Australian ponders requiring multiple IDs to sign up for social media, plus more crypto-busting backdoors An Australian Parliamentary Committee has recommended that locals be compelled to hand over identification documents to sign up for and use social media. The Standing Committee on Social Policy and Legal Affairs’ Inquiry into family, domestic and sexual violence delivered its final report last week – on April 1st, in fact. …
It's all very well saying "law enforcement" are the only ones who should get access (the old "if you've done nothing wrong" argument), but a corrupt law enforcement or regime WILL abuse that right. During the "Arab Spring" uprising, Western governments were very happy that the protestors were using secure messaging the authorities couldn't intercept/hack.
The same argument HAS to be used whenever anyone suggests hackable crypto. If the UK/US cops can get in, why shouldn't the Chinese/Russian/Myanmar/etc police and government be allowed to use the same back doors?
<QUOTE>
The same argument HAS to be used whenever anyone suggests hackable crypto. If the UK/US cops can get in, why shouldn't the Chinese/Russian/Myanmar/etc police and government be allowed to use the same back doors?
<END QUOTE>
If it only stopped at the "Chinese/Russian/Myanmar/etc police". But the financial criminals (as opposed to government criminals)...
a corrupt any law enforcement or regime WILL abuse that right
FTFY.
People are very good at rationalizing behavior which will achieve a short-term goal at the expense of ideological principles or long-term social goods. And law enforcement and other government functions are still run by people.
OR
the friend of the US State of Georgia (And others once the laws get passed)
Why?
Georgia and 42 other states are trying to pass laws that make it harder to vote. Some of these include multiple pieces of state-certified ID. A simple driving license is not enough.
While the DDR was nominally communist Georgia is very much to the right of centre. Both can't be right can they?
First off why worry about want the US laws are?
Second, illegals are being given drivers licenses.
Third, I have been voting in US elections for the nearly 50 years and they have only asked for a VALID drivers license or a picture ID.
If fact the Democrats are trying to make it so easy to vote that even illegals will be able to vote, people who move around can vote in multiple states without being caught and want kids as young as 16 to vote. If someone can't get a valid picture ID in the US they shouldn't be voting. There is a real problem when someone that is 60 years old and has had 42 years to get a valid picture ID to vote and can't that is a real problem. They were able to get an ID to get on welfare, on medicaid, to get a cell phone. These changes in Georgia and other states is not trying to restrict anyone from voting. It is simply trying make sure you are an American citizen and not some Yank on vacation showing up at a voting booth with no ID to vote in a Presidential election. Most High Schools will help you get an ID and register to vote.
Bullshit. Georgia included measures like "can't hand out water to people waiting in line to vote" and "no more early voting on Sunday". How about limiting the number of drop boxes and cutting the number of days for early voting? How do any of those help with security of elections? Those were all expressly designed to suppress the black vote, working along with the existing measures limiting the ability of county election officials to provide sufficient voting sites in places where they want to suppress the vote, leading to the long lines that make people need water standing in the hot Georgia sun.
To top it off, there's a measure that basically lets the legislature take over the operation of the election in any county they desire. If that measure had been in place in November, they would have done Trump's bidding and "found" 11,780 votes that didn't exist thereby allowing him to steal the election.
Basically it is all a setup to suppress the black vote, and provide a backstop that lets them cancel black votes if that doesn't work. I hope the MLB All Star game pulling out is just the first of many businesses to speak with their dollars. Major economic impact is the only thing that will put pressure on Georgia republicans to stop this nonsense. Rumor has it we will see multiple Hollywood productions currently scheduled to film in Georgia (it is very popular location for shooting because of the tax credits the state offers) later this year announce they are relocating.
Georgia recounted their votes three times and conducted a full audit of all the mail in ballots, and proved that they have very accurate and secure elections. But Orange Man says he was robbed, and all his sycophants have to be seen doing "something" so they used the opportunity to introduce draconian voter suppression laws while claiming it was about securing elections.
