back to article Australia wants tech companies to let cops 'n' snoops see messages without backdoors

The Australian government will press ahead with its not-a-backdoor anti-encryption plans and hinted that collaboration with tech companies is its approach to accessing encrypted messages. The latest attempt to pitch the counter-terrorism legislation came from Angus Taylor, the government's Minister for Law Enforcement and …

  1. Anonymous Coward
    Anonymous Coward

    WTF?

    Australia:

    10% of the Population, but 100% like US-Government certified-surveillance.

    Think I'll skip traveling to the United-States-of-Auz after this. Go elsewhere!

    1. Anonymous Coward
      Anonymous Coward

      PS: Couldn't open this using Startpage - Proxy:

      https://en.wikipedia.org/wiki/United_States

      The page you requested could not be retrieved by the Ixquick Proxy, as a "403 Forbidden" message was received.

      WTF once again?

    2. Voland's right hand Silver badge

      Re: WTF?

      but 100% like US-Government certified-surveillance

      Correct

      As I have said a few times - our politicos are watching with extreme interest the events in Russia and their centralized escrow approach.

      The difference, however is that in Russia, FSB and Co presently pretend (we do not know if this is true or not) that they do not collect any data real time and they rely on provider's complying with data retention regulation to keep copies of the data. Hence, while they (supposedly) have the keys, they cannot read the data until they have a court order to obtain it. At least that is the official line and this is why this passed their constitutional court.

      In a 100% like US-Government certified-surveillance or 100% like UK-Government certified-surveillance or any 5 eyes for that matter all data on any of the main national trunks and all data on international interconnects is leached by the government realtime. So the result of copying the "Lonely Russian Boy without friends" homework is actually unchecked realtime government surveillance.

  2. GrumpyKiwi Silver badge

    It's simple

    Once parliament passes the law that pi=3 then everything else falls into place. It's pretty hard to write working encryption when obeying mathematics laws like that.

    As the law will no doubt include the magic words of Terrorism and Security in its title, both Labor and the Liberals will vote for it. And thus Australia will magically be made safe by the power of words and a really strong belief.

    And those of us from the freer side of the ditch will continue to point and laugh at the western worlds 2nd biggest nanny state.

    1. Mark 85 Silver badge
      Big Brother

      Re: It's simple

      What is it about elected officials that they don't understand the term "secure communications" and why they are used? Seems every country wants a way to bypass encryption that anyone with half a brain would understand that it can't be done and still be secure. There's no magic bean that will let only law enforcement take a peek. Are these clowns really that stupid?

      There's clueless and then there's political clueless which is a whole new level.

      1. tom dial Silver badge

        Re: It's simple

        In fact, key escrow systems have been designed that would serve this purpose fairly well. Despite assertions to the contrary, it would be possible to make them reasonably secure against theft - at least as secure as could be done for any other data. And given a trustworthy government the risk of government misuse would be reasonable, in the sense of not significantly increasing the (now) existing risk.

        There are problems with this, however. Governments, even if trustworthy at a given time, may not stay that way, so entrusting them with power always must be done based on the knowledge that their successors may be less trustworthy, possibly by a great deal. Moreover, those who engage in serious criminal activity will not, if they think about it, be reluctant to use widely and easily available cryptographic systems that do not participate in the key escrow procedure. So the government would have escrowed keys for the honest folk and the incompetent or slack criminals, who mostly can be found and convicted without accessing their communications. For the competent and highly motivated ones they would not have the escrowed keys and would have to collect the evidence by more traditional, and much more labor intensive and expensive, means. In the end, the most serious criminals will be as hard to get as they are now, and the only gain will be occasional conviction of a second rater who might not have been an overly large burden on society in the first place.

        The law enforcers never will give up on this, but they probably know their gain will be marginal at best.

        1. smudge Silver badge
          Thumb Down

          Re: It's simple

          In fact, key escrow systems have been designed that would serve this purpose fairly well.

