Apple urges Australian government not to weaken encryption with backdoors

[Guest]

5 hours ago, leadeater said:

That's iCloud though, the devices themselves can't. Though if the majority of people using iPhones use iCloud and backup the phones to that as well as sync the data itself unlocking the device in most cases wouldn't even be required.

You can pretty much do what you want with the phone, if you have the iCloud account. You are right though, unless they have backed up with iCloud (Which is highly likely for iMessage and call history -  thats fairly automatic)

[mr moose]

6 hours ago, LAwLz said:

If you enable cloud syncing on iOS, it will upload the things you allow it to, to your iCloud account.

Apple can't break the onboard encryption on iPhones, but they can access data uploaded to iCloud.

 

Apple doesn't have access to data stored locally on phones, but they do have access to any data stored on their server, and there is sometimes (quite often) an overlap.

 

I didn't mean on the phone, I know they don't have access to the phone (or at least as far as we know they don't), How do they have access to the icloud data without compromising it?

[LAwLz]

14 minutes ago, mr moose said:

I didn't mean on the phone, I know they don't have access to the phone (or at least as far as we know they don't), How do they have access to the icloud data without compromising it? 

What do you mean by "without compromising it"?

What is your definition of "compromise"?

[mr moose]

3 minutes ago, LAwLz said:

What do you mean by "without compromising it"?

What is your definition of "compromise"?

This whole topic is about accessing specific data without compromising the security of the the system, i.e the ability for someone to gain access to another persons data without their approval/password.   Clearly if apple have a way to access any data stored on the icloud then doesn't that mean there is a way for others to access it too? doesn't that mean it is intrinsically compromised because there are ways for someone other than the end user to access it?

[LAwLz]

46 minutes ago, mr moose said:

This whole topic is about accessing specific data without compromising the security of the the system, i.e the ability for someone to gain access to another persons data without their approval/password.   Clearly if apple have a way to access any data stored on the icloud then doesn't that mean there is a way for others to access it too? doesn't that mean it is intrinsically compromised because there are ways for someone other than the end user to access it? 

Well it kind of depends on several things including things like what definition of "compromise" we want to use. Is something compromised if it is designed a certain way? Are there different degrees of compromises?

 

Eating a slightly rotten apple can be seen as compromising (risk having a harmful effect, as defined by the Cambridge dictionary) because you might get sick. But is that compromise of the same degree as straight up eating rat poison? Both the chance of harming yourself, and the severity are widely different, yet both fall under the same "compromise" umbrella term.

 

 

As it is right now, Apple, and only Apple, can access any data stored on iCloud.

Some people automatically upload some things from their phones to iCloud.

 

That means that people can never quite be sure that their files have not been looked at if they are uploaded to iCloud. There is a risk that Apple looks at them. Does that mean the files are classified as compromised?

 

It is technically possible for Apple to let others gain access to the same files with little or no changes to their systems. Would this be allowed since the files are already deemed compromised? If that's how the define things, then we aren't taking the risk factor into account. We are just judging things on a pure black and white basis, just like saying eating a rotten apple and eating rat poison are both compromises.

 

Having 1 person able to access files is a much smaller risk than having 100,000 people be able to access files. In both cases security can be deemed as being "compromised", but that's only if you don't take the risk factor into account.

 

 

 

This is what I tried to tell you before. Things aren't just black and white. There can be several shades of gray depending on how you define things, and different definitions can lead to very different opinions and views.

 

 

 

Would you say all data on iCloud is compromised because Apple can view it?

If the answer is yes, would you say that the data stored on iCloud would be less safe if someone decided to publicly post a bunch of unfixable exploits which let anyone view anything stored on iCloud tomorrow?

Or would you say that it doesn't matter if it's only Apple can view the files or if the whole world can view the files, because in both cases people have an equal amount of privacy and security?

[RejZoR]

16 hours ago, LAwLz said:

If you enable cloud syncing on iOS, it will upload the things you allow it to, to your iCloud account.

Apple can't break the onboard encryption on iPhones, but they can access data uploaded to iCloud.

 

Apple doesn't have access to data stored locally on phones, but they do have access to any data stored on their server, and there is sometimes (quite often) an overlap.

This is where services like ProtonMail and upcoming ProtonDrive or pCloud (only paid plan though) and SpiderOak step in. With these, even service provider itself can't access any of your data stored on their servers (zero knowledge encryption).

 

Technically, data access on user level should only be available to very few people at Apple that have highest access clearence there for maintenance operations. Question is, do they? With zero knowledge, it doesn't even matter, because you are assured no one has access. Assuming the system is implemented as they say. Which is usually hard to say and all falls down on how much you trust them in either case.

[mr moose]

11 hours ago, LAwLz said:

Well it kind of depends on several things including things like what definition of "compromise" we want to use. Is something compromised if it is designed a certain way? Are there different degrees of compromises?

 

Eating a slightly rotten apple can be seen as compromising (risk having a harmful effect, as defined by the Cambridge dictionary) because you might get sick. But is that compromise of the same degree as straight up eating rat poison? Both the chance of harming yourself, and the severity are widely different, yet both fall under the same "compromise" umbrella term.

 

 

As it is right now, Apple, and only Apple, can access any data stored on iCloud.

