Not quite the same, but as bad … and as bad as our PM’s comprehension of maths …
The Australian LNP Government is trying to introduce legislation so they can “lawfully” break your encryption on your communications, your phones, your computers and your data storage. I think this is dangerous ground, a very Orwellian outcome.
Here are links to news articles about it and as it references UK some about their efforts:
removed a link here as @draughtrider has already included it in his post
and another one …
OpenMedia have posted a petition that seeks to protect our right to use encryption, if you wish to read more about it or sign it it can be found here:
Isn’t it ironic that Huawei is banned because of the fear of [Chinese] back doors?
Here we go again. The video’s good for a (nervous) laugh.
Pictures baby going out with bathwater. At the bottom of the linked page is a sample of (reportedly) more than 14,000 submissions.
‘It appears that people who are not even suspected of committing a crime can face a fine of up to $50,000 and up to five years’ imprisonment for declining to provide a password to their smartphone, computer or other electronic devices.’
Ah! Right to remain silent? Obviously not.
Suspected of hiding prohibited items or evidence of a criminal act?
Even though there is nothing to prove that you did, so you face five-ten years jail for not revealing the hiding place of something you don’t have? Really!
Is there a warrant provision and do you have a right to challenge the warrant legally? There are certainly recent examples of paper documents being removed from business or organisational premises being granted protections by a court. Are there to be two standards, the more onerous on individuals, but not a business?
Other legal precedents including Health and Safety legislation compell witnesses, although generally these witnesses have protections to limit their personal evidence being used agains them in any subsequent legal action.
Given access to information by others how can you be sure of the integrity of the data collected. ie That it has not been doctored in some way?
I’d just be plain concerned that there are many other items that become accessible including all my other passwords and logins, because you would need to provide access to say a password wallet if that is how you do things. And what if access requires biometrics as well?
Inevitably serious crime is going to find ways around this that defeats the process. The cloud comes to mind, as well as removable storage and an OS VPN. Enough to break the trail. “No that is not my account, see the password does not work!”
It appears that persons who only know policing and not about civil or legal protections came up with this plan.
After all it’s only the dumb criminals that ever get caught?
Just provide the password, simple - who’s to say why the password you provided didn’t work, it was of course the one you’ve always used … a bug in the software perhaps ?
Or use “plausible deniability” such as used in VeraCrypt. This of course requires a little more effort and taking the time to use the bogus password and encrypted data so that it shows usage.
"The Australian Industry Group believes the Assistance and Access Bill 2018’s scope is so wide it would turn nearly any business into a potential target "
The Yanks are keen on the legislation. Doesn’t that make you feel all warm and fuzzy?
CEO John Stanton said the industry saw a “range of problems” with the legislation and said it would be a “threat to the cybersecurity of all Australians” if it was rushed through parliament this fortnight, as Prime Minister Scott Morrison has demanded.
“It’s possible, for example, that an engineer in a telecommunications company could be ordered to alter the network or services to create vulnerabilities or backdoors and not be able to tell senior management about that,” Mr Stanton told SBS News.
“So the company wouldn’t know that they were operating a compromised service.
I could be government policy to make it hard for tech. If tech leaves the economy will be back to mining and primary industry, about all they even try to understand.
Australia is not called ‘lucky country’ in a good way. The term apparently has its roots in that we survived and prospered despite many of the most policy-free inward and backward looking governments in the western world. – lucky!
What a mess!
The idea of forcing software builders to provide ‘backdoors’ to secured information handling programs has all kinds of issues. One that is commonly brought up is that the big players may refuse to do it and withdraw products from our market or they will do it and lose sales because users will not trust the security.
I think there is a more basic problem. What is to stop the open-source community, small shareware writers and the shady crackers/hackers from producing products that can be readily downloaded from overseas servers? How will the enforcement agencies succeed in playing whack-a-mole getting rid of these sources any better than they have getting rid of all manner of other dodgy software, pirated copies, cracking schemes and black software keys?
Even if our newly minted PM gets his way and all the big companies submit it will not do anything but annoy the honest while allowing the terrorists to get on with business while resources are used up enforcing a stupid rule. A question: is he so ignorant that he doesn’t understand this or does he understand and is doing it anyway for the sake of appearances or to jam the Opposition over the issue?
It looks set to pass. What can we do as consumers to best protect ourselves from these backdoors being used by the wrong people?
Assume everything you do or send or receive on the internet is public?
Assume that https: is compromised, hence internet banking is at risk?
Assume that if you use a bank provided app on a smart device, it may be vulnerable to access through the banks code, the smart device operating system and the communication protocol used?
Assume that anything you store or share on the cloud is public?
Who knows if the laws will also lead to operating systems on computers, browsers or the trusty home modem and NAS box needing to be be made accessible to track down crime?
These outcomes might seem reasonable to catch as Trump says “really really bad bad peolpe, I mean really really bad”. What’s not reasonable is not knowing just who might be able to access this information.
The “litmus test” here may be the extent to which insurers will cover or protect individuals for loss and entities for liabilities arising from any exploitation of the changes once enacted?
Rather than opening systems up and weakening encryption, why not make security tighter? If big brother must have an interest there needs to be another solution. I can’t imagine the extent of the grief of just one minor breech that might allow thousands of Identities and accounts to be fraudulently used to transfer share ownership or perhaps even property titles, of which most are now 100% online transactions. I’ve ignored bank accounts in the list because mine is nearly always empty, so not a great target. Some of these transactions are impossible to undo, partly because of the antique notions in law around ownership and loss through theft.
IE no recourse, no compensation to the victims!