Jump to content

Australian Government Proposing Laws to enable the police to gain access to encrypted mobile phones.

overlord360
By overlord360
in Tech News
 Share
Posted
1 hour ago, mr moose said:

You don't even understand what the law is proposing, let alone the current laws, you just keep repeating the same rhetoric.  I have posted links and evidence that explain what it is a bout but you'd rather keep talking about snowden and back doors etc, which clearly shows you don't know a thing about it.   Why do you insist on trying top prove something you clearly don't understand?  You have done this in several threads, come in with wild claims that are wrong then after have been proven wrong you go on endless tirades with information that has little to no intrinsic value to the actual claims you have made.

 

For the last time:

There are no backdoors, nor ways to get one, this law does not permit the government or any authority to strong arm any company or developer into weakening or changing their security.  PERIOD.  Stop mention backdoors and leaks and irrelevant shit.

So basically, you keep rephrasing what i said and repeating it: the new law does nothing if the device or service is secure. 

 

"Irrelevant shit" like the history of overreach and privacy invasion that has been disclosed in recent years via whistleblowers? 

 

Yeah thats totally irrelevant considering it relates to exactly whats being discussed.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Amazonsucks said:

So basically, you keep rephrasing what i said and repeating it: the new law does nothing if the device or service is secure. 

 

"Irrelevant shit" like the history of overreach and privacy invasion that has been disclosed in recent years via whistleblowers? 

 

Yeah thats totally irrelevant considering it relates to exactly whats being discussed.

 

If you understood these laws you wouldn't keep trying to claim it's backdoor nor claiming it does nothing. You wouldn't keep repeating yourself trying to justify your mistake.  Must be hard not being able to accept when you make a mistake. 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
Just now, mr moose said:

 

If you understood these laws you wouldn't keep trying to claim it's backdoor nor claiming it does nothing. You wouldn't keep repeating yourself trying to justify your mistake.  Must be hard not being able to accept when you make a mistake. 

Im not saying that its mandating backdoors, although it does seem like mandated backdoors are the next logical step.

 

What ive said is that giving them the power to search whats impossible for them to search is pointless.

 

And if its impossible to get the content they want, what then? Theyll just call it a day and go home?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 minutes ago, Amazonsucks said:

Im not saying that its mandating backdoors, although it does seem like mandated backdoors are the next logical step.

You did and have several times. Also slippery slope arguments don't prove anything.

 

2 minutes ago, Amazonsucks said:

What ive said is that giving them the power to search whats impossible for them to search is pointless.

No one said it was, that was your interpretation and reasoning for these laws to be pointless, even though that's not what they set out to achieve.

2 minutes ago, Amazonsucks said:

And if its impossible to get the content they want, what then? Theyll just call it a day and go home?

yes, or just continue the investigation as per standard practice, questioning and reviewing current evidence.

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, mr moose said:

You did and have several times. Also slippery slope arguments don't prove anything.

 

No one said it was, that was your interpretation and reasoning for these laws to be pointless, even though that's not what they set out to achieve.

yes, or just continue the investigation as per standard practice, questioning and reviewing current evidence.

 

Exactly why doesnt the argument hold true when history has proved that rights are eroded in that fashion? Its nkt a slippery slope logically fallacious argument. Its what has happened countless times.

 

Youre saying that it wont happen but repeating the same action expecting a different result is, oh i dont know, insanity...

 

Ok so if im so mistaken about what they set out to achieve, why dont you tell me what functikn it serves to allow the search of a device or service that isnt backdoored and is secure?

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
58 minutes ago, Amazonsucks said:

Ok so if im so mistaken about what they set out to achieve, why dont you tell me what functikn it serves to allow the search of a device or service that isnt backdoored and is secure?

For one improperly obtained evidence cannot be used in court, ever, so anything obtained using that type of method or was discovered through that method is evidence that cannot be used hence useless for police and prosecutors. This is a domestic law not international spying, citizenship counts here.

