back to article Australia wants tech companies to let cops 'n' snoops see messages without backdoors

The Australian government will press ahead with its not-a-backdoor anti-encryption plans and hinted that collaboration with tech companies is its approach to accessing encrypted messages. The latest attempt to pitch the counter-terrorism legislation came from Angus Taylor, the government's Minister for Law Enforcement and …

Page:

  1. Anonymous Coward
    Anonymous Coward

    WTF?

    Australia:

    10% of the Population, but 100% like US-Government certified-surveillance.

    Think I'll skip traveling to the United-States-of-Auz after this. Go elsewhere!

    1. Anonymous Coward
      Anonymous Coward

      PS: Couldn't open this using Startpage - Proxy:

      https://en.wikipedia.org/wiki/United_States

      The page you requested could not be retrieved by the Ixquick Proxy, as a "403 Forbidden" message was received.

      WTF once again?

    2. Voland's right hand Silver badge

      Re: WTF?

      but 100% like US-Government certified-surveillance

      Correct

      As I have said a few times - our politicos are watching with extreme interest the events in Russia and their centralized escrow approach.

      The difference, however is that in Russia, FSB and Co presently pretend (we do not know if this is true or not) that they do not collect any data real time and they rely on provider's complying with data retention regulation to keep copies of the data. Hence, while they (supposedly) have the keys, they cannot read the data until they have a court order to obtain it. At least that is the official line and this is why this passed their constitutional court.

      In a 100% like US-Government certified-surveillance or 100% like UK-Government certified-surveillance or any 5 eyes for that matter all data on any of the main national trunks and all data on international interconnects is leached by the government realtime. So the result of copying the "Lonely Russian Boy without friends" homework is actually unchecked realtime government surveillance.

  2. GrumpyKiwi

    It's simple

    Once parliament passes the law that pi=3 then everything else falls into place. It's pretty hard to write working encryption when obeying mathematics laws like that.

    As the law will no doubt include the magic words of Terrorism and Security in its title, both Labor and the Liberals will vote for it. And thus Australia will magically be made safe by the power of words and a really strong belief.

    And those of us from the freer side of the ditch will continue to point and laugh at the western worlds 2nd biggest nanny state.

    1. Mark 85
      Big Brother

      Re: It's simple

      What is it about elected officials that they don't understand the term "secure communications" and why they are used? Seems every country wants a way to bypass encryption that anyone with half a brain would understand that it can't be done and still be secure. There's no magic bean that will let only law enforcement take a peek. Are these clowns really that stupid?

      There's clueless and then there's political clueless which is a whole new level.

      1. tom dial Silver badge

        Re: It's simple

        In fact, key escrow systems have been designed that would serve this purpose fairly well. Despite assertions to the contrary, it would be possible to make them reasonably secure against theft - at least as secure as could be done for any other data. And given a trustworthy government the risk of government misuse would be reasonable, in the sense of not significantly increasing the (now) existing risk.

        There are problems with this, however. Governments, even if trustworthy at a given time, may not stay that way, so entrusting them with power always must be done based on the knowledge that their successors may be less trustworthy, possibly by a great deal. Moreover, those who engage in serious criminal activity will not, if they think about it, be reluctant to use widely and easily available cryptographic systems that do not participate in the key escrow procedure. So the government would have escrowed keys for the honest folk and the incompetent or slack criminals, who mostly can be found and convicted without accessing their communications. For the competent and highly motivated ones they would not have the escrowed keys and would have to collect the evidence by more traditional, and much more labor intensive and expensive, means. In the end, the most serious criminals will be as hard to get as they are now, and the only gain will be occasional conviction of a second rater who might not have been an overly large burden on society in the first place.

        The law enforcers never will give up on this, but they probably know their gain will be marginal at best.

        1. smudge
          Thumb Down

          Re: It's simple

          In fact, key escrow systems have been designed that would serve this purpose fairly well.

          But that is NOT what they are talking about:

          “There's been ideas around for decades that you should create some kind of key that law enforcement can get access to … that's not what we're proposing... "

          Despite assertions to the contrary, it would be possible to make them reasonably secure against theft - at least as secure as could be done for any other data.

          I stopped reading your comment at that point :)

          1. Anonymous Coward
            Anonymous Coward

            Re: It's simple

            "I stopped reading your comment at that point :)"

            Pity. The post's balanced counter argument was then stated.

            Basically that an escrow system is open to abuse by a future untrustworthy government agency - and real criminals would avoid it anyway.

            1. smudge

              Re: It's simple

              So I didn't miss anything, then :)

            2. handleoclast

              Re: It's simple

              Basically that an escrow system is open to abuse by a future untrustworthy government agency - and real criminals would avoid it anyway.

              For some values of "real criminals." Yeah, if you're plotting a diamond robbery you avoid the escrowed crypto. OTOH, if you're planning on mass blackmail using people's secure messages to gain info, you attack the escrow key store. That escrow key store is going to be attacked by blackmailers, foreign gov'ts, employees with a grudge, etc. Anybody who thinks it will survive those attacks should remember where WannaCry originated.

            3. JohnFen

              Re: It's simple

              "that an escrow system is open to abuse by a future untrustworthy government agency"

              He didn't mention the other major problem with key escrow - competent criminals stealing the escrowed keys.

              1. Anonymous Coward
                Anonymous Coward

                Re: It's simple

                "that an escrow system is open to abuse by a future untrustworthy government agency"

                He didn't mention the other major problem with key escrow - competent criminals stealing the escrowed keys.

                Yes he did, it was in the 'open to abuse by future untrustworthy government agency' bit.

              2. Tom 35

                Re: It's simple

                So the US, England, and other "good" countries get to access the keys. How about China? India? Argentina? Afghanistan? Florida? Texas?

                Who decides who has access?

          2. Doctor Syntax Silver badge

            Re: It's simple

            "I stopped reading your comment at that point"

            I almost did so too. What you missed was a short, well-stated summary of exactly what's wrong with key escrow or, indeed, any other form of back door..

            1. smudge

              Re: It's simple

              What you missed was a short, well-stated summary of exactly what's wrong with key escrow or, indeed, any other form of back door..

              You mean like "giving your private keys to someone else is not a good idea, and the baddies won't do it anyway"? The reason behind my "didn't bother reading this" comments is that I thought that every thinking person in the industry knew all that anyway.

              Must be 20 or more years since I wrote my company's response to HMG's request for views on key escrow. I basically said what I said above, quoting the experts - mostly in the US - who had already said this.

              I then went on a short holiday.

              When I returned, the paper had been rewritten, by a salesman. It now said that we wholeheartedly welcomed HMG's proposal, and looked forward to the opportunity to work on their implementation, etc etc, ad nauseam.

              I asked for only one change - removal of my name from the paper. Otherwise my reputation, amongst my peers, would have been shredded.

        2. Dodgy Geezer Silver badge

          Re: It's simple

          ...And given a trustworthy government ...

          I think that I can see the flaw in your argument...

        3. JohnFen

          Re: It's simple

          "those who engage in serious criminal activity will not, if they think about it, be reluctant to use widely and easily available cryptographic systems that do not participate in the key escrow procedure."

          Not just criminals. I'm a law-abiding citizen, but I would absolutely do this. Actually, I already do. I don't trust crypto schemes that are included with my machines and services by default.

      2. Bernard M. Orwell
        Big Brother

        Re: It's simple

        "What is it about elected officials that they don't understand "

        Oh no; they understand alright. They understand it well enough indeed.

        What they are relying on is that 90% of the population doesn't understand it, which means they can subvert it easily and use it for their own ends. It means the veneer of an excuse, a dismissive handwave at "experts", a few bespoke scary words and some technomumble will be enough for them to reach their goal of a universal panopticon.

        Why do they want such a thing? Because they know that their methods of social control are out of date and threatened by the speed of direct modern communication. In order to retain power they must control the internet and all digital communication must be monitored.

