back to article Oz opposition folds, agrees to give Australians coal in their stockings this Christmas

A backroom deal between two of Australia's government and opposition parties should mean local law enforcement can force firms to backdoor their communications by Christmas. The “Access and Assistance” bill allows designated law enforcement agencies to direct a wide range of technology providers – pretty much anybody who uses …

Spazturtle
Silver badge

I have just checked and surprisingly this bill does not contain an exemption for MPs like most surveillance bills do, so yes they can use it to spy on the opposition.

kartstar

Apparently the Labor party amendments will exclude state-based anti-corruption bodies from being able to access these powers (and probably the new federal one that is threatening to be setup will be excluded too). Typical. If they have nothing to hide, they have nothing to fear. Clearly they have plenty to hide.

ivan5

Clearly they have plenty to hide

But we have always known that. Now it will just leave the hackers to find the backdoors and leak the info on social media for all to see.

John Brown (no body)
Silver badge

"They are making it illegal to reveal the existence of interceptions."

"Revealing the existence of a TCN can get you up to five years in prison."

January: This company has not received any TCNs this month.

February: This company has not received any TCNs this month.

March: This company has not received any TCNs this month.

April:

May: This company has not received any TCNs this month.

MrXavia

A canary..

Anonymous Coward
Anonymous Coward

Xmas threat!

Some dude crawling around roofs and chimneys looking to get into people's homes and their kids stockings!

On Dasher, Dancer, Prancer, Vixen, Comet, Cupid and Blunder!

alain williams
Silver badge

Who appoints & pays the 'experts' ?

Ie those who make up the judge-and-expert panels.

Well, the government of course!

I fully expect that if the expert does not come to a conclusion that the government wants they s/he will not be appointed again. Everyone likes continuity of income, so what is the pressure to give the ''right'' opinion ?

Conflict of interest anyone ?

Some will, inconveniently, do the right thing, but they will be quickly purged from the system.

bigtreeman

Re: Who appoints & pays the 'experts' ?

The retired judge, probably over 70 years old, tech aware and able to make a useful judgement.

At last someone questioning the pay, how much will this ballsup cost ?

LucreLout
Silver badge

Re: Who appoints & pays the 'experts' ?

probably over 70 years old, tech aware

Age has nothing to do with awareness of tech or otherwise. Who is it the millennials think invented the tech they take for granted?

Pascal Monett
Silver badge
FAIL

And so it starts

I was wondering which English-speaking country would be the first to exact this mind-bending stupidity. With the repeated, heavy hinting from the FBI and UK government, I was expecting the UK to be first to bat, but no, it's Australia.

I'm guessing that now the UK and USA and going to observe what happens to see if it's worth following in these steps.

In any case, the ball is now clearly rolling in the sense of forcing programmers via threat of jail to cripple their encryption. You can't do it ? Jail.

They think that is going to reverse the laws of Mathematics in their favor. The only thing they're actually going to get is a lot of companies putting "This application cannot be used in (list of stupid countries)" and washing their hands of the problem.

Natasha Live

Re: And so it starts

It already kind of exists in the UK. The RIP Act 2000 gives the government the right to demand your passwords to any system. You are not allowed to tell anyone that you have done so (lawyer is OK). You could lose your job from sharing your passwords but can use the defense that you were following lawful direction from the government. If you don't had them over you can get prison time.

UK doesn't need back doors. They just take the keys they need to open any doors and windows available.

Of course it wasn't properly locked down so local councils were using it to find out if you were eligible for school places and to track down the owners who don't clean up their dog poop.

Pascal Monett
Silver badge

Yeah, but that is not the same. The police are in your face, demanding your passwords. They've already decided to spoil your day and you know it.

That is not the same as listening in on your conversations via backdooring the encryption. You won't know about that until they come and arrest you, if it ever comes to that.

TechDrone

Re: And so it starts

Councils and anyone else with a regulatory role has to follow RIPA (Regulation of Investigatory Powers Act) and the clue is in the name. It sets out how they have to perform investigations and that it doesn't matter if they're investigating fraud in school admissions, contaminated food, dodgy builders, fly-tippers, rogue landlords putting people at risk or some of the nasty stuff childrens services have to deal with. There is a surprising amount of enforcement/regulatory/legal work that is not actually the responsibility of the police, and the police don't have the expertise to deal with either.

They also have to follow the PACE (Police and Criminal Evidence Act) for properly collecting evidence that may be used in court, plus 100's of different bits of legislation that dictate how councils do things. If they fail to follow the law in how they do this not only do they lose when prosecutions go to court, they can be prosecuted themselves.

