Wow, what a lovely early Christmas present for Australians: A crypto-busting super-snoop law passes just in time Congratulations, Australia: somehow after chaotic scenes in parliament, the government last night managed to secure after-the-bell passage of its encryption-busting eavesdropping legislation. The super-spying law, which will force websites and communications services Down Under to build in secret wiretapping capabilities for …
I now feel less secure with the passing of the new legislation designed to allow the government security agencies to access encrypted internet communications.
No matter what the government says the only way to implement this is to weaken encryption and once the encryption has been weakened this will also allow other foreign governments, tech savvy criminal groups and unscrupulous companies to also intercept your private communications.
No matter what “protections” such as warrants that the government puts in place mandating how the security agencies can access this information the other entities are not controlled by these protections. And the argument that “if you haven’t done anything wrong you have nothing to fear” means nothing when your personal details / banking details / health information / etc are stolen by 3rd parties not answerable to the Australian government.
"if you haven’t done anything wrong you have nothing to fear”
I've just applied some basic logic circuits to this one (with all due precautions on overload/paradox etc.) and observed the following..
1. The only people who are afraid of this legislation are people who understand it technically and how it will affect the relationship between the people and government
2. The only people who understand this legislation in this sense are intelligent and have a moral conscience/sense of preservation for the whole of society and not just themselves
Therefore, for the original statement to be true, it can be considered 'wrong' to be both intelligent and have a moral conscience.
Now you know what the people who utter that phrase really believe.
This is a variation on "If you have nothing to hide, you have nothing to fear".
Might I point out that you don't have a plate glass exterior wall in your shower, and you do have drapes over the windows in your living room & bedroom ... and hopefully there is a door between your toilet and the rest of your house. What are you hiding? Are you a criminal?
Privacy isn't always covering something illegal.
Might I point out that you don't have a plate glass exterior wall in your shower,
True. It's clear perspex.
and you do have drapes over the windows in your living room & bedroom
No I don't.
and hopefully there is a door between your toilet and the rest of your house.
There is, but it stays open. Well, OK, I shut it to keep the roomba out if the floor's wet. And occasionally for guests.
But I do have locks on both front and back doors, and indeed a burglar alarm. Nothing to hide, but just possibly something to fear?
the congress notes from the mid 90's key escrow laws, not to mention munitions
In the US, key escrow and cryptography-as-munitions were both moves by the executive branch, not the legislative. Congress didn't have anything directly to do with them. (Key escrow, particularly the Clipper Chip, came from the NSA and was pushed by the Clinton administration; including cryptography as munitions was done by the State Department.)
Not that it matters much - in the Foolishness Sweepstakes, the executive and the legislative both have plenty of awards.
A wiretap is a backdoor, and exposes your privates to anyone and everyone who cares to try.
When wiretapping meant physically clipping onto actual wires, it was less serious because a miscreant who did it would have been found out relatively quickly.
Under this legislation, wiretaps become automated and thus any miscreant, anywhere in the world can create one. For example, on the private communications of the Australian Prime Minister.
.. says practically every software developer in Oz.
How on earth is any Oz code cutter going to prove their code isn't fitted with a backdoor if that has effectively become a legal requirement? Way to go to pretty much nuke an industry, and to promote the use of non-Oz services*.
* Someone in Australia can still be served with a warrant for access to their data, but surveillance will be interesting when everyone reverts to using non Australian software.
Unbelievably stupid decision IMHO.
Im looking at immigration opportunities to bypass what has been an on going 5 year struggle against the Liberal Parties stance on encryption. If you know any, message me via www.foocrypt.net.
I was nuked 2.7 years ago, the Australian Signals Directorate placed a caveat in my Defence Export Controls permit, wanting to know if my software or variations are used in Weapon of Mass Destruction programs.
Be Protected, Get ….…..