 

Under Australian law currently services like Facebook, which are protocol/communication secure, cannot be compelled/required to give evidence even though in most cases they willingly do when asked. However that evidence does not hold up well in court because of the way it's collected which is inconsistent with Australian law requirements. That is why under the new proposed law remote data collection for a warrant is allowed, the only way you can get evidence from Facebook etc.

 

Quote

Currently, the Crimes Act allows overt search warrants to be issued for the purpose of searching computers. The Bill will allow law enforcement agencies to collect evidence from electronic devices under an overt warrant remotely. Law enforcement agencies will be able to execute a warrant without having to be physically on the premises.

 

Quote

A new definition of ‘account-based data’ will be inserted to ensure that accessing a computer under warrant enables law enforcement officers to access information associated with an online account, like an email service or Facebook account.

 

Quote

The amendments will also extend the timeframes allowed for the examination of electronic devices moved under a warrant from 14 days to 30 days in order to account for the complexity of analysing data in modern electronic communications systems.

 

Quote

Details of the warrant must be given to the subject. The person executing the warrant must make details of the warrant available to the occupier of the premises or person.

 

There are many communication secure services that could have evidence the police wants that they either cannot get or use as evidence in court, who also operate outside of Australia and where the data evidence resides.

 

You also cannot issue a search warrant on a person/identity so that needs changing to allow for search warrants to be issued to Facebook, ISPs etc. This makes it simpler administratively and legally to get data from these entities because you aren't actually executing a search warrant on those entities themselves but rather the person of interest, legally speaking a big difference.

 

Quote

The amendments will provide the ABF with a new power to request a search warrant to be issued in respect of a person for the purpose of seizing a computer or data storage device.

 

There is a lot of good faith data/information sharing that goes on which is not a good law enforcement practice, changing it to a legal requirement not only makes sense but puts a proper framework around that activity which makes it harder to challenge the evidence on the grounds of improper handling.

 

I think you should give this another read, https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
46 minutes ago, Amazonsucks said:

Exactly why doesnt the argument hold true when history has proved that rights are eroded in that fashion? Its nkt a slippery slope logically fallacious argument. Its what has happened countless times.

This law does not allow for a back door, arguing it does is irrational and fallacious.  Claiming that one law will "lead to another" is a slippery slope argument.   Just like arguing that normalizing same sex relationships leads to normalizing pedophilia,  it's a slippery slope.

 

If they ever try to introduce back door laws then we will oppose them, like we have done before. 

46 minutes ago, Amazonsucks said:

Youre saying that it wont happen but repeating the same action expecting a different result is, oh i dont know, insanity...

Australia has proposed back door laws before and they have been defeated on opposition from just about everyone,  No one is repeating anything here and hoping for a different result.

 

https://www.theguardian.com/technology/2018/apr/13/australian-bill-to-create-back-door-into-encrypted-apps-in-advanced-stages

this never got through.

So no, it won't happen, Australia is a democracy and when the population says no the government backs down. Not only has it many times before but it will again.

 

46 minutes ago, Amazonsucks said:

Ok so if im so mistaken about what they set out to achieve, why dont you tell me what functikn it serves to allow the search of a device or service that isnt backdoored and is secure?

I think Leadeater's response is more than adequate.  But in case it isn't I have said several times what it does.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 hours ago, leadeater said:

For one improperly obtained evidence cannot be used in court, ever, so anything obtained using that type of method or was discovered through that method is evidence that cannot be used hence useless for police and prosecutors. This is a domestic law not international spying, citizenship counts here.

 

Under Australian law currently services like Facebook, which are protocol/communication secure, cannot be compelled/required to give evidence even though in most cases they willingly do when asked. However that evidence does not hold up well in court because of the way it's collected which is inconsistent with Australian law requirements. That is why under the new proposed law remote data collection for a warrant is allowed, the only way you can get evidence from Facebook etc.

 

 

 

 

 

There are many communication secure services that could have evidence the police wants that they either cannot get or use as evidence in court, who also operate outside of Australia and where the data evidence resides.

