Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
overlord360

Australian Government Proposing Laws to enable the police to gain access to encrypted mobile phones.

Recommended Posts

We live in a society and not in isolation. To believe we live really have privacy is a deception.  Law enforcement is there keep the piece.  To be fair and protect the innocent, they need evidence to pass fair judgment and reduce harm.  If current mass produced technology goes against protecting the peace, the current technology will have to be shelved until a reasonable solution can be found.   Currently, tech companies primary concern is maximizing profits (privacy is a big seller).  Apple is an example.  They do not want to be involved with how their devices are being used.  The world we live in is becoming more dangerous.  Just recently a baggage handler stole a plane, performed stunts, and crashed it.

 

Solution:

1) IT: Devise a secure method with sufficient protection to allow legal warrants to access the information requested.

2) Personally: Assume nothing is secure.

3) Personally: Take precautions to protect your data without the aid of another entity. 

Link to post
Share on other sites

What I find interesting about this is that people are here treating this as if police cannot do their jobs without severely limiting the security of the rest of the public.

 

If their jobs are made so difficult today because of the technology and encryption how are they still operating today? They don't need and have never needed things like this in place to get their jobs done so I fail to see why anything like this should have any support.


Spoiler

Cpu: Ryzen 9 3900X – Motherboard: Gigabyte X570 Aorus Pro Wifi  – RAM: 4 x 16 GB G. Skill Trident Z @ 3200mhz- GPU: ASUS  Strix Geforce GTX 1080ti– Case: Phankteks Enthoo Pro M – Storage: 500GB Samsung 960 Evo, 1TB Intel 800p, Samsung 850 Evo 500GB & WD Blue 1 TB PSU: EVGA 1000P2– Display(s): ASUS PB238Q, AOC 4k, Korean 1440p 144hz Monitor - Cooling: NH-U12S, 2 gentle typhoons and 3 noiseblocker eloops – Keyboard: Corsair K95 Platinum RGB Mouse: G502 Rgb & G Pro Wireless– Sound: Logitech z623 & AKG K240

Link to post
Share on other sites
On 8/14/2018 at 2:31 AM, asus killer said:

You are basically saying crime get's a "all you can eat" pass just because the system can abuse it, bad guys can use it. Seems fair and unreasonable at the same time. You just have to measure the consequences of both. I'm going with not giving crime this tool unchecked even if it cost a bit of my privacy. You have always the option to not use a phone or use it with extra care to not reveal what you want to be private.

 

No, that's not the case.  There are other ways to determine guilt and innocence in terms of criminality.  LEAs don't necessarily need the data in those messages to do their job, it just makes it easier.  And it won't cost you "a bit" of your privacy, it will cost you all of it. 

 

Not only that, you're giving all governments, essentially, the ability to do whatever they want with data because once the tool is created, every government will do anything they can to acquire it.  They will literally know everything, and if they know everything, it's pretty easy to control the herd and squash dissenting opinions.  This tool would be acquired and used by despotic regimes around the world, and would be used to literally jail or even kill detractors, just so police in Australia have an easier time conducting their investigations.  Is that a world you want to live in?  Are those consequences not dire enough for you to change your mind?


My Rig:

-i7 7700k @ 4.8 Ghz, delid

-ASRock Z270-ITX/ac mobo 

-16GB G.Skill Ripjaws V @ 3000Mhz

-RX 580 Sapphire Nitro+

-240 AIO, Celsius S24

-Crucial MX300 525GB, 2TB HDD

-Fractal Design Define Nano S

-650 80+ Gold semi modular from EVGA

-1080p 75Hz dell monitor

Link to post
Share on other sites
1 hour ago, peanuts104 said:

 

No, that's not the case.  There are other ways to determine guilt and innocence in terms of criminality.  LEAs don't necessarily need the data in those messages to do their job, it just makes it easier.  And it won't cost you "a bit" of your privacy, it will cost you all of it. 

