nav search
Data Centre Software Security DevOps Business Personal Tech Science Emergent Tech Bootnotes
BOFH
Lectures

back to article
Oz government rushes its anti-crypto legislation into parliament

Anonymous Coward

So 15,000 submissions. A week to deal with them. That's what, 8-10 seconds per submission to evaluate and consider it. Nice work.

Who says government isn't efficient?!?

35
0
Reply
Anonymous Coward

It's almost like they didn't bother to read them. :-)

47
0
Reply
Silver badge

Maybe they're using a secret Oz AI system to read them - that speed is about right.

4
0
Reply
Silver badge
Stop

I had to read this twice

"This is the same draft law that was floated earlier this year, before a change in prime minister gummed up the works"

I thought it said the same "daft law".

45
0
Reply
Silver badge

Re: I had to read this twice

Shouldn't it be daft law?

12
0
Reply
Silver badge

Shouldn't it be daft law?

It is daft.

And it should not be a law.

9
0
Reply
Silver badge

Dear el Reg,

Please name names after the vote. No-one can possibly argue that a week is sufficient to consider the far reaching implications of this potential law. So some of our (supposed) representatives are being negligent in their duties if they wave it through. This is a hard area of law. But that means a large effort is needed to be on top of the many consequences. My ballot paper sometime between now and May wants to take it into account.

32
0
Reply
Megaphone

Quick! We have to take away people's rights before they have time to vote us out for trying to take away their rights!

21st century democracy is best democracy!

43
0
Reply
Silver badge

"We have to take away people's rights before they have time to vote us out for trying to take away their rights!"

You can always vote them out for having done it.

6
2
Reply
Unhappy

Me personally? I wish I had that much power! (Or maybe not!!).

Of course once the rights are gone, finding anyone at all in modern politics interested in reinstating them ... well ... sincere best of luck!

5
0
Reply
Coat

21st Century Australian Democracy

Is summed up best in this article and all that it reveals:

http://www.abc.net.au/news/2018-09-18/liberal-leadership-spill-rupert-murdoch-kerry-stokes-influence/10262552

Mine's the one with the interplanetary passport.

2
0
Reply
Silver badge
Facepalm

They know not what they do

See title

2
3
Reply
Silver badge

Re: They know not what they do

I seriously believe that they know exactly what they are doing. It's beyond belief that they, especially with the intelligence agencies, are totally unaware of what's been put forth to date from the crypto and internet engineers.

The pin-drop I'm waiting for is all the 5EYES adopting this as well.

29
0
Reply
Silver badge

Re: They know not what they do

"I seriously believe that they know exactly what they are doing."

It depends on who "they" is. Intelligence agencies do but do you seriously think the average politician knows the implications?

3
0
Reply

Re: They know not what they do

Politicians for you...

Fiddling with things they don't understand, normally for their own ends but disguised as 'in the name of the greater good', and the ones that suffer are the innocent public.

I imagine the main outcomes will be vendors dropping their apps rather than complying, a steeper rise in cyber crime and officials abusing their power.

None of which is good for the average Joe or Joanne. The world is watching...

8
0
Reply

Re: They know not what they do

"The pin-drop I'm waiting for is all the 5EYES adopting this as well." - Thin end of an intentional wedge, anyone?

5
0
Reply
Silver badge
Holmes

Re: They know not what they do @Jack of Shadows

Totally agree. This is the real reason T.May is pushing so hard to leave the EU. The GDPR being an EU invention, is what has been stopping her from having her dreams of a super-RIPA. It all makes the Bodyguard on BBC all the more chilling.

4
0
Reply
Silver badge

Re: They know not what they do

I rather think that the intelligence agencies were hoping to be gifted with a slightly better way of planting sniffers onto internet backbones and into ISPs, and therefore asked for moon-onna-stick in the belief that the politicians would water down any proposal to more or less what was wanted.

Unfortunately nobody ever thought that the politicians were stupid enough to try to defy the laws of physics and mathematics, and demand back doors in encryption.

