Australian government to ask for voluntary access to encrypted Apple data

2

Comments

  • Reply 21 of 41
    anomeanome Posts: 1,266member
    Rayz2016 said:
    The fact that this bloke thinks this technology is "new" just demonstrates how out of his depth and out of touch he really is. 

    I think it's unfair to brand George Brandis out of touch just because he doesn't get modern technology. There are plenty of other things he doesn't seem to understand that are arguably more relevant to his portfolio.

    Then there's the Prime Minister who, while discussing backdoors for security software, has recently claimed the law of Australia overrides the laws of Mathematics. And he's probably the smartest person in the cabinet.

    mattinozwonkothesane
  • Reply 22 of 41
    mattinozmattinoz Posts: 1,043member
    anome said:
    Rayz2016 said:
    The fact that this bloke thinks this technology is "new" just demonstrates how out of his depth and out of touch he really is. 

    I think it's unfair to brand George Brandis out of touch just because he doesn't get modern technology. There are plenty of other things he doesn't seem to understand that are arguably more relevant to his portfolio.

    Then there's the Prime Minister who, while discussing backdoors for security software, has recently claimed the law of Australia overrides the laws of Mathematics. And he's probably the smartest person in the cabinet.

    Not to mention both men in question used encrypted messaging to reorganize the party leadership not to long ago.
    anomewatto_cobra
  • Reply 23 of 41
    I am sure Apple is just quaking in its boots about the Australian Government introducing such legislation. I mean, thumbing your nose at the FBI and US Government is one thing, but to take on George Brandis and his merry morons is quite another.

    i look forward to the backlash when the government here try to ban Apple products! :) 

    the safe analogy by zimmie above above is a good one for the double standards that these governments have.

    More power to you Apple. Meanwhile, back at Google.... :(
    watto_cobra
  • Reply 24 of 41
    People can't point to statistics all they want about how terrorism isn't likely to effect you. Sure it may not kill you. However, it does have a marked effect on tourism, travel, and countless other areas of life. WSJ was reporting that Indonesia was ready to block telegram last week unless they started screening Islamist chat groups. I wish more countries had balls like this. The least apple could do would be to take these apps off the App Store. The fact they're allowing China to store iCloud data means that they only care about privacy when it's economically expedient to. 
  • Reply 25 of 41
    Ah yes, the 14th July 2017will be remembered as the day you realised Australian Politicians are so stupid that they believe that they can make something true just by saying it is.

    Actual Quote from our Prime Minister:

    "The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." -- Malcolm Turnbull


    I cannot face palm enough over this.....


    watto_cobra
  • Reply 26 of 41
    uroshnoruroshnor Posts: 80member
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 
    We as a society must accept that a good number of us will die, even if the terrorists only use _unencrypted_ communications. This has happened already. 

    There's really 3 parts to what AG Brandis is asking for, so it may well be a negotiating tactic.

    1. For countries that aren't the US, obtaining data that vendors do have, takes forever (aka 6-12 months). The have to use a process called the Multi-Lateral Assistance Treaty to get a US based company to send a foreign LE agency data relevant to a case under a warrant. Its reasonable for them to  say to companies "there's got to be a better way for this to be processed faster", when a US LE agency can get the answer in days.

    2. Brandis is also implying that he wants companies to support LE in installing malware implants in devices when they are ordered to by a court. This probably means "poisoning" a software update that is delivered to a specific device only. This is very similar to what Apple fought the FBI over in the San Bernadino case.

    3. Brandis is also implying  he wants companies to change their products to build in a back door to allow LE access to encrypted traffic. This is currently only possible for certain services and architectures (e.g. not iMessage itself, but iMessages that are in an iCloud backup are fair game currently). This is s defacto ban on end-to-end encryption in clients.

    The first point is pretty reasonable, and I actually do hope they get to a better, more responsive process than exists at the moment.

    The second point is nuclear. How can the Australian Government stop a foreign government doing exactly the same thing, to force a vendor to help it target Australian Government devices ? If this practice becomes an accepted as lawful, nobody using publicly available devices is secure, including the governments themselves. 2016 election hacking will be a footnote compared to the devastation to follow. Governments could still use non-publically available devices, but they will to be hugely expensive compared to consumer devices.

    The third point is also nuclear. It forces every vendor to take authoritarian steps to try and control access to that system. Most vendors would prefer to build a secure architecture, where even if they were compromised, they could not access the data. The rationale is that if they build a mechanism, it will eventually leak, be compromised or otherwise subverted and get out in the wild, and at that point, nobody is secure, including governments. This is not theoretical - both Microsoft and Google have had major leaks or hacks through their LE access systems already.

