Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Speed Weed

Apple urges Australian government not to weaken encryption with backdoors

Recommended Posts

Posted · Original PosterOP

Sources:

1) https://appleinsider.com/articles/18/10/12/apple-urges-australian-government-not-to-weaken-encryption-with-backdoors

 

2) https://arstechnica.com/tech-policy/2018/10/apple-to-australia-this-is-no-time-to-weaken-encryption/

 

Quote from the 1st source

Quote

Apple has submitted its formal response to a draft bill undergoing debate by the Australian government, with the iPhone maker calling for "increasingly stronger - not weaker - encryption" as a way to protect against the growing number of online threats. 

Provided to AppleInsider by Apple, the the seven-page submission to the Australian Parliamentary Joint Committee on Intelligence and Security on the "Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018," arguing for clarity on the bill's aims, and encouraging the government to avoid going down the route of weakening encryption. 

Introduced to the parliamentary calendar in August, the bill proposes updates to the country's telecommunications-related laws, including a need for private sector firms to "provide greater assistance to agencies." While the bill demands assistance from companies like Apple, the language used is ambiguous enough to potentially mean the creation of backdoors into encrypted apps and services, something which many tech companies strongly disagree with. 
Noting Apple's role in protecting national security and citizen's lives, and its teams working to stay one step ahead of criminal attackers, the letter claims the threats that pry for personal data or co-opting hardware for broader assaults "only grow more serious and sophisticated over time. 

"It is precisely because of these threats that we support strong encryption," Apple assets. Highlighting the trillion transactions conducted online and protected by encryption every day, the threats to these communications are said to be "very real and increasingly sophisticated." 
 

Quote from the 2nd source

Quote

Apple has filed its formal opposition to a new bill currently being proposed by the Australian government that critics say would weaken encryption. If it passes, the "Assistance and Access Bill 2018" would create a new type of warrant that would allow what governments often call "lawful access" to thwart encryption, something that the former Australian attorney general proposed last year.

The California company said in a filing provided to reporters on Friday that the proposal was flawed. This is no time to weaken encryption," the company wrote. "There is profound risk of making criminals’ jobs easier, not harder. Increasingly stronger—not weaker—encryption is the best way to protect against these threats." Apple took direct aim at what American authorities have called the "going dark" problem—the notion that strong encryption makes it far too difficult for law enforcement to access hardened devices. The Department of Justice and the FBI have pushed for something similar for decades to no avail—no specific legislation has been put forward in the United States since the failed "Clipper Chip" proposal during the Clinton administration. However, high-ranking DOJ and FBI officials during both the Obama and Trump administrations have continued to lambast this issue.

This is just too stupid. By weakening encryption, the bad guys will be to access your info easily because data breach is highly possible these days. In addition, the bad guys are ahead of the good guys in cybersecurity industry.  

Apple: Encryption with a backdoor only the police can use is impossible. Weakening the mathematical model weakens it for everyone.

Australia: Na Na can’t hear you. Give us a backdoor now

Link to post
Share on other sites

We seem to be seeing more and more cases of technology outpacing the law in terms of progression. And more importantly, technology going beyond and over the heads of those responsible for creating and passing laws. 

 

It's lead to cringe worthy situations, such as the videos of Mark Zuckerberg trying to explain technology to officials who clearly don't know or understand enough to make any fair judgements. 

 

Encryption seems to be under attack by governments over the past few years, with the UK seemingly leading, now followed by Australia it appears. They just don't seem to understand the implications of backdoors and weakening security. The UK wants a complete ban on end to end encryption, which is utterly ridiculous. 

 

Full encryption is a double edged sword, but it seems that governments just aren't getting that the benefits of it outweigh the downsides. 

Link to post
Share on other sites

Baffles me why companies who claim to care about user privacy/security, dont just outright tell the govt to go f themselves and refuse to make backdoors no matter what. Apple has so much power that no govt would try to ban the devices in fear of immense backlash.


Please quote my post in your reply, so that I will be notified and can respond to it. Thanks.

I do not offer free or paid insurance coverage to anyone let alone bungee jumpers and skydivers.

