Australia data encryption law

[Homer J Simpson]

https://www.bbc.com/news/world-australia-46463029

[Bud]

A better name for it would be Data Decryption Law.

[firewalker]

How can they enforce it? I can always install an app that offers encryption.

Alexander.

[rstofer]

Well, it's real now!

https://www.nytimes.com/2019/01/22/technology/australia-cellphone-encryption-security.html

I don't know how the industry will respond.  If I had to guess, the manufacturers would just quit selling in Australia.  If people want an iPhone, they would have to buy it on some kind of gray market,

The UK is trying the same thing but I haven't been following along.

Furthermore, it doesn't address on-device encryption apps that are installed by the user.  PGP comes to mind.  So even if the phone is hacked, the data is still protected.

Should be fun...

[SiliconWizard]

A better name for it would be Data Decryption Law.

Yes. This is a nice example of Orwell's "doublethink".

[beanflying]

It was flawed legislation to 'keep us safe over Christmas' rammed through our Parliament in a total farce on the last sitting day before Christmas.

'THEY' promise to look at it when Parliament resumes in February https://www.news.com.au/technology/online/security/human-rights-watch-raises-concerns-about-australias-cybersecurity-and-surveillance-laws/news-story/99c2655639b22ee821b588e15881f6b3

But don't hold your breath its an Election year 

[helius]

So even if the phone is hacked, the data is still protected.

I'm not sure how you come to that conclusion. You can't build a castle on sand.
The integrity of each layer in a system depends on everything below it. Once the root of trust is compromised (by x86 AMT, etc) it's game over.

[blueskull]

Well, it's real now!
https://www.nytimes.com/2019/01/22/technology/australia-cellphone-encryption-security.html

Apple should have done that long before. Microsoft did that.
My bitlocker enabled computer reopens a video on Chrome before I log in. That's the best evidence that bitlocker doesn't really lock your data (well, it does, but the key is not properly stored).
Unlike Apple's attitude to FBI's investigation (that California terrorism case), Microsoft bends to all governments across the world.
That's why it's far less boycotted by many countries.

A better name for it would be Data Decryption Law.

They can just save the effort and learn what China did on the same case.
We just don't allow end-to-end encryption. You can do that privately, but no public commercial communication platforms (apps, websites) are allowed to offer such service.
Saves the government's time and taxpayers' money.

How can they enforce it? I can always install an app that offers encryption.

If the government wants to ban something, it will just audit the heck out of whichever company that stands in their way.
There're no perfect companies. Everyone has some minor problems, being tax, OSHA, fire safety, data privacy, etc.
If the government wants to fuck you, it will find a legitimate way to do so.

Want to write your own app? Fine, but as soon as you get into business, the gov't will come back to fuck you.
Want to keep under the radar? Then you will never be able to recover the R&D cost.
So without economic incentive, no one will do so.

BTW, check out the outcome of the author of TrueCrypt. He was a gifted programmer, forcibly and very likely wrongfully given the name as an "international crime lord" and "ISIS supporter".
That's what comes to you if you defy the government. Be wise.

[cdev]

India too. I have some thoughts on the reasons for all this. You can probably guess what they are.

[SiliconWizard]

You can't escape the matrix.
Of course, it's all for your own good.
 

[Monkeh]

That's what comes to you if you defy the government. Be wise.

Be a feeble little pawn, you mean.

[cdev]

[blueskull]

That's what comes to you if you defy the government. Be wise.

Be a feeble little pawn, you mean.

You get much more money, safeness and assurance by helping the strong against the weak than the other way around.
Identify who you are, and pick your teammates wisely.

1% of population depriving the rest 99%, that's what USSR was. Inevitably, the 99% turned the 1% up side down.
What China did very brilliantly was to insert a 9% buffer.
1% directs the rest 9% to deprive the rest 90%. The 9% doesn't get deprived, and even gets a bit cut for controlling the 90% for the 1%.
Therefore, the 1% still gets able to deprive the 90% and get most of the value extracted from them, rest of a bit cut distributed to the 9%.
The 90% on the other hand, has a lot harder time turning against not only the 1%, but also the rest 9%.

For a person with demanded capability, getting into the 9% is very easy. That's how China attracts investments and smart people.
Be the 9%, it's much wiser than trying to fight for the 90%.

[Monkeh]

Right. I forget you don't have morals or feelings of your own, only a need for success.

Ahh, china..

[rstofer]

If we can't have end to end encryption, e-commerce is right out the window.

