Australia passes laws compelling companies to offer up encryption master keys *facepalm*

[yian88]

then use offline services where companies dont hold your encryption keys only you do, but that means less flexibility and ease of use, who here is going to give up comfort and micromanage his encryption stuff? anyone ? hands up? no hands? ok...

[RejZoR]

34 minutes ago, yian88 said:

then use offline services where companies dont hold your encryption keys only you do, but that means less flexibility and ease of use, who here is going to give up comfort and micromanage his encryption stuff? anyone ? hands up? no hands? ok...

Services like ProtonMail or Tutanota don't have your decryption keys due to how they have it designed. They'd have to implement a crypto pass logger on their page, capture your crypto pass during login and use it to access your mailbox. Which, if someone finds out would be devastating for business of that provider. Which is why they wouldn't dare to do it

[williamcll]

Someone in the government could make big money selling backdoor keys to criminals.

[Thaldor]

21 minutes ago, RejZoR said:

Services like ProtonMail or Tutanota don't have your decryption keys due to how they have it designed. They'd have to implement a crypto pass logger on their page, capture your crypto pass during login and use it to access your mailbox. Which, if someone finds out would be devastating for business of that provider. Which is why they wouldn't dare to do it

You're missing one huge point here. Aussies don't "ask" specifically for encryption key, they just demand a way to access the data. Even if the service would use E2EE and it would be completely made in the user end, Aussie government can now "ask" a way to see the data from the company with the leverage of implied fines. The way can be a skeleton encryption key or backdoor (even if the bil lstates that this cannot weaken the overall security of the service, well, we all know what's going to happen when there's fines, bad PR (I can just see the headlines "Aussie Attorney-General:"[Proton or any other company] is DEFENDING criminal scums!") and even jail time if the company/person within the company decides to break the NDA parts of the bill; Companies that are going to continue work within AU will implement backdoors and other measures which will weaken their services security, just out of fear of being punished not to help government enough).

 

This is a dark day. I'm still quite shocked that internet is rioting against the EU copyright directive on the basis of false information that one megacorporation wants to spread because the directive would eat their incomes, but the same time this Aussie bill just flys-by and only some experts and organizations like EFF try to keep some voice. Fucking stupid people.

[Trixanity]

2 hours ago, Arika S said:

i see this as going

 

Gov: give us your keys

tech companies: no

Gov: but you have to, it's the law

tech companies: then we'll pull out of Aus

Gov: oh...uh...no don't do that, sorry, we were just kidding

Money outweighs principles. We've seen time and time again legislation or rulings opposing companies and they bent over every time. At best they drag things out in courtrooms but they'll comply if the benefits are still there (namely money).

 

How many times have Americans talked about boycotting the EU with all their regulations and fines? How many companies have actually done anything (besides lobbying and appeals)? I haven't heard of anything. Their shareholders would be livid if they lost revenue and the stock would drop. 

2 hours ago, Master Disaster said:

Companies do give fucks about their own private affairs though, remember this doesn't just expose the public, all of Google, Facebook, Tesla, "insert greedy corporation name here" stand to have their personal data available to the Aussie government too.

People still do business in places like China, so I hardly see how they'll somehow do anything differently in Australia. You could argue the market is smaller and that there's more room to maneuver but bottom line is: money trumps ideals and principles. Google actually did do some grand standing in China like a decade ago but it hurt too much economically so as we all know: they're trying to get right back in.

 

As long as whatever issue this causes for the company is contained within the offending market, they'll do it under protest. 

 

[AngryBeaver]

This is terrible in all counts. First off Australia has illegal search laws. So why should they now have the ability to see all my personal information and communications. Now they can build a case on someone based off information they shouldn't have been privy to in the first place.

 

Then you have the fact that this creates a backdoor for anyone that is trying to do business here. Depending on how a company sets this up he could have far reaching consequences outside of Australia. If for example I am on facebook and having a private communication with someone who just happens to be in Australia I shouldn't have my right violated in the process. If they move forward with this I would hope companies like facebook isolate them to their own little area.

 

Now back to the backdoor situation. If I was a company doing business here it would be very hard to justify that risk. A data leak can be extremely costly. So it comes down to what is gained by servicing Australia vs the value of what they stand to lose in the event the key is leaked. If they can set it up so that everyone else is isolated from AU then it might be an acceptable risk, if not... I don't see it being even close. I mean there are better solutions to this problem that don't really hurt the companies as much.

 

They can set it up like large corps do, but this would be very expensive. They would need a way to basically MITM this information. All E2E communucations would actually connect to a goverment server farm(smart nics ftw) that routes... the cert would be generated from you to it, then the farm would generate the cert from it to the end point. Your data would be visible to them while also being safe to and from.

 

A normal E2E is just    You ------------------Them

 

This would be  You--------AUGOV---------Them

 

The big problem with this as I said is the cost. To do it on this kind of scale would be extremely costly and it would need to handle all Encrypted methods.... just think of all the data from HTTPS sites alone in a given day. I mean are they wanting to monitor company VPN connections too? How would they make sure they aren't violating other peoples rights like mine here in the USA or someone in the EU with the GDPR. Maybe the answers is the rest of the world cuts them off and they can become the new Cuba.

[Bananasplit_00]

I really hope this just falls apart as soon as its put into action. If everyone just says no, then AU won't have most of the Internet and people will fucking riot when they can't post their daily garbage on fb

[vorticalbox]

4 hours ago, samcool55 said:

Yeah this is fine i can see absolutely no problem here

/s

 

We all know that this law will end up being reversed, and we also know when.

When shit hits the fan hard, which it will.

 

They are now collecting all the shit (the private keys) and the fan, well that's the hacker or hackers that are going to take the shit and throw it all over the place.

We KNOW it will happen, it just will, only a matter of time.

 

Also govs and security aren't a great match so i doubt it will take a long time.

I actually hope they do pass it, criminals will break in and every one will see how much of a stupid idea it is.

 

 

[Syntaxvgm]

that was fast. Rip Australia. 

[Canada EH]

53 minutes ago, Bananasplit_00 said:

AU won't have most of the Internet and people will fucking riot when they can't post their daily garbage on fb

Aussies rioting LOL

 

Garbage on FaceBook, could be taken either way. I am sure you mean content not users

[Jito463]

8 hours ago, Master Disaster said:

The US & UK government's (as well as many others I'd imagine) would probably love to have laws like this in place too.

Personally, I believe that if the legislators tried to pass something like that here in the US, they'd finally find a way to unite the right and the left in a common cause.  As someone from the right side of the spectrum, I know we're inherently opposed to overreach of government, and even the left would find privacy concerns to raise over this (though there's likely to be some who would support it).

[Taf the Ghost]

3 hours ago, Trixanity said:

Money outweighs principles. We've seen time and time again legislation or rulings opposing companies and they bent over every time. At best they drag things out in courtrooms but they'll comply if the benefits are still there (namely money).

 

How many times have Americans talked about boycotting the EU with all their regulations and fines? How many companies have actually done anything (besides lobbying and appeals)? I haven't heard of anything. Their shareholders would be livid if they lost revenue and the stock would drop. 

People still do business in places like China, so I hardly see how they'll somehow do anything differently in Australia. You could argue the market is smaller and that there's more room to maneuver but bottom line is: money trumps ideals and principles. Google actually did do some grand standing in China like a decade ago but it hurt too much economically so as we all know: they're trying to get right back in.

 

As long as whatever issue this causes for the company is contained within the offending market, they'll do it under protest. 

 

People would be amazed how much direct trade happens, historically, between countries at war with each other.

4 minutes ago, Jito463 said:

Personally, I believe that if the legislators tried to pass something like that here in the US, they'd finally find a way to unite the right and the left in a common cause.  As someone from the right side of the spectrum, I know we're inherently opposed to overreach of government, and even the left would find privacy concerns to raise over this (though there's likely to be some who would support it).

This sort of happened. Anyone remember SOPA? A move like this in the USA would go even worse, not the least of which it would be Unconstitutional. 

[Fnige]

I know the perfect gif for this is

Quote

 

 

[ZacoAttaco]

Is this the first of its kind or is there other related or similar news stories I can educate myself with? 

[seon123]

27 minutes ago, ZacoAttaco said:

Is this the first of its kind or is there other related or similar news stories I can educate myself with? 

 

[ZacoAttaco]

17 minutes ago, seon123 said:

 

Thanks, so essentially, the encryption that these companies use is the gold standard for privacy protection, I guess to the point where the company themselves can’t view every message. So by adding ‘systematic weakness’ it leaves the encryption open to other unwanted infiltrators.

 

I get why the government wants to view certain messages for potential terrorism reasons but it doesn’t make sense to leave everyone else vulnerable

 

Didn’t a similar thing happen in the US, FBI wanted a back door for iOS devices themselves an Apple wouldn’t budge? This new law sounds worse, because they don’t need to physically have your device and you may not be aware they are viewing your messages.

 

I’m keen to see what happens in a few months and years and what the consequences on this decision are.

[laminutederire]

14 hours ago, Master Disaster said:

Afaik if they offer a service to a resident of that country then they operate in that country.

 

Valve tried the whole "we're an American company"  thing when it came to the refund lawsuit and it didn't work out well for them.

In valve case there was a selling component involved. So here they just need to refuse payment from Australian means of payment I'd guess, something like that.

[DrMacintosh]

I believe Australia said math doesnt matter, only Australia matters. Or something alone those lines. 

 

The EU and the common wealth, cities upon the hill for rights and protections

[2FA]

1 hour ago, DrMacintosh said:

I believe Australia said math doesnt matter, only Australia matters. Or something alone those lines. 

 

The EU and the common wealth, cities upon the hill for rights and protections

Turnbull saying the laws of Australia surpass the laws of mathematics.

[Orangeator]

I really want Google to pull out of Australia over this. Australians would lose their shit. No YouTube... Hahaha.

[Trik'Stari]

Solution is simple.

 

Let them create the backdoor, then someone hacks in and gets all of Parliament's private messages to their mistresses and what not.

 

 

Oh look, that law just disappeared and privacy online is now a basic human right.