Some people automatically upload some things from their phones to iCloud.

 

That means that people can never quite be sure that their files have not been looked at if they are uploaded to iCloud. There is a risk that Apple looks at them. Does that mean the files are classified as compromised?

 

It is technically possible for Apple to let others gain access to the same files with little or no changes to their systems. Would this be allowed since the files are already deemed compromised? If that's how the define things, then we aren't taking the risk factor into account. We are just judging things on a pure black and white basis, just like saying eating a rotten apple and eating rat poison are both compromises.

 

Having 1 person able to access files is a much smaller risk than having 100,000 people be able to access files. In both cases security can be deemed as being "compromised", but that's only if you don't take the risk factor into account.

 

 

 

This is what I tried to tell you before. Things aren't just black and white. There can be several shades of gray depending on how you define things, and different definitions can lead to very different opinions and views.

 

 

 

Would you say all data on iCloud is compromised because Apple can view it?

If the answer is yes, would you say that the data stored on iCloud would be less safe if someone decided to publicly post a bunch of unfixable exploits which let anyone view anything stored on iCloud tomorrow?

Or would you say that it doesn't matter if it's only Apple can view the files or if the whole world can view the files, because in both cases people have an equal amount of privacy and security?

Your arguments have always been that if one person can access it then the potential exists for everyone to access it.  What is the difference between the NSA having a backdoor that only they know about and apple having access that only they know about?  Remember your arguments for no backdoors is because you cannot secure them for the use of only one entity?  Which to be honest is my argument too, however I don't see why you are o.k with apple having this access but want to use such an access as an argument why this law is dangerous.

 

 

 

 

[LAwLz]

44 minutes ago, mr moose said:

Your arguments have always been that if one person can access it then the potential exists for everyone to access it.  What is the difference between the NSA having a backdoor that only they know about and apple having access that only they know about?  Remember your arguments for no backdoors is because you cannot secure them for the use of only one entity?  Which to be honest is my argument too, however I don't see why you are o.k with apple having this access but want to use such an access as an argument why this law is dangerous.

I think you have misunderstood my argument.

My argument is that this situation isn't just black and white. My argument is that the best security is a system where only the user and any person they have authorized has access to the information. That is how the encryption on the iPhone works, as well as E2EE like WhatsApp and iMessage.

 

When it was brought up that the bill prohibits access to data if it means lowering the security then I made the argument that giving more people access to data inherently lowers security.

In a backdoored system like iCloud, the security relies on the backdoor not being leaked. The more people who has access to it, the higher the risk of a leak, and thus the security is reduced. If only 1 person has access, then the risk is just inherently lower than if that person, plus 10,000 other people have access. Each additional person who has access inherently lowers security.

 

Those were my arguments. That is also why I brought up the comparison with eating a rotten apple (only Apple having access) vs eating rat poison (Apple and a bunch of others having access). Because it is not black and white. Security is not binary where you're either safe or not at all safe. It's a scale with big and small risks, as well as high and low probabilities.

 

According to IT risk assessment, no system is 100% safe. As a result, we can't just say that "this system has a security risk, so therefore it is OK to introduce another one since it's already compromised". However, from reading this bill that is exactly the impression I get.

 

Even if we assume each case in Australia will use an established risk management method to determine whether or not something reduces security, it is A LOT to ask from a judge to understand the very technical nature of the case. On top of that, different methodologies will get different conclusions.

[mr moose]

1 hour ago, LAwLz said:

I think you have misunderstood my argument.

My argument is that this situation isn't just black and white. My argument is that the best security is a system where only the user and any person they have authorized has access to the information. That is how the encryption on the iPhone works, as well as E2EE like WhatsApp and iMessage.

 

When it was brought up that the bill prohibits access to data if it means lowering the security then I made the argument that giving more people access to data inherently lowers security.

In a backdoored system like iCloud, the security relies on the backdoor not being leaked. The more people who has access to it, the higher the risk of a leak, and thus the security is reduced. If only 1 person has access, then the risk is just inherently lower than if that person, plus 10,000 other people have access. Each additional person who has access inherently lowers security.

 

Those were my arguments. That is also why I brought up the comparison with eating a rotten apple (only Apple having access) vs eating rat poison (Apple and a bunch of others having access). Because it is not black and white. Security is not binary where you're either safe or not at all safe. It's a scale with big and small risks, as well as high and low probabilities.

 

According to IT risk assessment, no system is 100% safe. As a result, we can't just say that "this system has a security risk, so therefore it is OK to introduce another one since it's already compromised". However, from reading this bill that is exactly the impression I get.

 

Even if we assume each case in Australia will use an established risk management method to determine whether or not something reduces security, it is A LOT to ask from a judge to understand the very technical nature of the case. On top of that, different methodologies will get different conclusions.

Well, if you are trying to argue it's not black and white you seem to be using a lot of black and white arguments:

 

On 10/18/2018 at 10:50 PM, LAwLz said:

We either give everyone security, or nobody security. There is no middle ground since math (the software) can't take intent into consideration. 

 

On 10/19/2018 at 7:25 AM, LAwLz said:

And I have time and time again explained how it will weaken security because it is IMPOSSIBLE to give access to data for let's say the police, without lowering the security of the system.

