When will people understand that less privacy does not mean more safety? I had this discussion this week twice and each time the terrorist card was played: "If the government reading my iMessage just stops 1 terror attack then I am happy to give up my privacy!" Great in theory and if the magic would exist to keep it "good governments" only and if I would believe it would stop a single incident, then I may even be persuaded.
Herein lies the tri-fold issue: 1. This magic does not exist - it will get out and will get exploited. It's either total encryption or none 2. There are not so good governments, and you can't really say: Australia is nice, but I don't give it to North Korea (anybody having issues with North Korea reading their communications? 3. Once all the big messaging providers comply, the 'bad guys' will just make their own little encryption up and load it on their android cheap phones. - IE: They can still communicate 'securely' while the rest of the 'good people' are exposed.
Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.
I wouldn't care if North Korea read my messages. They're just fighting for survival from a nuclear armed empire hell bent on seeing them destroyed, that routinely launches illegal aggressive wars against nations that pose no threat, for thinly veiled economic motives. Has the DPRK ever invaded anyone? Who did they bomb last? I can't see how that would compromise me at all. They seem to just want to be left alone. But my own government? What if Trump isn't even as low as it goes? Scary!
How crazy do you have to be to support North Korea? Have you been licking frogs? Or do you have to write such drivel so your family back home won’t be sent to a labor camp?
I wouldn't care if North Korea read my messages. They're just fighting for survival from a nuclear armed empire hell bent on seeing them destroyed, that routinely launches illegal aggressive wars against nations that pose no threat, for thinly veiled economic motives. Has the DPRK ever invaded anyone? Who did they bomb last? I can't see how that would compromise me at all. They seem to just want to be left alone. But my own government? What if Trump isn't even as low as it goes? Scary!
Turnbull said "The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia." Well he got that wrong, the laws of mathematics are immutable and no law can change that. If Apple doesn't have the key then, that's the end of the matter.
The fundamental flaw with this and all similar legislation: it does absolutely nothing to stop anyone from using encryption. Encryption is mathematics, it can't be outlawed. It is utterly trivial to "roll your own" encrypted messaging system. All that these laws do is make it easier for the government to snoop on ordinary citizens, something which governments have historically been eager to do. Worse still many of the terrorist attacks which have utilised messaging systems did not even use encrypted services yet the various governments still didn't see them coming.
The solution to terrorism has never, and will never be, a game of whack-a-mole with messaging services.
It isn't about stopping "terrorists". It is about rooting out political opposition at home. Always has been. The solution to terrorism is to stop bombing other countries. Would save a ton of money too.
It is interesting you know absolutely nothing about the cause and effect of terrorism.
The fundamental flaw with this and all similar legislation: it does absolutely nothing to stop anyone from using encryption. Encryption is mathematics, it can't be outlawed. It is utterly trivial to "roll your own" encrypted messaging system. All that these laws do is make it easier for the government to snoop on ordinary citizens, something which governments have historically been eager to do. Worse still many of the terrorist attacks which have utilised messaging systems did not even use encrypted services yet the various governments still didn't see them coming.
The solution to terrorism has never, and will never be, a game of whack-a-mole with messaging services.
It isn't about stopping "terrorists". It is about rooting out political opposition at home. Always has been. The solution to terrorism is to stop bombing other countries. Would save a ton of money too.
Germany doesn't bomb other countries AFAIK. Belgium doesn't do so any longer either AFAIK, not since 2015. Even back then they only had about 25 troops involved in it as I'm reading it. Doesn't seem to stop terrorist attacks tho. Jus' sayin'...
"Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms, a technique widely panned by service providers who the technique inherently weakens security. Apple, for instance, has long declined to build in backdoors to iMessage, iCloud and its other network offerings, citing consumer privacy concerns."
In other words, the Australian AG believes in magic.
That’s fine, Apple can just say, “ok, we will try to crack the encryption of these messages, should get back to you in about 6 billion years once it’s finished”
It only took Deep Thought seven and a half million years calculate the answer to The Ultimate Question of Life, the Universe, and Everything.