Or would you prefer a dozen lads on overtime from the bin collector team to turn up at your door at 0400 to extract evidence because somebody claims they were poisoned by one of your sausages-inna-bun?

Patrician
Pint

Re: And so it starts

Have a beer for the Discworld reference .....

John Brown (no body)
Silver badge

Re: And so it starts

"I was expecting the UK to be first to bat, but no, it's Australia."

The UK is still part of the EU, and may well be still subject to EU rules for some time to come. The UK has already had surveillance laws ruled illegal by the ECJ. Certain parts of the EU have too much relatively recent experience of surveillance societies. I'm not surprised at all that the Aussies are the test case. It might have been New Zealand, but the US and Canada both seem to be better at grass roots protests than our antipodean friends.

MrXavia

Re: And so it starts

"UK doesn't need back doors. They just take the keys they need to open any doors and windows available."

Which is the way it should be, police should be able to get a warrant and then force you to open the door..

Matthew 3

"Not available in this country"

I predict tech companies will just withdraw their software from Australian sale or distribution as the simplest way to comply with the new law.

That has the benefit of not requiring any reprogramming effort, doesn't compromise security, and makes the Australian government directly responsible for end users' anger. Everybody wins. Except the Aussie government of course, but they don't deserve to.

John Brown (no body)
Silver badge

Re: "Not available in this country"

"I predict tech companies will just withdraw their software from Australian sale or distribution as the simplest way to comply with the new law."

I wonder who will blink first? It'll be a balance "can we do this for less than the loss in profit if we pull out of the market?" This must be balanced against, "if we pull out, will our competition stay and make a killing by taking our market?". Whoever pulls out first leaves a larger market for the remaining players, who might then find it worth while to create a special back-doored version for a suddenly enlarged market. Or the big boys will do it anyway, at a loss, until the smaller fry give up or go bust.

JohnFen
Silver badge

Re: "Not available in this country"

"I predict tech companies will just withdraw their software from Australian sale or distribution as the simplest way to comply with the new law."

The smaller ones, sure. The Googles, Microsofts, etc.? There's not a chance that they'll leave money on the table in Australia.

What I predict is that sophisticated criminals and people who are concerned about privacy will just use their own encryption and stop relying on the crypto built into comms applications (as they should have been doing all along, anyway).

Barrie Shepherd

Re: "Not available in this country"

"What I predict is that sophisticated criminals and people who are concerned about privacy will just use their own encryption and stop relying on the crypto built into comms applications"

That wont help if Android and iOS have been required to provide an access portal to the devices keyboard and screen. Qualcomm could be building such a door in its 5G chips right now ready for the AUS TCN to arrive.

As for Aus backdoor'ing encryption I shall not be using Apple Pay or Google pay (not that I do) in Australia any day soon. It will probably soon be a requirement to switch your phone on at the Arrivals desk so that the carriers can 'update' your phone for "Australian Networks".

I'm off to start a One Time pads company!

JohnFen
Silver badge

Re: "Not available in this country"

"That wont help if Android and iOS have been required to provide an access portal to the devices keyboard and screen."

That's true (although there would be ways to mitigate it), but that's not what the legislation requires.

"I'm off to start a One Time pads company!"

If you can solve the major problem with one-time pads (key exchange), then you'll be a billionaire.

MachDiamond
Silver badge

Re: "Not available in this country"

"If you can solve the major problem with one-time pads (key exchange), then you'll be a billionaire."

If you are traveling, it's not a problem. Your OTP's are exchanged before you travel down under.

An additional tactic is to get a burner phone on arrival instead of using one you have had for some time. Use a Linux powered tablet/laptop and not an IOS or Android/Chrome device and do a fresh wipe beforehand.

JohnFen
Silver badge

Re: "Not available in this country"

"If you are traveling, it's not a problem. Your OTP's are exchanged before you travel down under."

One time pads are awesome -- Properly done, it's the only truly unbreakable encryption we have. However, they can only be properly done if you already have a secure means of distributing the pads.

As you note, this is no problem if the parties that want to communicate start off all physically in the same room together, and they have generated in advance enough numbers to cover all the communications that they may want to engage in later (since you should never use the same sequence twice, as Germany found out in WW2 when their inability to generate and distribute enough random numbers later in the war caused them to reuse pads, which led directly to the encryption being broken).