 

You also cannot issue a search warrant on a person/identity so that needs changing to allow for search warrants to be issued to Facebook, ISPs etc. This makes it simpler administratively and legally to get data from these entities because you aren't actually executing a search warrant on those entities themselves but rather the person of interest, legally speaking a big difference.

 

 

There is a lot of good faith data/information sharing that goes on which is not a good law enforcement practice, changing it to a legal requirement not only makes sense but puts a proper framework around that activity which makes it harder to challenge the evidence on the grounds of improper handling.

 

I think you should give this another read, https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf.

Protocol secure doesnt mean that the provider cant access it. If someone is leaving evidence on facebook messages then the provider CAN turn data over, since the protocol may be secure but the service itself is not.

 

So basically this law allows them to get a warrant for silly services like facebook messenger.

 

@mr moose and you are saying its not a backdoor. I know its not, however i have been pointing out that, if the service(not just the protocol) is secure, the provider STILL cant give them what they want, as they cant access the messages of their users.

 

So, i guess give it time. I dont think theyll "call it a day and go home" when they realize they cant get much from this law.

 

The backdoor law they wanted to pass before failed, as you pointed out. If this is put into effect and fails to produce the desired result, they can say "we need backdoors" like they did in the UK or ban anything without backdoors like Russia and China.

 

Call it a slippery slope if you like. Id call it the next logical step...

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Amazonsucks said:

Protocol secure doesnt mean that the provider cant access it. If someone is leaving evidence on facebook messages then the provider CAN turn data over, since the protocol may be secure but the service itself is not.

Which is the whole point of this law, to gain access to encrypted data that can be accessed which they currently can not either because the law does not allow it or companies are unwilling to give it. There are extremely few services where the provider has absolutely no information possible to give to law enforcement, even if it's just access times and IP addresses.

 

Pre secure communication era i.e SSL law enforcement could just ask the ISP for the information and turn on port mirroring and just do direct data captures, post secure communication era that is not possible. And that's just communication information, there is also actual data services like Dropbox or GDrive.

 

Instead of worrying about the 1% of services you can get no information from focus on the other 99% you can or rather could if the law would allow it.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
11 minutes ago, leadeater said:

Instead of worrying about the 1% of services you can get no information from focus on the other 99% you can or rather could if the law would allow it.

That assumes that the information they claim to be interested in aren't on the 1% of services they can't access.

Also, E2EE is getting more and more common.

 

 

I got a question though, this bill includes a lot of vague language like the they can't force a "systemic weakness". However, it does not seem to prevent forcing companies to hand over private keys for asymmetrical encryption. If that's the case then it does not matter that they have a warrant only allowing for spying on a specific person. Once that key is handed over, the government has access to everything, past, present and future communication for all users to that service.

I'd say that is weakening the security of the service. But that seems to be the primary goal of this bill.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
28 minutes ago, LAwLz said:

That assumes that the information they claim to be interested in aren't on the 1% of services they can't access.

Why wouldn't they be interested in that? Potential evidence is potential evidence, doesn't mean they can get it but I'd hope law enforcement is interested in obtaining all possible evidence during an investigation. If an investigator isn't then they should not have the job.

 

28 minutes ago, LAwLz said:

Also, E2EE is getting more and more common.

Not on a wide scale no, more services and applications have it than in the past but it is by no means common. Plus there's the whole issue of claiming to be fully secure and encrypted and actually not being or having the capability already to bypass it.

 

28 minutes ago, LAwLz said:

I got a question though, this bill includes a lot of vague language like the they can't force a "systemic weakness". However, it does not seem to prevent forcing companies to hand over private keys for asymmetrical encryption.

Yes I imagine the law would allow for that, not that I don't agree with that being a systemic weakness. In actuality I'd imagine the provider would more likely hand over the data or build extra functionality instead of handing over the private keys then having to issue new private and/or public keys and revoking the old ones.