 

On 10/19/2018 at 7:25 AM, LAwLz said:

Even the example given of a supposedly "non systemic weakness" is in fact a systemic weakness since it could be applied to any user of the service (in the case of the example, iCloud) and any kind of safe-guard protecting users from abuse is 100% reliant on a human "doing the right thing", rather than relying on technical merits of the system itself.

 

 

On 10/17/2018 at 7:46 PM, LAwLz said:

Again, you can not design a way into a system without that same tool or door also being applicable to others. It is impossible. So if the bill is written in the way you claim it is, then it is entirely useless.

 

On 10/17/2018 at 7:46 PM, LAwLz said:

Let me repeat that. It is impossible to design a way to gain access to information on a specific person, that can't be misused to gain access to information on another person.

 

 

On 10/17/2018 at 7:46 PM, LAwLz said:

 

Again, then it is useless because it is impossible to design something which can only be used to target a single person, when other people use exact copies of the targeted system. If something works on one machine or user, it will work on all other machines or users.

 

So apparently the only black and whites you like are when it's your opinion.  Even now we are discussing what appears to be a unanimous understanding that apple has full access to icloud data, which you have argued above as being impossible to do without it being misused. 

 

So by your reasoning you should be thoroughly against apple being able to access icloud data.  Unless this reasoning of yours only applies to government agencies (even if it is only through a warrant with evidence and has to be specific to the target suspect).

 

[Amazonsucks]

The problem with these proposed bills and actually secure services like ProtonMail, Signal etc is that once this level of legislation fails to stop crime or catch criminals, who will continue to have good opsec and use secure services, theyll do a China or Russia.... Or a country that is very close(not geographically) to Aus/NZ: the UK, with their Snooper's Charter.

 

How long before this worthless legislation is revealed to be what it really is? Opening the door for an Australian Snoopers Charter.

 

We're up to 4 pages. Why not just talk about what it really is already?

[LAwLz]

6 hours ago, mr moose said:

Well, if you are trying to argue it's not black and white you seem to be using a lot of black and white arguments:

I don't think you fully grasp my arguments, or maybe you are misinterpreting them on purpose.

The thing which is not black and white is specifically the amount of security a system or user has. There will always be some risk of data leaks or exploits, but how large the risk of that happening, and the severity of it might be different. That is the aspect which isn't black and white. All systems land somewhere on a scale which starts at "almost perfectly secure" and "not secure at all".

 

 

Quote

We either give everyone security, or nobody security. There is no middle ground since math (the software) can't take intent into consideration.

Quote

Even the example given of a supposedly "non systemic weakness" is in fact a systemic weakness since it could be applied to any user of the service (in the case of the example, iCloud) and any kind of safe-guard protecting users from abuse is 100% reliant on a human "doing the right thing", rather than relying on technical merits of the system itself.

Quote

Again, you can not design a way into a system without that same tool or door also being applicable to others. It is impossible. So if the bill is written in the way you claim it is, then it is entirely useless.

Quote

Let me repeat that. It is impossible to design a way to gain access to information on a specific person, that can't be misused to gain access to information on another person.

Quote

Again, then it is useless because it is impossible to design something which can only be used to target a single person, when other people use exact copies of the targeted system. If something works on one machine or user, it will work on all other machines or users.

When I said these things, I meant that all consumers have the same amount of protection. You can not lower the security for an individual user without also lowering the security of everyone else.

 

Quote

And I have time and time again explained how it will weaken security because it is IMPOSSIBLE to give access to data for let's say the police, without lowering the security of the system.

When I said these things, I meant that each individual who has access to information will move the system away from "almost perfectly secure" and closer to "not secure at all".

The risk of exploitation or data leaks is inherently higher if 11 people has access to something, compared to if 10 people have access.

 

 

 

6 hours ago, mr moose said:

So apparently the only black and whites you like are when it's your opinion.  Even now we are discussing what appears to be a unanimous understanding that apple has full access to icloud data, which you have argued above as being impossible to do without it being misused. 

No, those particular aspects of this much more complicated argument are black and white. What isn't black and white is the scale of how vulnerable a system is.

I also never said that it was impossible to make a system like that without it being misused. What I said was that it is impossible to create such a system without having the privacy rely on good faith rather than the technical merits of the system. There is a very big difference in what you claim I said, and what I actually said.

The privacy of files on iCloud is entirely based on the good faith people put in Apple. There is no technical component which prevents Apple from misusing that power they have. I don't like systems like that because I believe privacy and security should be based on facts and technical merits, not trust.

That is what I said.

 

 

6 hours ago, mr moose said:

So by your reasoning you should be thoroughly against apple being able to access icloud data.  Unless this reasoning of yours only applies to government agencies (even if it is only through a warrant with evidence and has to be specific to the target suspect).

Yes, I am against the fact that Apple can access iCloud data. I strongly recommend against using the sync option for private things. Did you not see my posts in the "fappening" thread? What happened was that people gained access to a bunch of celebrities' iCloud accounts and found nude pictures. This was my response to that:

On 9/4/2014 at 12:58 AM, LAwLz said:

Uploading photos of yourself naked to the Internet is a recipe for disaster. Call that victim blaming if you want, but it's true. Uploading those kinds of picture is a very bad idea. How many times do we have to see this happen before people learn?