The last time I went to the ATT store to alter my contract and had to show my license, the rep made a big deal out of NOT looking at my picture - dramatically turning his face away to avert his eyes - although he scanned the barcode. "Why?", I asked. No answer. Eventually he messed up everything, and a different rep replaced him, doing everything the normal way, including checking my photograph.
No need for inside man.. just use SMS redirection that is aimed at businesses....
Try this article for an example.. https://www.vice.com/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber
This is a direct quote from article:
<QUOTE>
I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me.
Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16.
I hadn't been SIM swapped, ...
<END QUOTE>
"save significant numbers of innocent lives" (emphasis mine)
Appeal to emotion or argumentum ad passiones ("argument from passion") is an informal fallacy characterized by the manipulation of the recipient's emotions in order to win an argument, especially in the absence of factual evidence. (From Wikipedia)
Sorry, not giving Facebook your full ID to lose or sell is definitely not the recipe for "Anarchy".
There are certainly cases of "cyberstalking" and other criminal activity being carried out through social media, and using the relative anonymity1 of social media to impede identification, investigation, and prosecution.
Australia's mooted requirement would increase the work factor for attackers to commit these types of crimes using social media.
So would banning social media, or licensing all Internet use. And you could eliminate more crime by instituting more physical-world surveillance measures. That doesn't mean any of these are good ideas, or are appropriate trade-offs between security and liberty.
Australia's government is on an authoritarian surveillance-state high. Things will get worse there before they get better.
1Of course "relative anonymity" isn't really a meaningful term, in any precise sense. What people mean by this is better expressed in terms of differential privacy, specifically in the amount of information available from a typical social-media account at various levels of effort and within the scope of various laws.
533million users have had their various details given away after a Facebook breach a couple of years ago.
Social media may value your data but only in terms of what it can do for them, giving all of your personal details up front will do little to prevent online abuse but will mean the majority are entrusting their identities to leaches who will abuse that trust.
I threw myGovID in the bin as the app wanted me to use my FACE to move the cursor around on screen, FAIL.
A government MP has been pinged for setting up 30+ face Facebook community pages to harass people so this is merely a distraction from people spoofing on desks in parliament house and such.
I'm reasonably sure this is just a dead cat thrown on the table, meant to distract from the fact that the government seems to have an ongoing problem with how women are treated in their party.
Much like any of their other insane thought bubbles (like facial recognition age verification for access to adult websites) it will go away. Or they'll ignore all the advice on the matter and just do it anyway and be shocked when it doesn't work.
I dimly recall a recommendation from years back (but not too many years back) that the best way to fix the Spam problem would be to impose a charge on the sender for each email sent.
I forget who came up with that one. Probably the department of Haven't-quite-thought-the-details-through-yet.
There were numerous proposals for increasing the cost of sending messages, and many of them were well thought out. Adam Back's Hashcash is a well-known example. David Chaum, in an interview, cites a similar earlier proposal by Dwork and Naor; and Chaum's own work on micropayments was often mentioned as an aspect of solutions in this context.
Hashcash does not, of course, cost actual money; it's a proof-of-work scheme. There are other proposals which do apply a direct cost.
The Hashcash proposal was in 1997, I think. So that's a fair number of years back, for this industry.
Payment-for-email proposals failed for much the same reason that encrypted and signed email largely failed: email is too decentralized and the big MUA vendors and MTA operators aren't interested in pushing improvements. (OK, that's a bit unfair – none of the standards for encrypted/signed email are particularly usable. PEM was never widely adopted, PGP's PKI doesn't scale and is too difficult for ordinary users, and S/MIME uses X.509 PKI which imposes a startup barrier in terms of cost. But foot-dragging by MUA/MTA implementers certainly didn't help.)
I am all in favour of this - how soon can we get t rolled out?
Which party can I vote for to get this sped up?
This may be the one way to put the kybosh on Zuck and his privacy invading pals. These privacy invading monsters rely on near ubiquity in the population. A measure like this will kill them by destroying that ubiquity as so few people would ever offer up this level of data - Even if it is just through laziness, indifference and apathy.