 

Not only that, you're giving all governments, essentially, the ability to do whatever they want with data because once the tool is created, every government will do anything they can to acquire it.  They will literally know everything, and if they know everything, it's pretty easy to control the herd and squash dissenting opinions.  This tool would be acquired and used by despotic regimes around the world, and would be used to literally jail or even kill detractors, just so police in Australia have an easier time conducting their investigations.  Is that a world you want to live in?  Are those consequences not dire enough for you to change your mind?

you can't do that. They don't need it, but you loose all privacy. That's not even remotely true. There may be cases it is the only evidence or even the missing evidence to build a case, and in the other hand saying you loose all privacy is a little bit far reaching in your part don't you think.

Maybe somewhere in the middle. They don't need unchecked access and they aren't asking for it. And this privacy apocalypse is too much.


.

Link to post
Share on other sites
7 hours ago, Amazonsucks said:

They already do compromise the endpoint in that fashion all the time, just as Edward Snowden, Thomas Drake and Bill Binney have shown us.

 

They dont need this to pass. Its been done for years. They claim its usually done against foreign nationals who have given them probable cause, but we know thats not true from the leaks.

 

This is like the UK snoopers charter, which is the first step in creating a 1984 police state AKA China.

 

Isolated cases like the NSA leakers who have exposed the USA, UK, Aus, Canada and NZ 5 eyes spying alliance's massive abuses against their own citizens that have been going on for longer than youve been voting?

 

Just because one is old doesnt mean theyve been observant enough to be correct. Your argument depends on a pretty huge logical fallacy there, and besides, someone who lived a couple thousand years before you said "it is the wise man who understands that he is not wise".

 

Its pretty obvious that Australia is following the UKs lead here, and the UK is following Chinas lead. Theyre literally prosecuting people for making jokes in the UK now.

 

As to all this Orwellian spying... does it REALLY stop crime? Definitely would love to see some data on mass spying actually preventing crime in any country. Its usually a way to keep people in line if history and leaks are anything to go by.

 

 

Haha, Go back to your 1984 paranoia.  Laws need to catch up to 21st century tech.  You are conflating different conditions that I said I would not address:

 

11 hours ago, mr moose said:

 

now before people jump in with isolated cases of corruption or antiquated laws that just don't seem to want to go anywhere, I am talking about our country and systems as a whole.   I don't need to cherry pick the odd situation in order to try and claim the whole thing is broken. Therefore I will not respond to silly accusations that are usually context dependent and not something that can just be applied to everything.

 

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
Quote

If you outlaw unbreakable encryption, only outlaws will have unbreakable encryption.

 

They can demand all they want, at the end of the day criminals and terrorists will just resort to other means to communicate, whether that be using altered phones or illegal apps.

Criminals will still be able to hide stuff ... but everyone else will be vulnerable to malicious actors (oppressive regimes, 3-letter agencies and other criminals).

 

 

Link to post
Share on other sites
3 hours ago, peanuts104 said:

 

No, that's not the case.  There are other ways to determine guilt and innocence in terms of criminality.  LEAs don't necessarily need the data in those messages to do their job, it just makes it easier.  And it won't cost you "a bit" of your privacy, it will cost you all of it. 

 

 

And what about in those cases where personal messages where the only evidence that vindicated men on rape trials?

 

Consider these two trials, imagine how they would have turned out if the messages were not accessible to the accused (real victim).

 

https://www.news.com.au/lifestyle/real-life/true-stories/student-liam-allans-rape-charges-scrapped-after-40000-messages-from-accuser-revealed-in-court/news-story/4d2a6cdb2414427fab5dc69df62d4bc8

 

https://www.thesun.co.uk/news/4556485/man-cleared-of-raping-student-19-after-she-sent-facebook-messages-to-pals-saying-i-was-only-raped-chill-the-f-out/

 

 

Fortunately for the victims neither messages were hidden with encryption and one was an alleged failure on the behalf of police. That will change when the average rape accuser knows how to encrypt messages.

 

 

Regardless what you think about encryption and LE.  Any line we draw between the number of people it harms and the number of people it protects is only in our head.  We choose to believe what suits our ideals and indoctrination.  If we choose to believe more police are corrupt than they are well intentioned and impartial then that is the way we will view all authority.  No amount of facts is going to change that.  When these laws pass (and they likely will) I will bet that 99% of population doesn't even notice and that there privacy is still kept in check. 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites

Only things a government backdoor/whatever-they-want-to-call-it slowers is Aussie companies getting foothold outside Australia and weakens the data security of individuals. If you are going to explode a bomb in a beach you probably don't care much about a law that requires companies to add a "backdoor" for Aussie officials. Also I don't see why US or European companies should really comply with that kind of law, maybe make a different version for Aussies, but data security is quite a big selling point so frack the Aussies and don't include backdoors to global versions. Companies then, well, try to sell your HeyMate-app to the bigger markets when the competition has true E2E-encryption and you have "encryption" which could be called Emmental cheese because it has just as many holes.