 

 

[Thaldor]

9 hours ago, mr moose said:

Your arguments have always been that if one person can access it then the potential exists for everyone to access it.  What is the difference between the NSA having a backdoor that only they know about and apple having access that only they know about?  Remember your arguments for no backdoors is because you cannot secure them for the use of only one entity?  Which to be honest is my argument too, however I don't see why you are o.k with apple having this access but want to use such an access as an argument why this law is dangerous.

 

 

 

 

@LAwLz

 

Apple is kind of bad example here because iCloud have been already "cracked" (The Fappening). So, there goes that "only Apple can access the iCloud data" and kind of proofs that if anyone else has the access then that access can be misused by anyone with enough skill and knowledge or even by a chance.

 

Anyone else than just the ones who need to access the data is always bad. Company running the service has some tools to access the data, even if it's encrypted, but those usually go to the realms of slow, expensive and extremely difficult. For example, LMG "can" access any forum users private messages, but that includes deep diving into the database and pulling those messages as raw data and that's not the best way to do things (what I know most of the forum SWs don't encrypt the PM data, but they give only the "owner" index of it so the admins if they wanted to read them through can retrieve them from the database but they must get to them manually which takes some time, LMG just an example here). Company having the user data encrypted can access that raw data and depending on how they encrypt it they might have some chances decrypting that data if they can reverse their encryption, but doing that is extremely iffy and even at the best expensive and time consuming and old school "force the suspect to unlock the data with old school police work" is far more less iffy, expensive and faster. And that expensive is quite a lot the keyword because I don't think Aussie government is going to pay to someone like Facebook to go through the work to decrypt one users messages which could cost quite a lot (out of hat we are probably talking about 10k-1m$) and even less I believe they would compensate those costs if they deemed the data unaccessible after trying. There's always ways to access the data, but the question is are they feasible (like building a huge decrypting machine just to access the data of some random rapist who at the best gets some years of prison isn't really something that can expected from the company).

 

Then there's one aspect that I haven't seen anyone arguing. The amount of requests. I don't have any data but let's say there would be 10k-100k requests for data per year for some company like Apple, Facebook and Google. That is going to require quite a lot resources to manage even if they could just type the name, username and some other information about the suspect and retrieve all their data. To make it worse, officials probably wouldn't or couldn't even make those requests for data in batches but one by one meaning even more work and expenses.

[LAwLz]

1 hour ago, Thaldor said:

Apple is kind of bad example here because iCloud have been already "cracked" (The Fappening). So, there goes that "only Apple can access the iCloud data" and kind of proofs that if anyone else has the access then that access can be misused by anyone with enough skill and knowledge or even by a chance. 

The Fappening did not happen because iCloud was "cracked" though, and the issue was fixed very quickly after being discovered (vulnerable to brute-force attacks).

For all intents and purposes, it is safe to say that Apple are currently the only ones who can access iCloud data. At least that we know of. Well, the Australian government too if this bill goes through.

[mr moose]

2 hours ago, LAwLz said:

I don't think you fully grasp my arguments, or maybe you are misinterpreting them on purpose.

The thing which is not black and white is specifically the amount of security a system or user has. There will always be some risk of data leaks or exploits, but how large the risk of that happening, and the severity of it might be different. That is the aspect which isn't black and white. All systems land somewhere on a scale which starts at "almost perfectly secure" and "not secure at all".

 

 

When I said these things, I meant that all consumers have the same amount of protection. You can not lower the security for an individual user without also lowering the security of everyone else.

 

When I said these things, I meant that each individual who has access to information will move the system away from "almost perfectly secure" and closer to "not secure at all".

The risk of exploitation or data leaks is inherently higher if 11 people has access to something, compared to if 10 people have access.

 

 

 

No, those particular aspects of this much more complicated argument are black and white. What isn't black and white is the scale of how vulnerable a system is.

I also never said that it was impossible to make a system like that without it being misused. What I said was that it is impossible to create such a system without having the privacy rely on good faith rather than the technical merits of the system. There is a very big difference in what you claim I said, and what I actually said.

The privacy of files on iCloud is entirely based on the good faith people put in Apple. There is no technical component which prevents Apple from misusing that power they have. I don't like systems like that because I believe privacy and security should be based on facts and technical merits, not trust.

That is what I said.

 

 

Yes, I am against the fact that Apple can access iCloud data. I strongly recommend against using the sync option for private things. Did you not see my posts in the "fappening" thread? What happened was that people gained access to a bunch of celebrities' iCloud accounts and found nude pictures. This was my response to that:

 

 

I understand your argument, it's just this law is not that complicated to understand. As soon as any request action leads to the ability for someone to gain access to data they are not privy to, then the law does not apply.   Either an action reduces security or it doesn't.  Either a accompany can access data on it's users or it can't.   Either apple can access cloud data and hand over the relevant data to the requesting authority or it can't.  This law simply stops companies hiding behind archaic laws without going so far as to undermine privacy and security.

 

1 hour ago, Thaldor said:

@LAwLz

 

Apple is kind of bad example here because iCloud have been already "cracked" (The Fappening). So, there goes that "only Apple can access the iCloud data" and kind of proofs that if anyone else has the access then that access can be misused by anyone with enough skill and knowledge or even by a chance.