 

Also having the private key doesn't automatically give you access to all past, present and future data for everyone. For past data you have to have it, which they may not. For present sure possible, access to the data required. And future only if new keys are not issued, and again only with access to the data. Edit: Which would not really be of value to law enforcement because it's evidence that could not be used as it would have been improperly obtained (domestic context for people with citizenship).

 

It's also interesting that you, and others, choose to use the wording spying as well. Spying has both an unlawful connotation to it as well as being a covert action where everything under this law must be overt, warrants have to be issued to the person under investigation (you're not a very good spy if you walk up to someone and say "Hey I'm spying on you"). Law enforcement have a job to do, investigate crime and it is not spying. If law enforcement are acting unlawfully then spying could be a possible action they are doing or description.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, leadeater said:

Not on a wide scale no, more services and applications have it than in the past but it is by no means common. Plus there's the whole issue of claiming to be fully secure and encrypted and actually not being or having the capability already to bypass it.

I'd say it is on a wide scale.

WhatsApp, iMessage and Telegram are not exactly uncommon.

 

1 hour ago, leadeater said:

Yes I imagine the law would allow for that, not that I don't agree with that being a systemic weakness. In actuality I'd imagine the provider would more likely hand over the data or build extra functionality instead of handing over the private keys then having to issue new private and/or public keys and revoking the old ones.

Well, from what I can tell it is not up to the providers to decide how to handle things. If a TCN is submitted it is up to the Attorney-General to decide if the requests are reasonable.

Hopefully just having the data be given to them, without exposing all their data to the government, is what will happen, but there is nothing in the bill preventing it. Their definition of "system weakness" seem to differ from yours and mine.

 

2 hours ago, leadeater said:

Also having the private key doesn't automatically give you access to all past, present and future data for everyone. For past data you have to have it, which they may not. For present sure possible, access to the data required. And future only if new keys are not issued, and again only with access to the data.

Let's be realistic here, companies aren't going to change their private keys whenever they need to expose data. It would become a massive key management problem very quickly. Especially not if more countries start adapting laws like this. A single country can easily submit thousands upon thousands of warrant requests every year (The FISA court alone approved 1372 requests last year alone, and that's specifically for foreign spies inside the US). Companies won't update their private and public keys several times a day.

 

2 hours ago, leadeater said:

Edit: Which would not really be of value to law enforcement because it's evidence that could not be used as it would have been improperly obtained (domestic context for people with citizenship).

Well, that is assuming it would only be used for evidence in court trials against people with citizenship.

There are mountains of evidence to support the theory that lots of government workers routinely use spying tools for personal use. At the end of the day, government workers are just people. But even if we ignore that, there are plenty of uses for private information that does not involve using it as court evidence.

From what I know, there is no law which prevents illegal obtained personal data from being used in neural net training for example. Several countries are currently developing algorithms for determining which people are potential threats, and they are feeding those algorithms copious amounts of personal data. It is already being used in some places.

 

2 hours ago, leadeater said:

It's also interesting that you, and others, choose to use the wording spying as well. Spying has both an unlawful connotation to it as well as being a covert action where everything under this law must be overt, warrants have to be issued to the person under investigation (you're not a very good spy if you walk up to someone and say "Hey I'm spying on you"). Law enforcement have a job to do, investigate crime and it is not spying. If law enforcement are acting unlawfully then spying could be a possible action they are doing or description.

I chose to use the word spying because that is what I believe this bill will be used for. To secretly obtain information about someone, possibly a criminal. I could use the word "snoop" if you think that's more appropriate.

Sorry, but all the words for "obtaining information about someone without their consent" has a fairly negative connotation.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
2 hours ago, LAwLz said:

Let's be realistic here, companies aren't going to change their private keys whenever they need to expose data. It would become a massive key management problem very quickly. Especially not if more countries start adapting laws like this. A single country can easily submit thousands upon thousands of warrant requests every year (The FISA court alone approved 1372 requests last year alone, and that's specifically for foreign spies inside the US). Companies won't update their private and public keys several times a day.

If the service is supposed to be secure then yes they would, that is the only choice they would have other than ceasing operation in Australia.