"We've got a real problem in that...." we can no longer see what our population is up to, due to this encryption thingy and that scares us shitless. So we flash the crime-, pedo- and terrorists cards as leverage to get it mitigated.
You know what? Before the digital age law enforcement had basically two avenues for surveillance of suspects, namely wiretaps and stakeouts. Suspect’s communications and movements were tracked, photos were taken, infiltrators were inserted. Those tactics, with a judge’s warrant, were and are legal today. Again, with a warrant and probable cause, police can search your home, your automobile, your body cavities. How is that different from what law enforcement wants in the digital age? They want to ‘wiretap’ a digital communication. And with a warrant I see nothing sinister about that. The anti-government mania that has permeated the techie universe seems irrational to me. We are a democratic republic and if our elected representatives, with our support, make it legal to search encrypted communications then that’s how democracy works. The idea of some government agency randomly collecting data on citizens not under suspicion is pretty far fetched. Companies like Google, Apple, Amazon, Microsoft already actually know more about us than the ‘evil’ NSA does. Get grip and recognize your paranoia.
When will people understand that less privacy does not mean more safety? I had this discussion this week twice and each time the terrorist card was played: "If the government reading my iMessage just stops 1 terror attack then I am happy to give up my privacy!" Great in theory and if the magic would exist to keep it "good governments" only and if I would believe it would stop a single incident, then I may even be persuaded.
Herein lies the tri-fold issue: 1. This magic does not exist - it will get out and will get exploited. It's either total encryption or none 2. There are not so good governments, and you can't really say: Australia is nice, but I don't give it to North Korea (anybody having issues with North Korea reading their communications? 3. Once all the big messaging providers comply, the 'bad guys' will just make their own little encryption up and load it on their android cheap phones. - IE: They can still communicate 'securely' while the rest of the 'good people' are exposed.
Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.
I wouldn't care if North Korea read my messages. They're just fighting for survival from a nuclear armed empire hell bent on seeing them destroyed, that routinely launches illegal aggressive wars against nations that pose no threat, for thinly veiled economic motives. Has the DPRK ever invaded anyone? Who did they bomb last? I can't see how that would compromise me at all. They seem to just want to be left alone. But my own government? What if Trump isn't even as low as it goes? Scary!
How crazy do you have to be to support North Korea? Have you been licking frogs? Or do you have to write such drivel so your family back home won’t be sent to a labor camp?
Yes, people like this do exist. Read the ‘letters to the editor’ page in your local newspaper. They are all around us.
"We've got a real problem in that...." we can no longer see what our population is up to, due to this encryption thingy and that scares us shitless. So we flash the crime-, pedo- and terrorists cards as leverage to get it mitigated.
When will people understand that less privacy does not mean more safety? I had this discussion this week twice and each time the terrorist card was played: "If the government reading my iMessage just stops 1 terror attack then I am happy to give up my privacy!" Great in theory and if the magic would exist to keep it "good governments" only and if I would believe it would stop a single incident, then I may even be persuaded.
Herein lies the tri-fold issue: 1. This magic does not exist - it will get out and will get exploited. It's either total encryption or none 2. There are not so good governments, and you can't really say: Australia is nice, but I don't give it to North Korea (anybody having issues with North Korea reading their communications? 3. Once all the big messaging providers comply, the 'bad guys' will just make their own little encryption up and load it on their android cheap phones. - IE: They can still communicate 'securely' while the rest of the 'good people' are exposed.
Funny enough the "I don't need privacy" people I talked to did not understand any of the above points.
I wouldn't care if North Korea read my messages. They're just fighting for survival from a nuclear armed empire hell bent on seeing them destroyed, that routinely launches illegal aggressive wars against nations that pose no threat, for thinly veiled economic motives. Has the DPRK ever invaded anyone? Who did they bomb last? I can't see how that would compromise me at all. They seem to just want to be left alone. But my own government? What if Trump isn't even as low as it goes? Scary!
How crazy do you have to be to support North Korea? Have you been licking frogs? Or do you have to write such drivel so your family back home won’t be sent to a labor camp?
