back to article Australia joins the 'decrypt it or we'll legislate' club

Australia's home affairs minister Peter Dutton has waded into the global crypto debate, uttering the familiar demand that the tech sector provide what the politicians want while adding that the government will protect Australians from cyber-threats. Dutton on Wednesday told Australia's National Press Club today that “ …

  1. Old Used Programmer

    Sauce for the goose...

    Require all government agencies (including intelligence services and the military, and especially the legislature and executive) use the same "decryptable" encryption that they want everyone else to use.

    1. bazza Silver badge

      Re: Sauce for the goose...

      Whilst many see encryption as being a tool with which to defend against baddies, one has to wonder whether we'd be better off without it. It's not actually helping those who have been on the wrong end of a ransomware attack, or a credentials loss. And in a week which has seen yet another Tor-using paedo jailed for a few decades, it is undeniable that encryption is just as powerful a tool for baddies as it it can (with difficulty) be a tool for goodies.

      We only have encrypted network communications because we don't trust the transport to be free of eavesdropping. Anyone using Facebook, ebanking, an IMS, etc, is perfectly happy with the recipient reading data; https is not being used to defend data at rest. In a packet switch network, eg the Internet, one has no idea where data flows, so encryption is desirable. Don't want the Russians seeing my communications with my bank.

      With a circuit switched network, one does know where data flows. Perhaps that's a desirable trait.

      Skewed Debate

      One of the problems with the whole debate is that Americans generally loathe and distrust their own government in a way that all other civilised societies don't. Add the commercial interests of MegaCorp Inc into the mix and you end up with technology solving problems that, on the whole, the man on the street in the UK isn't really worrying about. At the same time MegaCorp is also creating problems that man on street does care about, and will vote accordingly.

      Add in differences in laws, customs, and social expectations on policing, and you have to question whether or not the Internet is going to remain as one network, or will it start getting broken apart at national boundaries. Just like China has already done.

      Now if Facebook, Google, Apple, Amazon, Twitter, MS, etc. want to avoid that and preserve their business models then they're going to have to give governments a reason to not want to put up national firewall. But theyre doing the exact opposite. It's long term commercial suicide.

      1. Anonymous Coward
        Anonymous Coward

        @ bazza

        Did you also sign the petition to ban that lethal chemical Dihydrogen Monoxide?

        1. bazza Silver badge

          Re: @ bazza

          No.

          And note that I'm merely observing that a lot of the tech we get given is pretty useless really, and warning that there's the beginnings of a trend towards Internet fragmentation and control that we may not like, and the major tech companies are doing absolutely nothing substantive to discourage.

          Politicians respond to costs, crime figures and votes. They absolutely will pass laws if they see Internet bullying, on-line paedophilia, terrorism, etc. becoming an electoral issue. When the Madrid train bombings happened, the sitting government was widely blamed by the population for not having done enough to prevent it. They lost the general election that followed soon after.

          Is it any surprise that other governments look at that event, look at what's going on on-line, and start making noises? If you are surprised by that, or doubt it somehow, then you don't know what a politician is or how they get and keep their jobs.

          Politicians are also quite good at recognising what the average voter will vote on (that's different to what they say they want). Unchecked criminal activity (including on-line nasties) is the surest way imaginable to be kicked out come the next election. On the other hand, the quite small percentage of the population that is actually going to make an election time noise about online monitoring by law enforcement agencies is, electorally speaking, ignorable. If you think otherwise then I suggest to try it out for yourself by standing for election on the issue.

          That's what the large tech companies don't seem to understand. Compared to the interests of a politician in being seen to be doing something effective about law and order, the tech companies business model and their "we're secure and private" marketing is of zero concern to a sitting government. It's only in the USA (where lobbying is such a corrosive force) can the tech companies get political leverage. And ask yourself, why do the tech companies need to lobby so much?

          Add in to the mix the fact that companies like Facebook, Twitter are seemingly quite content to be conduits by which the democratic process is externally influenced, and you have the perfect recipe of reasons why governments will change and pass laws about such things.

          If you don't like that, try making it an electoral issue and see how your fellow countrymen vote.

          Me? I'm pretty neutral on the matter. Encryption is occasionally useful, often useless, and definitely dangerous. A well set up E-Banking website is useful. Encrypting passwords is pretty useless given the myriad of other software and hardware flaws that get used to leak credentials. Tor likes to present itself as being a force for good. Given the sort of people (paedos, drug dealers, etc) who actually seem to use it in places (e.g. Western Europe) where you don't otherwise need it, and that you can't use it in places where you might need it (China), I doubt that Tor has much net social value.

          If we had a network that didn't require encrypted communications for reasonable security, then

          1. Anonymous Coward
            Mushroom

            Re: @ bazza

            wow Bazza, you really do live with the Unicorns.

            So I should just send my bank details and card details to Amazon on the back of a postcard?

            Or my corporate work should all be done over ftp with no password?

            Maybe I should leave my phone unlocked, with all my personal details free to view, should I ever leave it somewhere by accident.

            Or in your world, should we just accept what our governments want to do to us and never stick two finders up and say Fuck you, I'm not putting up with this.

            This generation has already gotten soft, with slacktivision being the new force of "change".

            Press "Like" if you want the world to change for the better.

            1. bazza Silver badge

              Re: @ bazza

              @Lost all faith...

              wow Bazza, you really do live with the Unicorns.

              Well, not quite!

              So I should just send my bank details and card details to Amazon on the back of a postcard?

              Er, your bank posted them to you in the first place. Flimsy things, envelopes, very easily opened.

              Or my corporate work should all be done over ftp with no password?

              If that server you have no control over has been poorly set up and someone else is already inside it, your password is of zero value.

              Maybe I should leave my phone unlocked, with all my personal details free to view, should I ever leave it somewhere by accident.

              And if you use Android (which seems to be easily rooted by malware) and possibly soon iPhones (whose boot loader source code has leaked and may suffer a similar TITSUP), what's the difference between locked and unlocked?

              Or in your world, should we just accept what our governments want to do to us and never stick two finders up and say Fuck you, I'm not putting up with this.

              Feel free to do that, but I fear they're going to do it anyway. More voters couldn't care less about that, but do care about crime figures, fraud, online bullying, etc.

              This generation has already gotten soft, with slacktivision being the new force of "change".

              Press "Like" if you want the world to change for the better.

              Finally, something to agree on.

          2. Evil Auditor Silver badge

            Re: @ bazza

            If we had a network that didn't require encrypted communications for reasonable security, then

            And if I had some million quid on my bank account I wouldn't be at work/reading El Reg. Anyhow, we both are talking about wishful thinking.