In any other circumstance, though, this key exchange is a very serious weakness. That's the entire problem that PKE was invented to address and is why, even though it isn't technically unbreakable, it is widely used. Any weaknesses inherent in PKE pale (outside of specific and uncommon circumstances) in comparison to the key exchange problem with other methods.

Mongo

As a wise man once said: "Pausing to consider constitutional implications means the terrorists win"

"The only way to defeat evil is precipitate and ill-considered action. A morally and legally coherent approach is the handmaiden of anarchy. Haste averts waste. You've never had it so good."

Come to think of it, it wasn't a wise man. Actually it was a politico twat looking for the next sound bite, amid the ongoing absence of parliamentary grown-ups.

Doctor Syntax
Silver badge

Step 1. Start rumours that the govt is spying on the public's $stuff, e.g. turning on everyone's Echoes etc.

Step 2. Govt starts taking serious public heat and discovered it's been courageous (as in Yes Minister).

Step 3. Govt appeals to telecoms companies to deny the existence of such TCNs

Step 4. Telecoms companies point out they have to keep shtum about TCNs and can't possibly confirm or deny they exist.

Step 5. What was that about an election?

Anonymous Coward
Anonymous Coward

remarkable similarity to the recently proposed "crocodile clips" idea by British intelligence

This is a TOTAL coincidence, and so are secret meetings (that surely never happened) on how to coordinate the efforts by the spooks from the 5 eyeses to get what they deem "indispensable in the everlasting fight against terrorism" (and keeping tabs on the plebs, cause you never know what ideas and when enter their little heads).

Anonymous Coward
Anonymous Coward

they're “beyond the reach not just of the law

ah yeah, call them "terror friends", it will surely help to win "public support" for - anything (and I'm not being sarcastic)

Herby
Silver badge

It's not encrypted...

...its just random numbers. I have no idea what it is.

In the USA, we can exercise our 5th amendment privilege, thankfully.

As for not revealing TCN's, one can every day say "We haven't seen any TCN's", and when they stop, we can draw conclusions.

DCFusor
Silver badge

Re: It's not encrypted...

Sorry, Herby, it's worse than you think:

https://www.theguardian.com/technology/2017/mar/23/francis-rawls-philadelphia-police-child-abuse-encryption

Now this guy is probably guilty and of some really bad stuff. But the 5th isn't keeping him out of jail for contempt of court for refusing to decrypt what is almost surely evidence against him.

That ship sailed awhile back. And in this case it's been going years and no time limit.

Barrie Shepherd

Re: It's not encrypted...

"In the USA, we can exercise our 5th amendment privilege, thankfully."

You can but that won't stop the Australian government sharing what they know about you with the US government - they have been sharing like this for years. Nor will it stop the Australian government 'accidentally' issuing a TCN for your phone to be 'compromised' even if you are not in Australia.

And I would not expect you would ever know nor, if you did, get any assistance from the US government.

JohnFen
Silver badge

Re: It's not encrypted...

"In the USA, we can exercise our 5th amendment privilege, thankfully"

Yeah, probably not. I'm not sure if the Supreme Court has ruled on this or not, but I've seen a few cases in lower courts where the court ruled that being forced to provide a password is not a 5th amendment violation, as the password itself is not incriminating testimony.

MachDiamond
Silver badge

Re: It's not encrypted...

"As for not revealing TCN's, one can every day say "We haven't seen any TCN's", and when they stop, we can draw conclusions."

That doesn't help very much unless the Canary is watching your account. It will be highly unlikely that any telco with millions of customers is going to go very long without getting a TCN.

ROC

Re: It's not encrypted...

I just read of a recent case ruling determined that biometric keys such as fingerprints could be used to unlock a phone, but NOT passwords.

https://www.techrepublic.com/article/biometrics-and-the-law-police-try-to-unlock-phone-with-dead-mans-fingerprint/

This is still being argued case-by-case (more for living suspects) in various US jurisdictions (state and national courts). it does seem to be more acceptable in cases of immediate aftermath of a crime with high likelihood of probable cause.

But then there is also the 4th Amendment protecting from "unreasonable" search/seizure of private papers, but that does allow "reasonable" (for a warrant), so that could be argued case-by-case as to what's reasonable I suppose.

Anonymous Coward
Anonymous Coward

They don't need to break communication software, they just need John McClane. He's your best bet at sorting out terrorists at Christmas.

phuzz
Silver badge
Facepalm

Australian Government: Put backdoors in everything.

Also the Australian Government: Don't use Huawei kit, it's got backdoors.

I'm sure they'll be able to use legislation to stop bad people from using the backdoors. That's bound to work, right?