Is he supporting DPRK or just thinks that they aren't a huge threat to the US or its democracy? It sounds like the latter, to me. Plus, don't you have any concern for the poor people of that country or do you think that they're all a bunch of man-babies like Kim Jong-Un? Have you really not seen the conditions in which those people live?
Bottom line: If you're in the US and think DPRK is the biggest threat to your day to day safety over domestic crime then you're watching too much sensationalist news.
The solution to terrorism is to stop bombing other countries. Would save a ton of money too.
Germany doesn't bomb other countries AFAIK. Belgium doesn't do so any longer either AFAIK, not since 2015. Even back then they only had about 25 troops involved in it as I'm reading it. Doesn't seem to stop terrorist attacks tho. Jus' sayin'...
Let's go a bit deeper on this than one-liners and catchphrases shall we?
Instead of trying to stop individual terror attacks, what if you could do something stop the terrorist group from forming and/or gaining power in the first place? Find the cause and effect and eliminate the cause?
With that in mind, let's read a bit about the history of ISIL. From the section titled Historical Names:
The group has had various names since it was founded in 1999 by Jordanian radical Abu Musab al-Zarqawi under the name Jamāʻat al-Tawḥīd wa-al-Jihād
Following the US invasion of Iraq and the ensuing insurgency, Jama'at became a decentralized militant network fighting against the coalition forces and their Iraqi allies. Jama'at included a growing number of foreign fighters[9][19] and a considerable Iraqi membership, including remnants of Ansar al-Islam.
I'll let you take a guess why they gained a considerable Iraqi membership after the US invasion of Iraq.
But, but, we needed to invade Iraq to stop Saddam Hussein from supporting terrorism after the 9/11 attacks you say? Well, what if Saddam Hussein didn't have the means to support terror in the first place, thus eliminating the cause of 9/11? From the Iran-Iraq war section of Saddam Hussein's history:
In a US bid to open full diplomatic relations with Iraq, the country was removed from the US list of State Sponsors of Terrorism. Ostensibly, this was because of improvement in the regime's record, although former United States Assistant Secretary of Defense Noel Koch later stated, "No one had any doubts about [the Iraqis'] continued involvement in terrorism ... The real reason was to help them succeed in the war against Iran."[61] The Soviet Union, France, and China together accounted for over 90% of the value of Iraq's arms imports between 1980 and 1988.
and
Saddam reached out to other Arab governments for cash and political support during the war, particularly after Iraq's oil industry severely suffered at the hands of the Iranian navy in the Persian Gulf. Iraq successfully gained some military and financial aid, as well as diplomatic and moral support, from the Soviet Union, China, France, and the United States, which together feared the prospects of the expansion of revolutionary Iran's influence in the region.
So the US (and other western countries like France and Germany) supported Saddam Hussein, even though they knew he was funding terrorism (not to mention using chemical weapons) because they were against the government of Iran.
But the Iranian government was evil right? Well, let's dig into the history and details of the creation of that government: the Iranian revolution. There's a lot to take in there, but the key point in relation to the "evilness" of the Iranian government has to do with the fact that they were overthrowing a regime which was pro-US. A regime which was brought to power by overthrowing a democratically elected leader via a coup d'état supported by the US and the UK. The coup d'état was all about access to oil in Iran.
So now, getting back to the original topic about terror attacks in countries which don't bomb other countries, like Germany and France. We can see that those countries did have a hand in the meddling in the governmental affairs and wars in the middle east. There is a cause and effect chain, it's just a little more complex than a one-liner.
"Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"
That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds.
Actually, he's correct. As GrangerFx proposes, it's not a backdoor into the device that would be needed to adhere to this law; it's a simple matter of not encrypting communications sent from devices.
I've long held the position that the device itself should be considered an extension of its owner's mind, and therefore should be sacrosanct with respect to backdoors to encryption, at least as long as society maintains that it's wrong to probe our minds (using torture or sodium pentathol or some such means). Let Apple do as GrangerFx suggests, use these governments as a test case for the rest of the world, by dropping encryption on inter-device communications. Any communications that leaves the device leaves with encryption for which a key is provided to the Australian government. But data on the device remains under the same strong encryption as is currently utilized. As EsquireCats suggests, it will do nothing to stop terrorists who can simply decide to utilize one of the many hundreds of available apps that provide encrypted communications, or roll their own, for use on either Andriod or jailbroken iPhones.