          But that is NOT what they are talking about:

          “There's been ideas around for decades that you should create some kind of key that law enforcement can get access to … that's not what we're proposing... "

          Despite assertions to the contrary, it would be possible to make them reasonably secure against theft - at least as secure as could be done for any other data.

          I stopped reading your comment at that point :)

          1. Anonymous Coward
            Anonymous Coward

            Re: It's simple

            "I stopped reading your comment at that point :)"

            Pity. The post's balanced counter argument was then stated.

            Basically that an escrow system is open to abuse by a future untrustworthy government agency - and real criminals would avoid it anyway.

            1. smudge Silver badge

              Re: It's simple

              So I didn't miss anything, then :)

            2. handleoclast Silver badge

              Re: It's simple

              Basically that an escrow system is open to abuse by a future untrustworthy government agency - and real criminals would avoid it anyway.

              For some values of "real criminals." Yeah, if you're plotting a diamond robbery you avoid the escrowed crypto. OTOH, if you're planning on mass blackmail using people's secure messages to gain info, you attack the escrow key store. That escrow key store is going to be attacked by blackmailers, foreign gov'ts, employees with a grudge, etc. Anybody who thinks it will survive those attacks should remember where WannaCry originated.

            3. JohnFen Silver badge

              Re: It's simple

              "that an escrow system is open to abuse by a future untrustworthy government agency"

              He didn't mention the other major problem with key escrow - competent criminals stealing the escrowed keys.

              1. Anonymous Coward
                Anonymous Coward

                Re: It's simple

                "that an escrow system is open to abuse by a future untrustworthy government agency"

                He didn't mention the other major problem with key escrow - competent criminals stealing the escrowed keys.

                Yes he did, it was in the 'open to abuse by future untrustworthy government agency' bit.

              2. Tom 35 Silver badge

                Re: It's simple

                So the US, England, and other "good" countries get to access the keys. How about China? India? Argentina? Afghanistan? Florida? Texas?

                Who decides who has access?

          2. Doctor Syntax Silver badge

            Re: It's simple

            "I stopped reading your comment at that point"

            I almost did so too. What you missed was a short, well-stated summary of exactly what's wrong with key escrow or, indeed, any other form of back door..

            1. smudge Silver badge

              Re: It's simple

              What you missed was a short, well-stated summary of exactly what's wrong with key escrow or, indeed, any other form of back door..

              You mean like "giving your private keys to someone else is not a good idea, and the baddies won't do it anyway"? The reason behind my "didn't bother reading this" comments is that I thought that every thinking person in the industry knew all that anyway.

              Must be 20 or more years since I wrote my company's response to HMG's request for views on key escrow. I basically said what I said above, quoting the experts - mostly in the US - who had already said this.

              I then went on a short holiday.

              When I returned, the paper had been rewritten, by a salesman. It now said that we wholeheartedly welcomed HMG's proposal, and looked forward to the opportunity to work on their implementation, etc etc, ad nauseam.

              I asked for only one change - removal of my name from the paper. Otherwise my reputation, amongst my peers, would have been shredded.

        2. Dodgy Geezer Silver badge

          Re: It's simple

          ...And given a trustworthy government ...

          I think that I can see the flaw in your argument...

        3. JohnFen Silver badge

          Re: It's simple

          "those who engage in serious criminal activity will not, if they think about it, be reluctant to use widely and easily available cryptographic systems that do not participate in the key escrow procedure."

          Not just criminals. I'm a law-abiding citizen, but I would absolutely do this. Actually, I already do. I don't trust crypto schemes that are included with my machines and services by default.

      2. Bernard M. Orwell Silver badge
        Big Brother

        Re: It's simple

        "What is it about elected officials that they don't understand "

        Oh no; they understand alright. They understand it well enough indeed.

        What they are relying on is that 90% of the population doesn't understand it, which means they can subvert it easily and use it for their own ends. It means the veneer of an excuse, a dismissive handwave at "experts", a few bespoke scary words and some technomumble will be enough for them to reach their goal of a universal panopticon.