[beanflying]

The Fact China is a police state sure as hell doesn't mean I want to live in one here. China has the balance WRONG as it 'assumes' there is wrong doing and the government has the right to investigate ALL regardless!

Forced decryption with NO (currently) judicial or any proper oversight is so far away from where this legislation NEEDS to be and in the year of kissing babies and smokescreens to hide other failures we will be likely stuck with this garbage act for a fair while to come. Neither side will want to appear 'weak' and reduce apparent security measures lest they be labeled as such by the other side.

Welcome to the Australian political farce adding to the Year of Trump and Brexit 

[blueskull]

Right. I forget you don't have morals or feelings of your own, only a need for success.

If the people are happy, why not? Chinese people are just by nature competitive.
A competitive environment with good reward system is what we want.

Make your own life better by your hard work. No matter for whom.
I don't care if I work for USA making nukes against China, or I work for China recreating Soviet Union.
If I get my own life better and I take care of my own business, I'm all good.

[blueskull]

If we can't have end to end encryption, e-commerce is right out the window.

Except that root CA issuers may have already been compromised by governments. They can easily mount an MitM attack without you knowing.
China has compromised CNNIC, and I believe the five eyes have done the same to major western CAs.

[Mr. Scram]

CAs are a central point of failure and politically open to manipulation. I'd honestly be quite surprised if those weren't comprised in some way. What most governments are after now is local and end-to-end encryption without some central controlling part, for what seem to be obvious reasons. If you can't control it, you don't want it. At least that's how the powers that be look at it. Apparently centuries of civilisation without that amount of control was a mistake. Governments need to know every last secret, for your own protection.

[blueskull]

Forced decryption with NO (currently) judicial or any proper oversight is so far away from where this legislation NEEDS to be and in the year of kissing babies and smokescreens to hide other failures we will be likely stuck with this garbage act for a fair while to come.

Because free speech is inherently flawed. Look at the stupid leftist shits happening in US. The SJWs, the sovereign citizens, and the reverse racists.

The government should protect its citizens. There's nothing wrong about it. Yet the shitty country can't reach to an agreement on building the fucking wall.

America should realize that people are not born equal. They want to police the world and coerce everyone to obey, yet they don't agree Mexican lives are worth less than American lives.

It's a sensitive topic, and I'm fully aware of it. But fact is fact. Doing such only shows nothing but hypocrisy.

Even not being American, I'm so glad I donated $50 to Brian Kolfage. If not prohibited by the laws, I would donate another $50 to Dumpty Trump.

I did it not for supporting Dumpty Trump, just to show my attitude that laws are absolute authoritative.

[beanflying]

This is not a free speech issue so don't introduce that as some sort of defense. This is an Australian issue at present and has nothing 'directly' to do with the USA.

Government forced release of encrypted data with no oversight is gross overreach and undermines this countries ability to do Business in a global market. It allows in a cynical case our Government to force the release of commercial in confidence data being transferred in relation to trade or contract negotiations with no oversight be that government to government or company to government.

The security and terrorism excuse is a minuscule fraction of what this bullshit can do in it's current form.

[Monkeh]

Because free speech is inherently flawed. Look at the stupid leftist shits happening in US. The SJWs, the sovereign citizens, and the reverse racists.

The government should protect its citizens. There's nothing wrong about it. Yet the shitty country can't reach to an agreement on building the fucking wall.

America should realize that people are not born equal. They want to police the world and coerce everyone to obey, yet they don't agree Mexican lives are worth less than American lives.

It's a sensitive topic, and I'm fully aware of it. But fact is fact. Doing such only shows nothing but hypocrisy.

And right there you've crossed over a line you can't uncross. Congratulations, and kindly fuck off.

[blueskull]

It allows in a cynical case our Government to force the release of commercial in confidence data being transferred in relation to trade or contract negotiations with no oversight be that government to government or company to government.

Attacking AES at this moment is very expensive. The resource will not be used against people without a "tag" on them.
And, you will be stupid if you don't encrypt your important data with a very long pre-shared key.

Besides it's not only the government. Everyone in your communication chain can intercept your data.
E-waste recyclers, ISPs, users on the same LAN, you name it.

The law only allows AU government to do it legally, but it was done illegally by many for a long time.
It simply makes government's life easier. If you are not tagged, you won't be analyzed anyway. If you are tagged, the DA will get a warranty anyway.

[blueskull]

And right there you've crossed over a line you can't uncross. Congratulations, and kindly fuck off.

Enlighten me.

[Mr. Scram]

And right there you've crossed over a line you can't uncross. Congratulations, and kindly fuck off.

It's the party tune. Not very original, but hardly a surprise.