Can't believe an AI moderator doesn't understand the trap you just suggested. Give in once and you've set the precedent for it to be used all over the world. You can't trust any government to act in the best interests of law abiding citizens, especially when the terrorists buzz word is tossed around. I don't agree with the NRA but it's a perfect example of a group demanding they keep what they feel is a basic right. I as a US citizen feel my messages and data are mine to control and nobody else's. When I send or store something encrypted, nobody except people I trust have access to that data, including any encryption key. No exceptions.
I worked for a government agency and we used encrypted communications required by law. Our agency had access to the keys but that's because all communication was not my property but the property of my agency, and by extension, the DOE. This is a different case and governments and enterprise installations can do what they want but I can guarantee no enterprise installation will allow the US government access to their encryption keys, which protect their information because they know someone will use lose their proprietary information and simply make up some lame excuse.
Encrypt everything and protect your own keys. That's the only way for citizens and enterprises to protect their information. Australia and other countries need to wake up and understand they are not in control of their citizens' every word. We do have basic human rights to not have every word out of our mouths controlled by our various governments.
"Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"
That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds.
Actually, he's correct. As GrangerFx proposes, it's not a backdoor into the device that would be needed to adhere to this law; it's a simple matter of not encrypting communications sent from devices.
I've long held the position that the device itself should be considered an extension of its owner's mind, and therefore should be sacrosanct with respect to backdoors to encryption, at least as long as society maintains that it's wrong to probe our minds (using torture or sodium pentathol or some such means). Let Apple do as GrangerFx suggests, use these governments as a test case for the rest of the world, by dropping encryption on inter-device communications. Any communications that leaves the device leaves with encryption for which a key is provided to the Australian government. But data on the device remains under the same strong encryption as is currently utilized. As EsquireCats suggests, it will do nothing to stop terrorists who can simply decide to utilize one of the many hundreds of available apps that provide encrypted communications, or roll their own, for use on either Andriod or jailbroken iPhones.
Can't believe an AI moderator doesn't understand the trap you just suggested. Give in once and you've set the precedent for it to be used all over the world. You can't trust any government to act in the best interests of law abiding citizens, especially when the terrorists buzz word is tossed around. I don't agree with the NRA but it's a perfect example of a group demanding they keep what they feel is a basic right. I as a US citizen feel my messages and data are mine to control and nobody else's. When I send or store something encrypted, nobody except people I trust have access to that data, including any encryption key. No exceptions.
I worked for a government agency and we used encrypted communications required by law. Our agency had access to the keys but that's because all communication was not my property but the property of my agency, and by extension, the DOE. This is a different case and governments and enterprise installations can do what they want but I can guarantee no enterprise installation will allow the US government access to their encryption keys, which protect their information because they know someone will use lose their proprietary information and simply make up some lame excuse.
Encrypt everything and protect your own keys. That's the only way for citizens and enterprises to protect their information. Australia and other countries need to wake up and understand they are not in control of their citizens' every word. We do have basic human rights to not have every word out of our mouths controlled by our various governments.
So am I assume you also think current methods of surveillance, like search warrants, traditional wire tapping, photographs, informants, should be shut down too? The government has no interest or right to surveil any of its citizens because governments are, well, evil? And what do you mean by ‘law abiding’ citizens anyway. It would seem by your way of thinking governments (even democratic ones) don’t have the right to make laws in the first place since they don’t have their ‘citizens’ best interests in mind’.
Simple solution: Apple should just spend a token amount of money to show that it's trying to build a quantum computer sufficiently powerful to decrypt messages without building some sort of backdoor.
So am I assume you also think current methods of surveillance, like search warrants, traditional wire tapping, photographs, informants, should be shut down too? The government has no interest or right to surveil any of its citizens because governments are, well, evil? And what do you mean by ‘law abiding’ citizens anyway. It would seem by your way of thinking governments (even democratic ones) don’t have the right to make laws in the first place since they don’t have their ‘citizens’ best interests in mind’.
