back to article Oz government rushes its anti-crypto legislation into parliament

The Australian government has rushed forward its proposed anti-encryption legislation, a mere week after a public consultation into the rules closed. A Federal Coalition party meeting yesterday cleared the bill to be introduced into parliament, giving the strong impression the government hopes to push the draft law onto the …

  1. Anonymous Coward
    Anonymous Coward

    So 15,000 submissions. A week to deal with them. That's what, 8-10 seconds per submission to evaluate and consider it. Nice work.

    Who says government isn't efficient?!?

    1. Anonymous Coward
      Anonymous Coward

      It's almost like they didn't bother to read them. :-)

    2. Flywheel

      Maybe they're using a secret Oz AI system to read them - that speed is about right.

  2. Mayday
    Stop

    I had to read this twice

    "This is the same draft law that was floated earlier this year, before a change in prime minister gummed up the works"

    I thought it said the same "daft law".

    1. Adam 1

      Re: I had to read this twice

      Shouldn't it be daft law?

      1. MiguelC Silver badge

        Shouldn't it be daft law?

        It is daft.

        And it should not be a law.

  3. Adam 1

    Dear el Reg,

    Please name names after the vote. No-one can possibly argue that a week is sufficient to consider the far reaching implications of this potential law. So some of our (supposed) representatives are being negligent in their duties if they wave it through. This is a hard area of law. But that means a large effort is needed to be on top of the many consequences. My ballot paper sometime between now and May wants to take it into account.

  4. VikiAi
    Megaphone

    Quick! We have to take away people's rights before they have time to vote us out for trying to take away their rights!

    21st century democracy is best democracy!

    1. Doctor Syntax Silver badge

      "We have to take away people's rights before they have time to vote us out for trying to take away their rights!"

      You can always vote them out for having done it.

      1. VikiAi
        Unhappy

        Me personally? I wish I had that much power! (Or maybe not!!).

        Of course once the rights are gone, finding anyone at all in modern politics interested in reinstating them ... well ... sincere best of luck!

    2. DeKrow
      Coat

      21st Century Australian Democracy

      Is summed up best in this article and all that it reveals:

      http://www.abc.net.au/news/2018-09-18/liberal-leadership-spill-rupert-murdoch-kerry-stokes-influence/10262552

      Mine's the one with the interplanetary passport.

  5. Winkypop Silver badge
    Facepalm

    They know not what they do

    See title

    1. Anonymous Coward
      Anonymous Coward

      Re: They know not what they do

      I seriously believe that they know exactly what they are doing. It's beyond belief that they, especially with the intelligence agencies, are totally unaware of what's been put forth to date from the crypto and internet engineers.

      The pin-drop I'm waiting for is all the 5EYES adopting this as well.

      1. Doctor Syntax Silver badge

        Re: They know not what they do

        "I seriously believe that they know exactly what they are doing."

        It depends on who "they" is. Intelligence agencies do but do you seriously think the average politician knows the implications?

        1. Dr Dan Holdsworth

          Re: They know not what they do

          I rather think that the intelligence agencies were hoping to be gifted with a slightly better way of planting sniffers onto internet backbones and into ISPs, and therefore asked for moon-onna-stick in the belief that the politicians would water down any proposal to more or less what was wanted.

          Unfortunately nobody ever thought that the politicians were stupid enough to try to defy the laws of physics and mathematics, and demand back doors in encryption.

      2. Gonzo wizard

        Re: They know not what they do

        "The pin-drop I'm waiting for is all the 5EYES adopting this as well." - Thin end of an intentional wedge, anyone?

      3. JassMan
        Holmes

        Re: They know not what they do @Jack of Shadows

        Totally agree. This is the real reason T.May is pushing so hard to leave the EU. The GDPR being an EU invention, is what has been stopping her from having her dreams of a super-RIPA. It all makes the Bodyguard on BBC all the more chilling.

    2. stribble

      Re: They know not what they do

      Politicians for you...

      Fiddling with things they don't understand, normally for their own ends but disguised as 'in the name of the greater good', and the ones that suffer are the innocent public.

      I imagine the main outcomes will be vendors dropping their apps rather than complying, a steeper rise in cyber crime and officials abusing their power.

      None of which is good for the average Joe or Joanne. The world is watching...