    Lastly, both point 2 and 3 contravened the UN Universal Declaration on Human rights - it is very clear on its stance on privacy of the individual (basically government can not compromise individual privacy, including communications), versus privacy of organisations (governments can apply lawful compromises the privacy of a corporations communications). As Australia is a signatory to the UN UDHR.
    mattinoz
  • Reply 27 of 41
    mattinozmattinoz Posts: 1,043member
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 
    If you look at the statistics then one of the biggest preventable killers is stress. It is a major contributing factor in all of the top reasons people die of something other than age. If the price we pay to stop terror attacks for a low simmering level of extra stress have we really saved any lives?

    Or is the toll just an ignorable part of the modern world.
  • Reply 28 of 41
    foggyhillfoggyhill Posts: 4,767member
    securtis said:
    People can't point to statistics all they want about how terrorism isn't likely to effect you. Sure it may not kill you. However, it does have a marked effect on tourism, travel, and countless other areas of life. WSJ was reporting that Indonesia was ready to block telegram last week unless they started screening Islamist chat groups. I wish more countries had balls like this. The least apple could do would be to take these apps off the App Store. The fact they're allowing China to store iCloud data means that they only care about privacy when it's economically expedient to. 
    This is a non sequitur cause terrorism cannot be fixed that way; terrorists could just run encryption straight through a javascript library. Do you want Apple to enable government to put hooks for malware in Safari or to hijack the browser next huh.  Linking things that are not linked to another is a the set of fallacies yet people like you keep doing it. There is a whole lists of fallacies that use this rhetorical device.

    Can't believe the shit people are ready to give away for no reason at all.
  • Reply 29 of 41
    foggyhillfoggyhill Posts: 4,767member
    mattinoz said:
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 
    If you look at the statistics then one of the biggest preventable killers is stress. It is a major contributing factor in all of the top reasons people die of something other than age. If the price we pay to stop terror attacks for a low simmering level of extra stress have we really saved any lives?

    Or is the toll just an ignorable part of the modern world.
    It is statistical noise in the day to day stress of people trying to survive day to day, including or just driving in traffic.
    Not having no home, no food, no friends, no options really is the bigger stressor. It's when our exit doors are closed that stress goes through the roof, flight is not even possible and all we got is fight... But fight against what when the adversary is a bad boss or terrible living conditions.

    Even people living in war zones can abstract a lot of shit we would think is unbearable; this is a defense mechanism or we'd all go crazy.

  • Reply 30 of 41
    analogjackanalogjack Posts: 1,066member
    The Australian govt. are such a bunch of doofuses (doofi?) I noticed that TPB wouldn't load last night and discovered that I had turned off my VPN and forgot to switch it back on, then on a hunch I typed in 'Aus govt. bans TPB', and I was surprised to see that the Federal court upheld a ban on TPB last November. I was not even aware of it, and just for my own amusement I found that putting either google DNS or a public DNS as my server also was good enough to bypass it, as the block was only at the DNS level. Similarly it is ludicrous to ask Apple to voluntarily decrypt the data for reasons that are painfully obvious to anyone with an IQ more than their shoe size.

    It's like the govt. says 'OK we want you to chew through this piece of half inch thick steel plate, cause if you refuse then we are going to get a court order to make you'.
    edited July 2017
  • Reply 31 of 41
    pk22901pk22901 Posts: 138member
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 
    No.
  • Reply 32 of 41
    nhtnht Posts: 4,429member
    uroshnor said:
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 
    We as a society must accept that a good number of us will die, even if the terrorists only use _unencrypted_ communications. This has happened already. 

    There's really 3 parts to what AG Brandis is asking for, so it may well be a negotiating tactic.

    1. For countries that aren't the US, obtaining data that vendors do have, takes forever (aka 6-12 months). The have to use a process called the Multi-Lateral Assistance Treaty to get a US based company to send a foreign LE agency data relevant to a case under a warrant. Its reasonable for them to  say to companies "there's got to be a better way for this to be processed faster", when a US LE agency can get the answer in days.

    2. Brandis is also implying that he wants companies to support LE in installing malware implants in devices when they are ordered to by a court. This probably means "poisoning" a software update that is delivered to a specific device only. This is very similar to what Apple fought the FBI over in the San Bernadino case.

    3. Brandis is also implying  he wants companies to change their products to build in a back door to allow LE access to encrypted traffic. This is currently only possible for certain services and architectures (e.g. not iMessage itself, but iMessages that are in an iCloud backup are fair game currently). This is s defacto ban on end-to-end encryption in clients.

    The first point is pretty reasonable, and I actually do hope they get to a better, more responsive process than exists at the moment.