I do not work in a profession or for a business that has anything to do with the tech/gaming industry.

Link to post
Share on other sites

I think it would be a great idea for the politicians at these committees that are asking for backdoors, to have their devices hacked and contents displayed for all to see.... then see how they feel about privacy and having backdoors that would make the job even easier.


Please quote my post, or put @paddy-stone if you want me to respond to you, I may not see your post otherwise.

 

PSU tier list

Spoiler
  • PCs:-
  • AM4 1700 build https://uk.pcpartpicker.com/list/26ZrTH
  • AMD Ryzen 1700 w/ Wraith Spire cooler @3.75 1.269V - ASrock AB350M Pro 4  - 16GB Corsair Vengeance 3000Mhz RAM @3066Mhz  - Crucial M500 M.2 SSD 240GB - Zotac GTX 1050 mini - 2TB HDD - Thermaltake Core V21 -  EVGA Supernova P2 850W Platinum PSU - Pioneer BD writer in external USB 3.0 5.25 chassis.
  • AMD phenom II 1055t / 8GB RAM / DVD writer
  • ASUS x53e  - i7 2670QM / Sony BD writer x8 / Win 10, Elemetary OS, Ubuntu/ Samsung 830 SSD
  •  
  • Displays:-
  • Panasonic 55" 4k TV
  • LG 29" Ultrawide
  •  
  • Storage/NAS/Servers:-
  • Deadpool server -  i7 6700K - Cryorig C7 cooler - b250 mobo - fractal design node 804 - 3x4TiB Seagate Iron Wolfs - EVGA Supernova G2 650W Gold PSU
  • Backup server - HP Proliant Gen 8 4 bay NAS running FreeNAS ZFS striped 3x3TiB WD reds
  • WD mycloud 3TB
  • HP ProLiant G6 Server SE316M1 Twin Hex Core Intel Xeon E5645 2.40GHz 48GB RAM
  •  
  • Gaming/Tablets etc:-
  • Xbox One S 500GB + 2TB HDD
  • PS4
  • Nvidia Shield TV
  • Nvidia Shield K1 tablet
  • Lenovo k3 note
  • Windows tablet

 

Link to post
Share on other sites

Even Apple gets what that Aussie bill really is about, no matter if there is a small part that says "without weakening the encryption". Kind of hard to respect the laws if the laws demand you to provide help accessing encrypted data while having punishments not doing so "enough" and that "enough" is based on what a single official seems fit and even then laws say that you don't need to weaken the encryption. How the hell you are going to help someone accessing encrypted data without weakening the encryption and there's probably some politically seated person saying that "you don't manage to get us the data, you are going to be fined because you didn't help us as we wanted you to help us"?

2 hours ago, huilun02 said:

Baffles me why companies who claim to care about user privacy/security, dont just outright tell the govt to go f themselves and refuse to make backdoors no matter what. Apple has so much power that no govt would try to ban the devices in fear of immense backlash.

Only if it was that easy. I don't know how harsh Aussies are with their punishments but if they are as trigger happy as EU there's really big weights on the scale. Apple not giving "enough" help to the officials and Aussies slap them with XX% of worldwide revenue fines and Apple cannot sell a single product in Aussieland before that fine is paid is quite a huge danger. And with Aussies the problem is quite real because they have had at least one government that didn't care about their political career and made the tighter gun laws reality, who knows are there still people in there who are ready to take the bullet and ban the sales of Apple products just because Apple didn't want to give them access to their encryptions.

Link to post
Share on other sites

Been over this bill many times, thee government cannot force any company to comply with requests that reduce security/privacy on consumer devices.

 

In fact the first time this bill was raised I linked to the actual bill and the attached proposals and limitations pointing out exactly why it is not a backdoor and cannot be turned into one.

EDIT:

 

It's here before anyone wants to start from scratch:

Just read it first. I will not reply to arguments that are already addressed.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
6 minutes ago, mr moose said:

Been over this bill many times, thee government cannot force any company to comply with requests that reduce security/privacy on consumer devices.