 

2 hours ago, LAwLz said:

Well, from what I can tell it is not up to the providers to decide how to handle things. If a TCN is submitted it is up to the Attorney-General to decide if the requests are reasonable.

Hopefully just having the data be given to them, without exposing all their data to the government, is what will happen, but there is nothing in the bill preventing it. Their definition of "system weakness" seem to differ from yours and mine.

Requiring handing over of private keys is only one possible outcome or requirement and the request can still be challenged. The realistic outcome is companies will do the absolute minimum required and will challenge any request to give over private keys that would give access capability to all data.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

 

It can't be used for spying.   A company or service provider can reject the request to giving authorities carte blanche access to data on grounds it does not serve the public interest and is a systemic weakening of security. What this law boils down to is that if for example Facebook has accessible data on person A, and the police can prove to a judge that person A has evidence of a crime severe enough to warrant a warrant, then Facebook can be forced to hand over that data.  This law even stipulates that after said warrant is executed that they can't stop Facebook from patching their services to make that impossible next time.

 

This thread has turned into a my ideals are offended because I don't trust the government debate.  Not trusting the government is fine (I personally don't trust anyone), but stopping them from doing the best they can with the tools they have on grounds of fear that they might do something the law clearly says they can't is bordering on paranoia.  They clearly and undoubtedly ruled out back doors, they have yet to show any signs of being a totalitarian regime, they can no more gain my data than anyone else's unless it is already obtainable or I am demonstrably linked to a serious crime (and even then there is no guarantees). 

 

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
58 minutes ago, leadeater said:

If the service is supposed to be secure then yes they would, that is the only choice they would have other than ceasing operation in Australia.

Oh come on. No company could change their keys multiple times a day. It would become a mess within days. It's unpractical to the extreme.

Besides, like I said one of the dangers of this would be that other countries follow suit. You can't cease operations in all countries. At the end of the day any profit driven company will make a compromise, and that compromise would result in potentially disastrous situations for the users from a privacy and security POV.

 

58 minutes ago, leadeater said:

Requiring handing over of private keys is only one possible outcome or requirement and the request can still be challenged.

Absolutely. Not arguing against that. However, it is not the companies who will challenge the request. It's the Attorney-General that decides that, which in this case is Christian Porter, and in a few years it might be some other person. For example the previous one Geroge Brandis, was very pro-backdoors (and even took advice from GCHQ for what should be done regarding encryption, which isn't a surprise considering they are both members of Five Eyes)

 

58 minutes ago, leadeater said:

The realistic outcome is companies will do the absolute minimum required and will challenge any request to give over private keys that would give access capability to all data.

I don't think you and I share view on what "absolute minimum required" from a companies POV.

When I think of a company doing the absolute minimum, I don't think of them setting up complex key management systems where they can swap key pairs several times a day and still keep track of which key decrypts what data, along with which keys they have given away.

When I hear "absolute minimum required" I think of Microsoft who handed over their master keys for Outlook to NSA. That results in the minimum amount of work needed from the companies POV.

 

Companies that care about their users privacy don't have backdoors in their programs, so this law is supposedly not going to affect them.

I don't expect the companies who do have tools for spying on their users to risk being fined, just so that they can challenge requests.

 

 

 

By the way, to the people who say they don't think the Australian government will use this for surveillance, you might want to look up some news such as this one "police spy on web, phone usage with no warrants". It's an article where one of your own politicians warns that you are heading towards a surveillance state. It is also highlighting the absurd amount of warrants given to police in Australia.

Victoria Police alone was authorized to access telecommunications data 65,703 times in a single year. NSW Police were authorized 43,416 times during the same period.

Those two alone is an average of almost 300 warrants specifically for telecommunications data, every single day. That does not include the data for the security intelligence organizations, because no such data exists from what I can find. It seems like it is kept secret.

 

Oh, what's this? Police officers looking up call records for journalists without warrants? Geez... I would never guess something like this could happen in Australia. I am sure that is very uncommon and doesn't happen all the time.

