Proposed Australian law forces tech companies to decrypt customer messages

Posted:
in General Discussion edited July 2017
The Australian government on Friday proposed a set of new cybersecurity measures that would compel technology companies like Apple to provide law enforcement agencies access to encrypted customer messages.




Looking to combat a global rise in terror attacks, which in some cases were planned and carried out with the help of encrypted messaging apps and services, Australia will in November propose a law that grants courts power to compel tech companies to decrypt communications, the Associated Press reports.

Currently, Australian law requires telephone companies aid in law enforcement operations by providing access to communications when obliged to do so via court order. According to Prime Minister Malcolm Turnbull, the new law places the same requirements on tech companies like Apple, Facebook and Google, which market messaging services with end-to-end encryption.

"We've got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile rings are up to because of the very high levels of encryption," Turnbull said in a statement to reporters. "Where we can compel it, we will, but we will need the cooperation from the tech companies."

Similar laws are enforced across the Western world, but Australia's proposal seems more aggressive than U.S. legislation. The Australian government agrees, saying the new law would be modeled after the UK's Investigatory Powers Act recently passed by the British Parliament in November.

Dubbed the "Snooper's Charter," the act furnishes government agencies wide latitude with which to eavesdrop on suspected criminals. Provisions of the act allow UK agencies to carry out targeted and bulk data collection operations, equipment hacking, data and communications interception, decryption and more.

Unlike the Australian law, however, the UK Investigatory Powers Act does not require foreign companies to decrypt communications or participate in data collection procedures.

Expecting resistance from tech companies based in the U.S., Turnbull in his statement said the firms "know morally they should" cooperate with government agencies.

"There is a culture, particularly in the United States, a very libertarian culture, which is quite anti-government in the tech sector," he said. "We need to say with one voice to Silicon Valley and its emulators: All right, you've devised these great platforms, now you've got to help us to ensure that the rule of law prevails.'"

Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms, a technique widely panned by service providers who the technique inherently weakens security. Apple, for instance, has long declined to build in backdoors to iMessage, iCloud and its other network offerings, citing consumer privacy concerns.

Last year, Apple found itself embroiled in an intense debate over strong device encryption when it refused to comply with a federal court order mandating it help the U.S. Federal Bureau of Investigation unlock an iPhone connected to the San Bernardino terror attack. At the time, Apple argued that bypassing iPhone's security protocols, even for a single device, was dangerous and would put millions of iOS users at risk.
«134

Comments

  • Reply 1 of 67
    baconstangbaconstang Posts: 540member
    Oh gawd.  Here we go again.
    liketheskymagman1979Avieshekbshankmike1longpathanton zuykovRacerhomieX
  • Reply 2 of 67
    irnchrizirnchriz Posts: 1,581member
    That’s fine, Apple can just say, “ok, we will try to crack the encryption of these messages, should get back to you in about 6 billion years once it’s finished”
    magman1979Avieshekbshankteejay2012mike1anantksundaramlongpathrazorpitwatto_cobratzm41
  • Reply 3 of 67
    sennensennen Posts: 1,465member
    Trumble's definition of a back door is inventive.

    This is a good read as well: https://www.theregister.co.uk/2017/07/07/oz_governments_definition_of_backdoor/
  • Reply 4 of 67
    "We've got a real problem in that...." we can no longer see what our population is up to, due to this encryption thingy and that scares us shitless. So we flash the crime-, pedo- and terrorists cards as leverage to get it mitigated.
    edited July 2017 Avieshekbshankwilliamlondonmike1longpathrazorpitwatto_cobraanton zuykovlostkiwigregoryhk
  • Reply 5 of 67
    CelTanCelTan Posts: 41member
    When will people understand that less privacy does not mean more safety?
    I had this discussion this week twice and each time the terrorist card was played:
    "If the government reading my iMessage just stops 1 terror attack then I am happy to give up my privacy!" 
    Great in theory and if the magic would exist to keep it "good governments" only and if I would believe it would stop a single incident, then I may even be persuaded.

    Herein lies the tri-fold issue:
    1. This magic does not exist - it will get out and will get exploited. It's either total encryption or none
    2. There are not so good governments, and you can't really say: Australia is nice, but I don't give it to North Korea (anybody having issues with North Korea reading their communications? 
    3. Once all the big messaging providers comply, the 'bad guys' will just make their own little encryption up and load it on their android cheap phones. - IE: They can still communicate 'securely' while the rest of the 'good people' are exposed.

    Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.


    radarthekatbshanklongpathrazorpitwatto_cobraanton zuykovoseamenetmagegtrjony0
  • Reply 6 of 67
    The fundamental flaw with this and all similar legislation: it does absolutely nothing to stop anyone from using encryption. Encryption is mathematics, it can't be outlawed. It is utterly trivial to "roll your own" encrypted messaging system. All that these laws do is make it easier for the government to snoop on ordinary citizens, something which governments have historically been eager to do. Worse still many of the terrorist attacks which have utilised messaging systems did not even use encrypted services yet the various governments still didn't see them coming.

    The solution to terrorism has never, and will never be, a game of whack-a-mole with messaging services.
    magman1979chiaradarthekatbshankteejay2012mike1longpathrazorpitwatto_cobraanton zuykov
  • Reply 7 of 67
    noelosnoelos Posts: 102member
    "Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"

    That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds. 
    EsquireCatsmattinozlongpathwatto_cobraanton zuykovlostkiwinetmage
  • Reply 8 of 67
    markg71markg71 Posts: 8member

    This is the same government that also wants to apply a government mandated filter on the internet. Also the same government that assisting in blocking websites that are considered to be breaching copyright by filesharing. Same government that is dedicated to providing an outdated, crippled fibre to the node network that provides a expensive, slow service using outdated rotten copper wiring.



    analogjacklongpathwatto_cobraviclauyyctzm41lostkiwinetmage
  • Reply 9 of 67
    A modest proposal: Make Australia the example. Open a data center in Australia just for data belonging to Australian users, just like they are doing in China. Give copies of the encryption key for each user to the Australian government. Let nature take its course. Then we will never have to deal with this idiocy again after Australia realizes that they have no privacy, no secrets and no security and their power grids and hospitals no longer function.
    radarthekatlongpathanantksundaramviclauyyclostkiwinetmagegregoryhkjony0
  • Reply 10 of 67
    sflocalsflocal Posts: 4,495member
    Governments cannot be trusted to secure our privacy.  So long as there are humans involved in any part of that equation, the system will be exploited and fail.  

    I'm all for hunting down terrorists hell-bent on killing me with a homemade bomb to be detonated in a crowded street corner but it's not like they've had encryption for the past several decades and yet our government was inept to stop them.  I highly doubt a back-door of any kind will prevent future ones.

    Governments aside, I'm more concerned about seedy individuals exploiting any kind of back-door for nefarious uses.  Break into your conversations and then blackmail you?   That's very real.  I can see this potential as being very lucrative for the dark web.

    The Australian government really has a few screws loose.  Our government is not perfect either, but when politicians pretend to know about technology, we're all in trouble.
    longpathrazorpitwatto_cobraviclauyyclostkiwioseamenetmage
  • Reply 11 of 67
    noelosnoelos Posts: 102member
    "Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"

    That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds. 
    longpathrazorpit
  • Reply 12 of 67
    radarthekatradarthekat Posts: 2,995moderator
    noelos said:
    "Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"

    That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds. 
    Actually, he's correct.  As GrangerFx proposes, it's not a backdoor into the device that would be needed to adhere to this law; it's a simple matter of not encrypting communications sent from devices.  

    I've long held the position that the device itself should be considered an extension of its owner's mind, and therefore should be sacrosanct with respect to backdoors to encryption, at least as long as society maintains that it's wrong to probe our minds (using torture or sodium pentathol or some such means).  Let Apple do as GrangerFx suggests, use these governments as a test case for the rest of the world, by dropping encryption on inter-device communications.  Any communications that leaves the device leaves with encryption for which a key is provided to the Australian government.  But data on the device remains under the same strong encryption as is currently utilized.  As EsquireCats suggests, it will do nothing to stop terrorists who can simply decide to utilize one of the many hundreds of available apps that provide encrypted communications, or roll their own, for use on either Andriod or jailbroken iPhones.  
    edited July 2017 watto_cobra
  • Reply 13 of 67
    Hopefully Apple will give this the same treatment it gave in the US. 

    "Morally..." indeed. That is rich coming from a politician and the man who spearheaded the ruination of the Australian NBN.