 

Anyone else than just the ones who need to access the data is always bad. Company running the service has some tools to access the data, even if it's encrypted, but those usually go to the realms of slow, expensive and extremely difficult. For example, LMG "can" access any forum users private messages, but that includes deep diving into the database and pulling those messages as raw data and that's not the best way to do things (what I know most of the forum SWs don't encrypt the PM data, but they give only the "owner" index of it so the admins if they wanted to read them through can retrieve them from the database but they must get to them manually which takes some time, LMG just an example here). Company having the user data encrypted can access that raw data and depending on how they encrypt it they might have some chances decrypting that data if they can reverse their encryption, but doing that is extremely iffy and even at the best expensive and time consuming and old school "force the suspect to unlock the data with old school police work" is far more less iffy, expensive and faster. And that expensive is quite a lot the keyword because I don't think Aussie government is going to pay to someone like Facebook to go through the work to decrypt one users messages which could cost quite a lot (out of hat we are probably talking about 10k-1m$) and even less I believe they would compensate those costs if they deemed the data unaccessible after trying. There's always ways to access the data, but the question is are they feasible (like building a huge decrypting machine just to access the data of some random rapist who at the best gets some years of prison isn't really something that can expected from the company).

 

Then there's one aspect that I haven't seen anyone arguing. The amount of requests. I don't have any data but let's say there would be 10k-100k requests for data per year for some company like Apple, Facebook and Google. That is going to require quite a lot resources to manage even if they could just type the name, username and some other information about the suspect and retrieve all their data. To make it worse, officials probably wouldn't or couldn't even make those requests for data in batches but one by one meaning even more work and expenses.

I agree with this, although I don't think the fappening was a security breach on apples end.  Whether that changes anything from the perspective of privacy and how to gain access to individual data without weaken the system is another story.  

 

Not too sure about the legality of government forcing a workload onto any entity without due compensation.

[79wjd]

 

34 minutes ago, LAwLz said:

Well, the Australian government too if this bill goes through.

Even without this bill, Apple will provide iCloud data with a warrant (at least in the US -- Probably because some equivalent of this exists just less tech specific -- e.g. it would probably be illegal on grounds of impeding an investigation to withhold evidence when provided a warrant).

21 minutes ago, mr moose said:

Not too sure about the legality of government forcing a workload onto any entity without due compensation.

I believe that as long as it's reasonable then they can require it (without compensation).

[LAwLz]

26 minutes ago, mr moose said:

I understand your argument, it's just this law is not that complicated to understand.

The law itself might not be difficult to understand, but the technical implementation and limitations of the systems it will affect seem very hard to understand to some people.

 

26 minutes ago, mr moose said:

As soon as any request action leads to the ability for someone to gain access to data they are not privy to, then the law does not apply.

And I have again and again made the argument that any request for access to data can lead to the ability for someone to gain access to data they are not privy to, so this law can never lead to anything in my eyes. The criteria they put in can never be met while simultaneously fulfilling the thing they want (to gain access to data).

 

26 minutes ago, mr moose said:

Either a accompany can access data on it's users or it can't.

There you go again with the whole "either a system is completely secure, or not at all secure".

Like I have told you over and over again, each additional person who can access data reduces the overall security of a system. iCloud can already be argued to be compromised, but allowing other parties to also gain access, or handing over data to over parties will inherently lower the security even more.

Like I have said over and over again, 1 person having access to data is in fact more secure than if 2 people have access to data. There is no way around that.

As soon as a new person gets access to data they previously didn't, the security is reduced. That includes the police.

The fewer people who has access, the more secure a system is. Any half-decent security guideline or risk analysis will tell you that.

Security is not black and white. Things can be more or less secure. Giving someone access which previously didn't have it makes it less secure.

 

 

26 minutes ago, mr moose said:

Either apple can access cloud data and hand over the relevant data to the requesting authority or it can't.

They can, but giving that ability away (or doing it on behalf of someone) reduces security.

Again, which platform do you think is the most secure.

1) iCloud when a handful of people at Apple can see the data.

2) iCloud when an exploit is discovered, making it possible for anyone to see anything uploaded.

 

Number 2 is clearly less private and safe, since more people can view it, right? There are several steps in-between situation 1 and 2 too, but the more people who has access the less private and secure the platform is.

 

 

 

26 minutes ago, mr moose said:

Not too sure about the legality of government forcing a workload onto any entity without due compensation.

As it stands right now, it is entirely up to companies to shoulder that burden. They do not get compensation or anything of the sort because it is seen as their duty to follow the law. If the law demands that they spend thousands upon thousands of man-hours manually combing through private messages from their users then that is a business expense they will just have to pay in order to continue operations. I already tried telling you this earlier when I said companies could be forced to take shortcuts because of overbearing demands, and as a result the ruling would indirectly lower privacy and security.

 

 

4 minutes ago, 79wjd said:

Even without this bill, Apple will provide iCloud data with a warrant (at least in the US -- Probably because some equivalent of this exists just less tech specific -- e.g. it would probably be illegal on grounds of impeding an investigation to withhold evidence when provided a warrant).