 

Just as with locks; No matter how robust and strong the lock is there's always someone who can pick it and having more than one possible key to open the lock just makes it easier to be picked. Actually no, it's worser. Let's think about Australia demanding WhatsApp to make a skeleton key so they can access the messages people send and receive. Someone was to obtain that skeleton key it wouldn't just compromise one discussion between two persons, it would compromise every single discussion everywhere, every lock becomes as good as picked, not just only one. And if someone was to crack the key out they would have 50/50 chance to get the skeleton key and that's scary. Even scarier would be a backdoor which would allow Aussie officials to access the decrypted messages in the memory of the device, because that would endanger the whole memory of the device.

 

Now, how many were concerned about the Meltdown and Spectre? Or some other security vulnerability? If your answer is yes and you think it's totally fine for governments to demand backdoors and skeleton keys to access the data in devices, what is the difference? That it's legal and purposeful security vulnerability where others are accidental? Either way your data is secured just as much and only real difference is that the companies cannot fix the government vulnerability unlike the accidental ones.

Link to post
Share on other sites
4 hours ago, mr moose said:

Haha, Go back to your 1984 paranoia.  Laws need to catch up to 21st century tech.  You are conflating different conditions that I said I would not address:

 

 

 

I wouldnt call basically spying on all internet traffic indiscriminantly "isolated". The whistleblowers i mentioned exposed massive corruption in the 5 eyes countries' governments. Pretty much every government does it though, not just the 5 eyes.

 

Of course you wont address what you cant just dismiss. If you did it would undermine your argument entirely.

 

Especially given the fact that compromising the endpoint to bypass encryption is nothing new at all... Making the police state's actions legal to avoid the necessity of parallel construction is.

 

Parallel construction is rampant with Stingray cases. They violate the 4th Amendment in the USA with them all the time. Once used they just construct a parallel scenario to make it look legit.

 

"We choose to believe what suits our ideals and indoctrination.  If we choose to believe more police are corrupt than they are well intentioned and impartial then that is the way we will view all authority.  No amount of facts is going to change that.  When these laws pass (and they likely will) I will bet that 99% of population doesn't even notice and that there privacy is still kept in check."

 

First off, people who arent mentally ill tend not to "choose" what they believe. Choosing what you believe has another name: delusion. Its part of a mental illness usually, or the result of immaturity.

 

Secondly, youre saying that the majority of people are clueless. True, but how does that justify tyranny???

 

I like how you call it 1984 paranoia when Australia is one of the most spied on countries on the planet and hosts multiple massive US spy bases, the workers of which can bypass Australian customs. Never heard of Pine Gap or Geraldton have you? Lol

 

 

Link to post
Share on other sites
44 minutes ago, Amazonsucks said:

I wouldnt call basically spying on all internet traffic indiscriminantly "isolated". The whistleblowers i mentioned exposed massive corruption in the 5 eyes countries' governments. Pretty much every government does it though, not just the 5 eyes.

 

Of course you wont address what you cant just dismiss. If you did it would undermine your argument entirely.

 

Especially given the fact that compromising the endpoint to bypass encryption is nothing new at all... Making the police state's actions legal to avoid the necessity of parallel construction is.

 

Parallel construction is rampant with Stingray cases. They violate the 4th Amendment in the USA with them all the time. Once used they just construct a parallel scenario to make it look legit.

 

"We choose to believe what suits our ideals and indoctrination.  If we choose to believe more police are corrupt than they are well intentioned and impartial then that is the way we will view all authority.  No amount of facts is going to change that.  When these laws pass (and they likely will) I will bet that 99% of population doesn't even notice and that there privacy is still kept in check."

 

First off, people who arent mentally ill tend not to "choose" what they believe. Choosing what you believe has another name: delusion. Its part of a mental illness usually, or the result of immaturity.