This post has been deleted by its author
You certainly don't here in the UK (just pick 'em up from a newsagent, supermarket, or even Amazon) – and quite right too, if you ask me. It can be difficult, for example, for a homeless person prove their identity. Requiring such proof would further disenfranchise them. And we really don't want to end up like Dubai.
This post has been deleted by its author
Only if you use a credit/debit card. You can top up without one by paying for a voucher in cash (see here, for example).
(from Australia)
The issue is ACTIVATING the SIM
SIMs are readily available: ALDI, Post Office, +++
In order to ACTIVATE a SIM, this can be done online, you need to provide the reference documents to get 100 points of ID. A drivers licence + a passport will do, there are plenty of other options.
Activation online could be a bit "chicken and egg" if you're living on the streets. In any case, you don't have to do that in the UK either. Plus:
strict proof of identity requirements ... disproportionately [burden] homeless people who often do not have, and cannot afford to obtain, a birth certificate or other documents that prove their identity (Australian Human Rights Commission, 2008, §6.8)
In Australia, points really don't mean prizes.
Here in Germany, you have to ID yourself via the PostIDent for a new SIM card where you fill in a form and produce it along with your ID card or passport at the local post office or do so in an online procedure on webcam. This has been the law here since July 2017.
So no more burners here.
If you ask me, this might be the OZ government pushing the envelop on ID cards using the "frog in the simmering pot"-method: slowly making daily life more difficult without ID cards until the population begs for them.
We'll see.
Interesting. I hadn't realised that was a thing: I thought Germany was particularly privacy-conscious and would be strongly against it. Anyway, I see that Privacy International gives a good summary of the situation.
Years back when I used to travel to the US and roaming was beyond extortionate I'd pick up a local SIM, you just used to chuck a few $$$s at a guy on one of those carts in the middle of any mall. Then one day I tried this and was told I need ID and all that crap I didn't have. After a pause of at most 2 seconds the sales guy just filled in the form, put the malls ZIP code down as the address took the dollars and handed over the SIM. No worries.
... you have go give to telcos, hotels, airlines, car rentals, banks, insurance companies, hospitals, schools, etc. etc. I've lost the count of services who required me a copy of my ID card to access them.
None of them ever breached?
And remember - no one forces anybody to join a social network.
Sure, these have been, are and will be breached in the future, too.
Short memory?
https://www.theregister.com/2020/10/30/marriott_starwood_hack_fine_just_18_4bn/
However, there are not that many corporations able to lose 500mill IDs in one go, so most incidents get somewhat less publicity ...
Exactly - there are already many entities you are forced to give your ID data too which are routinely breached.
Of course Equifax just leaked 150M, hotels combined probably aren't too far from FB.
But are you implying social networks are now so big they should be exempt from regulations others have to undergo?
Moreover social should just need to positively identify a user and destroy the id documents or keep them in a separate system not online - just like they should already do for credit cards and the like. And of course they would become liable for any PII data leak... and related fines.
Nope, I just think that in 2021 there are ways to prove identity (once we agree that is it necessary to conduct certain business) than handing over social security numbers, passport numbers, credit card numbers, copys/photos of passports or something similar.
Permanently storing information at each and every hotel/phone shop/website/etc. that allows an attacker to fully impersonate me does not seem to be the smartest of ideas ....
Which ones? Especially in countries that doesn't have a working ID system and so have even troubles to run elections and leave a lot of space for cunning politicians to disenfranchise electors they don't like?
Here we have a few already, sure. There's the SPID system which is a 2FA authentication method backed by the government. It's still based on SPID providers having to identify you with a valid ID card or the like.
We also have ID cards with chips and digital certificates that can be used to authenticate to online services. The problem with this cars is you need a reader. The latest model have a NFC chip so you can read it with an NFC enabled phone.
SPID and digital ID cars became mandatory this March to authenticate with public services sites.
The government proposed to expand the SPID system to authenticate to commercial sites as well, would you approve it? The SPID provider will know every site you access and when. Because it's also based on a mobile app to generate the OTP token, it could even know where. And SPID providers need to be government-approved, so the government can easily get at those data.