 

In fact the first time this bill was raised I linked to the actual bill and the attached proposals and limitations pointing out exactly why it is not a backdoor and cannot be turned into one.

but muh outrage!


FAQ answers

  1. Yes
  2. No
  3. No
Link to post
Share on other sites
Just now, Arika S said:

but muh outrage!

Save it up for something that actually needs it, like climate change and recycling or cheaper petrol/power.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
2 hours ago, mr moose said:

Been over this bill many times, thee government cannot force any company to comply with requests that reduce security/privacy on consumer devices.

 

In fact the first time this bill was raised I linked to the actual bill and the attached proposals and limitations pointing out exactly why it is not a backdoor and cannot be turned into one.

EDIT:

 

It's here before anyone wants to start from scratch:

Just read it first. I will not reply to arguments that are already addressed.

Like I said in the other thread, the law as written gives a lot of room for abuse. For example I don't think the law prevents the Attorney General from demanding a company hand over their private keys, and it seems like leadeater agreed that it does not prevent that. It's up for interpretation if that would be a systemic weakness or not.

 

The text you point to which is suppose to prevent abusing this bill, doesn't actually provide that much protection from abuse.

But you just dismissed that as paranoia.

Link to post
Share on other sites
15 minutes ago, LAwLz said:

Like I said in the other thread, the law as written gives a lot of room for abuse. For example I don't think the law prevents the Attorney General from demanding a company hand over their private keys, and it seems like leadeater agreed that it does not prevent that. It's up for interpretation if that would be a systemic weakness or not.

 

The text you point to which is suppose to prevent abusing this bill, doesn't actually provide that much protection from abuse.

But you just dismissed that as paranoia.

The limitations of the bill are as posted, the company may refuse assistance if in their reasoning that assistance would amount to a reduction in the security or privacy of it's clients.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
42 minutes ago, mr moose said:

The limitations of the bill are as posted, the company may refuse assistance if in their reasoning that assistance would amount to a reduction in the security or privacy of it's clients. 

And if the Attorney General has submitted a TCN to the company, refusing to comply with it will be illegal.

It is not up to the company deciding whether or not a change will reduce the security or privacy of its clients. For example I would argue that the Australian government gaining a way to look through files saved to iCloud would reduce the security. The more people have access to something the larger the risk of a leak. However, getting access to iCloud files is one of the examples given and has therefore already been evaluated by the Australian government to not be lowering the security of the service.

 

I think that's a big problem with this bill. It may sound good if you just read it and take it at face value, but a lot of the things are left up for interpretation, and the Australian government has basically said that it is their interpretation that counts.

 

It's a bill that seems good and logical, but only if you have complete good faith in the present and future Australian government. The current one seems alright, but the previous Attorney General was notorious for being extremely anti-encryption and wanted to push a ton of backdoors. The next one might have the same or worse mentality.

 

Basically, Australia is at a crossroad where they can choose to implement security based on technical merits, with no room for interpretation or concept of good/bad, or they can create a system where trust, faith and compromise is of upmost importance.

Australia is leaning towards the latter, while I strongly believe the former is far superior, even if it means some criminals will misuse it (and it's not like the new law will help catching somewhat technologically-literate criminals anyway).

 

 

But I think I asked you a question in the previous thread and didn't get a response.

How do you think this bill will work in practice, and what positive effect (or negative effect) do you think it will have?

Link to post
Share on other sites
1 minute ago, LAwLz said:

And if the Attorney General has submitted a TCN to the company, refusing to comply with it will be illegal.

No it wouldn't, under the clause if they can show such request would undermine encryption on innocent consumers then they cannot enforce it.

1 minute ago, LAwLz said:

It is not up to the company deciding whether or not a change will reduce the security or privacy of its clients.

Yes it is. This is all linked in the other thread.

1 minute ago, LAwLz said:

For example I would argue that the Australian government gaining a way to look through files saved to iCloud would reduce the security. The more people have access to something the larger the risk of a leak. However, getting access to iCloud files is one of the examples given and has therefore already been evaluated by the Australian government to not be lowering the security of the service.

