They can call it what they like you're still getting shafted either way.
The criminal in this case just happens to be wearing a suit
Australia’s federal government has shifted its ground on the encryption debate, and is now working to hem in the debate by constraining the definition of “backdoor”. The technologist’s understanding is that anything that compromises encryption represents a “backdoor” of some kind, from NSA-style bug-hoarding to key escrow to …
I'm particularly fond of the part where they equate using a warrant to demand access to a safe or filing cabinet to accessing data via "not-a-backdoor"^TM for encrypted comms.
This is about as nonsensical as the MPAA/RIAA/etc. equating digital piracy to physical theft.
One would suspect that having a warrant would force the owner of said safe to either open it, or be pinged for obstruction of justice. Unless the safe owner was foolish enough not to reset the combination, the manufacturer might have some trouble opening the safe without resorting to some sort of brute force method.
They seem to think that a warrant would magically cure this problem in the digital world, which suggests that they believe in magic, or more likely, that they still have no idea how computers actually work.
Yes, I am happy to share with the relevant authorities technic knowledge about how to gain access to messages that were encrypted on our platform.
We're not shouting this flaw from the rooftops for obvious reasons, but we have a particular weakness whereby if you apply integer factorisation using any polynomial time algorithm then you can read the message content without creating any specific backdoor. Please keep this vulnerability mum.
If someone does old-school pen-and-paper encryption of a message that the police seizes and wants to have de-encrypted, the police needs to order the sender or reciever of that message to decrypt it or hand over the key. Neither the make of the pen or the paper can help here ...
The same is true for online messages.
Yes, that does not enable mass-surveillance, but the examples given by government allways seem to cover only one single criminal/terrorist whose messages need to be encrypted - so mass surveillance is not the target?
If so, the laws that already are in effect already work the same - offline and online.
No need to change them.
Standard fare - just recall all the verbal gymnastics from Brandis (et al) about what 'metadata' is and, specifically, attempting (not) to answer the simple question of whether a URL will be collected.
Just bluster through it all and keep pressing on in the background because - on issues like these - both sides are united in wanted more snooping on and control over the populace.
There's no battle for them to win because there's no real political opposition.
If I have a locked cabinet in my house they can get a warrant to search it, and break into if necessary. If it is a bank vault with 12" thick walls, maybe they get someone out there with a cutting torch, but they have to consider the liability for damage they'll face if they find nothing and I'm never convicted.
If I kept my locked cabinet in Switzerland, they can't serve a US warrant to search it. If the crime is big enough maybe they can get the Swiss police to cooperate, but if not they're out of luck. If I keep it in a country where US law enforcement has no treaties, they have no recourse at all. If I keep the locked cabinet in a secret location, they can't compel me to tell them where it is and they can't serve a warrant without that information. If I hid a murder weapon in concrete at the base of a skyscraper they aren't likely to be able to serve a warrant to dig through all that concrete and rebar to find it.
Comparing encryption to a simple locked cabinet is stupid. Maybe ROT13 encryption is like a locked cabinet, but real encryption is comparable to being a smarter criminal and not keeping your records in a cabinet under your desk at home that can be picked by an 8 year with a paper clip. It is also comparable to being smarter in general and keeping stuff you don't want a common thief who breaks into your house to find. That's why you wouldn't keep your stash of gold coins in that cabinet with the cheap lock, but would instead buy a safe, or keep them in a bank vault, or in a secret location (though that's less effective with criminals who can threaten you in ways cops can't)
“Political language – and with variations this is true of all political parties, from Conservatives to Anarchists – is designed to make lies sound truthful and murder respectable, and to give an appearance of solidity to pure wind.”
From Politics and the English Language.
You can't get a warrant to access a safe from a safe manufacturer. There is no backdoor. They'll just tell you to buy a drill and brute-force it.
You can place a warrant against the safe's end-user. But that's exactly what the feds are trying to avoid here. Because this isn't about access to gain evidence, it's about access to do surveillance. That's why the Five Eyes forum was seen as appropriate by the Australian government, and downright Orwellian to the rest of us.
Years ago when the US Govt decided Skipjack was a good idea, some Aussies didn't like it and rewrote the RSA libraries. Those are now known as openssl and the basis for most encryption done in the world today.
There are people who have decided the best way around the recent backdoor attempt is one time keys added to messaging and VPN apps. The way that works is one side fills a large USB stick with random keys and then gets that into the hands of who ever they wan't to talk to. A large USB stick can hold enough random keys to transfer centuries worth of message apps while never reusing a key. You can't break that no matter how hard you try to back door it.
To those who really care to help fight against backdoors.
This is the most recent by Bruce Scheiner and others.
ENCRYPTION WORKAROUNDS https://www.schneier.com/blog/archives/2017/03/new_paper_on_en.html
Orin S. Kerr* & Bruce Schneier**
And this white paper by many in the industry. https://dspace.mit.edu/handle/1721.1/97690
Direct PDF download:
Keys Under Doormats:
mandating insecurity by requiring government access to all
data and communications:
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze,
Whitfield Diffie, John Gilmore, Matthew Green, Susan Landau, Peter G. Neumann,
Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Michael Specter, Daniel J. Weitzner
And even if the government got their not-a-backdoor into every major players system, thgere would then be enough of an economy for secrecy that a largeish and shady organisation could simply order the construction of an encrypted messaging service that is out of the governments reach to not-backdoor.
Their wanted law is entirely toothless against any real threats.
Really? Alice and Bob have implemented a book cipher all of their own. Alice has sent me (AC!) a test message. Perhaps some of the bright people in the Australian government can tell us all what Alice's message says?
sforzato pharyngo- woadman mecometer semihysterical veratrize fiercenesses Ranquel lepidotic Kawaguchi eyeservice fringiness half-plane piligerous saskatoon straddle-fashion sharecroppers colibertus bilobular unsacrilegiousness Gallicolae snake-eyed hydrophorous rain-soaked entoplasm eschewing brulyiement Erastianize acetphenetid recheat hout alada superaffiuence sweet-scented Altingiaceae researchful unegregiously unregenerately blighted Marlette nonbeauties Ossetian perversite artcraft Staley physiognomonic keawe kentallenite acroataxia yodles Rhabdomonas mournfulness VC loose-lived self-purifying tornadoesque uroo slopmaking annalists undeferrable ammonitic WAN pokable limbs Composaline gasified Chibcha elephantiases guerdonless orchestras whoop-de-doo commercialised periclean half-reclined naturata haemonchosis bug-juice theorically demonstrant premarrying honduras knickknack Adrianople -aceous inductees counter-faller cervicorn yowe adenomata kutch jardon eradicable nonfervidly cribriformity totoaba Marduk Muscadine mangrate Californian Mignonette Stroessner fisherpeople So. gibble-gabble cayuses Wallinga squab-pie fancywork niftiness
It *could* totally be an encrypted message. For all you know it could consist in a single symbol for example, which Alice and AC agreed would mean "meet me behind Carol's for some dogging, but don't let Dan or Eve know because they have bad breath". Or "don't forget to buy bread on your way back home", for that matter.
In fact, Alice and AC could have decided that it would mean the first "dogging" thing the first time it is used, then the "bread" thing any subsequent time.
While many politicians are motivated, quite genuinely, by fears of terrorism and criminality online, they really don't have a clue about what encryption technology is or how the internet actually works.
If you demand back doors, you'll eventually get them into mainstream services that are where the majority of us spend our time, but all it will do is push criminality into much more locked down and obscure systems that don't have a backdoor.
It's like they still seem to think they're dealing with the 1970s telephone network and that it's just a matter of tapping a few lines here and there.
What seems to end up happening is grand-scale spying on the innocent normal internet users who are up to nothing at all, while the real criminality online is probably going on very well hidden and away from mainstream services.
Also, baking in back doors assumes that they're somehow 100% securable and that only the good guys can use them. It also assumes that technology will be relatively static, which is absolutely not the case.
I just see backdoors opening massive security problems.
You even occasionally get politicians and other commentators suggesting that we should ban encryption entirely - in which case you might as well just switch off the internet as it would cease to function.
"while the real criminality online is probably going on very well hidden and away from mainstream services."
The trick is, they don't even need to. Law enforcement is notoriously bad at discriminating between a clear-text harmless joke and a clear-text terrorist plan (often chasing the former instead of the latter; see the Robin Hood case, or the wild-goose chase after the Paris shooting that saw law enforcement going all-out for several days after a couple of innocent tourists who were in the tube at the time, with their cellphones reporting to cell towers approximately following the events ; or that time when an innocent passenger was arrested and kept in custody for 48 hrs because a mate sent him a riddle mentioning the word "bomb" while he was at a train station. Plenty of examples really.).
This blanket surveillance puts us all at serious risk, while letting the crims do their dirty business largely in the open.
"While many politicians are motivated, quite genuinely, by fears of terrorism and criminality online"..
..... no, no, no, nooooo,,, they are motivated by losing their seats if they are not seen to be acting tough on terrorism/criminality online.....
Totally different thing.
And hence the irrelevance of the discussion - Joe Public wouldnt have a clue as to what the "backdoor" implications are - and most wouldnt care (until it impacts them).
Pollies get the big thumbs up by the Great Unwashed for being tough and standing up to the evil terrorists/crims....
....and we all get beer as its Friday.....
"While many politicians are motivated, quite genuinely, by fears of terrorism and criminality online"
Perhaps many are, but in this case our government are motivated by fear of their misdeeds being revealed. If this is about anything more than theatre to distract from their recent catalogue of fail, its about catching whistle blowers not criminals.
Biting the hand that feeds IT © 1998–2020