Of course, a leak from one of those providers, or the government systems as well....
The more proof of who you are is required in more places that is then electronically stored (when they never needed anty of this before!) just means they WILL be hacked eventually and lose your data. Having stuff stored electronically is just plain bad news for the citizens. When are we going to revolt and over throw these over rich dictators?
Quote1: "...a person must provide identification for a mobile phone account...."
Not true in the UK. You can buy a SIM and minutes for cash in any convenience store.
Quote2: "...Social media platforms must provide those identifying details..."
What details? See above.
Quote3: "....enable law enforcement agencies to access a platform’s end-to-end encrypted data...."
But some of us use PRIVATE encryption before messaging enters an "end-to-end encrypted" channel.
We also avail ourselves of the get out mentioned under Quote1 above. (See below for a privately encrypted message)
Perhaps a reader of El Reg -- much better informed than this old f*art -- can explain why anonymous, privately encrypted messaging does not COMPLETELY defeat these Australian proposals.
*
G3mLWnIXAzYZi5cbUVKNg9GzupKnE1Al0jmnKfIX
cXuhEV2tCzihahg9EPeXE7qJExoRGJ4nofSraFwR
0BeDCjKPsvSFgTcfoFs70pUBWTUjS32b2VcVujYx
yp2RSXiDcBEDkLGDwFwvWrK1ah2jEjgFM3Mx03q5
AxGdEb6PkJg1kx4l21AhkLybAhCPml8DkNyHK1yn
0ns9KJkhaVwRMNyHcf0NQ5ydAX2rkpgv27K72FQV
M30Z09GzgBERUv6hCRslOnkV
*
Well, not an expert on encryption by a long shot, but before being able to send any kind of message, the proposal would have you provide proof of ID to the platform, so you can kiss anonymity good-bye.
Then there's the fact that setting up private encryption is a hassle not many people will wish to put up with, if we start by supposing that people will even be bothered to give it a thought.
Quote:"....the proposal would have you provide proof of ID to the platform...."
*
So......I have an anonymous SIM and some anonymous minutes bought with cash. This gives me a valid mobile phone number.
*
Next step, sign up with "the platform"....name="Mickey Mouse"; phone=<Valid mobile>; address="21 Main Street, Anytown"; email=<throwaway_email@gmail.com>
*
So....can I really "kiss anonymity good-bye". I wonder!
This is the point, those out to do harm of whatever kind will of course have both the reason and the enthusiasm to defeat such stupid rules. After all the BBC broadcast messages to the resistance in France, Holland et al all through WW2 even knowing the Germans could hear. They didnt name the recipient or the target etc. in the message but via a preagreed code. So perhaps going to visit my Gran to give her a present might well mean planting a bomb to blow up the queen.
In Germany you need to provide ID to buy a sim card, no restriction on bringing one in from the UK and using it so its pointless and stupid. But the Germans love pointless and stupid paperwork, its what the rule says so it will be done, its obvious how they were so obedient in the lates 30s and 40s, they hjave no ability to disobey even down to crossing the road after looking instead of waiting for a green man etc etc
Maybe insist that the info is required on sign up and be made available to the cops; but that it be stored in a way that is unusable to facebook, etc, is so that they cannot use it for advertising, etc.
OK: this would be easy to do technically, however I would expect facebook to say "yes it is in a black box" and the promptly use the data anyway.
Probably, this is a typical ill thought through, half baked spy measure bought in by an iincompetent bunch of bafoons 'elected' (cough cough - if you believe votes cast are actually counted and make any difference you are a mug) to control the masses so the rich can continue to gather all the worlds resources.
...for a moment, that a person wanted to join Farcebook under a different name, say as a Nom d'Internet, like 'Zark Muckerberg'.
What's to stop a person logging on to their favourite VPN and joining said social media in a country that doesn't have these draconian requirements? They could then go back to the Oz site and continuing on as MZ.
Are the Oz authorities going to make every overseas-based person go through this security theatre before they can post on an Australian SocMed site?
Asking for a friend, of course. (Torn between Big Brother, Black chopper and FAIL icons.)