        Why do they want such a thing? Because they know that their methods of social control are out of date and threatened by the speed of direct modern communication. In order to retain power they must control the internet and all digital communication must be monitored.

        1. Doctor Syntax Silver badge

          Re: It's simple

          "Oh no; they understand alright."

          Not if they're in the Amber Rudd class of elected official (remember hashtags?) - whether this guy is in that class I don't know.

          What you have to remember is that behind the elected officials are a group of unelected officials who do understand. They prefer their politician front not understanding. That way the front don't know they're talking bollocks and are so much more convincing because they actually believe what they're saying. Could you have spouted such stuff and kept a straight face?

          1. Bernard M. Orwell Silver badge
            Black Helicopters

            Re: It's simple

            "What you have to remember is that behind the elected officials are a group of unelected officials who do understand."

            Oh, believe me when I say I am *very*, and *directly*, aware of that.

        2. Stu Mac

          Re: It's simple

          No doubt also dreaming of an entirely whitelisted internet with biometric access through heavily governed ISPs only. In fact an intranet not an internet at all.

      3. justAnITGuy

        Re: It's simple

        There's clueless and then there's political clueless which is a whole new level.

        What blithering idiot(s) Down-voted that? Don't tell me Australian politicos read El Reg.

    2. frankieh

      Re: It's simple

      Nah, they will use catching pedophiles too. In truth it will be used to find tax cheats and general purpose spying and every government body will have access. If memory serves, until it became public the RSPCA could access saved meta data so our government clearly doesn't have the brains to be trustworthy. To be honest, I would rather the russians read my messages than my own government. I've never said or done anything interesting to the russians, but I suppose it's possible my own government could one day misinterpret a joke or something and get all in my face about it. I'd rather not go though that for what would likely have been me trying to get a laugh from a mate.

    3. moooooooo

      Re: It's simple

      agreed. As an Aussie living in NZ i just laugh now about what happens in Oz. I'm currently in Oz for family reasons but can't wait to get back to my gigabit fibre internet connection instead of the crap NBN we have in Oz. (i'm back tomorrow)

      http://www.speedtest.net/result/6823071443 on a 2014 router. Not bad hey? and on an NZ public holiday at peak time too.

      1. eldakka Silver badge

        Re: It's simple

        > As an Aussie living in NZ i just laugh now about what happens in Oz.

        Yeah NZ is perfect.

        Not like they'd ever use the GCSB (NZ equivalent of NSA) to illegally spy on a NZ resident. Or send in 76 police including their anti-terrorist squad, and 2 helicopters, to arrest 3 or 4 people in their home in an illegal raid. That'd never happen.

        1. GrumpyKiwi Silver badge

          Re: It's simple

          Not perfect. Just better. It's a low bar to cross.

    4. Anonymous Coward
      Anonymous Coward

      Re: It's simple

      "The Magic Words are Squeamish Ossifrage"

  3. MrDamage

    Bollocks

    Given that the PM himself has admitted to using end-to-end encryption services, then what right do they have to demand to see anyone else's messages?

    Surely corrupt politicians are a greater threat to national security than your bog average bloke, they should start off sending all of their communications in clear text, before demanding ever more invasive measures into our personal lives.

    1. Anonymous Coward
      Anonymous Coward

      Re: Bollocks

      Really? The PM truly amazes me - I had thought that his only competency was to preen himself in front of a mirror. Perhaps he just thinks that he is using end-to-end encryption based on that famous cipher ROT-13.

      When he was a minister for telecommunications he demonstrated that he had no knowledge or feel for job, so I take any statement about technology from him or his sycophantic cabinet colleagues with much salt. The man makes his predecessor look incredibly competent.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bollocks

        >ROT-13

        Knowing him, encrypted *twice* for added security.