And as such if it doesn't then apply would comply, if apple can show it does then they don't have too.

1 minute ago, LAwLz said:

 

I think that's a big problem with this bill. It may sound good if you just read it and take it at face value, but a lot of the things are left up for interpretation, and the Australian government has basically said that it is their interpretation that counts.

Of course you can interperet them anyway you want, you have demonstrated that here, however that doesn't mean when they say:

 

Quote

In order to issue a notice, the decision-maker must be satisfied that requirements in a technical assistance notice and technical capability notice are reasonable and proportionate and compliance with the notice is practicable and technically feasible. This means the decision-maker must consider the interests of the relevant agency, the benefits to an investigation, the interests of the provider, the impact on third parties, the impact on privacy, cyber security implications and the wider public interest.

They actually mean that if it is not feasible (aka, putting in a backdoor and maintaining privacy) then it cannot be enforced.  Also the if the request doesn't take into consideration innocent end user data, then the provider can simply refuse on grounds that the decision maker did not consider that effect.  It is written in black and white and in order for the law to be upheld it has to go to court and the High court in Australia has no qualms in telling the Government to fuck off if they are overstepping their own laws.

 

Any way, I think I have been over this a few times now.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
1 minute ago, Amazonsucks said:

Except that you make the baseless assertion that people cant be trusted with encryption so it needs to be regulated.

Are you under the impression that no criminal any where is hiding behind encrypted data?

1 minute ago, Amazonsucks said:

That the Five Eyes spying, which Australia is a huge part of only involves "session times and ip addresses", which is clearly not true.

Which has nothing to do with what I said.

1 minute ago, Amazonsucks said:

Implying that strong encryption prevents law enforcement from doing their jobs, which is complete nonsense.

righto.  if they can't use the evidence stored on an encrypted device then it is. 

 

 

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
11 minutes ago, mr moose said:

No it wouldn't, under the clause if they can show such request would undermine encryption on innocent consumers then they cannot enforce it. 

The company has to make an argument for why they shouldn't be forced to implement the changes, and then it is up to someone else (a court? The Attorney General?) to decide which side is correct.

That means the decision is not up to the companies or developers. If it was up to the developers then they would not even have to provide a reason for not implementing a proposal. They could just say no and that would be the end of it. But that's not the case.

 

 

20 minutes ago, mr moose said:

It is written in black and white and in order for the law to be upheld it has to go to court and the High court in Australia has no qualms in telling the Government to fuck off if they are overstepping their own laws. 

And there you go again, trying to dress up good faith as a safety net.

If your argument for why something can't be abused is "they have told the government to fuck off in the past" then I don't think it is a very strong defense, because such things can easy change in the future.

Let me ask you this then, since you refuse to answer my other question:

Do you agree that this law open up the possibility that a company such as Apple has to in some way, direct or indirect, give access or hand over information about a guilty criminal to someone working for or on behalf of the Australian government, and if they refuse there is a possibility that they get punished?

Link to post
Share on other sites
13 hours ago, DaPhuc said:

the bad guys are ahead

are always ahead

 

just a matter of what part of the curve they are on


AMD Ryzen 1600X with ASUS Prime x370 Pro and Corsair Vegence 2x8GB 3466 15cas, Corsair H100i liquid cpu cooler, Samsung EVO 500GB, 4TB 7200, Asus GRX 1080 8gb rog strix, Fractal Define R4 case, Corsair RM750x, 10Gbps

Link to post
Share on other sites
1 minute ago, LAwLz said:

Do you agree that this law open up the possibility that a company such as Apple has to in some way, direct or indirect, give access or hand over information about a guilty criminal to someone working for or on behalf of the Australian government, and if they refuse there is a possibility that they get punished?

I do not agree,  Apple can be asked to help them, and if that help only gives law enforcement the data pertaining to that one criminal then fine, they must help, but if that help opens a floodgate of data collection then no they don't have to help, in fact the way the law is written they are not even allowed to ask for that help if they know it will be used to unlock other people data outside the case at hand.

 

You have to understand that in Australia our courts are genuinely heavily divorced from the government and operate on the laws written.  In fact the high court almost sent us back to the polls recently by sacking a half dozen sitting parliamentarians due to duel citizenship, their position didn't save them there.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites
18 minutes ago, mr moose said:

I do not agree,  Apple can be asked to help them, and if that help only gives law enforcement the data pertaining to that one criminal then fine,

Not sure why you say you don't agree, and then in the next sentence you say you agree.

Apple can be forced to hand over data.

 

19 minutes ago, mr moose said:

but if that help opens a floodgate of data collection then no they don't have to help, in fact the way the law is written they are not even allowed to ask for that help if they know it will be used to unlock other people data outside the case at hand. 

And at the end of the day, who has the final verdict on whether or not something "opens the floodgate of data collection"? If there is a disagreement between a company and for example the attorney general, who decides who is right in their reasoning? Is it the company/developer, or someone else?

 

21 minutes ago, mr moose said:

You have to understand that in Australia our courts are genuinely heavily divorced from the government and operate on the laws written.  In fact the high court almost sent us back to the polls recently by sacking a half dozen sitting parliamentarians due to duel citizenship, their position didn't save them there. 

Again, you're arguing from good faith.

You don't believe that this bill will be misused because of things which has happened in the past, and your general feeling towards the Australian courts. That however assumes that things can't change in the future, and it also assumes that you have an accurate grasp of the general picture as it is today and in the past, but your perception may not be the full picture.

 

To me, it appears like this bill puts a great amount of power and responsibility on the Australian court system. Since you have good faith in them, you seem alright with it. When it comes to security and privacy I generally act and reason based on bad faith. I don't want to leave room for issues to arise in the unlikely case of for example someone or something corrupt gains influence over what I have put my security and privacy in the hands of.

Link to post
Share on other sites
36 minutes ago, mr moose said:

In fact the high court almost sent us back to the polls recently by sacking a half dozen sitting parliamentarians due to duel citizenship, their position didn't save them there.

Sweet New Zealand revenge 🤣. Teach you guys for under arm bowling.

Link to post
Share on other sites
1 minute ago, LAwLz said:

Not sure why you say you don't agree, and then in the next sentence you say you agree.

Apple can be forced to hand over data.

Isn't it obvious? you are trying to make this an on/off thing. It's not there are varying degrees of access that can be denied.

1 minute ago, LAwLz said:

And at the end of the day, who has the final verdict on whether or not something "opens the floodgate of data collection"? If there is a disagreement between a company and for example the attorney general, who decides who is right in their reasoning? Is it the company/developer, or someone else?

At the end of the day the high court has the verdict.  The government can't just fine a company or instigate a punishment because they didn't get what they wanted, they have to charge them which means they have to prove the request was fair and reasonable.

1 minute ago, LAwLz said:

Again, you're arguing from good faith.

Actually I'm arguing from the bill as written.

1 minute ago, LAwLz said:

You don't believe that this bill will be misused because of things which has happened in the past, and your general feeling towards the Australian courts.

Whilst nothing has guarantees of anything, I am confident this bill will not get misused and if it does the high court will be unbiased a fair.  I have yet to see the high court rule in favor of the government on most social justice issues.  I.E when it comes to human rights and innocent people the high court tends to tell the government to go back and rethink the law.  We do have a constitution for a reason.

1 minute ago, LAwLz said:

That however assumes that things can't change in the future, and it also assumes that you have an accurate grasp of the general picture as it is today and in the past, but your perception may not be the full picture.

Yes, things do change in the future, dumb laws that don;t work get over turned, in fact we have more dumb laws changed than oppressive laws made.

1 minute ago, LAwLz said:

To me, it appears like this bill puts a great amount of power and responsibility on the Australian court system. Since you have good faith in them, you seem alright with it. When it comes to security and privacy I generally act and reason based on bad faith. I don't want to leave room for issues to arise in the unlikely case of for example someone or something corrupt gains influence over what I have put my security and privacy in the hands of.