            What about a secure communications infrastructure, one where my hypothetical millions in the bank account are not put at risk? Yes, we are talking about encryption again. No matter what kind of "secure" network architecture you use, I wouldn't trust the nodes in between me and my bank.

            1. bazza Silver badge

              Re: @ bazza

              @Evil Auditor,

              What about a secure communications infrastructure, one where my hypothetical millions in the bank account are not put at risk? Yes, we are talking about encryption again. No matter what kind of "secure" network architecture you use, I wouldn't trust the nodes in between me and my bank.

              Well you trust the phone network when you call up your bank don't you? The world would be a whole lot better if we could trust the Internet in the same way. That certainly is wishful thinking indeed on my part, but we have to recognise that if the Internet's network were as trusted as that then a lot of the political pressures on services like Facebook, etc. would go away.

              1. Evil Auditor Silver badge

                Re: @ bazza

                @bazza

                Well you trust the phone network when you call up your bank don't you?

                Partially, I do. I know my account manager reasonably well and - for now, still - I identify her by voice and vice versa. Even so I don't initiate external transactions on the phone. For these I rely on end-to-end encryption, two-factor authentication and transaction verification.

                If you come up with a feasible network architecture that is inherently secure: I'm game! I doubt that it will do without encryption though. Encryption is much older than our data networks; the objectives remain the same, i.e. privacy and non-repudiation.

                1. bazza Silver badge

                  Re: @ bazza

                  @Evil Auditor,

                  Partially, I do. I know my account manager reasonably well and - for now, still - I identify her by voice and vice versa.

                  Oh to have a bank where one can recognise the staff, instead of some vast call centre... Er, have you heard of Rory Bremner? Used to phone up politicians whilst impersonating another politician, for comedic effect. Dangerous guy!

                  If you come up with a feasible network architecture that is inherently secure: I'm game! I doubt that it will do without encryption though. Encryption is much older than our data networks; the objectives remain the same, i.e. privacy and non-repudiation.

                  I'm afraid I can't beat the phone networks, and they rely entirely on control of connection points and of wires for security. Circuit switching is just a way to route through known locations, which is a plus too. But the net effect is that the phone network is less of a free for all where baddies roam (apart from the effing PPI lot). It's worth noting that the only reason why we kinda trust the phone network is that it is heavily regulated and in effect policed, in a way that the Internet just isn't.

                  At the end of the day there is no good solution to the identity problem. We have to meet the other person to know for sure who they are. Encryption algorithms are valueless without solving that identity problem well, and we haven't. Also what we have is only one way; you don't need a certificate to be Facebook user...

                  1. tiggity Silver badge

                    Re: @ bazza

                    I do my banking in the branch.

                    I have not got phone or internet banking - as that does not meet my idea of secure enough.

                    Plenty of people take the same approach.

                    Phone / internet banking is cheap[er for banks (and easy to blame customer for fraud / hacks) so they promote it.

                    Just say no & talk to a person, get a signed receipt of teh transaction and you are covered against any screw ups the bank make

                    1. bazza Silver badge

                      Re: @ bazza

                      @Tiggity,

                      That's all fine and good, but your bank is using IT and Internet connections between its business centres for conducting your banking business on your behalf, even if you don't interact with them except for in the branch. I strongly support your way of using a bank, but it's security is as illusory as https and passwords are for Internet banking. That is to say, it's security is pretty good, but not completely guaranteed.

                      The one definite plus point is that your not using a computer for banking, so you yourself are not being hacked. It's often a user's PC / mobile being stuffed full of password sniffing trojans that lies behind ebanking frauds.

                      1. Sir Runcible Spoon

                        @ bazza

                        I'm really struggling to see where you are going with this 'no encryption' idea.

                        Just because it isn't perfect, and certainly isn't always perfectly applied, that doesn't mean it's useless. If it were we wouldn't be using it.

                        We use it to protect ourselves as much as possible from unseen actors who wish us harm.

                        Much the same as me locking and bolting my door at night. It won't stop a determined gang (like the Police) but it does act as an additional obstacle to the opportunist burglar.

                        In your circuit switched world, where you know who owns all the endpoints - how do you know who is actually *using* that end-point and that their network hasn't been infiltrated? There are more ways to hack a network than over the wire.

                        As for your comments about the virtues of the POTS world, I fear you are badly misinformed as to the level of security and non-repudiation it provides. About the only thing going for it is that it's hard to scan lots of calls at once, whereas that's obviously a lot easier in the IP world.

                        We used to have encryption only for serious things, but when everyone started getting wind of the governments taking the piss and slurping everything without permission, then it got more attention and use.

                        Now that encryption has gone mainstream TPTB are moaning about it, and well they should because they bloody well created the situation. This genie is out of the bottle and there is no putting it back.

                        Even if you created your own network using dark fibre, the moment that data passes through any device that isn't 100% controlled by you, it's vulnerable. Mitigate that.

                  2. Anonymous Coward
                    Anonymous Coward

                    Re: @ bazza

                    "I'm afraid I can't beat the phone networks, and they rely entirely on control of connection points and of wires for security. Circuit switching is just a way to route through known locations, which is a plus too."

                    Do you really think phone networks are still using switched physical circuits? It's all digital paths and packets now, except in some really really old equipment probably not found in any major phone network today.

                    Clue... the phone services that are not delivered by cable VoIP are delivered to neighbourhood boxes by a fibre, and then split out to copper for the last kilometre. The network cores are also now all digital fibre... and that's the landlines - there are now more cell phones than landlines, and all modern cell systems are packet based digital backbones.

                    And, of course, most of them will take advantage of dynamic routing, so you don't really know which route any given bunch of packets will traverse.

              2. Dagg Silver badge

                Re: @ bazza

                Well you trust the phone network when you call up your bank don't you?

                Err NO who would be that stupid. What I might trust is the laws around protection against fraud that may have arisen from that communication. Check you countries banking act.

              3. Anonymous Coward
                Anonymous Coward

                Re: @ bazza

                "Well you trust the phone network when you call up your bank don't you?"

                No, I don't.

                That is why certain critical interactions only take place face to face, with a physical paper trail.

                You'd do better to argue that communications networks should be dismantled and we go back to paper mail for distance communication.

                Then, at least, you'd have a defensible argument.

            2. Headley_Grange Silver badge

              Re: @ bazza

              Evil Auditor - The odd thing is that although your bank transactions are encrypted, the results are not, so at any time the government can get access to them via a warrant (assuming you're not banking offshore). And this is what the gov. wants - so as far as banking goes, everyone is happy.