The FooKey METHOD :
http://foocrypt.net/the-fookey-method
The common flaws in ALL encryption technologies to date are :
1. Typing on a KeyBoard to enter the password
2. Clicking on the Mouse / Pointer device that controls the location of the cursor
3. Some person or device looking / recording your screen as you type the password
4. The human developing a password that is easily guess, or can be brute forced due to its length
5. Sharing the password with a third party to decrypt the data
6. Storing the encrypted data in a secure location so no unauthorised access can be made to either the key(s) to decrypt the data or the encrypted data itself
7. The Right Wing Policies of the Liberal Party of Australia, being forced into law
FooCrypt, A Tale Of Cynical Cyclical Encryption, takes away the ‘BAD GUYS’ by providing you with software engineered to alleviate all the above.
"because we're not going to go home and leave the Australian people on their own over Christmas.”
Why all this whinging about Australian software? If they can get this designed, coded, tested, and up and running on all the multitude of different systems and have that all in place well before this Christmas, Australian software must be by far the best in the world. No other country could even begin to do anything so complex in that timescale.
"....Why all this whinging about Australian software? If they can get this designed, coded, tested, and up and running on all the multitude of different systems and have that all in place well before this Christmas, Australian software must be by far the best in the world. No other country could even begin to do anything so complex in that timescale...."
--
Done and Finished! You can NOW HAVE Quantum Computing resistant communications (Lattice/Invariate/One-time PAD) PLUS CAAST-256 x 3 (768 bits) that is BOTH peer-to-peer AND runs on top of AND outside of Facebook, Google/Gmail, Hotmail, Outlook, Skype and any web browser app to encrypt your communications.
Nothing ANYONE can do about it as it is ALL Open Source and Completely FREE --- Only GNU GPL3 copyrights are imposed.
... the big players should, temporarily, block comms in Oz. No Facebook, Google, Whatsapp etc, for a couple of days, maybe a week. Turn Oz into a data wasteland, just to show the Govt what hackers could do to them if backdoors were exploited. Then, once the populace have revolted and hung all the politicians from the nearest Eucalyptus tree, their replacements might have a different attitude.
by showing what happens when you elect grossly incompetent persons to govern you.
A state led by incompetent persons (expletitive removed) will act incompetent. Or like in this case like a moron.
I am sure this attempt legislating away mathematics will be watched carefully by a worldwide audience.
To all Australians: Sorry for you, guys... Hope the world will at least learn from your sacrifice how not to do security legislation.
And try to not also screw up the upcoming elections...
After the private sector sucks up all those intelligent yet power hungry and greedy folks, what's left for government? The choice for elected officials is pretty bad world wide due to the lack of critical thinking processes on the candidates' part.
The problem isn't the lack of critical thinking processes on the part of (most) candidates. It is the lack of critical thinking processes in voters. When republicans have an ever growing checklist of requirements to be considered a "real" republican (and now need a blessing by king Trump) they need to put any critical thinking skills they have on hold. Which is why the only congressmen willing to stand up to Trump are the ones on their way out the door.
Democrats look to be following the same playbook, as recently there have been suggestions from some democratic donors that potential 2020 democratic candidate Beto O'Rourke isn't "progressive enough" and actually said electing him would be like electing Obama again. Bernie or bust I guess, nevermind his age. Just like Bush and Reagan couldn't win nomination in today's republican party, perhaps before long Clinton (Bill) and Obama couldn't win nomination in today's democratic party.
Let's say stupidity prevails and Apple, Google and Microsoft build Australian spy support into their operating system software. What stops me from refusing to update from a pre-spying software version?
The "bad guys" will stick with today's versions of iOS, Android and Windows. Maybe in five years that could get to be a problem, but they might outlast the current government until someone else comes along who maybe has more sense. Or will they try to make non-conforming stuff illegal after a time, so any Android phone not capable of being updated becomes illegal?
I hope Apple, Google and Microsoft tell the Aussie government to stuff it. See how long the current leadership lasts after telling the public that they can no longer buy an iPhone, Android or Windows PC.