/sarcasm

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
17 minutes ago, LAwLz said:

Companies that care about their users privacy

Facebook is not one of those companies

🌲🌲🌲

 

 

 

◒ ◒ 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted (edited)
2 hours ago, LAwLz said:

By the way, to the people who say they don't think the Australian government will use this for surveillance, you might want to look up some news such as this one "police spy on web, phone usage with no warrants". It's an article where one of your own politicians warns that you are heading towards a surveillance state. It is also highlighting the absurd amount of warrants given to police in Australia.

Victoria Police alone was authorized to access telecommunications data 65,703 times in a single year. NSW Police were authorized 43,416 times during the same period.

Those two alone is an average of almost 300 warrants specifically for telecommunications data, every single day. That does not include the data for the security intelligence organizations, because no such data exists from what I can find. It seems like it is kept secret.

Do you think they are going to apply for a warrant 60K+ times a year just to spy on people they have no cause to?  The 65K searches they did are not under warrant.  This has to be under warrant.  There is a difference between authorised metadata searches and warranted email/txt requests.

 

EDIT: hopefully not too late to add, of those 65K searches they did, they were in response to actual ongoing investigations to actual reported crimes.  Searching for metadata (which is what 99.9% of an authorised but warrant less search is) is not the same as looking through messages and data for a crime or just because you can. 

Edited by mr moose

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
3 hours ago, LAwLz said:

When I think of a company doing the absolute minimum, I don't think of them setting up complex key management systems where they can swap key pairs several times a day and still keep track of which key decrypts what data, along with which keys they have given away.

That's not what I was meaning, the ultimate outcome law enforcement is looking for is getting the data they need which can be done without handing over keys at all. Building new capability to handle law enforcement requests for a company would be preferenced over giving private keys.

 

It doesn't matter how much Australia wants something it comes down to what companies are actually willing to comply too, many would just take the fine. Having the legal capacity to ask for something doesn't mean they will or it will be common nor does it mean those requests won't be challenged and held up in court for years making the request worthless.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
5 minutes ago, leadeater said:

 Having the legal capacity to ask for something doesn't mean they will or it will be common nor does it mean those requests won't be challenged and held up in court for years making the request worthless.

Not only that but the High court in Australia has a tendency to overrule the government when it doesn't abide it's own laws.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
4 hours ago, mr moose said:

This thread has turned into a my ideals are offended because I don't trust the government debate

I'd trust NZ or Aus government over a private company i.e. Whatsapp. At least I can vote for my government, partition my local MP or any number things that I could not do for a private company. I could put through an official information request to force the government to hand over any data they have on me or capabilities they have, we have very strong official information request laws here.

 

Private companies are far more black holes than governments are unless your government is useless or corrupt or whatever, we happen to be in countries where that is not a systemic problem.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Politics aside and looking at this entirely from a security point of view here... The entire point of encryption is to prevent unauthorized access to data. By intentionally punching holes in the security of encryption there isn't much point in using it.

 

There is no such thing as a "side gate" you have to call it what it really is. It is just verbiage used to try to lull the general public into a false sense of security about their data being safe. A security vulnerability is a security vulnerability...no way around that...especially early into the back door implementation.

 

I'm not saying that putting a back door in guarantees that the software would be hacked...it would really be a ratio of how viable the target is and how easy it would be to crack. Nothing is perfect and that back door isn't going to be either. There will need to be patches to correct exploits and loop holes. Those on this thread mentioning Wanacry aren't far off....depending on how severe an exploit is and how much the software can access the rest of your device, your messages may not be the only thing at risk of attack... Anyone who has ever seen a RAT virus in action will know what I'm talking about.

There's no place like ~

Spoiler

Problems and solutions:

 

FreeNAS

Spoiler

 

 

Dell Server 11th gen

Spoiler

 

 

 

 

ESXI

Spoiler

 

 

 

 

 

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, Razor Blade said:

Politics aside and looking at this entirely from a security point of view here... The entire point of encryption is to prevent unauthorized access to data. By intentionally punching holes in the security of encryption there isn't much point in using it.

 

There is no such thing as a "side gate" you have to call it what it really is. It is just verbiage used to try to lull the general public into a false sense of security about their data being safe. A security vulnerability is a security vulnerability...no way around that...especially early into the back door implementation.

 

I'm not saying that putting a back door in guarantees that the software would be hacked...it would really be a ratio of how viable the target is and how easy it would be to crack. Nothing is perfect and that back door isn't going to be either. There will need to be patches to correct exploits and loop holes. Those on this thread mentioning Wanacry aren't far off....depending on how severe an exploit is and how much the software can access the rest of your device, your messages may not be the only thing at risk of attack... Anyone who has ever seen a RAT virus in action will know what I'm talking about.

It's a good thing they aren't doing anything that weakens current security then.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
10 hours ago, Arika S said:

Facebook is not one of those companies

I agree. I fully expect Facebook to just design some system where it's an all-you-can-eat buffet for governments.

 

10 hours ago, mr moose said:

Do you think they are going to apply for a warrant 60K+ times a year just to spy on people they have no cause to?

No, but they could apply that many search warrants to make it impossible for companies to comply with all the warrants without building backdoors giving direct access for government bodies.

 

10 hours ago, mr moose said:

EDIT: hopefully not too late to add, of those 65K searches they did, they were in response to actual ongoing investigations to actual reported crimes.  Searching for metadata (which is what 99.9% of an authorised but warrant less search is) is not the same as looking through messages and data for a crime or just because you can. 

I think you missed my point.

My point was that the amount of requests police does for data is an absurd amount. It wasn't just 65K. It was a single police department that made 65K alone. The total is over 250K during a single year. That's just counting police too, because the amount of times intelligence services access it isn't disclosed (intelligence services in general are about as transparent as brick walls).

The amount of accesses could easily be well over 500K in a single year. That was a few years ago too, and it has increased a lot (according to the article, 50% increase since the year before).

 

Surely the police doesn't absolutely have to look at thousands upon thousands of personal information file every single day. If it is absolutely necessary to keep the country safe then maybe Australia has bigger issues with a massive rampant crime rate which should be taken care of.

 

And that's just the ones that are reported on, which is not all of the accesses they do (unlike for example the other article I linked, where the same tools were used by the police to illegally spy on a journalist).

 

 

6 hours ago, leadeater said:

That's not what I was meaning, the ultimate outcome law enforcement is looking for is getting the data they need which can be done without handing over keys at all.

That is a very big assumption which does not have any solid evidence to back it up.

Even if it was true, it all depends on what the general-attorney wants. Christian Porter might want that, but he won't be the general-attorney forever. The previous general attorney said he wanted the capability to decrypt Internet traffic in real time. He was extremely pro government backdoors which definitely undermined the security of the protocols.

 

If the general attorney that superseeds Porter wants backdoors, then he/she will have the tools to legally force companies to implement them (again, we have already established that what the authors of the bill classifies as "systemic weakness" differs from the definition you and I have).

 

In the current political climate I think it is very important to judge all new laws and regulations based on how a government you strongly oppose could use the same laws.

Take the US as an example. Things that were passed in good faith for Obama are now in the hands of Trump. The same shift can happen in any country. That's why I am strongly against things which are based on good faith when it comes to laws.

 

6 hours ago, leadeater said:

I'd trust NZ or Aus government over a private company i.e. Whatsapp. At least I can vote for my government, partition my local MP or any number things that I could not do for a private company. I could put through an official information request to force the government to hand over any data they have on me or capabilities they have, we have very strong official information request laws here.

If I had to put my trust somewhere, it would be in companies with a proven track record.

Your current government might be more trustworthy than private companies, but that might not be true after an election or two.

 

Worth noting that Sweden will have an election next month, and the country is extremely split.

The anti-immigration party which used to be a small one barely anyone cared for is currently polling as the second largest one.

I think the extreme political rifts we have seen in the US will become more and more common in the world.