While you make some valid points (with appropriate over-site, this should be done) the issue really is with the math. When all it takes to do this is (Okay there are some more support libraries but it is not hard):
sub encrypt { my ($self, %params) = @_; my $plaintext = $params{Message} || $params{Plaintext}; my $key = $params{Key}; return $self->error ($key->errstr, \%params, $key, \$plaintext) unless $key->check(); my $blocksize = blocksize ( $$self{es}->encryptblock (Key => $key), length($plaintext) ); return $self->error("Message too long.", \$key, \%params) if $blocksize <= 0; my $cyphertext; my @segments = steak ($plaintext, $blocksize); for (@segments) { $cyphertext .= $self->{es}->encrypt (Message => $_, Key => $key) || return $self->error ($self->{es}->errstr, \$key, \%params); } if ($params{Armour} || $params{Armor}) { $cyphertext = $self->{pp}->armour ( Object => 'RSA ENCRYPTED MESSAGE', Headers => { Scheme => $$self{ES}{Module} || ${$KNOWNMAP{$$self{ES}{Name}}}{Module}, Version => $self->{es}->version() }, Content => { Cyphertext => $cyphertext }, Compress => 1, ); } return $cyphertext; }
There is NOTHING governments can do to stop people wanting/needing encryption from doing their own 10 minute implementation. It is out there. The code, implementation, methods and RAW source are out there and they are not going away. Until quantum computing comes on line, End-to-End encryption is available to every citizen, smuggler and terrorist. How do you propose to stop this without opening up every device to organized crime (note: Yes you can put in back-doors but they will be found putting 100's of millions of people at risk)?
The unthinking politicians of the world are trying to frame this as a Security VS Privacy issue. It isn't. It is a "feeling of Security VS a real Security and real Privacy issue". Law's, like the one Australia is proposing, put millions of people at real risk of having information like credit cards, bank data and personal locations (stalkers anyone) available to anyone with the money willing to buy it. At the same time, they do NOTHING to stop bad actors from using encryption on their own.
"Australia's Attorney-General George Brandis said he believes the new law can be implemented without building backdoors into encrypted platforms"
That's because George Brandis is a world-class moron with no understanding of technology. He could be even define what "meta-data" was when they wanted to bulk-collect that. If he does an interview on this topic, and half-informed interviewer will tear him to shreds.
Actually, he's correct. As GrangerFx proposes, it's not a backdoor into the device that would be needed to adhere to this law; it's a simple matter of not encrypting communications sent from devices.
I've long held the position that the device itself should be considered an extension of its owner's mind, and therefore should be sacrosanct with respect to backdoors to encryption, at least as long as society maintains that it's wrong to probe our minds (using torture or sodium pentathol or some such means). Let Apple do as GrangerFx suggests, use these governments as a test case for the rest of the world, by dropping encryption on inter-device communications. Any communications that leaves the device leaves with encryption for which a key is provided to the Australian government. But data on the device remains under the same strong encryption as is currently utilized. As EsquireCats suggests, it will do nothing to stop terrorists who can simply decide to utilize one of the many hundreds of available apps that provide encrypted communications, or roll their own, for use on either Andriod or jailbroken iPhones.
Can't believe an AI moderator doesn't understand the trap you just suggested. Give in once and you've set the precedent for it to be used all over the world. Encrypt everything and protect your own keys.
Note that upon entering the US your electronic device (ie Apple iPhone) may be subject to a search of its contents.
But you lock your phone with a pass-code and no legal authority can force you to unlock it making it essentially a stand-off, right? Not exactly. If you the foreign traveler refuse to unlock your device you may be barred from entering the country.
Ah, but you're a US citizen so they can't do squat? Wrong again. They can seize your smartphone for further examination if you refuse to comply with an unlock demand, while you yourself are permitted re-entry.
Comments
The title says:
It should say, "Proposed Australian law would force tech companies to decrypt customer messages" (emphasis mine)
A proposed law can't force anyone to do anything in the present.
Why would anyone want to enable them?
The same North Korea that beat a young tourist into a coma (and death) for stealing a poster?