Terje

The main issue with all the escalating surveillance nonsense is that it will have negligible effect on stopping terrorism, and when they realize that they will ask for even more powers. There have never in the history of police organisations been one that said that it didn't need more powers.

The fact that the politicians that are supposed to say NO to them seems to be losing IQ points at an even more alarming rate must just be a side effect.

Brewster's Angle Grinder
Silver badge

I have a smidgen of sympathy for the politicians. Who wants to be confronted by the parent of a dead child (or child of a dead parent) claiming their loved one would have been alive but for the politician's decision to stop law enforcement snooping.

Teiwaz
Silver badge

Politicians and Sympathy???

claiming their loved one would have been alive but for the politician's decision to stop law enforcement snooping.

Perhaps, but it a lot of recent terror cases, it's usually quickly revealed that the guilty party was already known to the system (through snooping or merely sticking up like a sore thumb) but no action was taken.

OR

Person was able to do it anyway because lone nuts often don't need to communicated with anyone else in order to go nuts (I presume all the voices or at least negative dialogue goes in (for now at least) the privacy of their own heads).

JohnFen
Silver badge

"it will have negligible effect on stopping terrorism"

Despite what they say, I don't for a moment believe that's really the reason they want these powers.

Anonymous Coward
Anonymous Coward

Options...dear boy...options

My mum always told me to say nothing, if you can't say something good...….so what I would do, is set up a Swiss based trust to hold elements of the key (split that key)...make sure you are not a trustee and then make them access it via a German court...…...ie create a legal chain that they have to follow...….

Haefen

Democracy, we can't destroy it fast enough

In a democracy people must be able to not only vote as they see fit but also be free to discuss issues without reprisals and they must have a transparent government that isn't spying on them.

What this government and most Western Governments are doing is creating the ability to have full, easy and automated surveillance over all citizens. That should not exist, even if they "promise" they would never use such power.

The reason is obvious, this government believes they should have and look at everything, there is nothing that should be hidden from them.

In the world they are trying to create there will be no truth. All communications could and would be monitored. Lying will be the only defense left to people. Everybody will be lying all the time.

We don't need Facebook to destroy democracy, our "leaders" those in power are already creating a future in which democracy will not be possible.

Destroy All Monsters
Silver badge

Is it time for "Gilets Jaunes" downunder?

Why not?

synique

Re: Is it time for "Gilets Jaunes" downunder?

We're too lazy to organise something like that...

Graham Cobb

Visibility

The most scary thing about this is not the legal ability to force companies to assist (I can easily get around that by creating my own crypto -- and non-corporate tools with no one to serve the TCN to will soon be widely available); it is the lack of visibility.

It should be essential that we, the voters, can track how much these powers are being used. Instead of being secret, every company should be required to announce when they receive a TCN, and the full details (including the list of who's communications were intercepted) should be published within one year (extended only on authorisation by a court, and only for individual affected accounts).

We know that powers such as these get misused (often with the best of intentions). Just look back at the history of cases of police infiltration of trade unions, campaign groups, human rights groups, anti-war or anti-bomb activists, etc. All with abuse of powers intended only to save lives.

I can understand the Australian opposition being weak and naive enough to be convinced that these (ultimately ineffective) powers are important. I can't understand them not requiring the removal of the secrecy as their price for approval.

Barrie Shepherd

Re: Visibility

"I can understand the Australian opposition being weak and naive enough to be convinced that these (ultimately ineffective) powers are important. I can't understand them not requiring the removal of the secrecy as their price for approval."

It's simple the opposition will most likely be in power soon so will benefit from secrecy.

MachDiamond
Silver badge

Re: Visibility

Being on a list of people who's comms have been the subject of a TCN is not likely going to be a good thing.

Patrician

Are there any Australian native software that uses encryption? Surely the vast majority aren't and will just ignore any requests this bill generates because they're not subject to Australian law?

Mike 16
Bronze badge

Systemic?

So, if a backdoor does not affect _all_ applications on _all_ systems (e.g. has no effect on at least one flashlight app, or doesn't work on an iPhone 3), then it's all good?

JohnFen
Silver badge

"Double-lock"? Hahahaha

I love their creative invention of a term that implies strong security but in fact has nothing whatsoever to do with strong security. "Double-lock" just means two entities have to sign off on the order. It means nothing.

If they pass this legislation, I predict booming "black market" crypto sales in Australia!

Anonymous Coward
Anonymous Coward

Politicians only do things so as to benefit only themselves and screw the man in the street.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2018