    2. tom dial Silver badge

      Re: Bollocks

      Under nearly all regimes, if not all, law enforcement officers can obtain legal authority to examine communications and other materials that are not encrypted. It would be interesting to see a justification for the claim that encrypted material should be treated differently because it is encrypted. Australia and the other five eyes countries have significant and usually effective constraints on government access to, and use of, private material. It is not obvious that they would operate differently on encrypted material if they could than they now do on unencrypted data, or why.

    3. GrumpyKiwi Silver badge

      Re: Bollocks

      "Given that the PM himself has admitted to using end-to-end encryption services, then what right do they have to demand to see anyone else's messages?"

      Don't you know that some animals are (considerably) more equal than others comrade?

  4. Anonymous Coward
    Anonymous Coward

    Really opening up the Sluices at Both Ends

    Another shithole country.

    1. Anonymous Coward
      Anonymous Coward

      Re: Really opening up the Sluices at Both Ends

      Hey pommy bastard - just stay there, you're not wanted in Australia.

      1. Anonymous Coward
        Anonymous Coward

        Re: Really opening up the Sluices at Both Ends

        Hey pommy bastard - just stay there, you're not wanted in Australia

        Doubt very much he's a pom, Bruce. They don't commonly use the word 'sluices'.

  5. Paul

    secure for everybody, or secure for nobody

    How often do we need to tell governments this...

    repeat after me: communications are secure for everybody, or secure for nobody

  6. YetAnotherJoeBlow

    Key escrow

    Does the US gov honestly think that will work? Everyone I know encrypts before transfer. It is trivial to have an app do that.

    I've never had any problems.

    1. DougS Silver badge
      Big Brother

      Re: Key escrow

      Citizen, you have been detected using non-approved encryption. You will be rounded up and beaten into submission gently shown the error of your ways.

      1. LeoP

        Re: Key escrow

        That's SO 20th century!

        Nowadays you're just shot - the Cop saw you reach for a something and had to proactively defend himself.

      2. Anonymous Coward
        Anonymous Coward

        Re: Key escrow

        Citizen, you have been detected using non-approved encryption. You will be rounded up...

        Encrypted to look like a document file. Now no one other than the receiver will know it is encrypted.

        1. DougS Silver badge

          Re: Key escrow

          I suppose for files that aren't too huge you could find a way to stick them in a Word format file - there's space that's basically binary in them, you could take an innocuous file and add some binary content to it somewhere that doesn't impact its ability to be loaded into Word. That way if the spooks decrypt it, they'll see the innocuous Word file, and you just hope their software isn't smart enough to notice all the "garbage" contained within.

          The same could be done with video files, PDF files, etc. I imagine...

          1. Richard 12 Silver badge

            Re: Key escrow

            Trivial with any image file, moving or still.

            Lots of well-known techniques that are completely indistinguishable from random noise.

            1. eldakka Silver badge

              Re: Key escrow

              Steganography

              Steganography (/ˌstɛɡəˈnɒɡrəfi/ (About this sound listen) STEG-ə-NOG-rə-fee) is the practice of concealing a file, message, image, or video within another file, message, image, or video. The word steganography combines the Greek words steganos (στεγανός), meaning "covered, concealed, or protected," and graphein (γράφειν) meaning "writing".

          2. This post has been deleted by its author

  7. BebopWeBop Silver badge

    However, he said, law enforcement needs access to the “data they need”, and added that he wouldn't go into the technical details.

    There is are many reasons why the the twat won't go into techical details.....

    1. Teiwaz Silver badge
      Windows

      There is are many reasons why the the twat won't go into techical details.....

      First bit of wisdom there then...

      (In his mind) If he uttered the wrong hashtag, the internet might be wiped and the government fall.

    2. tom dial Silver badge

      Presumably, he meant the obvious, but didn't state it very well: that law enforcement needs access to the data they need and can obtain legal authorization to access. If he meant more than that, he is out of line.

  8. Velv Silver badge
    Big Brother

    Missing the options...

    The encryption of the message in transit will remain secure, without escrow or other back doors.

    They will however mandate that it cannot be "end to end", and that the message service provider must have the message available at both ends of the communication to be inspected by someone with a warrant to access the device or central store.

    1. Anonymous Coward
      Anonymous Coward

      Re: Missing the options...

      The encryption of the message in transit will remain secure, without escrow or other back doors.

      They will however mandate that it cannot be "end to end"...

      leaving one hole in the end to end encryption for the government means the crime can also use that one hole to steal stuff. Which is the definition of not secured. Which is the point everyone who knows a little bit of how computer works is trying to say.

      1. Velv Silver badge

        Re: Missing the options...

        Sorry, I didn’t make it clear, I am in no way proposing or defending the option, I’m simply trying to suggest this is the type of smoke and mirrors answer the politicians will go for.

  9. Pen-y-gors Silver badge

    Beware!

    Obviously belief in Unicorns is infectious.

  10. Milton Silver badge

    Save us from uneducated politicians

    I'm beginning to think that we should impose strict educational requirements and IQ tests on anyone standing for office. It's not just that we have some laughably, transparently stupid people in government—in this country we have blithering mouthbreathers like IDS, Leadsom and Paterson, with Gavin Williamson desperately trying to join the Dumb Kids crowd (he'll succeed if he keeps opening his mouth)—but that even the ones who do have some residual intelligence simply refuse to use it, often through wilful ignorance. As Home Secretary, Theresa May constantly repeated this ignorant bullshit about backdoors, showing that even a lukewarm IQ is no defence against knowing nothing while flapping your jaws.

    The wilful ignorance and stupidity of "leaders" has risen in step with the infestation of career politicians, whose lack of experience in any other sphere stands out like a lighthouse of uselessness when they are required to think sensibly and actually know a few things about the world. Cultivated in the political hothouse of lies and spin, their failure to grasp both big picture and detail leaves them looking like abject fools. The problem in the US is arguably even worse, with a know-nothing, corrupt, hysterical, pathologically lying man-child as President. Trump manages to shame the USA even more than Boris Johnson shames Britain. It would be very funny if these imbecilic egotists were not so very dangerous.

    To topic, all of this guff about encryption continues to miss the point. You all know this already, but who knows, maybe a curious lawmaker is passing by ...

    1. Algorithms for extremely powerful encryption are published for anyone to read.

    2. Any competent coder from among several tens of millions on Earth can cook up an app to perform essentially unbreakable encryption. (The key is The Key, not the method!)

    3. Any somewhat superior coder from among the hundreds of thousands on Earth could additionally concoct some steganographic methods for not only encrypting data but also concealing the fact that it is there. (Think: petabytes of photos scattered like sand grains across an entire planet's worth of social media.)

    3.a. In any case, many methods exist for ensuring plausible deniability, including the randomised disk partition approach, etc, etc ad nasueam

    4. There are dozens of ways indviduals and groups can home-brew their own end-to-end encryption systems, adding steganography if they want to for extra safeguards. For one obvious example: use one device that doesn't store keys to encrypt your message and steg it into a photo; transfer that photo to your phone/PC/whatever and upload it as one of the billions on your crappy social media system of choice; whether your message was "I love you" or "How to plan our next atrocity", it is secure and, assuming you used a low encryption rate and a clever algo, not even recognisable as a message.

    5. Most of us will never bother doing this: the people who will do it—and are undoubtedly doing it already—are the Black Hats. Darwinism is ensuring that the BH community is improving its sneakiness all the time, while countermeasures are falling behind (detecting the existence of steg'd data in photos was relatively easy ten years ago; now, against any adversary whos's been paying attention, it's hopeless).

    In short, the genie is not just out of the bottle, it's everywhere, and there is not the slightest hope of putting it back. Even a drastic measure like trying to block all traffic that might contain encryption (e.g random strings; photos; music) is doomed unless governments want to stop all transactions and sensitive data on the internet.