Yes, but the difference between the US law and this law is that this Australian bill can force companies to make changes to their systems to aid law enforcement or other government agencies obtain information about users. I do not believe the US law can require companies to make changes to their systems.

[mr moose]

8 minutes ago, LAwLz said:

The law itself might not be difficult to understand, but the technical implementation and limitations of the systems it will affect seem very hard to understand to some people.

Or to complicate it beyond reason.

8 minutes ago, LAwLz said:

And I have again and again made the argument that any request for access to data can lead to the ability for someone to gain access to data they are not privy to, so this law can never lead to anything in my eyes. The criteria they put in can never be met while simultaneously fulfilling the thing they want (to gain access to data).

Again says who?  you don;lt even know what requests they are likely to make, how how the data is stored yet you are confident it can't be acquired without introducing further weakness.  That's just a composition fallacy.  You are literally assuming because in some cases that can;t happen that in all cases it can;t happen.

8 minutes ago, LAwLz said:

There you go again with the whole "either a system is completely secure, or not at all secure".

Like I have told you over and over again, each additional person who can access data reduces the overall security of a system. iCloud can already be argued to be compromised, but allowing other parties to also gain access, or handing over data to over parties will inherently lower the security even more.

There can only be one of three outcomes to any action on a system either weaken, strengthen or none.   Pretty simple really.

8 minutes ago, LAwLz said:

Like I have said over and over again, 1 person having access to data is in fact more secure than if 2 people have access to data. There is no way around that.

and?

8 minutes ago, LAwLz said:

As soon as a new person gets access to data they previously didn't, the security is reduced. That includes the police.

How does apple handing over data to the police change the security of another account.  Apple are still the only ones with access to icloud data,.

8 minutes ago, LAwLz said:

The fewer people who has access, the more secure a system is. Any half-decent security guideline or risk analysis will tell you that.

Security is not black and white. Things can be more or less secure. Giving someone access which previously didn't have it makes it less secure.

If by more people gain access the security is weakened then the law doesn't apply.  stop ignoring that fact.

8 minutes ago, LAwLz said:

As it stands right now, it is entirely up to companies to shoulder that burden. They do not get compensation or anything of the sort because it is seen as their duty to follow the law. If the law demands that they spend thousands upon thousands of man-hours manually combing through private messages from their users then that is a business expense they will just have to pay in order to continue operations. I already tried telling you this earlier when I said companies could be forced to take shortcuts because of overbearing demands, and as a result the ruling would indirectly lower privacy and security.

 

I can't find a case in Australia where that has happened yet.

8 minutes ago, LAwLz said:

 

Yes, but the difference between the US law and this law is that this Australian bill can force companies to make changes to their systems to aid law enforcement or other government agencies obtain information about users. I do not believe the US law can require companies to make changes to their systems.

No, this law does not force service providers to change their system, it specifically prohibits any request that prevents a company from improving system security and privacy, Stop misrepresenting this bill.

[LAwLz]

40 minutes ago, mr moose said:

Again says who?  you don;lt even know what requests they are likely to make, how how the data is stored yet you are confident it can't be acquired without introducing further weakness.  That's just a composition fallacy.  You are literally assuming because in some cases that can;t happen that in all cases it can;t happen. 

No, it is impossible by simple logic and security guideline standards.

A file which can be looked at by 2 people is deemed less secure than a file which can only be look at by 1 person. It's as simple as that.

Letting someone new gain access to view data will always reduce security.

 

 

40 minutes ago, mr moose said:

There can only be one of three outcomes to any action on a system either weaken, strengthen or none.   Pretty simple really.

Yes, and allowing more people to view something will always weaken the system.

However, there are different degrees of "weakening" or "strengthening" a system. Two different actions may both weaken a system, but they may weaken the system to varying degrees.

 

 

40 minutes ago, mr moose said:

and?

And that is an extremely important aspect because this law was created to allow police or other government agencies to gain access to potential evidence in criminal cases.

However, according to you the law does not allow them to gain access if it means it reduces the security. Well, letting anyone new view the data inherently lowers the security. Therefore, it is impossible to let the police or anyone else gain access to data without lowering the security. As a result, the bill can not under any circumstances fulfill the supposed purpose because of the restrictions it put on itself.

 

Can you come up with a single example of how this bill can be used to give police access to data without reducing the security?

I can't, because it is impossible.

 

 

40 minutes ago, mr moose said:

How does apple handing over data to the police change the security of another account.  Apple are still the only ones with access to icloud data,.

1) Not everyone who gets warranted are found to be guilty, so innocent people can and will have their data looked through. Don't pretend like that doesn't lower the overall privacy of the service because it does. If a service has 100 users and 10 have had their data looked at, 10% of user accounts have had their privacy compromised by external parties. That is overall a less private system than if only 1 user (1%) have had their accounts looked at by external parties. When looking at the overall privacy of a service, you have to look at all users, not just a selection which fits a certain narrative.

2) It normalizes the act of handing over customer data.

3) Excessive requests may force Apple to take shortcuts such as giving direct access to any account, because doing things manually could be far too labor intensive. Just look at ContentID for examples of how that can go and be misused. Like I said earlier, companies don't get monetary compensation for the work they may be forced to put in to complying with these laws.

 

To further clarify on point 3.

Google gets millions upon millions of DMCA takedown notices every single day. They don't get compensation for that, which is why they had to invent their automated system.

Speaking of Google. The Australian government has in 1 year they demanded information about 3727 Google users . It is hard to estimate how long time it would take to comply with these demands by hand since we don't know exactly what the demands are, but I think 4 hours each is a fair estimate if we assume someone has to look through things by hand and make sure only the information specified in the warrant is handed over. That means the total time spend in a year would be around 15,000 work hours just from Australian authorities. If other countries passed similar bills it is not hard to understand that an automated system (or just straight up access to everything) will be necessary.

 

 

40 minutes ago, mr moose said:

If by more people gain access the security is weakened then the law doesn't apply.  stop ignoring that fact. 

The problem is that not everyone will agree that having more people have access lowers the security. It does according to all the security guidelines and certifications I have seen, but it doesn't in the mind of the person who wrote the bill since they used that as an example of a way to let police gain access without "introducing a systemic weakness". So in the end it will be up to companies to try and debate technical aspects and reasoning to an Australian judge, while an opposing side will try and argue how it doesn't lower security, and the outcome will affect all users.

It is a terrifying situation because we leave the decision up to someone who most likely don't even grasp how things work. If all Australian judges had formal education in security and IT risk management then I would be slightly more calm, but I seriously doubt even a handful of them got that.

 

 

40 minutes ago, mr moose said:

I can't find a case in Australia where that has happened yet.

I can. The amount of work necessary to comply with copyright laws became such a massive burden on Youtube that they had to introduce an automatic system called Content ID. Since the punishment for failing to comply with a takedown request are so high, the system was designed to be overly cautious and first and foremost protect youtube rather than the users. As a result, it has become broken beyond belief from years of abuse from copyright holders.

Someone uploaded a video of white noise and 5 different companies claims to have copyright on it.

Yes, that system applies and is heavily used by Australia too.

 

 

41 minutes ago, mr moose said:

No, this law does not force service providers to change their system, it specifically prohibits any request that prevents a company from improving system security and privacy, Stop misrepresenting this bill. 

Yes it can. Here is an extract from the bill:

Quote

The Technical Capability Notice (TCN)

This is a compulsory order that may be issued by the Attorney-General, at the request of the head of an interception agency or ASIO. If a designated communications provider is ordered to provide assistance under a TCN, they must provide that assistance, including building a capability or functionality to provide that assistance.

If a TCN gets approved, a service provider has to build a capability or function to provide assistance to an interception agency. There is also a clause which says the TCN can not require building the capability to decrypt information or remove electronic protection, but there are several ways to weaken protection or lower privacy without explicitly use new methods of decryption or remove electronic protection.

[mr moose]

2 minutes ago, LAwLz said:

snip

Your just repeating yourself. I have already linked the bill and it's limitations.

 

facts you can't ignore no matter how hard you try:

!.  they cannot force a weakening of security

2. they can't stop a company from improving security.

 

Everything else is composition fallacy and assumptions about motivation and judicial accountability.

 

[LAwLz]

14 hours ago, mr moose said:

Your just repeating yourself. I have already linked the bill and it's limitations. 

 

facts you can't ignore no matter how hard you try:

!.  they cannot force a weakening of security

2. they can't stop a company from improving security. 

 

Everything else is composition fallacy and assumptions about motivation and judicial accountability.

Yes I have to repeat myself because you don't seem to understand what my arguments and objections are.

 

1) I can't find anywhere in the bill that they can't force a weakening of security. From what I have seen it specifies that it can not introduce a new systemic weakness. It is up for debate what is and isn't a weakening of security. In fact, the bill specifically states that the term "systemic weakness" is left undefined on purpose so that it can be adapted on a case by case basis. This will inevitably lead to arguments, and even the bill itself acknowledges this by saying that disagreements for compliance with a notice will be determined by an arbitrator. I firmly believe that security should not be left in the hands of some arbitrator who needs to be convinced that something is a good or bad idea to implement.

 

2) Even if security isn't weakened, privacy might be. While the bill explicitly says it can't be used to introduce systemic weaknesses in electronic protection, I can't find anything which states it can't do the same for privacy.

 

3) The bill specifies that companies have to comply without compensation, or that they can get compensation in exchange for "assistance". To me, that sounds like a prime opening for a type of "plead bargain". Basically, either a company has to comply with certain demands and gets money in exchange, or they are burdened with a possibly insurmountable amount of work. Just like we have on Youtube today.

[mr moose]

7 hours ago, LAwLz said:

Snip.

 

The bill says all tourists must pay higher rates for everything whilst visiting Australia because they are weak.   I know this to be a fact because I can't find in the bill where it doesn't "specifically" rule that out and the definition of weakness is up for debate.

 

See how silly the argument sounds.

 

 

 

[LAwLz]

10 hours ago, mr moose said:

The bill says all tourists must pay higher rates for everything whilst visiting Australia because they are weak.   I know this to be a fact because I can't find in the bill where it doesn't "specifically" rule that out and the definition of weakness is up for debate. 

 

See how silly the argument sounds.

Do you not understand how laws work? Are you pretending to be ignorant?