Nope, it is a law like any other,  we have many laws that you can claim are just as ambiguous, or rely on the courts too much or don't account for this that or the other thing, however we don;t have that much a of a problem with misuse of power.  In fact contrary to popular belief it is the opposite here,  we are one of the most open and transparent countries for laws and business.


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites

So, in other words, they're looking for permission to look over people's shoulder(s) with search warrants. Which doesn't require a backdoor. But still requires breach of privacy. How is this any different from the implications of a backdoor? They get to see what's on my phone - without having to hack it in this case. My privacy is still trashed IMO. It's not about whether it's a backdoor or not (because there are many ways of getting data without such). It's about whether I have to deal with some annoying "Big Brother" looking over my shoulder at a moment's notice, because search warrant (due to suspicion) says so. Can this power to look over one's shoulder be abused is the real question...

Link to post
Share on other sites
7 hours ago, TopHatProductions115 said:

So, in other words, they're looking for permission to look over people's shoulder(s) with search warrants. Which doesn't require a backdoor. But still requires breach of privacy. How is this any different from the implications of a backdoor? They get to see what's on my phone - without having to hack it in this case. My privacy is still trashed IMO. It's not about whether it's a backdoor or not (because there are many ways of getting data without such). It's about whether I have to deal with some annoying "Big Brother" looking over my shoulder at a moment's notice, because search warrant (due to suspicion) says so. Can this power to look over one's shoulder be abused is the real question...

If Law enforcement want to get a service provider (I.E apple or facebook) to provide access to data on you, 1. they have to get a warrant which means they need to provide sufficient evidence  that to points to you being either guilty and/or the evidence in your services (your PM's for example) is likely.  2. The data has to be obtainable by that company without compromising anyone else's privacy, this means that if the only way to get hold of that data is to backdoor the entire system (or even just a part of it) then a warrant will not be issued and if it is the service provider can refuse to implement said request on those grounds. 

 

 

 

 

 


QuicK and DirtY. Read the CoC it's like a guide on how not to be moron.  Also I don't have an issue with the VS series.

Link to post
Share on other sites

Governments are stupid, always stupid.

 

What comes to mind is the government payment system Phoenix, which Aussy could have told them that it was a dud.


AMD Ryzen 1600X with ASUS Prime x370 Pro and Corsair Vegence 2x8GB 3466 15cas, Corsair H100i liquid cpu cooler, Samsung EVO 500GB, 4TB 7200, Asus GRX 1080 8gb rog strix, Fractal Define R4 case, Corsair RM750x, 10Gbps

Link to post
Share on other sites
10 hours ago, mr moose said:

If Law enforcement want to get a service provider (I.E apple or facebook) to provide access to data on you, 1. they have to get a warrant which means they need to provide sufficient evidence  that to points to you being either guilty and/or the evidence in your services (your PM's for example) is likely.  2. The data has to be obtainable by that company without compromising anyone else's privacy, this means that if the only way to get hold of that data is to backdoor the entire system (or even just a part of it) then a warrant will not be issued and if it is the service provider can refuse to implement said request on those grounds.

I don't recall the bill specifically stating that a proposed change/weakness can only affect a single user. I remember reading that it could not be a "systemic weakness", but as we already discussed in the other thread the Australian government and I have very different definitions of what is and isn't "systemic".

 

You also forgot point number 3, that whether or not a company should be forced to implement a change, such as a weakness or backdoor, is in the end entirely decided by the Australian court (I think, although I don't remember that being outlined in the bill).

 

 

What I don't really get is this false idea that you can create something which can only be used to target a single user. As soon as you create a way to get information about a specific user, criminal or not, you also open up the possibility for such a tool to be used on anyone and everyone.

Trying to create a tool which can only be used against a specific person and therefore can't be abused is like saying we should invent a gun which can only shoot bad people. If you remove protection from criminals you also remove protection from everyone else. There is no possible way around that fact.

 

It is impossible for the Australian government to suggest a way to obtain information about someone from a computer system, which can't be abused to obtain information about someone else. Any such system that is proposed is 100% reliant on good faith. Good faith that even though it could be abused, people have made pinky promises to not abuse them.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×