    After the fiasco that that is Australia's revamped NBN (a revamp championed by Turnbull as the then Minister) no one should ever listen to this man on anything that even remotely involved technology. 

    watto_cobra
  • Reply 14 of 67
    wizard69wizard69 Posts: 12,719member
    CelTan said:

    Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.


    This is perhaps the biggest problem.   
    razorpitwatto_cobrafraclostkiwi
  • Reply 15 of 67
    shrave10shrave10 Posts: 29member
    Problem is that criminals know how to use third party sw to encrypt their messages but the average consumer does not. So all it will do is promote snooping on citizens by their own governments and also create opportunities for people to be abused by foreign governments and criminals who have cracked the backdoor key code.
    williamlondonwatto_cobra
  • Reply 16 of 67
    noelosnoelos Posts: 102member
    grangerfx said:
    A modest proposal: Make Australia the example. Open a data center in Australia just for data belonging to Australian users, just like they are doing in China. Give copies of the encryption key for each user to the Australian government. Let nature take its course. Then we will never have to deal with this idiocy again after Australia realizes that they have no privacy, no secrets and no security and their power grids and hospitals no longer function.
    Or even better - let Apple say, "well we won't sell the iPhone in Australia any more".  See how quickly they backtrack on this policy if there was a threat of consumers/voters missing out of new model iPhones. But still a small enough market that they could afford to miss a few months sales. 
    watto_cobralostkiwi
  • Reply 17 of 67
    joogabahjoogabah Posts: 117member
    CelTan said:
    When will people understand that less privacy does not mean more safety?
    I had this discussion this week twice and each time the terrorist card was played:
    "If the government reading my iMessage just stops 1 terror attack then I am happy to give up my privacy!" 
    Great in theory and if the magic would exist to keep it "good governments" only and if I would believe it would stop a single incident, then I may even be persuaded.

    Herein lies the tri-fold issue:
    1. This magic does not exist - it will get out and will get exploited. It's either total encryption or none
    2. There are not so good governments, and you can't really say: Australia is nice, but I don't give it to North Korea (anybody having issues with North Korea reading their communications? 
    3. Once all the big messaging providers comply, the 'bad guys' will just make their own little encryption up and load it on their android cheap phones. - IE: They can still communicate 'securely' while the rest of the 'good people' are exposed.

    Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.


    I wouldn't care if North Korea read my messages.  They're just fighting for survival from a nuclear armed empire hell bent on seeing them destroyed, that routinely launches illegal aggressive wars against nations that pose no threat, for thinly veiled economic motives.  Has the DPRK ever invaded anyone?   Who did they bomb last?  I can't see how that would compromise me at all.  They seem to just want to be left alone.  But my own government?  What if Trump isn't even as low as it goes?   Scary!
    williamlondonlongpath
  • Reply 18 of 67
    joogabahjoogabah Posts: 117member
    The fundamental flaw with this and all similar legislation: it does absolutely nothing to stop anyone from using encryption. Encryption is mathematics, it can't be outlawed. It is utterly trivial to "roll your own" encrypted messaging system. All that these laws do is make it easier for the government to snoop on ordinary citizens, something which governments have historically been eager to do. Worse still many of the terrorist attacks which have utilised messaging systems did not even use encrypted services yet the various governments still didn't see them coming.

    The solution to terrorism has never, and will never be, a game of whack-a-mole with messaging services.
    It isn't about stopping "terrorists".  It is about rooting out political opposition at home.  Always has been.  The solution to terrorism is to stop bombing other countries.  Would save a ton of money too. 
    williamlondonmuthuk_vanalingamwatto_cobratzm41lostkiwinetmagegregoryhk
  • Reply 19 of 67
    YvLyYvLy Posts: 75member
    Quote: ""We need to say with one voice to Silicon Valley and its emulators: All right, you've devised these great platforms, now you've got to help us to ensure that the rule of law prevails.'" ..... What is it with these politicians ... this is the way an 8 years old talks ... plus it shows a complete lack of comprehension.
    watto_cobratzm41netmage
  • Reply 20 of 67
    noelos said:
    "Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"

    That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds. 

    100% Geoge Brandis an absolute F****  Baboon, alongside his goofball mate Malcom Turnbull who mind you uses "Whisper" for its so called
     security
    watto_cobranetmage
Sign In or Register to comment.