# Australia’s anti-encryption bill forces companies to supply user’s communications data



## Deleted User (Jan 21, 2019)

Everything I say below is on the assumption that I’ve read the article properly.

So pretty much there’s a new law in Australia that forces tech companies to provide law enforcement agencies with the decrypted contents of communications or face a fine of up to $7.3 million. They can also force tech companies to modify their products and infrastructure in a way which allows them to comply with requests for communications data, including building backdoors.

For the time being I’m going to withhold my opinion on this matter because I don’t want my opinion to influence the comments.

Source: https://www.engadget.com/2018/12/07/australia-access-assistance-bill-now-a-law/


----------



## Bladexdsl (Jan 21, 2019)

this place is returning more and more back to the prison camp it started as every damn month.


----------



## InsaneNutter (Jan 21, 2019)

It honestly does set a dangerous precedent. Even if you have nothing to hide it doesn't make it right to have back doors in to your encrypted data, it will be abused.

Just look at the less stable / more corrupt countries in the world and think "do I want people in power intercepting my communications at any time?"

The UK government also has a vendetta against end to end encryption, we also have stuff like the Investigatory Powers Act 2016 which in theory allows the Food Standards Agency access to my browsing history and communication data...

I don't believe stuff like this has the best intentions of the average person in mind, it's just taking many countries a little bit closer to been a total surveillance state.


----------



## Ericthegreat (Jan 21, 2019)

Truely, no one wants to watch most of us... But anyway, tech companies will love it in all reality, then can pretty much name their price for creating the backdoor im guessing? Probably goes on military spending? They probably dont even gotta reveal how much they paid.


----------



## eyeliner (Jan 21, 2019)

Despite the data being encripted, law enforcement agencies can/must/should be provided with the means to decrypt it or already decrypted?

I don't see how can that be so nefarious to most of us, unless we communicate continuously through encrypted networks and plan on bombing the senate and slap a nuke in Trump's bedroom (let Melania live, though).

I'll still watch my daily dosage of porn and pirate here and there.


----------



## FAST6191 (Jan 21, 2019)

So it seems Australia continues to be a wet dream/"you can't get stupid law through in your country, hold my beer" for other places without freedom on the mind.

Taking bets on when said backdoors will first start to get blown wide open.


----------



## notimp (Jan 21, 2019)

Old news in china. 



eyeliner said:


> Despite the data being encripted, law enforcement agencies can/must/should be provided with the means to decrypt it or already decrypted?
> 
> I don't see how can that be so nefarious to most of us, unless we communicate continuously through encrypted networks and plan on bombing the senate and slap a nuke in Trump's bedroom (let Melania live, though).


First, you are constantly communicating through encrypted networks.

Whatsapp (non group chat) is/was ( ) encrypted previously - but more with 'transport style encryption' (whatsapp has all keys). Now Australia has basically the right to keyword search through everything thats there.

Previous attempts included going to services like whatsapp with a judge order in individual cases.

"Doesnt matter - .."

Until it does. More people having general database access to "all the messaging services" means, that the propensity for abuse rises. (Individual, targeted level.) Also - if the data is there - predictive modeling on "what to look for" isnt far removed - so as a result you get predictive policing as well.

And with that comes "potentially being stuck" in certain watched over scenarios because of a friends friend. And you can easily plot "networks" of people.

Also - there was a legal principle  once called privacy of correspondence, but we dont need that anymore - right? Right. 

And of course - all forms of private/secure messaging will be outlawed. Next step: Deep packet inspection filters to keep Telegram (App) out.


----------



## Deleted User (Jan 22, 2019)

This is the way I see it

If a law enforcement agency has a logical reason to suspect that a person or group of people are up to some very serious shit then I support the act of supplying an unencrypted copy of their communications data to relevant authorities. If there is a terror attack in Australia the public and media will go blaming law enforcement agencies, not privacy laws. If someone is planning a murder then by all means supply authorities with the relevant information; if Fat Tony is making big bucks with his motor theft racket or counterfeit designer clothes ring then police should use more ethical means to deal with him. The problem with the laws introduced here is that they are not restrictive enough, giving too much power to authorities.

Here's a list of crimes I think justify a breach of privacy

- Terrorism
- Murder
- Rape
- Child pornography
- Child abuse
- Drug manufacture and dealing
- Fraud of over $100,000 AUD

I was going to say that lacking virtually unlimited resources the government can't track everyone even if the law allows them to do so, but with AI quickly becoming a thing soon they actually will be able to track everyone at very little cost.


----------



## FAST6191 (Jan 22, 2019)

Depends what you mean by breaching privacy.

If they can convince a judge to issue them a warrant so be it. Merely police suspicion... no thanks.

Also why include rape in there but not serious assault/(Reckless)Grievous Bodily Harm?


----------



## CallmeBerto (Jan 22, 2019)

@leafeon34  - I don't totally disagree with what you are saying as VPNs, dark web, encryption etc all have been used to do some shady stuff. However, and I think FAST touched on this a bit, this just sounds like a slippery slope. How much privacy are you willing to give up for protection? (backdoors basically mean you have no privacy in my eyes) How much power do you want to give a government that has a proven track record of taking a mile every single time? I think these are very important questions that need to be asked.


----------



## Deleted User (Jan 31, 2019)

I did a bit more research here and found that these laws apply to any crime which carries a maximum sentence of three or more years in jail. An article I found shortly afterwards mirrors my thoughts pretty closely.



> Terrorists, paedophiles and organised criminals are the targets of the legislation, according to (current) Prime Minister Scott Morrison.





> Government agencies can use these new powers when investigating any crime that carries a penalty of 3+ years’ jail. In reality, that means that a broad range of offences—not just serious crimes—are covered.


I think that in this case terrorism and other serious crimes are being used an excuse to give authorities the power to view encrypted messages at their convenience.

Source: https://www.console.com.au/blog/australias-new-decryption-legislation-what-everyone-should-know/



CallmeBerto said:


> How much privacy are you willing to give up for protection? (backdoors basically mean you have no privacy in my eyes)


The power for authorities to create mandatory backdoors counts as "too much power".


----------



## the_randomizer (Jan 31, 2019)

Yay for more government intrusion bullshit, just like here.  It'd be so cathartic to encrypt a message for authorities that say "piss up a rope"


----------



## notimp (Feb 1, 2019)

leafeon34 said:


> I did a bit more research here and found that these laws apply to any crime which carries a maximum sentence of three or more years in jail. An article I found shortly afterwards mirrors my thoughts pretty closely.
> 
> 
> 
> ...


Set in a law lecture once, where this was discussed. This is exactly what you usually have separation of power for. On an individual case basis it might very well be warranted to impede on peoples right to privacy (think sending closed envelopes, instead of postcards) but if you do - in the past there usually were checks in place that there had to be a formal official legal request, and another person from another branch (judiciary) had to look over them on an individual basis and grant you the right as an 'exemption'.

There is still much leaning on this principal (not sure how its used in the australian case we see).

Of course this wasn't ever the case in regimes with a higher emphasis on police action, or when state security is considered to be affected - but in every other case - in a democracy, this was it.

If you do away with the "four eyes" principal and grant blanket surveillance rights, that changes a lot. Like - an entire judicial tradition.

That would not be just slippery slope, thats actually a sea change.

The only potential argument to do this with blanket rights granted, is to be able to run predictive algorithms against the data collected to make a new kind of police work possible. Thats not only a theoretical argument, its actually the way the US argued for doing the stuff Snowden is now in russia for leaking.

Every other form of policework, could be done with less impact on constitutional/universal human rights.

Now there is a thing to be said about about "feasibility" of use.

For example. If encryption (think telegram) becomes the norm - its actually "too good" to circumvent it easily.

What the police would have to do is to target the individual, and backdoor their smartphone (which apple might have a thing to say against...  ) otherwise, they dont get the communication excerpts.
So there is no "intercepting letters in post" process anymore.

But on the other side - look what they are gaining. Location tracking, people giving out social profiles for free on facebook (or posting pictures with the loot from there recent robbery, or *win* images with geolocation), many more unique identifiers (harder to go dark), and for the most part - a public that still uses message services, where the provider has all the encryption keys - so they could go to them and ask them nicely.

Also they can still use covert operatives, and what not - I'm no expert on this stuff.

So what do they actually need access to all peoples conversations for - in a blanket fashion?

1. Predictive work (the algorithm stuff), 2. To make their lives easier.

Now that proposes two questions.

Do you need 1.? Answer: No. (US was widely criticized for implementing it post 9/11 (300 people dead vs. surveillance of the worlds internet traffic?))

Do you need it because of 2? Answer: No - policework already has become a lot easier, without their ability to read everyones conversations.

So what they may have lost (access at the 'in post' level) they already have gained manyfold through other forms of being able to aquire peoples personal data.

Slippery slope can already be argued on the "4 eyes" principle, if the data exists in a vendors (think gmail) warehouse. Because of a tendency to "rubberstamp" rights to grant access on a judicial level. And because in the US's case individual requests skyrocketed (think 1000x) in the recent years, because - using digital requests made it so easy. 

And show me one criminal, who goes by this principal ( https://cldc.org/protonmail/ ), doesnt use whatsapp, or gmail, changes phones (imei) for everything they do, has perfect opsec and isnt in a group small enough that you could go with targeted surveillance to catch whatever hes doing.

So the real argument is for predicitve policing, and thats where this is heading.

Also - yes, there is a need for privacy for stuff like political activism, journalism, and so on... (see link above (site not veted by me, but seems to lean heavily into that direction)).

Fun talk to listen to in regards to some of these concepts from this years Chaos Communication Congress is:





leafeon34 said:


> The power for authorities to create mandatory backdoors counts as "too much power".


The thing here is, that everyone wants what china's got.  In a very real sense actually. Also - the better backdoors are security bugs (backdoor + "we didn't mean to"  ) And we are currently in a discussion about this being potentially harmful in the US as well (China = manufacturer of the world > Huawei (state sponsored) being allowed to sell you all your 5G equipment. (Its allowed to in europe.))


----------



## Subtle Demise (Feb 1, 2019)

leafeon34 said:


> Drug manufacture and dealing


I'm curious why you consider this to be as bad of a crime as rape, murder, and terrorism? I don't think it should be a crime at all. If anything, it should be taxed, licensed, and regulated for safety and purity standards.

As for Australia, that's what giving up your guns gets you. At least our NSA was trying to hide its spying until Snowden spilled the beans. They also tried to coerce companies to give them backdoors, but thankfully they got laughed out of the room (could it be because corporate lobbyists pay the government's salary? I guess that does have some perks once in a while). The problem is, assuming these tech companies comply with Australian law, nothing is stopping US authorities from using those same backdoors against us and everyone abroad. I really hope they just stop having a legal presence in Australia and block all the ip ranges. An internet blackout would get that law changed in a hurry.


----------



## notimp (Feb 1, 2019)

Why does participating in this forum sometimes feel like playing whack a mole with rather odd conspiracy theories... *sigh* Ok, lets go. 

Access assist means "hand over keys". Theres no backdoors involved. As a state you simply go to the service provider, and say "want access" and since all the messaging services allowed in your country have all keys in the providers possession, they can (and are forced to) comply.

Apple already did that in china, so they will fall in line with the Aussie law as well. Presumably.

The ones who dont have access to their 'users' encryption keys, are simply outlawed - and there is no internet black out to begin, with because there are so few of them.

Everything related to transport encryption (think https f.e.) also isnt affected, because the provider still gets clear data, and can comply with disclosure laws.

NSA tried to hide their spying - which was targeted 'outside the US' (all but the US), because its in your strategic interest to do so, when you are spying on the rest of the world. Australia currently does something different, which is indeed - more aimed at domestic use.

Spying also might be the wrong word - because they arent really "reading" every message (same as the NSA). Currently they are storing, or 'forcing' the service provider to store full data, at least for a while. Next step would be to have full access to that data, and do your algorithm precrime stuff (someone else look up if Australia is doing that already). This comes with its own sets of issues (hidden biases, wrong 'weighing' of certain connections, implied connections that turn out to be wrong, not being interested in causality anymore...), which also touch on privacy stuff, but its not exactly the same as reading everyones messages. ("Searching" everyones messages would be a better analogy.)

Having guns doesnt prevent much either, if you are not into the notion, that some hillbillies will all of a sudden venture into net freedom activism.

Also lobbyists dont "pay the government". The government has a nifty thing called "taxation" that gets them a yearly income thats quite large.

Lobbyism works as follows:

You buy the closest and niftiest buildings around the parliament district. You pay for staffing them with the best staff money can buy.
You pay for having a team ready 24/7 to be on the pulse of political developments.
You pay restaurant bills, and found private clubs (ego and access).
You pay for writing law proposals the way you want them, and hand them over to the government employees.
You pay for science (studies) and experts, to come up with results that strangely mostly turn out in your favor.
You pay for events and send out invitations.
You pay for "revolving door favors" ('Bob, when you leave politics - we always need able hands in our sister company in the Seychelles').
Maybe you pay for a few holidays, or private jet treatments, if you can get away with it.