    Polticians and security agencies need to wean themselves from the always-fatally-flawed idea that they can use tech as an easy way to control populations and control crimes, including terrorism. They need to recgonise that old-fashioned law enforcement shoe leather, due process, hard evidence gathering, infiltration and humint are as necessary and effective now as they always were.

    The lazy way does not, cannot work, so instead of childishly stamping feet and whining for what you cannot ever have, it's time to move on.

    1. Tannin

      Re: Save us from uneducated politicians

      Good Reg readers, allow me to recommend Milton's long post above. If I could I'd up-vote it twice.

    2. Anonymous Coward
      Anonymous Coward

      Re: Save us from uneducated politicians

      I'm beginning to think that we should impose strict educational requirements

      Step 1: Delete 90% of those lawyers in government

      Step 2: Delete 90% of those currently pointless laws

      Step 3: Make it only representative in their field are allow to create new laws specific to their field, and other representative from other fields has to review if the law clash with their field. In addition, representative are voted by those in their specific field.

      1. eldakka Silver badge

        Re: Save us from uneducated politicians

        > Step 1: Delete 90% of those lawyers in government

        With extreme prejudice.

        > Step 3: Make it only representative in their field are allow to create new laws specific to their field, and other representative from other fields has to review if the law clash with their field. In addition, representative are voted by those in their specific field.

        Unfortunately that leads to regulatory capture. i.e. all the laws passed will be for the benefit of those in the industry who control the industry. e.g. MPAA, movie studios, music labels, will be able to 'capture' the representatives with bribes campaign donations and get laws passed solely for their benefit.

    3. Anonymous Coward
      Anonymous Coward

      Re: Save us from uneducated politicians

      Milton, I can't help noticing your list is somewhat biases towards blaming Tory politicians for all the ills of our society.

      You obviously need reminding it was then Prime Minister Tony Blair who decreed *everybody* should be subject to constant snooping EXCEPT MPs, but that MPs email should remain sacrosanct after they left office - all to protect communications between MPs and their voters of course. He just seemed to forget that the voters' end would be spied on anyway, proving his whole "protecting MP-local constituent confidentiality" excuse was nothing more than a thinly-veiled attempt to make sure the public could never find out what he was really doing when he was supposed to be governing the UK - and how much of it was for future benefit of Tony Blair, ex-Prime Minister regardless of the effect it would have on anybody else.

      But yeah, blame the Tories. I'm sure we will be *so* much better off when the Unions are running everything again and publicity-seeking Politicians release murderers and rapists *tried by the law of the land and convicted by a jury of their peers* back into society, like the Good Friday sell-out.

      1. Rich 11 Silver badge

        Re: Save us from uneducated politicians

        Milton, I can't help noticing your list is somewhat biases towards blaming Tory politicians for all the ills of our society.

        I'm going to go out on a limb here and suggest that the appearance of bias derives from the fact that he's talking about the current government and doesn't feel obliged to reference every shitstick politician in history. You, however, let your bias shine.

        Your final paragraph in particular suggests that you have a limited experience and little understanding of recent British political history, which leads you to a failure to understand how it is likely to move forward from here. Go back to school and listen this time.

  11. Anonymous Noel Coward
    WTF?

    The only way this could be done is if Australia could see the future.

    And considering the law of Australia trumps the law of math (or so they think), they're most likely deluded enough to think the law of Australia trumps the law of time, too.

    1. MrDamage

      Given the amount of times Australian politicians have made laws apply retroactively, they do believe our local laws trump the laws of physics.

  12. Nick Kew Silver badge
    Alien

    Benefit of the doubt?

    Am I the only one who thought (from the article) this guy might have been talking sense?

    It was hedged with lots of caveats like "where possible", and "getting access to the message, not decryption" (which could translate to "getting the metadata").