There are no other countries, God made Oz and it's perfect so didn't need to make any others.
Since there are no other countries you don't ned to be able to leave Oz in case you are polluted by seeing what life is like in any other country - if they existed, which they don't.
Remember the laws of Australia take priority over the geography
Obviously, because the USA, being outside Oz, doesn't exist. The Galaxy is mostly visible from the southern hemisphere (we wait confirmation of the round/flat earth debate from the Official Govt Science Bruce) and so is therefore part of Oz
This post has been deleted by its author
This would be an AUSTRALIAN law that applies to AUSTRALIANS using a GLOBAL platform?
None of whom would ever thing to create a social media account 'in' Ireland, Bolivia, New Zealand...via a VPN and then continue to use said social media account from their home in Gundagai? And chat to their friends and family in Murwillumbah in the same way as their other friends who are really in Bolivia do. Without ID.
You can't ask government to know what it's talking about. They just do things, and if they don't work the way they wanted, they throw a tantrum and ban stuff till they do.
(Cue a ban on VPNs, the installation of a Great Firewall, well, everything like the much envied model of China.)
with this bullshit. Technologically incompetent politicians desperate to be seen "doing something". There is no way in hell I'm providing my driving license details, with my picture on it, or any other forms of ID to any social media company. Not. Gonna. Happen.
In the end I'm guessing this has about as much chance of becoming law as there is of me walking across Lake Burley Griffin.
Well here we have a list of knuckle draggers. Remember them.
Standing Committee on Social Policy and Legal Affairs
Committee Members
Chair: Mr Andrew Wallace MP, Liberal National Party of Queensland, Fisher ACT
Deputy Chair: Ms Sharon Claydon MP, Australian Labor Party, Newcastle ACT
Members
Dr Mike Freelander MP, Australian Labor Party, Macarthur ACT
Mr Andrew Laming MP, Liberal National Party of Queensland, Bowman ACT
Ms Peta Murphy MP, Australian Labor Party, Dunkley ACT
Mr Rowan Ramsey MP, Liberal Party of Australia, Grey ACT
Mr Julian Simmonds MP, Liberal National Party of Queensland, Ryan ACT
Dr Anne Webster MP, The Nationals, Mallee ACT
Participating Members
Mrs Bridget Archer MP
Dr Fiona Martin MP
Ms Kate Thwaites MP
Mr Tim Watts MP
Policy produced by Canberra Bubble. They simply dont know the voracious appetite of anti Social media for any information on citizens. It is getting hard to not use faecesbook, goggle or M$ authentication on state and fed gov sites. I suspect the thought of automated identity theft does not bother them at all because they lack the basic cynicism and suspicion of any form of power, common in the modern bureaucrats or do-gooders of all forms.
> does not bother them at all because they lack the basic cynicism and suspicion
You definitely are an idealist. I on the other hand am sure it doesn't bother them because they are cynical enough to not really care about the Great Unwashed and their puny problems. (Except at election time, when they throw them an additional bale of hay, and that's about it.)
Social media companies make their money by marketing and selling people's information - some of it voluntarily handed over, some of it involuntarily via tracking, surreptitious upload of contacts, etc. By default, social media companies continually make the default settings to make your data public.
Requiring people the provide 100 points of ID is akin to putting Dracula in charge of the blood bank. Governments should be keeping people safe from social media companies, not pandering to them.
The other problem is that social media companies operate in every country, have users worldwide, and all users from all over the world to interact. How is online safety improved by requiring a small subset of users to be verified when they can be attacked by anyone else in the world. This is no different to a country banning nuclear weapons and therefore expecting not to have one dropped on them!
I live in Australia and have been using a mobile phone for decades. I have never had to provide ID to get a SIM card. I recently swapped telcos (again) and my new telco just posted out a SIM card, no questions asked. I think this article is suspect at best. Either that or the telcos just don't give a damn about stupid regulations. That would be very Australian! Stop worrying people, it'll never happen. Any Oz government that tried this bullshit would be out on their arse in a flash.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