-----BEGIN PGP MESSAGE-----
Version: GnuPG v2.0.22 (GNU/Linux)
jA0EAwMC8wwTaVPYrpLWyZrN/k2M1YFSO/yCipIAsvGE43YEp/XghbWbU2aO4IVH
euONp13SX9dVjmM4xn3iH4Jlp+eh86oW7+v2ODlX8oEmSp3GVAwRyS7idFUuxYwG
VDN244IQszDELTcsGDyvye0rgNAUQ+zrl8Vz+naViopb+2hE5W/3SaZ9zdO68EDr
wEIRrarFsxRJM32RtWIqQk5j4xKe1QbPUdGi
=xBWy
-----END PGP MESSAGE-----
And lo, I'm still doing it. I'm still going to be able to do it once this law takes effect.
I found it easier to provide a quote from one of Rodney Rude's live performances in my first submission to the PJCIS. https://pjcis.foocrypt.net/ but unfortunately, they decided only to accept it as correspondence, and not publish it.
Just re arrange the first three characters of the 9425 in my message above..;)
I'm TELLING the autralian govrnment RIGHT NOW ....TO PISS OFF !!!
Gooo EFF THEMSELVES !!!
Arrest them, put them on trial, convict them and put these mofos IN JAIL FOR TREASON against the people of Australia !!!!! RISE UP AUSTRALIANS It's time to wake the hell up and TAKE BACK CONTROL
OF YOUR OWN COUNTRY !!!!!!!
-----BEGIN PGP MESSAGE-----
hQEMAxGl3ti0GufqAQf9F8aMf14xitq7NOraq+6h4EC3q3arHt7VPbcjyjbSDlDY
F8tmCH0JIPUSQGBlzW0WFzgQYYn5dDJgUpM7DEOapbA/ZCkB7YBg3zDG0yjm6zOz
TdrXoL5OYCv0qF+LJL6s3yBFqMnwzZkvdFf0YsiUw1TAnWRrjg/IEZ2ZcEbnDOOq
qvlR8lWZW41hV9wtN82v1VS/G28VHGje321g2FRNXeQL59aXwEJeQ1gdF30KzI9T
A4IJ7pjN97V23qedVjnS6afmUFx+1f7GDGT5lFhrUJ6Lzn6lV8DjmkX51+u5MDIk
tPWy7n5SWY6jevolcCDlLWCLsvO+igLaVEBamMZewdJTAV7v51Nf1boUAtZuY1NW
3zNNGZdOJjVXw9wlsW1fZwf15K1pfJwYG17Mp+MgEk8raMiIt6PJNrzMti1bkKXs
7xb0+DGeiNZifKnPBwH//H4PqPM=
=hDYl
-----END PGP MESSAGE-----
So how do they intercept a Australian WhatsApp user talking to a non-Austrailan WhatsApp user without ripping up the signal protocol? They could modify the app at one end to not notify the user that a BCC key was created, but the other end would notice.
Or if you are using some other end-to-end encrypted chat app - does the publisher have to force all their users to update their app within 28 days with some new shiny feature ( and stealthily embed a backdoor? )
The end results is that encryption is basically incompatible with this legislation.
They will leave that up to Facebook to figure out, but it seems you could modify the software to ALWAYS produce a BCC key, so you wouldn't be able to tell when they are listening and when they aren't.
That will come in handy for when they demand a copy of all communications be sent to them to storage and later search, as that is the obvious next step for Australia's new totalitarian government.
They will leave that up to Facebook to figure out, but it seems you could modify the software to ALWAYS produce a BCC key, so you wouldn't be able to tell when they are listening and when they aren't.
The sender and recipient are both running an app that has the messages in plaintext. There's nothing to stop Facebook from modifying that app to relay the plaintext to the SIGINT service of choice. No need to tamper with the Signal protocol itself, or how the app uses it, if you're only required to subvert that one particular app that uses Signal. And, AFAIK, that's what the law1 requires.
Vendors who comply with this law will do it by putting backdoors in applications. Some knowledgeable users will build their own applications, or get untainted ones from safe sources. The spooks are assuming that the vast majority of users won't, and they're very likely right about that.
1Which I like to refer to as Australia Rejects Secure Encryption.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