    I think he may be talking about thrashing out metadata and grey areas like the FBI-vs-IPhone case here. Using language designed to be imprecise so as not to upset the dafter politicos at this stage. That would actually make a lot of sense: have at least the bones of a deal with his comms providers in place, and present it as a fait accomplit to George ("don't do that") and the flat-earthers.

    1. Barrie Shepherd

      Re: Benefit of the doubt?

      "I think he may be talking about thrashing out metadata and grey areas like the FBI-vs-IPhone case here."

      Aus authorities already have access to all communications Metadata. Like all politicians he is just a mouth piece to spout the words others write without understanding the context or meaning. A spin projector ejaculating infertile ideas into the air.

      It's an on-going mantra from the Aus Police, ASIO, AFP etc. (and their UK equivalents) that they need to be able to get to the content - in their position why would they not?.

      Against all the technical evidence they continue, probably to mask the fact that they can already access quite a lot more than they want us to know, and are just trying to hoover up the last bits.

      Of course they are also preparing their defense for when a terrorist attack is successful " Well we have been saying for years that we needed to get to message content. had we have had that facility this terrorist act would have been prevented"

    2. Brangdon

      Re: Benefit of the doubt?

      To me it sounded like he was trying to distinguish between a back door in the sense of a weakened crypto algorithm, and key escrow. A weakened algorithm can be broken by anyone with sufficient maths ability and computational power, so is a worse option. Key escrow can only be broken by whoever has the keys. Key escrow can seem like a viable option if you trust the keyholder to keep them safe.

      That said, the quote, "There's been ideas around for decades that you should create some kind of key that law enforcement can get access to … that's not what we're proposing" could be a rejection of key escrow. But without details of what he is proposing it's impossible to be sure.

  13. Nimby
    Facepalm

    Flat out like a Taylor thinking.

    I do believe that Taylor may soon spontaneously combust from such deep thought. That or ride off into the sunset upon a unicorn. One or the other.

  14. GreyBinary

    how?

    Whats been hinted at the guardian is the Adoption of a front door. Ie pre encryption of sent message.

    Im guessing this would entail a manufacturer device enabled cache on the SOC. So the Gov in question can simply request a key from the manufacturer based on the serial number of the device.

    This will be real.

    1. clanger9
      Black Helicopters

      Re: how?

      I agree. Some kind of screenshot/keystroke/audio cache on the device that can be queried remotely. Not need to worry about apps or end-to-end encryption. If they can see what's on your screen, they'll be happy...

  15. handleoclast Silver badge

    An educational video for your idiot politician

    E-mail your politician this link: https://www.youtube.com/watch?v=VPBH1eW28mo.

    It worked with my MP, who thought it a very useful explanation of why techy people kept telling him "it won't work" and was very glad to have received it. It will probably work with your MP too, unless you live in the Hastings and Rye or Maidenhead constituencies.

  16. Dramoth

    Dutton's attempt at making Australia into a fascist police state

    Nothing to see here, move along... and give me your encryption keys while you are at it!

  17. FooCrypt

    Independent review of the Defence Trade Controls Act 2012 (Cth)

    I mentioned Angus the Cyber Minister twice in my review submission :

    http://www.defence.gov.au/publications/reviews/tradecontrols/Submissions.asp

    http://www.defence.gov.au/publications/reviews/tradecontrols/Docs/Mark_Lane.pdf

    Male Bovinae Faeces [ BullShit ] & Case study # 7c5aba41f53293b712fd86d08ed5b36e

    The escrow debate is bullshit being regurgetated & farmed down from the USA 'CLIPPER KEY / CHIP' from 25+ years ago. [ https://en.wikipedia.org/wiki/Clipper_chip ] along with the 'Munitions legislation' that was forced into the 'Wassenaar Arrangement’ that the stupid Liberals turned into the DTCA.