If a law states "companies must implement changes to their systems if requested" and there is a special clause saying "the changes can't weaken encryption" but it doesn't exclude anything else, then that means it can be used to weaken anything else. If the law only specifies that encryption can't be weakened as a result of the changes, but don't mention anything else, then nothing else is protected by that clause.

 

If Australia made a law which stated that non- Australian citizens were weak and had to pay higher taxes, except those from Canada then guess what. All tourists except those from Canada would have to pay higher taxes. It doesn't have to specify all nationalities that are included because it is written in a way which by default includes everything and then specifies which things are excluded.

It is the same way with this bill. The general bill allows for any type of change to be forced on companies, and then it specifies that it can not introduce systemic weaknesses which would undermine the security for other users.

[mr moose]

19 minutes ago, LAwLz said:

Do you not understand how laws work? Are you pretending to be ignorant?

If a law states "companies must implement changes to their systems if requested" and there is a special clause saying "the changes can't weaken encryption" but it doesn't exclude anything else, then that means it can be used to weaken anything else. If the law only specifies that encryption can't be weakened as a result of the changes, but don't mention anything else, then nothing else is protected by that clause.

 

If Australia made a law which stated that non- Australian citizens were weak and had to pay higher taxes, except those from Canada then guess what. All tourists except those from Canada would have to pay higher taxes. It doesn't have to specify all nationalities that are included because it is written in a way which by default includes everything and then specifies which things are excluded.

It is the same way with this bill. The general bill allows for any type of change to be forced on companies, and then it specifies that it can not introduce systemic weaknesses which would undermine the security for other users.

Yes I understand law, I am not the one trying to argue the definitions don't have meaning or are too arbitrary to be relevant. I'm sorry your honor but my clients definition of rape is different to the one written in the penal code, therefore I must plead not guilty.

 

[LAwLz]

1 hour ago, mr moose said:

Yes I understand law, I am not the one trying to argue the definitions don't have meaning or are too arbitrary to be relevant. I'm sorry your honor but my clients definition of rape is different to the one written in the penal code, therefore I must plead not guilty.

If different people have different definitions of rape then it is the word of the law which goes first (in this case it is left undefined on purpose), then it is the definition of the judge or arbitrator (in this case, someone who most likely don't have much experience with designing secure systems or IT risk analysis). The one on trial's definition (in this case, tech companies) don't matter.

 

You are actually highlighting one of the major issues I have with this bill. It is not up to the developers to define if something weakens the system. It is up to someone else like an Australian judge. Remember when I asked you if you would be OK with this bill if it said it was Putin or Kim Jong-Un? The reason why I asked you that is because the current Australian bill gives all that power to some arbitrator (like a judge), so the security of the platforms are entirely dependent on their judgement of an issuer I don't think they are educated enough to understand.

 

 

You keep on pushing this narrative that defining things is easy and totally black and white, but it isn't. In fact, the bill itself acknowledges that it does not want to define the terms because it wants to leave that up to be interpreted on a case by case basis. Extract from the bill:

Quote

What is a systemic weakness?

A systemic weakness is a flaw that would undermine the security of the services and devices of innocent, third-party Australians. The Bill does not allow our law enforcement and national security agencies to require that providers make their services less secure – any requirement that compromised the information of innocent individuals, businesses or Government is not allowed.

The term is not defined in the legislation as it will apply differently to the scope of providers captured. However, the explanatory material makes the intent and application of the protection clear – this is about targeted, proportionate access and not about weakening cybersecurity.

 

What is ‘electronic protection’?

Electronic protection includes encryption. However, the Bill’s prohibition against systemic weakness also extends to other forms of electronic protection, including authentication systems like passwords.

Some major problems with this piece of text are:

1) It leaves the definition of systemic weakness to the judge/arbitrator, not someone educated in the field of cyber security.

 

2) Like I explained earlier, anything which can be used for a targeted attack can also be used on a mass-scale, thus making it applicable to innocent people too. The Australian politicians (and possibly legal system) does not seem to understand this, which is once again a situation where the views of the rather technologically illiterate lawmakers differs from professionals in the field.

The idea that you can make a change which only exposes a targeted individual is fundamentally incorrect and flawed, yet the entire bill is founded on that belief. And before you say it isn't impossible, I would once again like to ask you to come with an example. I have done that repeatedly all throughout the thread and you refuse to answer it. Probably because you can't come up with a situation where I am wrong.

 

3) It does not state that things like privacy fall under the same terms as security. That means it is up to the arbitrator to decide if it does or doesn't. As it stands right now, this bill can force a company to make changes to their systems which reduces the privacy of the users, as long as it doesn't also introduces a systemic weakness. An example of this would be for example automatic upload of all messages to an Australian government owned and controlled server. If the upload happens after the messages has been decrypted on the device, the change doesn't alter anything regarding the security of the system. It does however mean that the Australian government gains access to all messages sent through the service, and they don't have to touch anything encryption related.

[JoostinOnline]

Every time I see this thread it annoys me. I strongly dislike this title. It's worded in a way that suggests the Australian government has a goal of weakening encryption. The title gently nudges you to which side you're supposed to root for. My views on the actual subject aside, I feel it's manipulative.