              So, the gov. can see my bank account, but can't see Whatsapp pics of my dinner/cat/explosive because we the people (apparently) think that it is really really important that no one except the desired recipient ever sees the cat pictures - ever. And this requirement to permanently encrypt pictures of my dinner and prevent the government seeing them is so important that I'm willing to risk the introduction of internet encryption back doors and put my banking at risk. Because...... because what?

              If it's good enough for my banking details to be available in plain text somewhere then the same applies in spades to pictures of my cat. And there must be a way to do it without dicking about with back doors. So why don't we start offering solutions instead of simply crying "what about the children"?

              1. tiggity Silver badge

                Re: @ bazza

                @Headley_Grange said:

                "If it's good enough for my banking details to be available in plain text somewhere then the same applies in spades to pictures of my cat"

                But what about the people who have totally different pussy pics on WhatsApp (or whatever). Lots of people have something to hide - it may seem stupid to have compromising unclothed pics of yourself / partner but plenty of people do.

                Although we are close, we are not yet in a state where the expectation of privacy is zero.

                1. Headley_Grange Silver badge

                  Re: @ bazza

                  Tiggity - I expect privacy and get it. The government can't see my bank account details - or the dodgy pics on my phone - without a warrant and they need just cause to get a warrant. Once they've put in the back door then all my details are there for everyone to see.

                  We all agree that privacy is good. We all agree that back doors are bad. Problem is that our current approach of "all my cat pictures have to remain encrypted for ever" is going to result in back doors and the result that my (and your) bank statements and dodgy pics will be all over the internet within 12 months.

          3. Tom 38

            Re: @ bazza

            (18 paragraphs in) Me? I'm pretty neutral on the matter.

            Sure sure sure

          4. Anonymous Coward
            Anonymous Coward

            Re: @ bazza

            Adam1: "You first."

            bazza: "No."

            Enough said.

          5. Patrician

            Re: @ bazza

            In normal operation a citizen of, say the UK or USA, expects that anything they post will go through to the recipient unopened; they expect a degree of privacy. You're proposing that due to the possibility that bad guys *might* be using the Royal Mail to carry out terrorist attacks, and due to the fact that nobody can see what is inside an envelope or parcel, the government would be justified in passing a law that allows the Royal Mail (or equivalent) to open, photograph, copy and or record, the contents of any and every item that passes through their sorting offices.

            Would you be comfortable with this happening by default? Could it be guaranteed that everybody at said sorting offices could be trusted with this responsibility? I doubt both very much.

            1. Anonymous Coward
              Anonymous Coward

              Re: @ bazza

              "[...] he government would be justified in passing a law that allows the Royal Mail (or equivalent) to open, photograph, copy and or record, the contents of any and every item that passes through their sorting offices."

              King Charles I created the Royal Mail as a monopoly to try to monitor plots against his Divine Rule. This ensured that all letters went through a central office where they could be discreetly opened and copied without the recipient's knowledge. The Royal Mail museum still has some of the transcripts.

              1. Patrician

                Re: @ bazza

                ..And...?

                Sorry but I fail to see your point, there are many things that have changed since inception, including the Royal Mail; that isn't the generally accepted practice today...

          6. Anonymous Coward
            Anonymous Coward

            Re: @ bazza

            "Encryption is occasionally useful, often useless, and definitely dangerous"

            These days, that's pretty much the same as 'privacy is dangerous'.

            There are other things that are more dangerous -

            lack of privacy

            fire

            water

            oxygen

            food

            gravity

            heat

            cold

            medicine

            doctors

            teachers

            writing

            language

            animals

            plants

            rocks

            police

            governments

            philosophy

            science

            electricity

            magnetism

            sunlight

            darkness

            heights

            holes

            rough surfaces

            smooth surfaces

            democracy

            laws

            society

            ... the list goes on. Almost anything can be dangerous, but not having those things is very often more dangerous.

      2. Adam 1

        Re: Sauce for the goose...

        > Whilst many see encryption as being a tool with which to defend against baddies, one has to wonder whether we'd be better off without it.

        And one doesn't have to wonder too hard to realise that the baddies will continue to use the existing strong encryption to communicate with each other or to lock up your files and demand a ransom. Meanwhile, your defences against this same scum are gone. You first.

        1. bazza Silver badge

          Re: Sauce for the goose...

          @Adam 1,

          And one doesn't have to wonder too hard to realise that the baddies will continue to use the existing strong encryption to communicate with each other or to lock up your files and demand a ransom. Meanwhile, your defences against this same scum are gone. You first.

          I rather think you're missing the point of my reference to circuit switched networks.

          Using the Internet as it is today without encryption is indeed security suicide. It's a hostile place to be. My point is that that hostility is itself something that should not exist so easily.

          Every time we (as a profession) add some encrypted this, certificated that, etc. in an attempt to make the Internet "safe", we screw it up to the point where it's not working in a useful way. Look at https and the system of certificate authorities that "secures" it. It doesn't secure it at all. There's a market for certificates, and some of the vendors aren't particularly choosy who they sell certificates too.

          The whole point of certificated https is to establish certainty as to who the other end point really is. Well, another way of doing that is to have a network where physical endpoint identity is guaranteed by the network provider. You dial someone's phone number, you know whose phone is ringing.

          There's many an OS or browser or server that salts and encrypts passwords, but what's the bleeding point when 1) users pick daft passwords, 2) tons of software flaws mean that passwords get exposed in other ways. We've tried other means such as biometrics, but they just do not work very well in the first place. Anyway they're no better than writing down a complicated password on a piece of paper and pinning it to your monitor. And you can't change one's biometrics without a lot of surgery.

          Nasties like ransomware continue to ruin many an unwary user's day, despite the many layers of protection in browsers and OSes that themselves use encryption

          My reference to circuit switched networks is that you know more about how one's traffic gets from A to B and exactly who the intervening switches belong to. That also makes the network operators keener to establish user identity before hooking you up (you can't just hook up to a phone line and get a service all by oneself). So you know more about from where and from who traffic is coming from (caller ID on a phone network is a useful way of blocking that annoying Aunt who phones all the time). Network traits like that are a useful thing for keeping baddies at bay.

          These are traits that the Internet just does not have, and I think that that is an increasingly bad thing. I don't think the sticking plasters we patch on top are doing a good enough job. There is a risk that the global Internet will get fragmented by concerned politicians (the really malicious ones have done it already), and the only way of heading that off it to clean up the network and make it hard for the baddies to use it anonymously (like they can now).

          That's a massive and unachievable job, but unless it gets done we may have to live with some significant consequences for the network's design, operation and reach.

          1. Christoph

            Re: Sauce for the goose...

            "My reference to circuit switched networks is that you know more about how one's traffic gets from A to B and exactly who the intervening switches belong to."

            Yes. They belong to NSA and GCHQ.

            The Snowden revelations exposed the fact that Google's own internal network was being tapped. That Cisco network boxes were being intercepted during delivery and compromised. Yet you want everyone to trust all the switches and all the connections in networks they have no control over?

          2. Adam 1

            Re: Sauce for the goose...

            I rather think you're missing the point of my reference to circuit switched networks.

            So in Bazzaland, you visit www.google.com and some nice young woman dressed in a 1950s dress and hair grabs an RJ11 to plug you in? You then download the page, then realise that you need some resource from Google's CDN or analytics, so 1950's woman disconnects your www.google.com circuit?

            If your answer is circuit switching, you asked the wrong question. You also made the MitM attacks a lot easier. There are a lot of 1950's exchange operators needing to sit in the middle and anyone of them can passively observe or actively change the communication.

            Luckily nothing approaching even a 1990s internet would have been possible under circuit switching.

            My reference to circuit switched networks is that you know more about how one's traffic gets from A to B and exactly who the intervening switches belong to.

            Not true. Unless, you and your server are on networks run by the same operator, that isn't even technically possible, let alone feasible. Your network operator loses any capability of such a promise at their interconnects. You are then relying on another network to finish the circuit. Your network knows that the traffic came on the expected interconnect, but without encryption or at least a digital signature involved, you cannot prove that what you receive is what they sent and vice versa.

            Look at https and the system of certificate authorities that "secures" it. It doesn't secure it at all. There's a market for certificates, and some of the vendors aren't particularly choosy who they sell certificates too.

            Ironically, you seem to be highly concerned with corrupt or inept CAs granting certificates to third parties, yet entirely trusting of your network operators to do the diligence to connect to the right endpoint. In both cases you rely upon the diligence of a third party to have verified the identity before signing the certificate. If the network operators are so diligent, then let's cut the middleman out here and make the network operators the CAs. No, your argument doesn't hold up, not because CAs are perfect (hi there wosign), but because your suggested alternative has exactly the same problem but additional problems as well.

          3. Anonymous Coward
            Anonymous Coward

            Re: Sauce for the goose...

            "I rather think you're missing the point of my reference to circuit switched networks."

            Darn, You're right. I completely forgot the fact that no one ever tapped or compromised a switched network. How silly of me.

      3. Adrian Midgley 1

        If one knows where the circuit is switched to ...

        and that there is no tap on it.

        So no.

      4. LucreLout

        Re: Sauce for the goose...

        it is undeniable that encryption is just as powerful a tool for baddies as it it can (with difficulty) be a tool for goodies.

        So what?

        I have a hunting knife I use for camping. In an emergency I can use it to help me build a shelter, start a fire, hunt for food, dig to make an oven, chop firewood for warmth etc etc etc Its a very useful tool. Innercity yoot scumbags seem to be able to find nothing better to do with that tool than gut each other.

        So what does the law do? Criminalise everyone with such a knife unless they can pass a vague and arbitrary spot decision by a single police officer that they have a reason to be carrying it. I don't carry mine when I go to work, obviously, but if it falls out of the bag into the boot of my car, I can be convicted of having it without reason when I'm driving home from Tesco.

        We've legislated for the lowest available denominator and left most of the country, who would never dream of shoving a knife into someone else, at risk of a serious criminal record (and jail time) for making a mistake. Or for misunderstanding the precise length of nonlocking blade their Leatherman is allowed to have. Meanwhile, the criminal scum carry on shanking each other because they carried on taking knives with them every day.

        Banning strong encryption will achieve the same thing. Ordinary citizens will be at greater risk of fraud, blackmail, etc and the terrorists will carry on using the pre-existing strong encryption.

      5. Graham Cobb Silver badge

        Re: Sauce for the goose...

        One of the problems with the whole debate is that Americans generally loathe and distrust their own government in a way that all other civilised societies don't.

        Oh, how soon we forget.

        I realise you are probably a Millennial, but my parents actually fought in WWII, and actually knew people who had been in concentration camps. Even I lived through a period where I expected nuclear destruction imminently.

        I know why human rights such as the right to free speech, the right to free association and the right to privacy are critical to any functioning democracy.

        Please read history. And, when you are holidaying in Germany please visit a Stasi museum.

        1. Anonymous Coward
          Anonymous Coward

          Re: Sauce for the goose...

          @Graham Cobb

          re: "Even I lived through a period where I expected nuclear destruction imminently."

          You still do - the Domesday Clock is closer to midnight than it's been since 1953:

          https://thebulletin.org/timeline

          1. Anonymous Coward
            Anonymous Coward

            Re: Sauce for the goose...

            The 'doomsday clock' is a piece of meaningless propaganda.

            We're a lot safer now than we were... and yes, I did live through a period when a nuclear attack on my vicinity was considered one of the most probable opening shots of any central war (see serious discussions of nuclear war, deterrence and strategy for complete terminology used).

            There was even a minute when I thought it was actually happening. When no shock wave arrived in a time appropriate to the major target in that direction, I realized that it was a bolide, and not a nuclear explosion.

            The main use of the doomsday clock has always been to advocate for policies that would make a nuclear war all but inevitable. It's another of those ironic situations that the universe seems to serve up with poorly analyzed 'solutions'.

            1. Anonymous Coward
              Anonymous Coward

              Re: Sauce for the goose...

              The Doomsday clock isn't only about nuclear apocalypse. It also covers human influenced climate change. There is an increasing body of evidence that shows that the current philosophy of endless growth and wealth creation is a fantasy which will inevitably lead to planetary destruction. It's happening now with 7.5 billion people. With another 4 billion by the end of the century, it's virtually guaranteed.

              The current path is not sustainable - our leaders have utterly failed to recognise the issues and provide solutions.

              Regardless, the scientists responsible for publishing the Doomsday clock warning are a lot more knowledgeable than some random AC on an IT forum.

      6. Chemical Bob

        Re: Sauce for the goose...

        "Americans generally loathe and distrust their own government in a way that all other civilised societies don't."

        I think it's safe to say that people all over the planet loath the government of the USA.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sauce for the goose and the tail wagging the dog

      What bothers me more than the issue of magical encryption is the tacit acceptance that governments and their agencies, who ostensibly exist to serve and protect us, actually have the right to tell us that we are not allowed privacy in our electronic communications with each other.

      Taken to its illogical extreme, it is akin to telling us that we are only allowed to meet with and talk to each other when in view and within range of surveillance cameras and microphones.

      The real underlying problem is that the servant has become master.

      1. StargateSg7

        Re: Sauce for the goose and the tail wagging the dog

        In America, we have the 2nd Amendment which GUARANTEES that ANY government official who even THINKS of making decryption mandatory will get a bucket load of lead up their Arses! We ain't putting up with that sort of crap here! One try and THEY ARE GONE PERMANENTLY! Erased from planet Earth!

        1. Anonymous Coward
          Anonymous Coward

          Re: Sauce for the goose and the tail wagging the dog

          U R A troll. Real Americans don't use the word "arse".

          1. StargateSg7

            Re: Sauce for the goose and the tail wagging the dog

            I'm American in Spirit (Canadian actually!) and only 20 km from the its border so damn rights I'm American As All Can Be! A STAUNCH Supporter of the 1st and 2nd, 4th, 5th and the rest of the Bill of Rights in its entirety! And as AN AMERICAN IN SPIRIT, I heartily defend the use and exercise of the 2nd Amendment (aka The Right to Bear Arms shall NOT be infringed!) to GUARANTEE all the other Amendments from agents of Tyranny (sometimes those being government entities and systems)!

  2. Terafirma-NZ

    Solved

    So how long until they realize this already exists.

    It's called TLS 1.0 and we all just spent the last 12 months getting rid of it. Or there is the NSA's version of RSA with predictable curve results.

    So how much will you pay some contractor to copy TLS 1.0 and AES 128 call it TLS 5.0 and sing his praises?

    They still can't say how on earth they are going to force the bad guys to use the encryption with known back doors never mind the large online providers. Never mind the effort to erase the existence of the more modern encryption standards.

  3. This post has been deleted by its author

    1. Adam 1

      Re: Ah, more magical thinking.

      A more cynical commentard may imagine that the government of the day is simply trolling to get the beetroot* tops and twitters to start discussing something else.

      *Sorry, I'll grab my coat

  4. Mark 85

    In what can only be called a cruel irony, Dutton returned to IT topics later in his speech, promising that his department will help keep Australians safe from cyber threats,

    So exactly how will the government do this beside issue warm, fuzzy platitudes about how safe you are? Magic pixie dust maybe? Judging from the reports we've seen, governments can't keep themselves safe.

  5. Neil Barnes Silver badge
    Coat

    The gummints are missing a point

    Since a well-encrypted message is, essentially, as close to random noise as you'd like, and the governments *already* seem to believe that anyone in whose encrypted data they are interested is already guilty, why don't they simply exor the message with the data they would like to be there, and announce that as the key?

    The poor 'culprit' has only two choices: admit that the government's chosen message ("It was me wot dun it, guv") is correct, or provide a real decryption.

    (Yes, there is a glaring hole in this proposal. It's written in 'the cryptonomicon' cunning concealed in the pocket of that, no not that one, the other coat. --> )

  6. thames
    FAIL

    decrypt it or we'll legislate

    If the companies are going to have to do it one way or another, why not demand the government produce clear legislation with a detailed description of the means they propose, and then publicly poke holes in the logic of the legislation?

    The "we want to force you to do it voluntarily" argument only exists because the people pushing the agenda want to have their cake and eat it too. They knowingly want weak security, but they want someone else to act as a whipping boy when ordinary people suffer as a result of it.

    Next up - the government will legislate that all automobiles must be powered by perpetual motion engines, with heavy fines on any auto company who fails to produce one by next year. Well, why not?

    1. Dan 55 Silver badge

      Re: decrypt it or we'll legislate

      Why not demand the government produce clear legislation with a detailed description of the means they propose, and then publicly poke holes in the logic of the legislation?

      Because they'll be doing that at committee stage, and once the ball starts rolling it's difficult to stop.

  7. The Aussie Paradox
    Pint

    'Stralia Mate!

    Well. No one has ever called us "The smart country".

    Oh wait....

    Time to have a beer and put another shrimp on the barbie

  8. Evil Auditor Silver badge

    Dutton forgot something

    because “criminals are mounting sophisticated and discreet attacks, employing ransomware, credential harvesting and social engineering”...

    ...and tinkering legislation, he should have added to the list.

  9. Headley_Grange Silver badge

    What about the children

    I think that the almost universal cries of horror about this subject from the tech sector puts us firmly in the "what about the children" camp and it's not helpful.

    I like encryption. My banking transactions are all encrypted. This is a good thing. But at any time the "government" can get details of the transactions with a suitable warrant because plain text records of the transactions are available somewhere. So, for most of the people (us) who are aghast at the concept of the government being able to "break" encryption, our most important data (banking stuff) is already available to the government while their less important information (whatsapp pictures of our dinner) is completely uncrackable.

    If we, the tech sector, keep up this clamour to give better protection to stupid pictures of our dinner than to our financial details without offering solutions that might actually work for both sides then we're going to look daft and the govs will get their back doors.

    Why are pictures of your dinner so much more important than your banking details that they need to be permanently encrypted everywhere for ever?

    1. Dan 55 Silver badge
      Stop

      Re: What about the children

      Bank details aren't encrypted at rest and neither are pictures of your dinner.

    2. Sir Runcible Spoon

      Re: "What about the children"

      I think you'll find it's the people wanting to ruin encryption that are claiming that particular strategic hill.

      We accept that our bank details are available (upon legal request and not just for trawling) to the relevant authorities because that is how the legislation is written. We don't object because we need those banking services to deal with the rest of the world.

      However, if I wanted to send saucy* pictures to my wife that is nobody else's business. Denying others access to my personal communications does not break any law, I believe I have certain rights in this area. I don't accept that anyone else has a right to see my personal communications.

      Let's get a little perspective on this. The world is a turbulent place, and many people die of unnatural causes every day, many of them at the hands of our very own governments. They are not interested in breaking encryption so they can pick up the odd terrorist or kiddie fiddler, they want it so they can monitor the communications of the entire population.

      There is only one reason to do that, and that is to prevent civil unrest as they claw more and more power into their grubby little hands. Make no mistake, encryption is out there and the bad guys are using it. No way you are going to stop them. 1. They won't care what the law says and 2. They probably aren't in your country anyhow so precisely how are you going to enforce any laws? More bombs?

      Preventing access to encryption for the masses is simply another facet of population control by the very very rich of the very very poor.

      *I like sauce on my dinner

      1. Anonymous Coward
        Anonymous Coward

        Re: "What about the children"

        "However, if I wanted to send saucy* pictures to my wife that is nobody else's business."

        Unless you belong to a religious body that demands you confess all your thoughts and actions - that are proscribed as "impure"*** by their social control dogma.

        ***Note that they don't ask how you have been kind or good in the same time period. They just want to trigger the shame reflex that imposes control in tribal groups.

        1. Sir Runcible Spoon
          Facepalm

          Re: "What about the children"

          Unless you belong to a religious body that demands you confess all your thoughts and actions - that are proscribed as "impure"*** by their social control dogma.

          FSM:All hail his noodly appendages!

          I'm going to hell('s kitchen) for applying the wrong sauce to my pasta dish!

          1. Anonymous Coward
            Anonymous Coward

            Re: "What about the children"

            "I'm going to hell('s kitchen) for applying the wrong sauce to my pasta dish!"

            If you are not ritually sacrificed (boiled to mush) first for choosing the wrong side of the religious divide Spaghetti (and all other blessed noodly forms) or Penne (and the other blasphemous "shapes") ?

    3. Anonymous Coward
      Anonymous Coward

      Re: What about the children

      "So, for most of the people (us) who are aghast at the concept of the government being able to "break" encryption, our most important data (banking stuff) is already available to the government while their less important information (whatsapp pictures of our dinner) is completely uncrackable."

      You seem to have missed the point.

      In many cases, people have more important information to protect than their bank balances... in some times and places that information can cost personal security, careers, children, marriages, social position, freedom, or lives.

      Such information includes family members and dependents, breaches of local or majority cultural mores, physical location, political affiliation, religion, sexual orientation, ideological beliefs, sexual preferences and fetishes, mental and physical health issues, who you are sleeping with, etc.

  10. corestore

    Good luck...

    ...getting the developers of - just for starters - Signal - to comply with Aussie law!

    Seriously, what are they going to do? Make mere possession of software such as Signal a criminal offence in Australia? Erect a Great Aussie Firewall on the internet to try to prevent people obtaining copies?

    They couldn't find their own arses if you gave them a flashlight and a map and let them use both hands *facepalm*

    1. Alister

      Re: Good luck...

      Seriously, what are they going to do? Make mere possession of software such as Signal a criminal offence in Australia?

      Yes, that's probably what they will want to do, just the same as the UK and the US and various other governments.

      UK and US have already made mutterings about banning use of Tor and Telegram, so what's one more to add to the list?

    2. Anonymous Coward
      Anonymous Coward

      Re: Good luck...

      Stripping the population at large of whatever they deem "dangerous toys" is what every government in the world does. They typically neglect to mention though that they define "dangerous" not as danger to you which they don't give two shits about (you're fully disposable) but (obviously) danger to their unchallenged rule and divine right to break your neck whenever they choose (they own you after all; say it out loud: "subject" - it's all you are to them).

      There's usually a gap between emergence of new tools and the point when they get outlawed, but the result is invariably the same. Encryption without key escrow will end up getting outlawed (for hoi polloi only, of course) everywhere around the world _more_ inevitably than the fabled heat death of the universe (or for a more tangible parallel: paying taxes). It's a future I will never ever accept but it's the one I know is coming nevertheless. Enjoy your toy while you still have it...

      1. Sir Runcible Spoon

        Re: Good luck...

        There's usually a gap between emergence of new tools and the point when they get outlawed, but the result is invariably the same. Encryption without key escrow will end up getting outlawed

        There is one problem with that policy, how the hell are they going to enforce it?

        If the answer is 'police' then it will simply advertise their intent to instigate a police state probably sooner than the (already warm) frog is prepared to accept. Just how are they going to identify encrypted traffic that doesn't have a key stored somewhere? To be able to do that, you would have to actually attempt to decrypt *everything* so that you know what's left doesn't have a key. That will probably require a datacenter and power supply equivalent to an entire city.

        I just don't see it happening in any practical sense.

      2. LucreLout

        Re: Good luck...

        Encryption without key escrow will end up getting outlawed

        Ok, so how will that get policed do you think? How exactly is it you expect to make a terrorist hand over their encryption keys into escrow?

        Yes, you will be able to legislate for main stream use such as WhatsApp, but they’ll just resort to their own side loaded messaging system. Or book codes. Or something else. What they won’t do is forget they’ve given you the decryption keys and chatter away about planned operations allowing you to repeatedly foil them, while never cottoning on to how you’re doing it.

  11. wolfetone Silver badge

    It's been said that the Austrailians have that accent due to all the convicts going there being completely drunk all the time.

    It looks like some of the decendents are still drunk though.

    1. DeKrow

      Only the ones running the country...

    2. Anonymous Coward
      Anonymous Coward

      It is one of our quaint traditions – leaving politics to the criminally stupid and avaricious. Unfortunately, the yanks have also adopted this.

  12. Milton

    Stand up and speak

    As the article repeats, well-known real security/crypto experts have thrown their hat in the ring already and asked the obvious question: who are the people telling gullible, stupid politicians and security service empire-builders that π can be legislated as 3.00? Because 'Good-Guys-Only Backdoors' in modern encryption are as mathematically bonkers as that. A solid proportion of Reg readers and other technologists also know this. And any purported GGOB, quite apart from breaking the security of the encryption, will leak. This always happens. Even NSA couldn't keep its own secrets.

    So, who are they? Who are you, posing as knowledgeable or expert in encryption, telling fools a bunch magical BS that they want to hear? Why are you doing it? Are you actually just ignorant? Or dishonest? Telling lies to power because you think you'll get a bigger budget? A promotion to Chief Cretin?

    There's a facililty on this site to post anonymously. If you want to hide behind anonymity so you can't be named and shamed, fine: post your Brilliant Wheeze here, anon. Explain how a GGOB can be made to work while protecting trillions of currently secure transactions in banking, medicine, commerce, government, military, personal and wherever else legitimate privacy needs exist. (Don't even think of bringing up security-thru-obscurity.)

    Go on: explain how you can legislate π = 3.00.

    For 10 bonus points, explain how you'll prevent the world's top million coders from implementing any of the dozens of available excellent encryption algorithms in whatever language they please in whatever app/lication they please on whatever devices they please distributed by whatever means they please to as many billions of people as they please: every single one of whom would then be able to encrypt anything they like, communicating with whomever they like, with nary a backdoor in sight.

    For another 10 points (c'mon, you're on a roll), explain how, even if you could prevent the exchange of suspected encrypted data (e.g. by identifying and blocking selected randomised data streams), you will prevent the use of steganography in one, or two, or a mere 10 million of the 2,000,000,000 photos uploaded via the internet every single day. Two billion photos. At a modest 10k per photo that would be at least 20Tb. Noisy, dirty, resized, distorted, recoloured, filtered, animated, processed to a fare-thee-well. Even if only 1:10,000 photos contained a steg'd message, at an incredibly subtle 1;10,000 hidden data rate, that's still 200k of (let's say) terrorist atrocity planning you will never, ever even know where to look for much less decrypt.

    So, I say again, c'mon, step up. We think you're either stupid, or a liar, or both. Prove it. Prove π = 3.00.

    Two billion photos. Then there's several million videos, even more deliciously rich for steganography, and crummy animojis, millions of soundtracks, songs, snippets, voicemails ... are you starting to understand? At all? The genie has left the bottle. It ain't going back in, not for anyone.

    1. Anonymous Coward
      Anonymous Coward

      Re: Stand up and speak

      " If you want to hide behind anonymity so you can't be named and shamed, [...]"

      El Reg knows and remembers. They store all the comments against the originator's pseudonym - and presumably a validated email address and browser accesses.

      There is a difference between public anonymity and not being able to be traced through connections.

    2. 's water music
      Trollface

      Re: Stand up and speak

      how a GGOB can be made to work

      It's a variation on the underpants gnomes model:

      1 sign huge public sector contract to provide GGOB services

      2 Profit

      3 ???

      ...while protecting trillions of currently secure transactions in banking, medicine, commerce, government, military, personal and wherever else legitimate privacy needs exist. (Don't even think of bringing up security-thru-obscurity.)

      Wait wat? I stopped listening after 2

      For 10 bonus points, explain how ...

      For what, do I need bonus points at this stage?

  13. Winkypop Silver badge
    Devil

    Dutton

    Mr Potato Head say what?

    https://goo.gl/images/FVwyVS

  14. Anonymous Coward
    Anonymous Coward

    Good thing I wrote my own encryption algorithm!

    https://github.com/Jigsy1/JCC

    1. Anonymous Coward
      Anonymous Coward

      Let me guess?

      When you call "random" it returns 4?

      1. Anonymous Coward
        Anonymous Coward

        Re: Let me guess?

        Elucidate.

  15. Aladdin Sane
    Flame

    I have a fix for the problem.

    It involves politicians and a very pointy stick.

  16. simonb_london

    The government know that encryption is unnecessary

    After all, their business interests and other conflicts of interest are in the public domain and we still go and vote for them. This proves that secrecy is not necessary.

  17. Christoph

    "we should hold these companies responsible when their service is used to plan or facilitate unlawful activity

    Sure. As long as you also hold the post responsible for the contents of all letters, the phone company responsible for the content of all phone calls, publicans responsible for all conversations in their pubs, etc. etc. etc.

    1. Graham Cobb Silver badge

      It is important that we hold their chosen electricity company responsible when they use electric lights to plan unlawful activity.

      As for the manufacturers of the vans used to deliberately run people down -- they are obviously accessories to the crime.

  18. Christoph

    "they will soon expect their access to the online world to be clean and free from bugs and threats, in particular in relation to the online safety of their children”.

    We are going to bring in draconian laws, and if anybody objects we will scream "But think of the Children!"

  19. Crisp

    There needs to be a measure of transparency here

    If a service I'm using has its encryption compromised, then as a consumer I have a right to know.

  20. JimmyPage Silver badge
    Stop

    Sigh ... Oranges are not the only fruit.

    And communications aren't identical.

    Did anyone catch the R4 brief documentary on "number stations" ? (Wiki it). A perfect unbreakable non-digital communication system where you have no idea where - or who the recipients are.

    Meanwhile, back on USENET, bad actors might - even as I type - be breaking up encrypted messages, posting them in binary newsgroups where only those that know where and what to look for can find them.

    Elsewhere, there's a webcam pointing at a stretch of road. Did anyone notice the curtains in one of teh flats being open sometimes, closed at others ? Basic morse code to the watchers in Russia ?

    My concern over the fascination the powers that be have with digital encryption is that it gives the impression that 99% of baddies use it, and we can ignore anything else. With the obvious point that you only ever know about faulty implementations anyway. A truely perfect system is not only unbreakable. It's also undetectable.

    Did you *really* think there was that much of an appetite for cat videos ? Of course not. Did you know that no two cat videos - even with the same filename - are identical ? (I made that up, but the idea that GCHQ now have to go through every single cat video on the internet and hash it just in case amuses me ....)

    1. -tim

      Re: Sigh ... Oranges are not the only fruit.

      USENET already has lots of encrypted data flowing around. At least as long as it last as there are now only 647 usenet servers listed in the "top 1000".

      Decades ago I needed to reduce bandwidth so I wrote a program that would take images and drop them to 6 bit gray at about 100x100 and then checksum that to see if it had recently been seen. There were a bunch of images that reduced to the same checksum but had different checksums on the original images. On group of them had single color borders about 20 pixels thick but the encoding of the image wasn't typical of "make the next 1000 pixels light blue" but was more like "5 pixels of light blue", "2 pixels of the same light blue" and so on so somehow someone was encoding data into those images or they had the worst image encoding library ever.

      1. Sir Runcible Spoon

        Re: Sigh ... Oranges are not the only fruit.

        @-tim

        Sounds like a security paper waiting to be written if you ask me.

  21. Anonymous Coward
    IT Angle

    Plain text?

    Just post everything in plantext. Have a "post all in plaintext day". Force it for everyone. Rich or poor. Criminal or innocent. High ranked or dirt of the earth.

    Or should we instead have one rule for some people, a different one for others?

  22. Anonymous Coward
    Anonymous Coward

    New Legislation.

    Has been proposed that it is illegal for rain to fall on Tuesdays.

    To correct for this, whenever it rains, the day shall be changed to Saturday.

  23. captain_solo

    I tire of the faulty comparison to tapping phone lines.

    the government still has exactly the same legal access to internet comms that they had to phone comms. They never had a legal authority over the plaintext meaning of phone calls, just access to the datastream.

    Asking for a key/backdoor/magicunicornfartdust to decrypt the content would be like them having the capability to force a criminal using a phone to explain his coded message or provide them his one time pad for example - in other words, a capability that today they don't have and is a protected right of the communicating parties to not incriminate themselves by refusing to explain what a code means or give the investigators a key.

    Not to mention the fact that the governments have proven untrustworthy when it comes to securing and properly protecting the legal rights of citizens when it comes to things like National Security Letters, Attorney General Waivers, FISA applications, and all the other non-warrant access methods they have adopted, misused, and refused to protect with systems that would deliver their so-called "legitimate" access and not allow either hackers or rogue employees to use it for nefarious purposes.

    OTOH, if they were trying to push the market in the direction of end to end encryption and services refusing to hold keys for their customers or hold the liability of having access to their customers' data, they are doing a bang up job.

  24. Anonymous Coward
    Anonymous Coward

    Idiots.....

    Next time a politician talks about backdooring encryption they should have their bank account details tattooed to their forehead....

  25. Xenobyte
    Holmes

    Here's a novel idea - do police work the old-fashioned way

    Instead of expecting shortcuts through technology, do the work the classic way.

    After all, it's not bits stealing from bits or killing bits, it's people using technology to steal etc. from other people. Watch the people (with proper warrants of course) and detect the crime there in the real world, just like in the old days. You would be surprised how much people actually talk about the stuff they did online.

  26. herman

    Comply without complying

    Yes, sure your honour, I'll decrypt it. You may be lucky and have the plain text tomorrow, or it may take a while...

    1. Anonymous Coward
      Anonymous Coward

      Re: Theoretically

      Every cipher can also be valid and decrypted into any message using an alternate decryption algorithm.

  27. mark l 2 Silver badge

    No matter whether you believe end to end encryption to be a good thing or a bad thing its too late to put the cat back in the bag now and say that the government can have a backdoor.

    All this will do is allow the government to spy on innocent people or stupid criminals. Terrorist, criminals who really want there messages to stay encrypted will just switch to using software that has no backdoor.

  28. Colin Tree

    far queue

    Peter Dutton, thick as a copper, not a nice person.

    Watching him on Press Club was disturbing, he really believes himself.

    Go and join the far queue.

    Luckily free, open source should keep us safe and secure.

    Hoping our future online access will be Dutton free.

  29. TReko

    An excellent summary of the whole thing

    a political cartoon:

    https://www.fairfaxstatic.com.au/content/dam/images/h/0/u/9/p/u/image.related.articleLeadwide.620x349.h0tjj1.png/1517827695178.jpg

  30. Anonymous Coward
    Anonymous Coward

    The sooner they do this the better.

    Australia can then become an example of why it is a really stupid thing to do for the remaining 194 countries on the planet.

    Someone's got to be first.

    Go Australia!

    1. Anonymous Coward
      Anonymous Coward

      Re: The sooner they do this the better.

      The only question is whether it will be Australia or Canada will blaze the trail.

      I would include the UK, but although she would no doubt love to be first, our idiot "great leader" currently has other things on her mind.

  31. Anonymous Coward
    Anonymous Coward

    The thing that gets me most is that the poms trust their govt, what is wrong with them? No one else in the world does. Except for the norks

  32. -tim
    Facepalm

    Clipper chip sails again

    Yet another attempt at the Clipper Chip nonsense.

    I've been tempted to come up with the "King James Bible Encryption" and hack it into openssl. It would use AES but split the encrypted data stream into 14 bit chunks and then looks up a Bible verse and sends that along. So if AES would produce binary 0000 0000 0000 00, the packet would contain "In the beginning God created the heaven and the earth." That will let the lawyers argue religious freedom vs bad laws about mathematics.

  33. Zero Sum

    Can Aussies refuse to incriminate themselves?

    "a protected right of the communicating parties to not incriminate themselves by refusing to explain what a code means or give the investigators a key."

    I'm not sure if Australians have the right to refuse to incriminate themselves. They don't have the same level of freedom as the USA.

    I think it would be an offence to refuse to provide a password to an encrypted disk, for example.

    Can anyone clarify this?

    1. Anonymous Coward
      Anonymous Coward

      Re: Can Aussies refuse to incriminate themselves?

      No, the judge can direct the witness to answer the question. Refusing to answer a question is considered to be "Contempt of Court", which can not be appealed. Also the sentence is at the discretion of the judge.

  34. Anonymous Coward
    Anonymous Coward

    [Insert Post Title Here - refer to List 2, section 3]

    [Copy and paste the following text into the social media comment forums. Don't forget to remove this section.]

    As a citizen of [insert random country name from List 8 - European section on page 2. Again, remove these instructions] that values my freedom and my security, I feel that we should trust our elected officials to provide excellent leadership on these complex topics.

  35. Anonymous Coward
    Anonymous Coward

    Trust our leaders

    As a citizen of Englandthat values my freedom and my security, I feel that we should trust our elected officials to provide excellent leadership on these complex topics.

    1. Anonymous Coward
      Anonymous Coward

      Re: Trust our leaders

      Of where?

      You might think you live in England, but try finding it in any political discussion these days.

      Scotland is Scotland

      Wales is Wales

      Ireland is (Republic of Ireland/Northern Ireland)

      England is Britain/UK

    2. Anonymous Coward
      Anonymous Coward

      Re: Trust our leaders

      You are not a citizen, you are a subject (i.e. a chattel) of the crown. The cold beast of the state presumes that it has the right to do what it wants to you, your body and your children. How does that accord with notions of freedom and security?

  36. Anonymous Coward
    Anonymous Coward

    Our leaders know best

    As a citizen ofSpain that values my freedom and my security, I feel that we should trust our elected officials to provide excellent leadership on these complex topics.

  37. Anonymous Coward
    Anonymous Coward

    Comedy Alert

    (Re. Above posts.)

    I expect we'll be seeing more of that sort of nonsense in the future.

  38. Anonymous Coward
    Anonymous Coward

    Just the usual disconnect with reality that afflicts the political class. Let them do this, some cryptographers could get sinecures out this.

  39. polanve

    Falsely implies Independence

    Please. Australia is a totally owned subsidiary of the US. It can't choose to join. It simply obeys to avoid punishment.

  40. Anonymous Coward
    Paris Hilton

    Who needs encryption

    When people go for payday loan and the like they are required to give their passwords to the company so they can look to see if they have Centerlink or money in their bank account - so much for encryption.

    It only takes three data sources to identify you from anonymized health data

    Customs and immigration among others can go thru your phone to check your intentions,

    By using SS7 people can spy on your phone, they just wait until you open it to do something or it connects to the internet to plant a socket on it - it's remote so no need to open it.

    Australia saves your metadata for two years, but you know that.

    Got a proxy or a mail account in the US, well they're not obliged to you the same way they are to their citizens.

    Well you do,....

    ....to protect yourself from your spouse, when you flirt with your work colleague, keep your real bank balance secret from your spouse and kids. Hide the fact you had a STD check up, To stop your work colleagues planting porn on your device or your boss seeing that you went for a job interview with an opposing company........

    It you want privacy just use some lame old Zip or Pdf Password, that'll make them waste time to see your letter to grandma.

    P.S. and don't tell Dutton about quantum computers he'll mess himself.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon