a lawyer without clearance to defend yourself, you are royally fscked.
(This case is in Australia so they might not have FISA or similar, but the point is the same)
> In 2018, the heads of Australia’s law enforcement and intelligence agencies were given broad powers by the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018,1 or TOLA Act, to gain access to encrypted communications.
> ...
> The most controversial section of the TOLA Act amended the Telecommunications Act 1997 to create “frameworks for voluntary and mandatory [communications] industry assistance to law enforcement and intelligence agencies.”
> ...
> Three kinds of notices or requests sit at the core the TOLA Act framework:
> * Technical Assistance Requests (TARs), which are “voluntary” requests for a “designated communication provider” to use a decryption or other data access capability they already have;
> * Technical Assistance Notices (TANs), which are compulsory notices for a designated communication provider to use a capability they already have; and
> * Technical Capability Notices (TCNs), which are compulsory notices for a designated communication provider to build a new capability, so that it can fulfil subsequent Technical Assistance Notices and Requests.
> The definition of “designated communication provider” runs for three pages, and includes everyone from the major telecommunications carriers down to an entity that “provides an electronic service that has one or more end-users in Australia,” anyone who “develops, supplies or updates software used, for use, or likely to be used, in connection with” such a service, and “manufactures or supplies components for use, or likely to be used, in the manufacture of customer equipment for use, or likely to be used, in Australia.”
Different branches of the same government means there’s only a single entity with all the keys. Pretending otherwise is maliciously naive.
Every entity or group of entities I can think of you suggesting has a pretty well documented history of undermining the legal rights their countries ostensibly provide.
Before you of course get to the elephant in the room: governments are notoriously bad at keeping super critical shit like this under wraps, and once it inevitably leaks literally everyone is fucked.
My suggestion for any nonsense laws like this would be: if the keys are ever leaked, misused, shared with any other entity, the country shall be required to pay full cost of replacement of every impacted device. They shall be liable for all downstream costs. The management and directors of every agency that had access to the material are personally liable for costs as well, as is every elected official that supported or approved the legislation. Claiming that they can’t be responsible for the mistakes of others is not permitted as a defense: there is already a defense against mass invasion of privacy and these incompetent fuck ups are constantly trying to pass legislation like this that removes that defense.
Police in the USA routinely destroy houses and other property of innocent people by accident (they made a mistake about an address or person). In many cases courts decide that the victim receives no compensation.
If that's how it works for obvious cases of incompetence and obvious easily quantifiable damages of physical property, there is no chance they will do anything about digital.
A system like this is bound to be compromised and abused.
Surveillance capabilities are IMHO, absolutely a slipperly slope.
If you build this multi-key thing and there is capability for direct access without going through company legal and staff for each request, the next thing that happens is they write policy or legislation so access requires 2 keys, theirs and a judge or oversight officer - who rubber stamps every request.
You can't really trust them, because they can change the rules.
Every user has their data encrypted with a unique, zero-knowledge, weak key. Then it's encrypted again by the service provider with a strong key.
When the government shows up with a warrant, they get the strong key. But the weak key is known only to the user, not the service provider. So now the government has to go spend CPU time to brute force the weak key.
Economics enforces good behavior. Governments with lots of resources can afford to break into any single user's data. But they can't afford to break into EVERYONE'S data and go fishing. It's the same as hiring detective to do a stakeout... you can follow anyone but you can't follow everyone.
The agenda and expectation of modern governments is that the most possible surveillance be deployed outward, toward us - while obfuscating every possible avenue to peer back (and hold them accountable).
Gov officials (especially LEO) never, ever voluntarily submit to being viewed, monitored and examined. That demand is placed exclusively upon us.
This is not ethical.
Here in the Netherlands, I was caught in the crossfile of unaccountability way against marijuana. My neighbor was arrested, procesecuted and convicted for growing weed in 2005, unknown to me the authorities were using my other neighbor to harrass and spy on him even after he was convicted. Because I complained I was then also targetted for more than 10 years. The authorities told the police not to respond to any of my calls and they trashed all of my police reports, allowing this guy to steal from me, vandalise my property and more. It only stopped when I started protesting at the town hall.
Then... after it stopped, they perverted the course of justice all of the way to the courts when a prosecutor who was involved with the stalker together with the other prosecutor he worked with made sure that the stalking case failed (By lying to the judge, withholding evidence etc). Then he retired, but the other prosecutor is now the president of the court of Maastricht and implicated in another case for sending 9 innocent people to jail.
https://www.1limburg.nl/boze-families-verstoren-raadsvergade...
https://www.limburger.nl/cnt/dmf20180221_00056384/weigering-...
https://www.limburger.nl/cnt/dmf20180522_00062344/twintig-uu...
https://www.1limburg.nl/leegloop-bij-justitie-zeven-officier...
Here below scandals that the two prosecutors were involved in
https://www.telegraaf.nl/nieuws/1039807/liegende-officieren-...
https://kro-ncrv.nl/programmas/villamoord
But I still haven't been able to get any journalist to publish my story. Without journalists wanting to publish stories, democracy doesn't have a chance in hell.
The chief editor of the New York times came to the Netherlands to do a talk about how journalism was the savior of Democracy. I told her my story, but she ignored it. So much for that then.
This country is screwed if a six part documentary can be broadcast showing how 9 people were framed for something they didn't do, a young one committed suicide and they can even publish the name of the responsible prosecutor and still nothing happens and that prosecutor becomes the president of the court of Maastricht. That's how much the government of the Netherlands act with impunity facilitating years long criminal offences against innocent people not involved in any crimes.