 

 

4 hours ago, mr moose said:

It's a good thing they aren't doing anything that weakens current security then.

Except they are.

Even if you dismiss all my concerns of potential abuse as paranoia that will never happen, every person/company/organization which has access to data weakens the security of that data.

In their own example of this law, they said that they could demand access to the data stored on iCloud.

The risk of a key being stolen is objectively higher the more people has it. So I would argue that even in their own example they are talking about something which weakens current security.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
7 minutes ago, LAwLz said:

That is a very big assumption which does not have any solid evidence to back it up.

That's not a very big assumption, you're investigating a crime and you need evidence. Getting picky about how or the way you get that evidence from a more than likely overseas company is not a luxury an Australian official is going to have, in a fight vs Apple you'll run out of time and money before they will.

 

You can issue all the TCNs you like, petition and plead and a valid response under this law is "No, we have no capability to help and our system is not capable of building such functionality".

 

Now circle that argument in court for 20 years until someone gives up. You know very well companies will do that, they already do.

 

The law is written for what is possible and would be legally allowed, that's not a literal for how the law is actually executed and there are still many guidelines and processes around the use of them which can make something unlawful even if at the basic level it is allowed under the law. It's not like we're reading the full and complete document (I'm not and have no intention of) and neither am I a lawyer but there is far more to these things than just reading a law document or the summary of one and knowing what it actually means on a real practical level. It's an understanding I'll never have.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
31 minutes ago, LAwLz said:

 

 

No, but they could apply that many search warrants to make it impossible for companies to comply with all the warrants without building backdoors giving direct access for government bodies.

That's not how warrants work.  Good luck finding enough judges to hear 60K warrant applications.  They can't hear them they don't get them. Do you also have a problem with police asking to search houses?  oh no the police could flood the system with warrants to search all the houses...  it doesn't work like that.

 

31 minutes ago, LAwLz said:

I think you missed my point.

My point was that the amount of requests police does for data is an absurd amount. It wasn't just 65K. It was a single police department that made 65K alone. The total is over 250K during a single year. That's just counting police too, because the amount of times intelligence services access it isn't disclosed (intelligence services in general are about as transparent as brick walls).

The amount of accesses could easily be well over 500K in a single year. That was a few years ago too, and it has increased a lot (according to the article, 50% increase since the year before).

 

OMG, this is the worst case of exaggerating unqualified numbers to prove a point I have ever heard.  You can't just point at the number and say see how big it is without actually putting that figure into context.  

 

It is not an absurd amount, of all the people on this forum to misrepresent numbers or take them out of context I would have thought you'd have been the last.   65K is just the Victorian police force, the total number of crimes the Victorian police force investigate is 433K  per year.  They have literally asked for meta data in the process of investigating 1/8 of actual crimes.  It is no where near an absurdly high amount.  Unless you have proof they are asking for data unrelated to crimes and on top of that asking for data outside of meta data then I would like to see it.

 

 

Again, you can't just point to the number of times the authorities have requested data and claim it is high without showing the reason why they are asking and the context in which that happens.

 

41 minutes ago, LAwLz said:

Except they are.

Even if you dismiss all my concerns of potential abuse as paranoia that will never happen, every person/company/organization which has access to data weakens the security of that data.

In their own example of this law, they said that they could demand access to the data stored on iCloud.

The risk of a key being stolen is objectively higher the more people has it. So I would argue that even in their own example they are talking about something which weakens current security.

 

I have shown you the bill and it's limitations, you have been given the proof the bill does not weaken security, if you keep harping on that then it only further proves you are paranoid.  Even gaining access to icloud data would A. only work if apple has a generic key that opens it and B. can be argued is not in the interests of the safety of the general public because it compromises all icloud data.  That would be upto apple to argue.  It could also be upto apple to handover only the data linked to the person in the warrant (as this bill is setout to) and the police don't even get to see anything else.  But again, that requires a warrant.

Grammar and spelling is not indicative of intelligence/knowledge.  Not having the same opinion does not always mean lack of understanding.  

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×