 

Secondly, youre saying that the majority of people are clueless. True, but how does that justify tyranny???

 

I like how you call it 1984 paranoia when Australia is one of the most spied on countries on the planet and hosts multiple massive US spy bases, the workers of which can bypass Australian customs. Never heard of Pine Gap or Geraldton have you? Lol

 

 

Yep, we are so spied on that life here is unbearable. 9_9     I never said this or anything for that matter justifies tyranny, don't use strawman arguments.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
49 minutes ago, mr moose said:

Yep, we are so spied on that life here is unbearable. 9_9     I never said this or anything for that matter justifies tyranny, don't use strawman arguments.

Then how about addressing the massive amount of unconstitutional, illegal, Orwellian spying instead of dismissing it as 1984 paranoia?

 

You missed all the news of the last decade from those whistleblowers' revelations? Even behind the great firewall of australia you can get plenty of info on it. 

Link to post
Share on other sites
1 hour ago, mr moose said:

Yep, we are so spied on that life here is unbearable. 9_9     I never said this or anything for that matter justifies tyranny, don't use strawman arguments.

It's so bad here lots of people leave NZ for Aus ;).

 

image.png.bdd64ce5a8262b2796a8bf7c0d6f62bd.png

https://www.transparency.org/news/feature/corruption_perceptions_index_2017

 

image.png.f541aaec37fc7fbea7de4f5fea5e668b.png

https://www.weforum.org/agenda/2018/02/nordic-countries-top-democratic-rankings-2017/

 

We're so oppressed, only 4th in democratic rankings. Not corrupt though :).

Link to post
Share on other sites
1 hour ago, leadeater said:

It's so bad here lots of people leave NZ for Aus ;).

 

image.png.bdd64ce5a8262b2796a8bf7c0d6f62bd.png

https://www.transparency.org/news/feature/corruption_perceptions_index_2017

 

image.png.f541aaec37fc7fbea7de4f5fea5e668b.png

https://www.weforum.org/agenda/2018/02/nordic-countries-top-democratic-rankings-2017/

 

We're so oppressed, only 4th in democratic rankings. Not corrupt though :).

Nope totally not corrupt or infiltrated by corrupt hostile authoritarian foreign governments at all...

 

Hint: perception does not equal reality. 

 

Unless of course one ignores reality and facts, and "chooses what they believe" instead of being objective.

Link to post
Share on other sites

down under wars 

10 hours ago, Captain Chaos said:

 

They can demand all they want, at the end of the day criminals and terrorists will just resort to other means to communicate, whether that be using altered phones or illegal apps.

Criminals will still be able to hide stuff ... but everyone else will be vulnerable to malicious actors (oppressive regimes, 3-letter agencies and other criminals).

 

 

isn't that basically the argument they use in the US for guns. There is no need to take guns away because criminal will get them anyway, Then funny enough in everywhere but the US there isn't as much crime with guns. Some use it but are small caliber because they are hard to find, and it discourages crime or at least violent crime.

 

Most criminals are not that smart to go to the dark web or even now there are illegal apps. Even major terrorists like the guys from 9/11 couldn't be more in your face, "i just wanna know how to fly, i don't care about landing or taking off" is a good example. The FBI just didn't care when they were told.


.

Link to post
Share on other sites
5 hours ago, Amazonsucks said:

Then how about addressing the massive amount of unconstitutional, illegal, Orwellian spying instead of dismissing it as 1984 paranoia?

 

You missed all the news of the last decade from those whistleblowers' revelations? Even behind the great firewall of australia you can get plenty of info on it. 

Why should I address something I don't think is terribly appropriate to the argument?   It's not my fault you are scared of everything.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
21 minutes ago, asus killer said:

Then funny enough in everywhere but the US there isn't as much crime with guns.

Compare violent crime on a whole.

 

Compare countries that enact gun laws, the trend on violent crime, and the use of firearms vs other means.

22 minutes ago, asus killer said:

isn't that basically the argument they use in the US for guns.

Because it is absolutely true.

23 minutes ago, asus killer said:

and it discourages crime or at least violent crime.

False. Any effect on violent crime is maybe trabsforming gun crime into other forms of violent crime.


Come Bloody Angel

Break off your chains

And look what I've found in the dirt.

 

Pale battered body

Seems she was struggling

Something is wrong with this world.

 

Fierce Bloody Angel

The blood is on your hands

Why did you come to this world?

 

Everybody turns to dust.

 

Everybody turns to dust.

 

The blood is on your hands.

 

The blood is on your hands!

 

Pyo.

Link to post
Share on other sites
11 minutes ago, mr moose said:

Why should I address something I don't think is terribly appropriate to the argument?   It's not my fault you are scared of everything.

Not sure about you, but I think government agencies making laws which forces hardware makers and software developers to make changes to their products in order to let unauthorized people get access to devices is a fairly scary thing. Especially since there is a long history of such tools being leaked and causing massive harm. WannaCry is probably the biggest example of this and it was directly caused by a backdoor developed by NSA being leaked.

 

 

Also, I think you're being quite ridiculous in this thread because you have said people aren't allowed to post cases which contradicts your world view.

You can't just say "this is how it is, and don't post news contradicting it", which is basically what you did when you said:

22 hours ago, mr moose said:

now before people jump in with isolated cases of corruption or antiquated laws that just don't seem to want to go anywhere, I am talking about our country and systems as a whole.   I don't need to cherry pick the odd situation in order to try and claim the whole thing is broken. Therefore I will not respond to silly accusations that are usually context dependent and not something that can just be applied to everything.

 

 

But then when it comes to justifying your position you do exactly that. Point to a handful of cases where a lack of encryption helped an investigation. Like in this post:

10 hours ago, mr moose said:

Consider these two trials, imagine how they would have turned out if the messages were not accessible to the accused (real victim).

You are not playing by your own rules you set up for others.

Link to post
Share on other sites
1 minute ago, LAwLz said:

Not sure about you, but I think government agencies making laws which forces hardware makers and software developers to make changes to their products in order to let unauthorized people get access to devices is a fairly scary thing.

 

Good thing that's not happening.

1 minute ago, LAwLz said:

Also, I think you're being quite ridiculous in this thread because you have said people aren't allowed to post cases which contradicts your world view.

You can't just say "this is how it is, and don't post news contradicting it", which is basically what you did when you said:

 

I'm allowed to decide not to respond if I think the person is conflating issues or using examples that don't fit. Your more than welcome to post them and tell everyone what you think. But I am not going to have someone tell me I am justifying tyranny then use examples that only work if I hold a completely different belief about how government works in my own damn country.

 

1 minute ago, LAwLz said:

But then when it comes to justifying your position you do exactly that. Point to a handful of cases where a lack of encryption helped an investigation. Like in this post:

You are not playing by your own rules you set up for others.

Actually that's not the case at all, I never said you or anyone

 

had to concur with my opinions, just to consider that with encryption the end result will be denying the accused access to all the evidence.  It is not a argument in support of these laws nor is it an argument in favor of any laws, it is simply painting a picture of the effects encryption has.  It is providing a glimpse at the other side of the story which people tend to ignore in these discussions.

 

Here is my post:

10 hours ago, mr moose said:

And what about in those cases where personal messages where the only evidence that vindicated men on rape trials?

 

Consider these two trials, imagine how they would have turned out if the messages were not accessible to the accused (real victim).

 

https://www.news.com.au/lifestyle/real-life/true-stories/student-liam-allans-rape-charges-scrapped-after-40000-messages-from-accuser-revealed-in-court/news-story/4d2a6cdb2414427fab5dc69df62d4bc8

 

https://www.thesun.co.uk/news/4556485/man-cleared-of-raping-student-19-after-she-sent-facebook-messages-to-pals-saying-i-was-only-raped-chill-the-f-out/

 

 

Fortunately for the victims neither messages were hidden with encryption and one was an alleged failure on the behalf of police. That will change when the average rape accuser knows how to encrypt messages.

 

 

Regardless what you think about encryption and LE.  Any line we draw between the number of people it harms and the number of people it protects is only in our head.  We choose to believe what suits our ideals and indoctrination.  If we choose to believe more police are corrupt than they are well intentioned and impartial then that is the way we will view all authority.  No amount of facts is going to change that.  When these laws pass (and they likely will) I will bet that 99% of population doesn't even notice and that there privacy is still kept in check. 

It starts with a questions, asks people to consider (not claimed as evidence for or against anything) just to consider these two situations in the light of encryption, and then I sum up what I think.   I don't know where you got the idea I was telling you or anyone else here they are wrong.  The worst I've done is accuse amzonsucks of being scared.  And that is because he started quoting me and talking about stuff that isn't even happening.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
12 minutes ago, mr moose said:

Good thing that's not happening.

Except... It is? Did you not read what I posted earlier?

Here is the post:

 

Link to post
Share on other sites
1 minute ago, LAwLz said:

Except... It is? Did you not read what I posted earlier?

Here is the post:

 

Yep,

 

Quote

While the bill explicitly says they can't force encryption to be removed

Is what you said, becasue you know as well as I do that they aren't putting in a backdoor nor are they asking for tech companies to break encryption.

 

The most important line in that quote which everyone loves to ignore:

 

Quote

A technical capability notice cannot require a provider to build or implement a capability to remove electronic protection, such as encryption.

 

People are so adamant that 1984, Orwellian, smowden dictatorship is at every turn they are no longer reading the details.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
10 minutes ago, mr moose said:

Yep,

 

Is what you said, becasue you know as well as I do that they aren't putting in a backdoor nor are they asking for tech companies to break encryption.

 

The most important line in that quote which everyone loves to ignore:

 

People are so adamant that 1984, Orwellian, smowden dictatorship is at every turn they are no longer reading the details.

I don't like that you did not include the part where I talked about that. It's just after I said the bill specifically says companies can't be forced to break encryption they can't already decrypt themselves.

 

Here it is again for those other who are reading this thread:

21 hours ago, LAwLz said:

However, the bill states that WhatsApp could be forced to add a "feature" where messages are automatically uploaded to their or government owned servers after your device has decrypted it.

The article even uses a similar situation with iCloud as an example, where content is encrypted on the phone and the government can't request it be decrypted or backdoored, but they could demand access to iCloud.

 

The bill only specifies that encryption can't be forced to be broken if such capabilities don't already exist. Nothing in this bill actually prevents backdoors from being forced into devices.

The clause about not forcing companies to break encryption only prevents news MITM attacks from being forced into hardware and software, but it does not in any way shape or form prevent other backdoors from being implemented, like the one I gave as an example with WhatsApp.

 

 

Believe me, I read the details very carefully.

Link to post
Share on other sites
3 minutes ago, LAwLz said:

I don't like that you did not include the part where I talked about that. It's just after I said the bill specifically says companies can't be forced to break encryption they can't already decrypt themselves.

 

Here it is again for those other who are reading this thread:

 

The bill only specifies that encryption can't be forced to be broken if such capabilities don't already exist. Nothing in this bill actually prevents backdoors from being forced into devices.

The clause about not forcing companies to break encryption only prevents news MITM attacks from being forced into hardware and software, but it does not in any way shape or form prevent other backdoors from being implemented, like the one I gave as an example with WhatsApp.

 

 

Believe me, I read the details very carefully.

You read the details very carefully yet missed the bit were it only applies to crimes where a warrant has been granted.  A backdoor applies to everyone, a warrant only applies to an specific set of people.

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
15 minutes ago, mr moose said:

You read the details very carefully yet missed the bit were it only applies to crimes where a warrant has been granted.  A backdoor applies to everyone, a warrant only applies to an specific set of people.

That's not how it works.

If the Attorney General demands a backdoor (which they can with this bill, using a TCN) in let's say WhatsApp, that backdoor will be implemented for everyone*. The Australia agencies cannot legally use the backdoors without a search warrant, but they are there.

 

*Everyone in Australia, but possibly even people outside of Australia, depending on what bills gets passed in other countries, and how lazy the developers are with maintain separate regional versions.

 

 

Again, the bill literally says the government can demand hardware and software makers to modify their goods in a way that enables the government to gain access to information. As long as it doesn't directly breaks the encryption, which for example uploading copies of already decrypted data doesn't, then it's all fair game according to the bill.

 

There is nothing in the bill which states that the government can't force WhatsApp to automatically upload all conversations to a government owned and controlled server, in clear text. The law would prevent a government employee from legally looking at said clear text messages, but that's about it.

 

If you disagree then I would like for you to quote the specific section of the bill which denies this from happening. I can't find it. All I see are wordings that seems to be deliberately trying to calm people down while simultaneously being full of loopholes.

Link to post
Share on other sites
Just now, LAwLz said:

That's not how it works.

If the Attorney General demands a backdoor (which they can with this bill, using a TCN) in let's say WhatsApp, that backdoor will be implemented for everyone*. The Australia agencies cannot legally use the backdoors without a search warrant, but they are there.

 

*Everyone in Australia, but possibly even people outside of Australia, depending on what bills gets passed in other countries, and how lazy the developers are with maintain separate regional versions.

 

 

Again, the bill literally says the government can demand hardware and software makers to modify their goods in a way that enables the government to gain access to information. As long as it doesn't directly breaks the encryption, which for example uploading copies of already decrypted data doesn't, then it's all fair game according to the bill.

 

There is nothing in the bill which states that the government can't force WhatsApp to automatically upload all conversations to a government owned and controlled server, in clear text. The law would prevent a government employee from legally looking at said clear text messages, but that's about it.

Please read the fucking bill:

 

https://www.homeaffairs.gov.au/consultations/Documents/limitations-safeguards-factsheet.pdf

Quote from the limitations:

Quote

 

Section 317ZG Designated communications provider must not be required to implement or build a systemic weakness or systemic vulnerability etc.

(1) A technical assistance notice or technical capability notice must not have the effect of: (a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or (b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection.

(2) The reference in paragraph (1)(a) to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to implement or build a new decryption capability in relation to a form of electronic protection.

(3) The reference in paragraph (1)(a) to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to one or more actions that would render systemic methods of authentication or encryption less effective.

 

I may as well just bold the whole lot seeing as it's all to the point and

And:

 

Quote

In order to issue a notice, the decision-maker must be satisfied that requirements in a technical assistance notice and technical capability notice are reasonable and proportionate and compliance with the notice is practicable and technically feasible. This means the decision-maker must consider the interests of the relevant agency, the benefits to an investigation, the interests of the provider, the impact on third parties, the impact on privacy, cyber security implications and the wider public interest.
Decision-makers must revoke a technical assistance notice or technical capability notice if satisfied that any ongoing requirements are no longer reasonable, proportionate, practical or technically feasible.

 

They cannot put a backdoor in,  they cannot force anyone to weaken encryption, prevent encryption from being updated or further developed, hell they can't even ask them to log or retain any capabilities after the fact:
 

Quote


The powers cannot be used to impose data retention capability or interception capability obligations. These will remain subject to existing legislative arrangements in the TIA Act.

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Sometimes I miss contractions like n't on the end of words like wouldn't, couldn't and shouldn't.    Please don't be a dick,  make allowances when reading my posts.

Link to post
Share on other sites
3 minutes ago, mr moose said:

Yep,

 

Is what you said, becasue you know as well as I do that they aren't putting in a backdoor nor are they asking for tech companies to break encryption.

 

The most important line in that quote which everyone loves to ignore:

 

 

People are so adamant that 1984, Orwellian, smowden dictatorship is at every turn they are no longer reading the details.

Or then you are focusing on the detail too much not to notice the reality?

 

How are you going to access E2E encrypted messages without accessing the receiving device (considering how safe modern devices are, with a backdoor or something that can be considered a backdoor) or having a third key that can intercept the messages in the middle? You can have either accessibility for government or security, you cannot access encrypted memory or messages without breaking the encryption one way or another (and trust me, brute forcing is not an option).

 

Quote

Allow the Attorney General to issue a technical capability notice, requiring a designated communications provider to build a new capability that will enable them to give assistance as specified in the legislation to ASIO and interception agencies.

A technical capability notice cannot require a provider to build or implement a capability to remove electronic protection, such as encryption.

"Build us a way to access the messages, but you don't need to remove the encryption, but still we need to access them"

And I don't think Attorney General considers saying "Better start building that quantum computer to break encryptions, mate" and handing over some brute force notes as assistance.

 

IF you have real encryption, you cannot access that without the decryption key. You cannot "build a new capability that will enable" to give government access to the encrypted data WITHOUT weakening the protection.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×