        1. Doctor Syntax Silver badge

          Re: It's simple

          "Oh no; they understand alright."

          Not if they're in the Amber Rudd class of elected official (remember hashtags?) - whether this guy is in that class I don't know.

          What you have to remember is that behind the elected officials are a group of unelected officials who do understand. They prefer their politician front not understanding. That way the front don't know they're talking bollocks and are so much more convincing because they actually believe what they're saying. Could you have spouted such stuff and kept a straight face?

          1. Bernard M. Orwell
            Black Helicopters

            Re: It's simple

            "What you have to remember is that behind the elected officials are a group of unelected officials who do understand."

            Oh, believe me when I say I am *very*, and *directly*, aware of that.

        2. Stu Mac

          Re: It's simple

          No doubt also dreaming of an entirely whitelisted internet with biometric access through heavily governed ISPs only. In fact an intranet not an internet at all.

      3. justAnITGuy

        Re: It's simple

        There's clueless and then there's political clueless which is a whole new level.

        What blithering idiot(s) Down-voted that? Don't tell me Australian politicos read El Reg.

    2. frankieh

      Re: It's simple

      Nah, they will use catching pedophiles too. In truth it will be used to find tax cheats and general purpose spying and every government body will have access. If memory serves, until it became public the RSPCA could access saved meta data so our government clearly doesn't have the brains to be trustworthy. To be honest, I would rather the russians read my messages than my own government. I've never said or done anything interesting to the russians, but I suppose it's possible my own government could one day misinterpret a joke or something and get all in my face about it. I'd rather not go though that for what would likely have been me trying to get a laugh from a mate.

    3. moooooooo

      Re: It's simple

      agreed. As an Aussie living in NZ i just laugh now about what happens in Oz. I'm currently in Oz for family reasons but can't wait to get back to my gigabit fibre internet connection instead of the crap NBN we have in Oz. (i'm back tomorrow)

      http://www.speedtest.net/result/6823071443 on a 2014 router. Not bad hey? and on an NZ public holiday at peak time too.

      1. eldakka

        Re: It's simple

        > As an Aussie living in NZ i just laugh now about what happens in Oz.

        Yeah NZ is perfect.

        Not like they'd ever use the GCSB (NZ equivalent of NSA) to illegally spy on a NZ resident. Or send in 76 police including their anti-terrorist squad, and 2 helicopters, to arrest 3 or 4 people in their home in an illegal raid. That'd never happen.

        1. GrumpyKiwi

          Re: It's simple

          Not perfect. Just better. It's a low bar to cross.

    4. Anonymous Coward
      Anonymous Coward

      Re: It's simple

      "The Magic Words are Squeamish Ossifrage"

  3. MrDamage Silver badge

    Bollocks

    Given that the PM himself has admitted to using end-to-end encryption services, then what right do they have to demand to see anyone else's messages?

    Surely corrupt politicians are a greater threat to national security than your bog average bloke, they should start off sending all of their communications in clear text, before demanding ever more invasive measures into our personal lives.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bollocks

      Really? The PM truly amazes me - I had thought that his only competency was to preen himself in front of a mirror. Perhaps he just thinks that he is using end-to-end encryption based on that famous cipher ROT-13.

      When he was a minister for telecommunications he demonstrated that he had no knowledge or feel for job, so I take any statement about technology from him or his sycophantic cabinet colleagues with much salt. The man makes his predecessor look incredibly competent.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bollocks

        >ROT-13

        Knowing him, encrypted *twice* for added security.

    2. tom dial Silver badge

      Re: Bollocks

      Under nearly all regimes, if not all, law enforcement officers can obtain legal authority to examine communications and other materials that are not encrypted. It would be interesting to see a justification for the claim that encrypted material should be treated differently because it is encrypted. Australia and the other five eyes countries have significant and usually effective constraints on government access to, and use of, private material. It is not obvious that they would operate differently on encrypted material if they could than they now do on unencrypted data, or why.

    3. GrumpyKiwi

      Re: Bollocks

      "Given that the PM himself has admitted to using end-to-end encryption services, then what right do they have to demand to see anyone else's messages?"

      Don't you know that some animals are (considerably) more equal than others comrade?

  4. Anonymous Coward
    Anonymous Coward

    Really opening up the Sluices at Both Ends

    Another shithole country.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really opening up the Sluices at Both Ends

      Hey pommy bastard - just stay there, you're not wanted in Australia.

      1. Anonymous Coward
        Anonymous Coward

        Re: Really opening up the Sluices at Both Ends

        Hey pommy bastard - just stay there, you're not wanted in Australia

        Doubt very much he's a pom, Bruce. They don't commonly use the word 'sluices'.

  5. Paul

    secure for everybody, or secure for nobody

    How often do we need to tell governments this...

    repeat after me: communications are secure for everybody, or secure for nobody

  6. YetAnotherJoeBlow

    Key escrow

    Does the US gov honestly think that will work? Everyone I know encrypts before transfer. It is trivial to have an app do that.

    I've never had any problems.

    1. Anonymous Coward
      Big Brother

      Re: Key escrow

      Citizen, you have been detected using non-approved encryption. You will be rounded up and beaten into submission gently shown the error of your ways.

      1. LeoP

        Re: Key escrow

        That's SO 20th century!

        Nowadays you're just shot - the Cop saw you reach for a something and had to proactively defend himself.

      2. Anonymous Coward
        Anonymous Coward

        Re: Key escrow

        Citizen, you have been detected using non-approved encryption. You will be rounded up...

        Encrypted to look like a document file. Now no one other than the receiver will know it is encrypted.

        1. Anonymous Coward
          Anonymous Coward

          Re: Key escrow

          I suppose for files that aren't too huge you could find a way to stick them in a Word format file - there's space that's basically binary in them, you could take an innocuous file and add some binary content to it somewhere that doesn't impact its ability to be loaded into Word. That way if the spooks decrypt it, they'll see the innocuous Word file, and you just hope their software isn't smart enough to notice all the "garbage" contained within.

          The same could be done with video files, PDF files, etc. I imagine...

          1. Richard 12 Silver badge

            Re: Key escrow

            Trivial with any image file, moving or still.

            Lots of well-known techniques that are completely indistinguishable from random noise.

            1. eldakka

              Re: Key escrow

              Steganography

              Steganography (/ˌstɛɡəˈnɒɡrəfi/ (About this sound listen) STEG-ə-NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning "covered, concealed, or protected," and graphein (γράφειν) meaning "writing".

          2. This post has been deleted by its author

  7. BebopWeBop

    However, he said, law enforcement needs access to the “data they need”, and added that he wouldn't go into the technical details.

    There is are many reasons why the the twat won't go into techical details.....

    1. Teiwaz
      Windows

      There is are many reasons why the the twat won't go into techical details.....

      First bit of wisdom there then...

      (In his mind) If he uttered the wrong hashtag, the internet might be wiped and the government fall.

    2. tom dial Silver badge

      Presumably, he meant the obvious, but didn't state it very well: that law enforcement needs access to the data they need and can obtain legal authorization to access. If he meant more than that, he is out of line.

  8. Velv
    Big Brother

    Missing the options...

    The encryption of the message in transit will remain secure, without escrow or other back doors.

    They will however mandate that it cannot be "end to end", and that the message service provider must have the message available at both ends of the communication to be inspected by someone with a warrant to access the device or central store.

    1. Anonymous Coward
      Anonymous Coward

      Re: Missing the options...

      The encryption of the message in transit will remain secure, without escrow or other back doors.

      They will however mandate that it cannot be "end to end"...

      leaving one hole in the end to end encryption for the government means the crime can also use that one hole to steal stuff. Which is the definition of not secured. Which is the point everyone who knows a little bit of how computer works is trying to say.

      1. Velv

        Re: Missing the options...

        Sorry, I didn’t make it clear, I am in no way proposing or defending the option, I’m simply trying to suggest this is the type of smoke and mirrors answer the politicians will go for.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon