In Australia, Even Learning About Encryption Will Be Illegal Soon

[LektroiD]

Apologies if this has been posted already (I couldn't find it)...

http://www.gizmodo.com.au/2015/12/in-australia-even-learning-about-encryption-will-be-illegal-soon/

[AlxDroidDev]

Apologies if this has been posted already (I couldn't find it)...

http://www.gizmodo.com.au/2015/12/in-australia-even-learning-about-encryption-will-be-illegal-soon/

Terrorists are winning. 

This law might be related to this news: http://www.wired.com/2015/12/bitcoins-creator-satoshi-nakamoto-is-probably-this-unknown-australian-genius/

[coppice]

Lovely emotive headline, but this doesn't seem to be changing much. The teaching of what is considered sensitive military technology is restricted in most countries. There are bound to be more of these tilting at windmill moves now that encryption is at the heart of everyone's day to day interactions.

[daqq]

This is yet another example of the fact that governments just don't understand technology, or do, but just don't give a f*ck.

A similar case was here, where essentially there was a law proposition that, while encryption could be implemented into a device/software the supplier/distributor/importer for the local market would have to provide a guide for decrypting the contents to the device to the government. Which goes well beyond conventional idiocy, pushing the boundaries into new realms of ignorance.

This fortunately did not pass. Hopefully, the people who proposed it have been reassigned to "local village idiot", but I think not.

[EEVblog]

Yes, this is old news, discussed on here someone before I think.

[SL4P]

You don't need to learn about encryption to use it - a complete waste of space.
manifesto.sl4p.net

[miguelvp]

I didn't read the article, but I guess kids will be happy that they don't need to learn math at school anymore.

[Halcyon]

Who cares about laws?

Well... a lot of people and so should you. I don't think we should pick and choose which laws we follow. I mean, I only know Australian laws and for the most part, they are pretty straight forward and don't impact too much on everyday life.

As for learning about encryption becoming unlawful in Australia? It's not going to happen. Encryption isn't some big boogie man. Encrypted communications or not, law enforcement (even state Police) have sophisticated ways of circumventing it* to obtain the information they require to investigate crimes.

(* By "circumventing" I don't necessarily mean breaking encryption, although that does happen as well.)

[AlxDroidDev]

Well... a lot of people and so should you. I don't think we should pick and choose which laws we follow. I mean, I only know Australian laws and for the most part, they are pretty straight forward and don't impact too much on everyday life.

In Brazil we ahve a saying that goes something like this: "if a new law is not welcomed by the people, it won't stick". This applies to traffic laws, digital piracy, water/electricity consumption, etc.

I, OTOH, find most laws necessary and abide by them, and that's why I feel so much like a fish out of the bowl in Brazil. When there is a law/act, however, that I think that goes againt the public interest, I advocate against them. Brazilian government dictated an act against digital privacy and anonymity in 2013, which is a quite totalitarist measure (pretty much like Australia's), and I not only strongly advocate against this law, but I also taught many people what that act really means. I've given speeches in several schools and even an interview on TV on the subject.

Most governments don't fully understand how the internet works. They don't understand digital transactions, and the need for encryption and related technologies. They are pretty much elois, being assisted by even dumber elois.

Banning encryption won't prevent criminals from using it. It will only make good, law abiding people, become more vulnerable to hacks and frauds.

[Brumby]

Most governments don't fully understand how the internet works.

... and the politicians know even less.

We had a galactic facepalm moment in 2010 when our communications minister claimed that Google street view cars could have captured internet banking details.

 

[miguelvp]

Most governments don't fully understand how the internet works.

... and the politicians know even less.

We had a galactic facepalm moment in 2010 when our communications minister claimed that Google street view cars could have captured internet banking details.

 

Apparently he was not far off, Google street view cars did collect wi-fi communications beyond the SSID and MAC addresses of the mapped areas:
https://epic.org/privacy/streetview/

I didn't know about this until now, by looking for a reference to your statement.

[AlxDroidDev]

Apparently he was not far off, Google street view cars did collect wi-fi communications beyond the SSID and MAC addresses of the mapped areas:

Using Aircrack-ng, anyone can capture wi-fi data, along with SSIDs and MAC addresses. That's nothing new, Google didn't invent it: "wardriving", which is the name for it, has been around for quite some time.

The only difference between Google capturing your packets and your neighboor doing it, is that Google possibly has the computer power to decrypt those packets, if there are enough of them, but even then, if you used WPA2 and a strong password, not even Google can do anything with it.

In the case of online banking, shopping etc, there is an extra layer of security, that is the HTTPS protocol.

Ever since wi-fi became a popular technology and people started having wi-fi APs and routers everywhere, they've been told to use the strongest encryption available with a strong password. It's too bad that most people don't give a damn about the issue and prefer to complain to the police after their wi-fi password is broken and someone uses it do download child porn.

In short, a dumb government is made by dumb politicians, who are just people: dumb, helpless, ignorant people. These politicians are the same ones that use their capitalized family name as their wi-fi password (using WEP) at home,  get hacked, and then legislate against wardriving.

[miguelvp]

Hypothetical,

Google or whoever captures the full stream of data from a wireless transaction, including the public certificates and SSL MAC including the random number selected by the client.

They don't need to do it on the spot, but with enough time. For example SSL 2.0 is not secure anymore and neither is SSL 3.0.

What goes on the clear is the client's cipher suggestions and random number, the server cypher selected and a random number. The public server certificate, the server key, the client key encrypted with the public server certificate and using all that they come up with the master secret common to both.

So once the cipher in question is no longer secure, they can go back and figure out what went on. Some Ciphers are thought to have engineered weaknesses. and in common use until recently (probably still used by some)

So that data captured might as well be in the clear. With the computing power now you can break old keys, and I'm talking consumer computing power like using all those massive GPU graphics cards.

If I'm Google and I want to find how to target advertising to you, it doesn't matter if I have to wait 5 years to know what you liked back then, it is still useful information.

Edit: Why would they keep the data streams stored unless they had plans to data mine it in the future? I know storage for someone like Google is cheap, but why incur the cost for storing useless data unless it wasn't really useless to them?