2
0
Reply
Anonymous Coward

Interesting take on the legislation

One of the most contentious aspects of the bill, as it currently stands, is that it allows law enforcement to ask communication service providers to give investigators access to unencrypted messages under an escalating set of notices, from voluntary compliance all the way up to a court order.

No doubt they will try to use it to force subversion of encryption, but I would take a court order forcing a company to produce unencrypted communications as meaning "provide the data without any encryption you have added". You obviously cannot produce the message absent the encryption someone else placed upon it any more than the security services can.

This summarises what happens when a fucking idiot meets an immovable object.

37
0
Reply
Silver badge

Re: Interesting take on the legislation

There's only one possible safe option. Refuse to serve any web traffic from Australia, and refuse to accept any encrypted data from Australia.

8
0
Reply
Silver badge

Re: Interesting take on the legislation

This already happened once. Australia decided to get tough on internet gambling, so the various firms supplying this need to Australians simply off-shored their servers to south-east Asia, frequently with only very minimal downtime, and carried on as before.

Australia lost the hosting profits and the taxes that the gambling site operators paid, but did not otherwise impede business in the slightest.

2
0
Reply

Re: Interesting take on the legislation

"There's only one possible safe option. Refuse to serve any web traffic from Australia,"

As an Aussie, there's several reasons why long ago I decided that putting my server in Europe was a good idea.

0
0
Reply
Silver badge
Unhappy

Is there anywhere in the world where I can move where I can enjoy a sliver of privacy. Anywhere, ?

Fuck

22
0
Reply
Unhappy

Nowhere English-speaking, certainly. I've checked.

22
0
Reply
Silver badge

That's actually an advantage. If people can't understand you, you have a little more privacy.

12
0
Reply
Silver badge

Antarctica?

5
0
Reply
Silver badge

Translation

"there is simply no way the government has had time to consider all of those responses in their decision to endorse the bill this morning" = "we don't give a fuck about what people think and we'll screw them anyway"

23
0
Reply
Anonymous Coward

Ah.... Democracy in action huh?

5
0
Reply
Silver badge

Once a backdoor is put in to a messaging service even if it is just for Aussie residents it breaks the security for everyone, even those outside of Australia who uses that messaging service. As how are you to know that the person your communicating with isn't using an Australian backdoored version of the messaging app etc?

The only safe option will be to wait and see if any company decides to publicly announce they are going to block their service in Australia over the new laws, so you know that your privacy isn't going to be compromised to please the Australian government.

13
0
Reply
Silver badge

That's not quite true: companies have a history of producing country-specific versions of products. So you'd just want to avoid the Oz version - and indeed they'd do their best to prevent you getting the Oz version from outside Oz.

The more relevant question is how much you trust the company itself. Has it inserted an NSA backdoor in return for not being given the Kaspersky treatment?

2
0
Reply
Silver badge

Do they have to block service in Australia

If it's a free service I would think just have a check box "Are you in Australia [ ]" If you check it, OK, Bye.

If you lie and say you don't live in Australia, well not my fault.

This reminds be of the days of 40 bit international versions of browsers with the download page for the better US version where you swear not to give it to China or other "bad" countries. That worked great.

3
0
Reply
Mushroom

Re: Do they have to block service in Australia

Well, if the geoblock international versions from Aust, they can even legitimately charge the usual 400% (hell, why not go 1600%!) great-aussie-rort mark-up, claiming (possibly even validly) the extra costs of maintaining the extra code.

2
0
Reply
Anonymous Coward

Quote: "....ask communication service providers to give investigators access to unencrypted messages..."

I wonder what El Reg would do when a demand comes from Australia to provide the "unencrypted message" associated with this:

679432C7755BADC6B62573C28639902B91808D83

18D2448E1C2CA6971B0D6A1632C8394F5E72631C

455795E7A65958A122E50F7AA4C7DB5FDC023636

068F54BE6738E80670524FEA85DDE144D9F6FB44

572B41F50910DC82EBF71BA9571A605DA236A21C

41D7E425136643B0C927300304F6F31BDE9551A7

54B4C4C9E63E43F31D194417211D94333014F929

02545462C834020691955F4A670B0139F8229B90

2B86B4DB1F65F5148D9828E3943E3072D3C13DCB

48B555D20C364D6463B847147644F606C480F08D

48020287CF379B167B8B101490E0C525FF73E185

2F8AF201614CBC35989023B760B25F1A31A520E8

346C0

8
0
Reply
Silver badge

Or even better, a gig or so of pure random data purported to be an encrypted drive image full of kiddie porn (which is impossible to decrypt because it never was encrypted content to begin with).

