security Australia Gov bill to bypass encryption

[Bleed_4_Me]

Worth looking into... quickly

This won't just affect Australia but rather users in USA, Canada, New Zealand and UK. Lets get rid of this.

 

 

What assistance must be provided? The legislation establishes a list of acts or things in section 317E that articulates what assistance can be provided to Australia’s law enforcement and intelligence agencies. The listed acts or things are relevant to each provider in respect of its eligible activities. These are the services and products that a provider offers or operates in the Australian market. A provider is not required to provide help that is unrelated to their relevant eligible activities. Anyone provider could have a number of eligible activities. Listed acts or things A listed act or thing includes1 :  removing one or more forms of electronic protection that are or were applied by, or on behalf of, the provider where the provider is already capable of removing this protection  providing technical information  installing, maintaining, testing or using software or equipment or assisting with those activities 1 This is not a complete or legally accurate list, and is for information only. The full list is available in the legislation at s317E.  assisting access to devices or services2  notifying agencies of a change to a service  giving effect to an underlying lawful warrant or authorisation  concealing that any other thing has been covertly performed in accordance with the law.

 

 

Defend Encryption petition - https://digitalrightswatch.org.au/2018/08/19/defend-encryption/

Page on Gov website - https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018

Funny video on the issue - 

 

[Bleed_4_Me]

Anyone with legal & tech experience got any thoughts?

[jde3]

Well.. as much as government and lawyers would like to make it so, this does not make math suddenly useless and broken. If you protect your own data with well implemented and trusted (open source) encryption algorithms then nothing changes. From what we can tell about the actions of the FBI and CIA the math still works and our algorithms are good, or good enough to be a problem for them.

 

However.. you also have to be concerned with the data you have in the cloud and that data could be accessible in the right circumstances. Software engineers need to make sure that when they design systems and products that the private key stays with the user and there is never a backup copy internally that *could* be forcibly obtained by law in the first place. Is this a bad law? Yes, it's very bad. it's extremely concerning that governments feel the need to spy on their subjects.. I mean.. citizens. God forbid people being able to communicate in private.

 

Apple (despite their other problems) have been a pretty good player in this space. We need more situations where if your private key is compromised your device bricks. (or at least the data upon it). You do not see Google or Microsoft doing the same and that is a problem..

 

Cory Doctorow has a good response to this here.  https://boingboing.net/2018/09/04/illegal-math.html

[Syntaxvgm]

Quote

Effectively all communications among terrorists and organised crime groups are expected to be encrypted by 2020.

State and Territory law enforcement are facing significant challenges as well. The following example from Victoria Police demonstrates:

A high risk Registered Sex Offender (RSO) was placed on the register for raping a 16 year old female, served nine years imprisonment and is now monitored by Corrections via two ankle bracelets whilst out on parole. Victoria Police received intel that he was breaching his RSO and parole conditions by contacting a number of females typically between 13 and 17 years of age. Enquiries showed that he was contacting these females and offering them drugs in return for sexual favours. The suspect was arrested and his mobile phone was seized but despite legislative requirements he refused to provide his passcode. Due to an inability to access his phone as well as the fact that he used encrypted communication methods such as Snapchat and Facebook Messenger, Victoria Police was unable to access evidence which would have enabled them to secure a successful prosecution and identify further victims and offences. These are high victim impact crimes that are being hindered by the inability of law enforcement to access encrypted communications.

From the government website 

Already using rapists and terrorism to push this bullshit

This will be SESTA all over again, anyone who attacks it must be defending sex trafficking/rape

[jde3]

1 minute ago, Syntaxvgm said:

From the government website 

Already using rapists and terrorism to push this bullshit

In order to make the web insecure for rapists and terrorists you need to make it insecure for everyone.

[Syntaxvgm]

Just now, jde3 said:

In order to make the web insecure for rapists and terrorists you need to make it insecure for everyone.

This is why cops shoot people on the off chance that they might be dangerous. 

[jde3]

1 minute ago, Syntaxvgm said:

This is why cops shoot people on the off chance that they might be dangerous. 

I mean if you put back doors in software to catch only bad people then this affects everyone. Political candidates, governments everyone. You can't secure the internet for only one class of people, it's either secure or it isn't.

[Syntaxvgm]

1 minute ago, jde3 said:

I mean if you put back doors in software to catch only bad people then this affects everyone. Political candidates, governments everyone. You can't secure the internet for only one class of people, it's either secure or it isn't.

I know, was the joke. 

[jde3]

28 minutes ago, Syntaxvgm said:

I know, was the joke. 

Maybe where you are from. lol ><

[Bleed_4_Me]

The thing i worry about as well, like you all have said, is if companies are forced to be able to have information leaked or someway of remotely accessing your device, then it will be vulnerable to hackers as well. Lets face it, there are probably smarter hackers out there who are trained that will be able to exploit this better than the governments people can secure it.

[jde3]

Well as Cory said this is what they need to accomplish to have their security dream here work.

 

Quote

This, then, is what the Five Eyes are proposing:

 

* All 5 Eyes citizens' communications must be easy for criminals, voyeurs and foreign spies to intercept

 

* Any firms within reach of a 5 Eyes government must be banned from producing secure software

 

* All major code repositories, such as Github and Sourceforge, must be blocked in the 5 Eyes

 

* Search engines must not answer queries about web-pages that carry secure software

 

* Virtually all academic security work in the 5 Eyes must cease -- security research must only take place in proprietary research environments where there is no onus to publish one's findings, such as industry R&D and the security services

 

* All packets in and out of 5 Eyes countries, and within those countries, must be subject to Chinese-style deep-packet inspection and any packets that appear to originate from secure software must be dropped

 

* Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software

 

* Anyone visiting a 5 Eyes country from abroad must have their smartphones held at the border until they leave

 

* Proprietary operating system vendors (Microsoft and Apple) must be ordered to redesign their operating systems as walled gardens that only allow users to run software from an app store, which will not sell or give secure software to Britons

 

* Free/open source operating systems -- that power the energy, banking, ecommerce, and infrastructure sectors -- must be banned outright

 

 

[Bleed_4_Me]

2 minutes ago, jde3 said:

Well as Cory said this is what they need to accomplish to have their security dream here work.

 

 

Yep pretty scary crap.