    The second point is nuclear. How can the Australian Government stop a foreign government doing exactly the same thing, to force a vendor to help it target Australian Government devices ? If this practice becomes an accepted as lawful, nobody using publicly available devices is secure, including the governments themselves. 2016 election hacking will be a footnote compared to the devastation to follow. Governments could still use non-publically available devices, but they will to be hugely expensive compared to consumer devices.

    The third point is also nuclear. It forces every vendor to take authoritarian steps to try and control access to that system. Most vendors would prefer to build a secure architecture, where even if they were compromised, they could not access the data. The rationale is that if they build a mechanism, it will eventually leak, be compromised or otherwise subverted and get out in the wild, and at that point, nobody is secure, including governments. This is not theoretical - both Microsoft and Google have had major leaks or hacks through their LE access systems already.

    Lastly, both point 2 and 3 contravened the UN Universal Declaration on Human rights - it is very clear on its stance on privacy of the individual (basically government can not compromise individual privacy, including communications), versus privacy of organisations (governments can apply lawful compromises the privacy of a corporations communications). As Australia is a signatory to the UN UDHR.
    Regarding point 2 an earlier report on his definition of "backdoor" was that manufactures would apply any privately known vulnerabilities that had not been fixed to break a specified device.  This is essentially what the private security companies have done:  used their own stash of zero days against a device.

    To break any chain you only need to break the weakest link and that's not usually the encryption.

    Point 3 is problematic but happens today anyway...not by the vendor but by national agencies.  Which implies that they should have those agencies do that rather than the vendor but they won't for LE because it would increase the chance the vulnerability is found and fixed.

    Australian devices used by their government is already targeted by their neighbors and allies. 

    The US response to the "outrage" of us spying on allies was essentially "sorry we embarrassed you by getting caught" because everyone does it to both friends and enemies.

    This isn't to say I agree with their desire for #3 but #1 seems fine as well as asking for manufacturers to apply any known vulnerabilities to try and break a device.  That helps everyone since manufacturers have even more incentive to fix vulnerabilities in a timely fashion and for users to update...if they can.  Android users may be SOL.
  • Reply 33 of 41
    nhtnht Posts: 4,429member
    zimmie said:
    Manufacturers of safes are not required to maintain a list of all of their customers' combinations. Let's say law enforcement believes a customer has something illegal in a safe and a judge agrees; they have a warrant to open it. The manufacturer can provide technical details on how it is constructed to help a safecracker open it, but the manufacturer cannot provide the combination. I do not see why technology companies should be held to a different standard.
    An earlier article says that this is (part of) what they want.  Some manufacturers don't want to comply because it makes their products seem more vulnerable...especially the crappy vendors with crappy products.

    Even good products will have some exploitable vulnerabilities.  If they can get the manufacturer to voluntarily do the breakin then no proprietary information gets out into wild.

    Thats probably the best middle ground for everyone but if they won't cooperate then they want the ability to compel them to do so. I don't know how that would work without increasing vulnerabilities being released so it seems like a poor second choice.  

    Apple at least is most likely to bite the bullet and change the implementation to close the hole if they have to.
  • Reply 34 of 41
    nhtnht Posts: 4,429member
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 
    Sure. Thankfully the number who die in violent attacks of that nature is quite small. Far fewer than those who die in auto accidents, which is accepted for us to have an auto based culture, which didn’t always exist. 
    In 2011 32,479 people died in car accidents.  However in 2009 there were 36M EMS reponses and 28M transports.  So cars saved more lives than they took by providing more rapid access to emergency responders and transport to hospitals.

    Also, you make the mistake of treating every death as the same.  I would assert that violent death has a much higher impact on society than accidental ones.  In any case this is what we spend money (and therefore effort) on:
    United States Government Spending
    FY 2017 in $ billion
    Fed
    Gov.
    Xfer
    State
    Local
    Total
    Pensions 1,012.5 0.0 373.6 70.1 1,456.3 
    Health Care 1,145.3 -409.1 700.1 156.1 1,592.4 
    Education 159.6 -59.5 308.6 574.8 983.5 
    Defense 834.2 0.0 0.6 -0.3 834.5 
    Welfare 365.8 -122.1 80.7 79.4 403.8 
    Protection 41.0 -9.0 75.7 175.3 283.0 
    Transportation 93.8 -63.9 136.0 180.8 346.8 
    General Government 54.8 -2.8 50.1 69.0 171.1 
    Other Spending 79.1 -15.6 88.5 358.1 510.1 
    Interest 276.2 0.0 44.6 60.7 381.5 
    Balance -0.0 -0.0 0.0 -0.0 -0.0 
    Total Spending 4,062.2 -681.9 1,858.5 1,724.2 6,963.0 
    Federal Deficit 602.5 0.0 0.0 0.0 602.5 
    Gross Public Debt 20,354.4 0.0 1,166.8 1,851.6 23,372.9 
    Other Borrowing 212.5 0.0 0.0 0.0 212.5 
    Agency/GSE Debt 8,619.6 0.0 0.0 0.0 8,619.6

    http://www.usgovernmentspending.com/current_spending

    Protection covers law enforcement at every level (with majority at the state and local level) 