The same North Korea that kidnaps South Korean and Japanese civilians?
I just wanted to check that we were talking about the same place.
In other words, the Australian AG believes in magic.
Bottom line: If you're in the US and think DPRK is the biggest threat to your day to day safety over domestic crime then you're watching too much sensationalist news.
Instead of trying to stop individual terror attacks, what if you could do something stop the terrorist group from forming and/or gaining power in the first place? Find the cause and effect and eliminate the cause?
With that in mind, let's read a bit about the history of ISIL. From the section titled Historical Names:
So now let's read about the history of Jamāʻat al-Tawḥīd wa-al-Jihād:
I'll let you take a guess why they gained a considerable Iraqi membership after the US invasion of Iraq.
But, but, we needed to invade Iraq to stop Saddam Hussein from supporting terrorism after the 9/11 attacks you say? Well, what if Saddam Hussein didn't have the means to support terror in the first place, thus eliminating the cause of 9/11? From the Iran-Iraq war section of Saddam Hussein's history:
and
So the US (and other western countries like France and Germany) supported Saddam Hussein, even though they knew he was funding terrorism (not to mention using chemical weapons) because they were against the government of Iran.
But the Iranian government was evil right? Well, let's dig into the history and details of the creation of that government: the Iranian revolution. There's a lot to take in there, but the key point in relation to the "evilness" of the Iranian government has to do with the fact that they were overthrowing a regime which was pro-US. A regime which was brought to power by overthrowing a democratically elected leader via a coup d'état supported by the US and the UK. The coup d'état was all about access to oil in Iran.
So now, getting back to the original topic about terror attacks in countries which don't bomb other countries, like Germany and France. We can see that those countries did have a hand in the meddling in the governmental affairs and wars in the middle east. There is a cause and effect chain, it's just a little more complex than a one-liner.
I worked for a government agency and we used encrypted communications required by law. Our agency had access to the keys but that's because all communication was not my property but the property of my agency, and by extension, the DOE. This is a different case and governments and enterprise installations can do what they want but I can guarantee no enterprise installation will allow the US government access to their encryption keys, which protect their information because they know someone will use lose their proprietary information and simply make up some lame excuse.
Encrypt everything and protect your own keys. That's the only way for citizens and enterprises to protect their information. Australia and other countries need to wake up and understand they are not in control of their citizens' every word. We do have basic human rights to not have every word out of our mouths controlled by our various governments.
sub encrypt {my ($self, %params) = @_;
my $plaintext = $params{Message} || $params{Plaintext};
my $key = $params{Key};
return $self->error ($key->errstr, \%params, $key, \$plaintext)
unless $key->check();
my $blocksize = blocksize ( $$self{es}->encryptblock (Key => $key),
length($plaintext)
);
return $self->error("Message too long.", \$key, \%params) if $blocksize <= 0;
my $cyphertext;
my @segments = steak ($plaintext, $blocksize);
for (@segments) {
$cyphertext .= $self->{es}->encrypt (Message => $_, Key => $key)
|| return $self->error ($self->{es}->errstr, \$key, \%params);
}
if ($params{Armour} || $params{Armor}) {
$cyphertext = $self->{pp}->armour (
Object => 'RSA ENCRYPTED MESSAGE',
Headers => {
Scheme => $$self{ES}{Module} || ${$KNOWNMAP{$$self{ES}{Name}}}{Module},
Version => $self->{es}->version()
},
Content => { Cyphertext => $cyphertext },
Compress => 1,
);
}
return $cyphertext;
}
But you lock your phone with a pass-code and no legal authority can force you to unlock it making it essentially a stand-off, right? Not exactly. If you the foreign traveler refuse to unlock your device you may be barred from entering the country.
Ah, but you're a US citizen so they can't do squat? Wrong again. They can seize your smartphone for further examination if you refuse to comply with an unlock demand, while you yourself are permitted re-entry.
Upwards of 5000 electronic devices per month were searched by border agents last year.
http://msnbcmedia.msn.com/i/MSNBC/Sections/NEWS/170712-cpb-wyden-letter.pdf