Viva la democracy de la Netherlands!
How about a ban on additional powers until law enforcement and governments can demonstrate an ability to not constantly violate the rights of the subjects or the basic rule of law?
In other words, he is just lazy to do policework and wants everyone to posses listening devices he can turn on at request. Moreover, why does he think that criminals will not adapt if backdoors are public knowledge
So why would the content even be interesting for any law-enforcement agency?
For the same reason a bag with Mary Jane or a picture of an underaged is "interesting for any law-enforcement agency" : they can treaten you and anything they want with you.
Welcome to totalitarism, my friend.
https://www.asio.gov.au/director-generals-national-press-clu...
I can't see anything about backdoors. Can someone elnigbten me on what I am missing?
It won't be a popular opinion here, but I think it's a fairly well targeted bill. It insists on Judicial oversight. It literally bans introducing "systemic weaknesses" that China could exploit, such as backdoor keys for encryption algorithms. My only problem with it is I think Australian citizens should be informed about how often the Australian government uses these power to spy on its own citizens, but the level of reporting it has is pitiful. That is easily fixed, and maybe some enlightened government will address it one day. Until it is fixed Burgess's “accountable encryption” is a fiction.
Reading between the lines, Burgess is complaining the software companies are stonewalling the requests they are making using the said bill. Quelle surprise. Still, he has the stick. I think this speech is him warning the software companies he's going to use it if they don't pick up their game.
Seriously, this has been going on for (at least) 30 years ago and politicians utter refusal to engage with the reality of the situation is disheartening (and I am plenty cynical already, believe me). They still keep on trying to come up with a new marketing slogan, e.g. accountable encryption for the same discredited ideas.
Joke aside, it wouldn't be a bad idea to demand by legislation, a requirement for companies, to allow to install your own CA certificate on any equipment in your home.
https://www.thedailybeast.com/stabbed-sydney-bishop-backs-mu...
Australia’s online safety czar’s perspectives on implementing worldwide censorship orders through a network of coordinating czars is dystopian:
https://public.substack.com/p/cia-recruit-is-pursuing-global...
Backdoors or bans on encryption will only empower this censorship industrial complex.
Speech?
Regardless of any stance here on the matter the Australian Government isn't asking to censor any speech .. they want to dampen down the glorification of violent acts by asking social media to not carry the video of the stabbing.
You can write paragraphs about the event, transcribe what was said, the speech part isn't being asked to be censored here.
On the second point, coordinated five eyes actions requiring oversight from citizens of all countries involved and being kept in check is one thing; using the statements of Senator Jacqui Lambie (a fringe member of a finge political party (Clive Palmer, the Vogon offspring of Jabba the Hutt)) as representitive of Australian policy makes as much sense as taking Senator Ted Cruz a spokesperson for the USofA.
Pragmatically spies and cops might want encryption with backdoors, practically they're unlikely to get this .. "even in Australia".
Posting the video is a form of speech.
Explain how, if "video is a form of speech" it is the case that
Miller_v._California : https://en.wikipedia.org/wiki/Miller_v._California
and Paris Adult Theatre I v. Slaton : https://en.wikipedia.org/wiki/Paris_Adult_Theatre_I_v._Slato...
even exist as U.S. Supreme Court rulings?
Please keep in mind the HN guidelines.
Be kind. Don't be snarky. [0]
The cases you linked are about limits on speech. They don't do anything to demonstrate video isn't a speech.
[0] https://news.ycombinator.com/newsguidelines.html
They specifically treat film | video in a manner distinct from the spoken or written word.
Which really is all that is sufficient to establish the point that free speech has categories and that video has been treated in as a seperate category to the spoken word and both to the written word.
The claim that free speech is equally and equivilantly { film , speech , writing } in the USofA is false in law.
They overlap to a large degree, but not perfectly.
There is precedent for limiting video content within a free speech society.
No.
Speech is talky talky audible words.
Video is moving pictures but not film.
> the fact that they are not the same as spoken or written speech,
Yes, that's the fact, both in real life and legally, as evidenced in transcripts of numerous cases before courts.
> even though that wasn't something that was ever claimed?
This person did: https://news.ycombinator.com/item?id=40154349
They typed in written form "Posting the video is a form of speech."
apparently not grasping what you have just agreed to as fact; moving pictures are not spoken words.
Legally, it's much broader in scope.
At this point arguing further and not agreeing or acknowledging that basic truth is arguing semantics and nothing more, and not something I'm interested in continuing for the sake of it to to have a final say.
Cheers.
> But I'm guessing we're agreed that video and books have been treated seperately
In a narrow and irrelevant manner only. Visual child pornography is extra illegal.
> There is precedent for limiting video content within a free speech society.
There is precedent for limiting all forms of speech.
* Speech,
* Writing,
* Video,
* Dance,
* Morse Code,
and many many other forms of communication.
> Visual child pornography is extra illegal.
But written isn't? Clearly there are priors for Australia limiting video content.
With respect to video, let us note that even in the USofA the absolutist interpretation of the First Amendment (US) as applied to video pornography has never been sustained by the (US) Supreme Court.
It's a shit show there with 80+ years of bun fights and variation by state.
I understand the position that you're taking here, but it's not that clear cut in the US so why should it be in Australia?