    Detailed breakdown of protection spending is this:

    Protection:  Start chart 41.0 -9.0 75.7 175.3 283.0 
    [+]  Police services 34.0 -6.3 15.5 97.2 140.4 
    [+]  Fire protection services 0.0 0.0 0.6 44.7 45.4 
    [+]  Prisons 7.0 0.0 52.0 29.3 88.3 
    [+]  R and D Public order and safety 0.0 0.0 0.0 0.0 0.0
    [+]  Public order and safety n.e.c. 0.0 -2.6 7.5 4.1 8.9 

    Note that DHS has more than $34B but that includes FEMA, etc.

    If you want all the gory details you can look at:

    https://www.dhs.gov/sites/default/files/publications/FY2017BIB.pdf

    We don't spend all that much on anti-terroristm stuff in the grand scheme of things...about $6Bish earmarked for anti-terrorism for DHS.
    gatorguy
  • Reply 35 of 41
    linkmanlinkman Posts: 903member
    Ah yes, the 14th July 2017will be remembered as the day you realised Australian Politicians are so stupid that they believe that they can make something true just by saying it is.

    Actual Quote from our Prime Minister:

    "The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." -- Malcolm Turnbull


    I cannot face palm enough over this.....


    Has he successfully overturned some other laws such as gravity, thermodynamics, electricity, magnetism, chemistry, and reality?
  • Reply 36 of 41
    anomeanome Posts: 1,266member
    linkman said:
    Ah yes, the 14th July 2017will be remembered as the day you realised Australian Politicians are so stupid that they believe that they can make something true just by saying it is.

    Actual Quote from our Prime Minister:

    "The laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." -- Malcolm Turnbull


    I cannot face palm enough over this.....


    Has he successfully overturned some other laws such as gravity, thermodynamics, electricity, magnetism, chemistry, and reality?


    I'll repeat, he is probably the smartest man in the cabinet. By a significant margin. (Actually, I suspect Julie Bishop may be smarter, but she's not a man so her chances of being chosen as leader of this lot are pretty minimal.)

    And he was a great leap forward from his predecessor (and possible successor) Tony Abbott. At least Malcolm isn't a dogmatic hard right Christian. Nor would he eat a raw onion that hadn't been peeled, cleaned, sliced on top of a nice salad, and dressed with a balsamic vinaigrette.

  • Reply 37 of 41
    evilutionevilution Posts: 1,353member
    Please don't ask as being told to "go fuck yourself" often offends.
  • Reply 38 of 41
    Don't forget that OZ is part of the 5 eyes. What they end up being able to see, the others will to.
  • Reply 39 of 41
    anton zuykovanton zuykov Posts: 1,031member
    joogabah said:
    lkrupp said:
    So we as a society must accept the fact that if we want to remain free a good number of us must be prepared to die in terrorist attacks? Is that what this argument boils down to? 

    — You are 17,600 times more likely to die from heart disease than from a terrorist attack

    — You are 12,571 times more likely to die from cancer than from a terrorist attack

    — You are 11,000 times more likely to die in an airplane accident than from a terrorist plot involving an airplane

    — You are 1048 times more likely to die from a car accident than from a terrorist attack

    –You are 404 times more likely to die in a fall than from a terrorist attack

    — You are 87 times more likely to drown than die in a terrorist attack

    — You are 13 times more likely to die in a railway accident than from a terrorist attack

    –You are 12 times more likely to die from accidental suffocation in bed than from a terrorist attack

    –You are 9 times more likely to choke to death on your own vomit than die in a terrorist attack

    —You are 8 times more likely to be killed by a police officer than by a terrorist

    –You are 8 times more likely to die from accidental electrocution than from a terrorist attack

    — You are 6 times more likely to die from hot weather than from a terrorist attack

    http://www.washingtonsblog.com/2011/06/fear-of-terror-makes-people-stupid.html

    The only problem with that comparison, is that, terrorist attacks is not a natural thing. In other words, if you let half of Pakistan in the US today, that ratio of hearth death vs terrorist deaths are gonna change a lot. So, using that comparison is JUST a bit dishonest.
    Almost no one crashes his own car on purpose (excluding suicide attempts), but at the same time none of the attacks happened by accident.

  • Reply 40 of 41
    SpamSandwichSpamSandwich Posts: 31,015member
    The answer is "no".
Sign In or Register to comment.