So 15,000 submissions. A week to deal with them. That's what, 8-10 seconds per submission to evaluate and consider it. Nice work.
Who says government isn't efficient?!?
The Australian government has rushed forward its proposed anti-encryption legislation, a mere week after a public consultation into the rules closed. A Federal Coalition party meeting yesterday cleared the bill to be introduced into parliament, giving the strong impression the government hopes to push the draft law onto the …
Dear el Reg,
Please name names after the vote. No-one can possibly argue that a week is sufficient to consider the far reaching implications of this potential law. So some of our (supposed) representatives are being negligent in their duties if they wave it through. This is a hard area of law. But that means a large effort is needed to be on top of the many consequences. My ballot paper sometime between now and May wants to take it into account.
I seriously believe that they know exactly what they are doing. It's beyond belief that they, especially with the intelligence agencies, are totally unaware of what's been put forth to date from the crypto and internet engineers.
The pin-drop I'm waiting for is all the 5EYES adopting this as well.
I rather think that the intelligence agencies were hoping to be gifted with a slightly better way of planting sniffers onto internet backbones and into ISPs, and therefore asked for moon-onna-stick in the belief that the politicians would water down any proposal to more or less what was wanted.
Unfortunately nobody ever thought that the politicians were stupid enough to try to defy the laws of physics and mathematics, and demand back doors in encryption.
Politicians for you...
Fiddling with things they don't understand, normally for their own ends but disguised as 'in the name of the greater good', and the ones that suffer are the innocent public.
I imagine the main outcomes will be vendors dropping their apps rather than complying, a steeper rise in cyber crime and officials abusing their power.
None of which is good for the average Joe or Joanne. The world is watching...
One of the most contentious aspects of the bill, as it currently stands, is that it allows law enforcement to ask communication service providers to give investigators access to unencrypted messages under an escalating set of notices, from voluntary compliance all the way up to a court order.
No doubt they will try to use it to force subversion of encryption, but I would take a court order forcing a company to produce unencrypted communications as meaning "provide the data without any encryption you have added". You obviously cannot produce the message absent the encryption someone else placed upon it any more than the security services can.
This summarises what happens when a fucking idiot meets an immovable object.
This already happened once. Australia decided to get tough on internet gambling, so the various firms supplying this need to Australians simply off-shored their servers to south-east Asia, frequently with only very minimal downtime, and carried on as before.
Australia lost the hosting profits and the taxes that the gambling site operators paid, but did not otherwise impede business in the slightest.
Once a backdoor is put in to a messaging service even if it is just for Aussie residents it breaks the security for everyone, even those outside of Australia who uses that messaging service. As how are you to know that the person your communicating with isn't using an Australian backdoored version of the messaging app etc?
The only safe option will be to wait and see if any company decides to publicly announce they are going to block their service in Australia over the new laws, so you know that your privacy isn't going to be compromised to please the Australian government.
That's not quite true: companies have a history of producing country-specific versions of products. So you'd just want to avoid the Oz version - and indeed they'd do their best to prevent you getting the Oz version from outside Oz.
The more relevant question is how much you trust the company itself. Has it inserted an NSA backdoor in return for not being given the Kaspersky treatment?
If it's a free service I would think just have a check box "Are you in Australia [ ]" If you check it, OK, Bye.
If you lie and say you don't live in Australia, well not my fault.
This reminds be of the days of 40 bit international versions of browsers with the download page for the better US version where you swear not to give it to China or other "bad" countries. That worked great.
Quote: "....ask communication service providers to give investigators access to unencrypted messages..."
I wonder what El Reg would do when a demand comes from Australia to provide the "unencrypted message" associated with this:
679432C7755BADC6B62573C28639902B91808D83
18D2448E1C2CA6971B0D6A1632C8394F5E72631C
455795E7A65958A122E50F7AA4C7DB5FDC023636
068F54BE6738E80670524FEA85DDE144D9F6FB44
572B41F50910DC82EBF71BA9571A605DA236A21C
41D7E425136643B0C927300304F6F31BDE9551A7
54B4C4C9E63E43F31D194417211D94333014F929
02545462C834020691955F4A670B0139F8229B90
2B86B4DB1F65F5148D9828E3943E3072D3C13DCB
48B555D20C364D6463B847147644F606C480F08D
48020287CF379B167B8B101490E0C525FF73E185
2F8AF201614CBC35989023B760B25F1A31A520E8
346C0
Ok, we've just run this through our Enigma.io system. It says
{"messages":[
{"text":"Can we have another go at repealing 18C?"},
{"text":"QUOTA'S BAD!!1!! Hurumph"},
{"text":"Right, so our new energy plan is to ban wind and just burn non-Adani coal, then subsidise it so it's no more expensive than solar. Sounds good to me. Can someone just run it past Alan?"},{"text":"Got half a billion here to spend on the reef. Anyone know a small charity stacked with petrochemical board members we can grant it to?"},
{"text":"Hey man, know it's a Sunday, but need to call in a favour about my au pair."},
{"text":"Don't worry mate, you've got my full support."}
]}
Crazy talk there, glad we could help. Some folk are really messed up. I can't imagine how I'd sleep if someone sent me the last one.
Elected governments can only promote legislation that can be understood by, and desired by the voters.
There are plenty of technical people that know and understand the futility of effectively controlling decent encryption technologies.
But there a lot more people that do not understand the impossibility.
Therefore elected governments have to say silly things like the law of the land overrules the laws of mathematics even though that is cringe worthy.
What is needed is a description and demonstration of a secure communication infrastructure that is as impossible for any governments to effectively control as possible. This needs to be as simple in the individual operational elements as possible. There may be a lot of operational elements but if each piece is simple enough then a lot more people will be able to understand it.
I have been writing up something to do this as a hobby for the last couple of years.
Its a bit of a read and is a work in progress but I think that there is enough for sharing.
I have been using a github wiki for this:
https://github.com/johnrobyclayton/SecureCommunicationsInfrastructure/wiki
Crypto needs math literacy to understand. SERIOUS math. Not high/grade school, but University Major type math.
Without that background, (assumption - probably safe) politicians have to rely on "experts" to advise them, and they get to not only pick the experts who may not have the required math (assumption - reasonably safe), but the politicians will keep asking until they find an expert who supports what they want to hear (assumption - proven).
So there's no way to tell them it's impossible that they will listen to - they think those that are telling them "Not possible" are either i) hiding something, ii) have vested interests, iii) are being paid by the opposition, iv) are terrorists and shouldn't be listened to anyway as that's who they want to spy on...
If I was a criminal, I would make damn sure my encryption is 100% (or as near as) gov-proof. If I were one of the plebs though... shrug.
End result: criminals keep walking (free) while plebs on the other hand... shrug.
But hey, THINK OF THE CHILDREN!!! AND TERRORISTS!!!! AND RUSKIES!!! AND ELECTIONS!!!!
I was wondering what Yahoo Serious did after acting... apparently he's drafting new legislature.
You Aussies let us Yanks know how that works out for ya!
Just make sure the bank that the PM uses has that nasty little peephole punched in it's encryption too. We wouldn't want any government officials being left out on the brave new world they are trying to create.
Some country is about to get pwned.