If you pay off politicians directly, you are doing it wrong.

Then you are up against NGOs that have no money to do anything of the above - and strangely you win every fight where public interest isn't "peaked" (=people arent mobilizing on the streets). Also demonstrations usually work - for you as people. No guns needed. (Politicians want to be reelected. Money only buys them advertising.)

Except for when you are in the US, and they need money to run in elections. Then you pay them pretty much directly..  (Election packs - its the US fault, that it has come to this.)

If you simplify certain concepts, dont go ahead and take the short summery literally.


----------



## Coolsonickirby (Feb 1, 2019)

I really don't care about privacy as I don't really have anything to hide. The most secure way to not have anyone figure out what you want to send to someone is to write a letter and hand deliver it to them/just telling it to them in person.


----------



## notimp (Feb 1, 2019)

Coolsonickirby said:


> I really don't care about privacy as I don't really have anything to hide.


Dont do that to me.. 

If you are one of the about 37% (might have gotten the number wrong..  Watch this and you get the correct one: h**ps://www.youtube.com/watch?v=dYT6R-7WZMQ  ) of younger people in an urban area, that are lonely and depressed, and dont have any social structures apart from their friends - maybe. If you are living in a small village. Heck no. If you are a journalist - heck no. If you are part of a minority in terms of political views, outloock - heck now. If you left your last husband, because of an abusive relationship - heck no.

Privacy isn't for you boyfriends of instagram girlies, its for everyone else out there, and then you.

"I dont need my privacy." Is just young people saying, that they didnt mind selling their lives worth of experiences and social profiles to an ad agency - because they couldnt afford to pay anyway. If thats your motivation for repeating a MarkZuckyboyTM slogan, get some more life experience, then try to say it again..  (Hint: Even Facebook has dropped the 'post privacy' slogan in public appearances.)

Every muslim in the US has a story about being ostracized because of their skin color, or headware alone and now you want to extend that to every other field the "majority society" would have an issue with? Please dont.


----------



## notimp (Feb 1, 2019)

The ways this is connected to you as a political subject (man/woman with a vote) are more related to the following:

https://www.foxnews.com/us/census-citizenship-question-sparks-firestorm-of-protest

(Just googled census protest - do the same and you can come up with more.)

Basically - the fear of 'group' based repression, because of some algorithm (in todays words).

All you have known on that front so far is "getting less good ads than your best friend". Of course you have no issues with just that. But thats changing. 

The socialfunction of privacy is more important though (although there is privacy in voting for excample - although not for facebook, because they know..  ) - if you are not living in a repressive country that is.

Short excerpt on why there is privacy in the voting process.

Turned out, that when there was not - your employer, or your friendly mob boss from around the corner, in centuries past would insist on you voting for his guy - and check if you did. Or collect your voting slip. Or husbands would insist, that wives would vote a certain way. Thats stuff that was solved with privacy.


----------



## dAVID_ (Feb 4, 2019)

InsaneNutter said:


> It honestly does set a dangerous precedent. Even if you have nothing to hide it doesn't make it right to have back doors in to your encrypted data, it will be abused.
> 
> Just look at the less stable / more corrupt countries in the world and think "do I want people in power intercepting my communications at any time?"
> 
> ...


*“Nothing was your own except the few cubic centimetres inside your skull. ”*
*George Orwell, 1984*


----------



## Attacker3 (Feb 4, 2019)

Also with tech, a backdoor is never just going to be used by one person. When you make that door, other people will end up using it, be it other governments or other people. Even if a person does not care that the government spies on them (for whatever reason), they will probably not be ok with another random person doing the same


----------



## cracker (Feb 4, 2019)

I'm not sure what can be said that hasn't already been. If the (majority) people that don't value their privacy were put to the test knowingly, then they would change their minds quickly. For the rest: I would think that it would align with believers in an omniscient god — where they like the idea of the 'safety' of being watch to keep them on the 'right path' .

I haven't read the text of the bill — just the article. If it requires there to be a warrant to comply with a request based on solid proof that they have a reason to look into the data for a crime (and the judges don't rubber stamp) then that is fine, but if it gives carte blanche to unilaterally scrape data from anyone's traffic then it is very scary.

Freedom is only worth something as long as you use it.


----------



## Saiyan Lusitano (Feb 4, 2019)

EU's Article 13 and this are match made in hell.


----------



## fiis (Feb 9, 2019)

If only cyber criminals weren't so greedy and kept a balance then there wouldn't be a huge push shit like this.


----------