    Be Protected, Get The FooKey METHOD : http://foocrypt.net/the-fookey-method

  18. FooCrypt

    The common flaws in ALL encryption technologies to date are :

    The FooKey METHOD :

    http://foocrypt.net/the-fookey-method

    The common flaws in ALL encryption technologies to date are :

    1. Typing on a KeyBoard to enter the password

    2. Clicking on the Mouse / Pointer device that controls the location of the cursor

    3. Some person or device looking / recording your screen as you type the password

    4. The human developing a password that is easily guess, or can be brute forced due to its length

    5. Sharing the password with a third party to decrypt the data

    6. Storing the encrypted data in a secure location so no unauthorised access can be made to either the key(s) to decrypt the data or the encrypted data itself

    FooCrypt, A Tale Of Cynical Cyclical Encryption, takes away the ‘BAD GUYS’ by providing you with software engineered to alleviate all the above.

    1,2,3 are mitigated by the FooKeyBoard, Auto Key Press and a simple combination of colors modifying the Cypher Key Control Text Window. The TopeSecretCypherKeyControlText Preference Setting enables your to have a such a configuration. All the Text is hidden until you click and drag the cursor over a text area revealing only the portion of the text window you choose.

    4 is mitigated by the simple configurability of FooCrypt, the accept random data from an unlimited number of sources and following FooCrypt's DEFAULT settings of utilising a length up to the maximum

    5 is mitigated by FooCrypt’s ability to intemperate any binary data as a source for creating a FooKey, hence sharing the FooKey, can be obfuscated by an act as simply as sending the third party :

    A Photo

    A Music file

    A Document

    A URL to a data source on the Internet / Intranet

    The possibilities are endless

    Then, all the third party has to do, is utilise FooCrypt’s Import Window Memory Binary Features, to recreate the FooKey.

    Modifications to the imported binary import can be made with ease with FooCrypt’s XY features, enabling identical cursor position for character modifications to the binary import

    6 can be mitigated by always storing your encrypted data on an encrypted media device, thus even if your media device is physically stolen, the thief needs to break the disk encryption, and then try to break FooCrypt’s Cyclical Encryption. FooKey’s are always stored on physical media, encrypted in a single layer of encryption. FooKey’s can easily be encrypted by the User with a FooKey, hence, layering the FooKey in multiple layers of encryption.

    No one to date has been able to by pass or break into a file encrypted with the FooKey method.

  19. DrM
    Black Helicopters

    Splunge!

    Second Writer: Splunge.

    Larry: Did he say splunge?

    First and Third Writers: Yes.

    Larry: What does splunge mean?

    Second Writer: It means it's a great-idea-but-possibly-not-and-I'm-not-being-indecisive!

    Larry: Good. Right. (to third writer) What do you think?

    Third Writer: Er. Splunge?

    Larry: OK.

    First Writer: Yeah. Splunge for me too.

    Larry: So all three of you think splunge, huh?

    Writers: Yes!

  20. rjed
    Facepalm

    politician talking to skeptic security expert

    Politician: We need access to some communications between x and y ... give us the master key

    SecExpert: There is no master key ... Let me tell you how it works ..

    Politician (thinking in the mind) : Oh! She started again!!

    Politician: Lets cut to the chase .. give me a way to access communication between x and y .. whatever it takes..

    SecExpert: I do not own the keys for the communication ... the keys are owned by the users and its a breach of trust if i give it to you.

    Politician: Do you know whom you speaking to? How come you do not trust us ?

    SecExpert: Maybe I trust you but i do not know how can i trust the institution and its future staff from misusing this powers ...

    Poitician: How can you not trust the constitution makers? We ll amend the constitution and we ll see you then.

    Meanwhile, in the other part of world:

    Terrorist1: Shall we use whatsapp to send messages?

    TerroristSecExpert: What! Are you mad? We ll use this android app which i developed in past few days which uses our own generated public/private key pairs.

    Terrorist1: I want those poo emojis in that app ... do you have it?

    TerroristSecExpert (rolling her eyes)...

    1. FooCrypt

      Re: politician talking to skeptic security expert

      I hope they applied for a permit as per the DTCA, DSGL listing on encryption technologies ;)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019