  6. Anonymous Coward
    Anonymous Coward

    Interesting take on the legislation

    One of the most contentious aspects of the bill, as it currently stands, is that it allows law enforcement to ask communication service providers to give investigators access to unencrypted messages under an escalating set of notices, from voluntary compliance all the way up to a court order.

    No doubt they will try to use it to force subversion of encryption, but I would take a court order forcing a company to produce unencrypted communications as meaning "provide the data without any encryption you have added". You obviously cannot produce the message absent the encryption someone else placed upon it any more than the security services can.

    This summarises what happens when a fucking idiot meets an immovable object.

    1. caffeine addict

      Re: Interesting take on the legislation

      There's only one possible safe option. Refuse to serve any web traffic from Australia, and refuse to accept any encrypted data from Australia.

      1. Dr Dan Holdsworth

        Re: Interesting take on the legislation

        This already happened once. Australia decided to get tough on internet gambling, so the various firms supplying this need to Australians simply off-shored their servers to south-east Asia, frequently with only very minimal downtime, and carried on as before.

        Australia lost the hosting profits and the taxes that the gambling site operators paid, but did not otherwise impede business in the slightest.

      2. onefang

        Re: Interesting take on the legislation

        "There's only one possible safe option. Refuse to serve any web traffic from Australia,"

        As an Aussie, there's several reasons why long ago I decided that putting my server in Europe was a good idea.

  7. FozzyBear
    Unhappy

    Is there anywhere in the world where I can move where I can enjoy a sliver of privacy. Anywhere, ?

    Fuck

    1. VikiAi
      Unhappy

      Nowhere English-speaking, certainly. I've checked.

      1. Rich 11

        That's actually an advantage. If people can't understand you, you have a little more privacy.

    2. John G Imrie

      Antarctica?

  8. Potemkine! Silver badge

    Translation

    "there is simply no way the government has had time to consider all of those responses in their decision to endorse the bill this morning" = "we don't give a fuck about what people think and we'll screw them anyway"

  9. Anonymous Coward
    Anonymous Coward

    Ah.... Democracy in action huh?

  10. mark l 2 Silver badge

    Once a backdoor is put in to a messaging service even if it is just for Aussie residents it breaks the security for everyone, even those outside of Australia who uses that messaging service. As how are you to know that the person your communicating with isn't using an Australian backdoored version of the messaging app etc?

    The only safe option will be to wait and see if any company decides to publicly announce they are going to block their service in Australia over the new laws, so you know that your privacy isn't going to be compromised to please the Australian government.

    1. Nick Kew

      That's not quite true: companies have a history of producing country-specific versions of products. So you'd just want to avoid the Oz version - and indeed they'd do their best to prevent you getting the Oz version from outside Oz.

      The more relevant question is how much you trust the company itself. Has it inserted an NSA backdoor in return for not being given the Kaspersky treatment?

    2. Tom 35

      Do they have to block service in Australia

      If it's a free service I would think just have a check box "Are you in Australia [ ]" If you check it, OK, Bye.

      If you lie and say you don't live in Australia, well not my fault.

      This reminds be of the days of 40 bit international versions of browsers with the download page for the better US version where you swear not to give it to China or other "bad" countries. That worked great.

      1. VikiAi
        Mushroom

        Re: Do they have to block service in Australia

        Well, if the geoblock international versions from Aust, they can even legitimately charge the usual 400% (hell, why not go 1600%!) great-aussie-rort mark-up, claiming (possibly even validly) the extra costs of maintaining the extra code.

  11. Anonymous Coward
    Anonymous Coward

    Quote: "....ask communication service providers to give investigators access to unencrypted messages..."

    I wonder what El Reg would do when a demand comes from Australia to provide the "unencrypted message" associated with this:

    679432C7755BADC6B62573C28639902B91808D83

    18D2448E1C2CA6971B0D6A1632C8394F5E72631C

    455795E7A65958A122E50F7AA4C7DB5FDC023636

    068F54BE6738E80670524FEA85DDE144D9F6FB44

    572B41F50910DC82EBF71BA9571A605DA236A21C

    41D7E425136643B0C927300304F6F31BDE9551A7

    54B4C4C9E63E43F31D194417211D94333014F929

    02545462C834020691955F4A670B0139F8229B90

    2B86B4DB1F65F5148D9828E3943E3072D3C13DCB

    48B555D20C364D6463B847147644F606C480F08D

    48020287CF379B167B8B101490E0C525FF73E185

    2F8AF201614CBC35989023B760B25F1A31A520E8

    346C0

    1. Charles 9

      Or even better, a gig or so of pure random data purported to be an encrypted drive image full of kiddie porn (which is impossible to decrypt because it never was encrypted content to begin with).

    2. Adam 1

      Ok, we've just run this through our Enigma.io system. It says

      {"messages":[

      {"text":"Can we have another go at repealing 18C?"},

      {"text":"QUOTA'S BAD!!1!! Hurumph"},

      {"text":"Right, so our new energy plan is to ban wind and just burn non-Adani coal, then subsidise it so it's no more expensive than solar. Sounds good to me. Can someone just run it past Alan?"},{"text":"Got half a billion here to spend on the reef. Anyone know a small charity stacked with petrochemical board members we can grant it to?"},

      {"text":"Hey man, know it's a Sunday, but need to call in a favour about my au pair."},

      {"text":"Don't worry mate, you've got my full support."}

      ]}

      Crazy talk there, glad we could help. Some folk are really messed up. I can't imagine how I'd sleep if someone sent me the last one.

  12. johnrobyclayton

    I have been thinking

    Elected governments can only promote legislation that can be understood by, and desired by the voters.

    There are plenty of technical people that know and understand the futility of effectively controlling decent encryption technologies.

    But there a lot more people that do not understand the impossibility.

    Therefore elected governments have to say silly things like the law of the land overrules the laws of mathematics even though that is cringe worthy.

    What is needed is a description and demonstration of a secure communication infrastructure that is as impossible for any governments to effectively control as possible. This needs to be as simple in the individual operational elements as possible. There may be a lot of operational elements but if each piece is simple enough then a lot more people will be able to understand it.

    I have been writing up something to do this as a hobby for the last couple of years.

    Its a bit of a read and is a work in progress but I think that there is enough for sharing.

    I have been using a github wiki for this:

    https://github.com/johnrobyclayton/SecureCommunicationsInfrastructure/wiki

  13. Sixtysix
    FAIL

    Politicians are not sufficiently educated to know they are being stupid

    Crypto needs math literacy to understand. SERIOUS math. Not high/grade school, but University Major type math.

    Without that background, (assumption - probably safe) politicians have to rely on "experts" to advise them, and they get to not only pick the experts who may not have the required math (assumption - reasonably safe), but the politicians will keep asking until they find an expert who supports what they want to hear (assumption - proven).

    So there's no way to tell them it's impossible that they will listen to - they think those that are telling them "Not possible" are either i) hiding something, ii) have vested interests, iii) are being paid by the opposition, iv) are terrorists and shouldn't be listened to anyway as that's who they want to spy on...

    1. Pascal Monett Silver badge

      Re: Politicians are not sufficiently educated to know they are being stupid

      Agreed on all counts except one : they don't want to spy on terrorists - that's just the convenient excuse they use to be able to spy on everyone.

  14. Anonymous Coward
    Anonymous Coward

    one for the criminals, one for the plebs

    If I was a criminal, I would make damn sure my encryption is 100% (or as near as) gov-proof. If I were one of the plebs though... shrug.

    End result: criminals keep walking (free) while plebs on the other hand... shrug.

    But hey, THINK OF THE CHILDREN!!! AND TERRORISTS!!!! AND RUSKIES!!! AND ELECTIONS!!!!

  15. steve 124

    cryption? Nah, mate, don't need it... I've got a Donk!

    I was wondering what Yahoo Serious did after acting... apparently he's drafting new legislature.

    You Aussies let us Yanks know how that works out for ya!

    Just make sure the bank that the PM uses has that nasty little peephole punched in it's encryption too. We wouldn't want any government officials being left out on the brave new world they are trying to create.

    Some country is about to get pwned.

    1. DeKrow

      Re: cryption? Nah, mate, don't need it... I've got a Donk!

      The fact that Australia was chosen as the the first country of the 5-eyes to try and implement this, means that Australia is already pwned.

  16. earl grey
    Facepalm

    what can possibly go wrong?

    I know; I know....everything. again. still. as someone once famously said: "YOU DUMBASS"

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like