3
0
Reply
Silver badge

Ok, we've just run this through our Enigma.io system. It says

{"messages":[

{"text":"Can we have another go at repealing 18C?"},

{"text":"QUOTA'S BAD!!1!! Hurumph"},

{"text":"Right, so our new energy plan is to ban wind and just burn non-Adani coal, then subsidise it so it's no more expensive than solar. Sounds good to me. Can someone just run it past Alan?"},{"text":"Got half a billion here to spend on the reef. Anyone know a small charity stacked with petrochemical board members we can grant it to?"},

{"text":"Hey man, know it's a Sunday, but need to call in a favour about my au pair."},

{"text":"Don't worry mate, you've got my full support."}

]}

Crazy talk there, glad we could help. Some folk are really messed up. I can't imagine how I'd sleep if someone sent me the last one.

3
0
Reply

I have been thinking

Elected governments can only promote legislation that can be understood by, and desired by the voters.

There are plenty of technical people that know and understand the futility of effectively controlling decent encryption technologies.

But there a lot more people that do not understand the impossibility.

Therefore elected governments have to say silly things like the law of the land overrules the laws of mathematics even though that is cringe worthy.

What is needed is a description and demonstration of a secure communication infrastructure that is as impossible for any governments to effectively control as possible. This needs to be as simple in the individual operational elements as possible. There may be a lot of operational elements but if each piece is simple enough then a lot more people will be able to understand it.

I have been writing up something to do this as a hobby for the last couple of years.

Its a bit of a read and is a work in progress but I think that there is enough for sharing.

I have been using a github wiki for this:

https://github.com/johnrobyclayton/SecureCommunicationsInfrastructure/wiki

6
0
Reply
FAIL

Politicians are not sufficiently educated to know they are being stupid

Crypto needs math literacy to understand. SERIOUS math. Not high/grade school, but University Major type math.

Without that background, (assumption - probably safe) politicians have to rely on "experts" to advise them, and they get to not only pick the experts who may not have the required math (assumption - reasonably safe), but the politicians will keep asking until they find an expert who supports what they want to hear (assumption - proven).

So there's no way to tell them it's impossible that they will listen to - they think those that are telling them "Not possible" are either i) hiding something, ii) have vested interests, iii) are being paid by the opposition, iv) are terrorists and shouldn't be listened to anyway as that's who they want to spy on...

13
0
Reply
Silver badge

Re: Politicians are not sufficiently educated to know they are being stupid

Agreed on all counts except one : they don't want to spy on terrorists - that's just the convenient excuse they use to be able to spy on everyone.

9
0
Reply
Anonymous Coward

one for the criminals, one for the plebs

If I was a criminal, I would make damn sure my encryption is 100% (or as near as) gov-proof. If I were one of the plebs though... shrug.

End result: criminals keep walking (free) while plebs on the other hand... shrug.

But hey, THINK OF THE CHILDREN!!! AND TERRORISTS!!!! AND RUSKIES!!! AND ELECTIONS!!!!

9
0
Reply

cryption? Nah, mate, don't need it... I've got a Donk!

I was wondering what Yahoo Serious did after acting... apparently he's drafting new legislature.

You Aussies let us Yanks know how that works out for ya!

Just make sure the bank that the PM uses has that nasty little peephole punched in it's encryption too. We wouldn't want any government officials being left out on the brave new world they are trying to create.

Some country is about to get pwned.

7
0
Reply

Re: cryption? Nah, mate, don't need it... I've got a Donk!

The fact that Australia was chosen as the the first country of the 5-eyes to try and implement this, means that Australia is already pwned.

2
0
Reply
Silver badge
Facepalm

what can possibly go wrong?

I know; I know....everything. again. still. as someone once famously said: "YOU DUMBASS"

2
0
Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing