back to article When's a backdoor not a backdoor? When the Oz government says it isn't

Australia's promised “not-a-backdoor” crypto-busting bill is out and the government has kept its word - it doesn't want a backdoor, just the keys to your front one. The draft of The Assistance and Access Bill 2018 calls for anyone using or selling communications services in Australia to be subject to police orders for access …

  1. Khaptain Silver badge

    Welcome to China

    Jdnnazhfnmioelanbucuidjebgazucifje.

    (Decrypted version by means of me being a good cop)

    All your Kangaroos are us.

  2. Winkypop Silver badge
    Big Brother

    Double Plus Good

    Relax citizen.

    The "if you've got nothing to hide" brigade will be here any minute!

    1. katrinab Silver badge

      Re: Double Plus Good

      If you do have something to hide, it doesn’t mean you’ve done anything wrong.

      1. Doctor Syntax Silver badge

        Re: Double Plus Good

        If you do have something to hide it means you're abiding by the T&Cs of your bank, online vendors etc etc etc. I take it Oz doesn't have much of a financial services or ecommerce sector; either that or they're trying to get rid of them.

      2. Scroticus Canis Silver badge
        Big Brother

        Re: Double Plus Good - "...doesn’t mean you’ve done anything wrong."

        Ah, but who's definition of wrong will this operate under?

    2. dbgi

      Re: Double Plus Good

      You have everything to hide, if you have something to fear.

    3. Avatar of They Silver badge
      Mushroom

      Re: Double Plus Good

      I hate that phrase with a passion. There are plenty of legal things I would like to hide from anyone else. But numbnuts in parliament and do gooders think its fine.

      I argued this with my MP about whether she should sign the snoopers charter and she came out with the same stupid half arsed argument. (she voted for it in the end)

      Bereavement, redundancy, bankruptcy, terminal illness, domestic abuse victim, rape victim, marital troubles, criminal convictions to name the ones I can remember from my argument with the MP.

      Why should anyone else get to know about them? (She had no answer either.)

      Sad times for Oz.

      1. dave 81

        Re: Double Plus Good

        Ditto, same argument with My MP, even wrote a huge open letter to the bastard. Ignored it completely, and voted for it.

        I ended up by helping fund the legal challenges to it. More than I have ever done for any political party.

      2. Doctor Syntax Silver badge

        Re: Double Plus Good

        "Bereavement, redundancy, bankruptcy, terminal illness, domestic abuse victim, rape victim, marital troubles, criminal convictions to name the ones I can remember from my argument with the MP."

        You asked her the wrong things. You should have asked her for her bank, Amazon, eBay etc details and passwords. And been prepared to explain why in words of one syllable or less.

        1. Avatar of They Silver badge
          Thumb Up

          Re: Double Plus Good

          They were in there as well, she mentioned the NSPCC were pushing for it and ignored all other conversations.

        2. ibmalone Silver badge

          Re: Double Plus Good

          You asked her the wrong things. You should have asked her for her bank, Amazon, eBay etc details and passwords. And been prepared to explain why in words of one syllable or less.

          More productive to ask for details of her deals with party leadership on voting and records of conversations with whips. Wouldn't get you anywhere, but might illuminate why.

        3. phuzz Silver badge

          Re: Double Plus Good

          "You asked her the wrong things."

          Should have asked about her Tindr/Grindr account...

  3. Phil Kingston Silver badge

    I read this as them wanting a method to take covert screenshots of the unencrypted messages. Should be a fun one to watch at any rate.

    1. David Shaw
      Holmes

      “Covert screenshots”

      Some versions of macOS ‘helpfully’ store both a jpg and a png image of all web pages viewed in Safari, one high res & one low-res. It includes user generated text in google search, translate etc. stored deep in ~/Library

      Allegedly it is part of the macOS smooth transition from one webpage to another, if you are scrolling sideways back into history , for example, you see not very greeked cartoon pages of where you were. Might be a valid use of the UI, but one of my Macs had years of images and it was fascinating, forensically, to see what I was up to in 2012. (TimeCapsule backed-up these dual images of each webpage, for some reason)

  4. Danny 5

    Awesome

    So how many times are we going to see such technical decisions that are made by people who have no idea of what those decisions imply? Oh and why do those people think they can fool people who actually do have the required knowledge? You can't spin bullshit if your audience is 100x more knowledgeable than you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Awesome

      "You can't spin bullshit if your audience is 100x more knowledgeable than you."

      But Sir!

      That goes right to the heart of the Westminster system!!

      1. Anonymous Coward
        Anonymous Coward

        Re: Awesome

        ""You can't spin bullshit if your audience is 100x more knowledgeable than you."

        But Sir!

        That goes right to the heart of the Westminster system!!"

        You might very well think that. I couldn't possibly comment.

        ps

        The Westminster system doesn't have a heart. Just an alleged list of people's misdeeds, and details of their finances.

    2. Evil Auditor Silver badge

      Re: Awesome

      You can't spin bullshit if your audience is 100x more knowledgeable than you.

      This, unfortunately, is only true for the small minority of people who are aware of the technical or social implications. Such as you find among El Reg readers and commentards. The majority of voters though, at least in my perception, are deceived/convinced by the criminally moronic phrase "if you've got nothing to hide..." or simply don't care at all.

      Where's the We Are Fscked icon?

    3. Anonymous Coward
      Anonymous Coward

      Re: Awesome

      So how many times are we going to see such technical decisions that are made by people who have no idea of what those decisions imply

      -----------------------------------------------------------------------------------------------------------------------

      That's just it. These are not technical decisions, they are political decisions.

      Any technical issues are irrelevant about what matters to them - power, control, and how many votes they can sleaze out of the issue.

    4. Mark 85 Silver badge

      Re: Awesome

      So how many times are we going to see such technical decisions that are made by people who have no idea of what those decisions imply?

      They're politicians not techies. Here in the States there's only a couple of legislators who have a grasp of the issue. The rest (not tech knowledgeable types) want votes, not solutions and thus they come up with stupid solutions to complex problems. It's not just tech stuff, but pretty much anything more than a decision on the dinner menu and maybe what wine goes with what dish.

      You can't spin bullshit if your audience is 100x more knowledgeable than you.

      See above, not for us techies but votes and <cough>campaign contributions<cough>. So far, techies have been ignored or (in the case of Zuck's appearance in Congress) asked about issues that pretty basic or downright wrong. The "baffle them with BS" answers seemed to have satisfied those legislators.

    5. P. Lee Silver badge

      Re: Awesome

      They know quite well what the decisions imply. They just choose to ignore it.

      Hence skype is no longer p2p, Large corporates will always try to make money and they will comply with the law. Combine legal requirements with financial self interest and you have a winner.

      The "you will not tell your tell anyone" provisions is for the corporate's benefit, not Australians.

      There are still problems. Obviously on-prem kit has to go. We can't have that messing up our surveilance. Cloud it is, then.

  5. Bush_rat

    Question:

    What are the proposed rules for temporary communications? I.e, if Alice hands letters to Bob, Bob reads and then burns them, they cannot be compelled to supply the information lost surely?

    1. DavidRa

      Re: Question:

      Of course they can, because they might be discussing terrywrism. With the threat of $50K fines hanging over their heads, we'll end up developing new capabilities - like the reconstruction of paper after burning, or creating the recording of a conversation years after it happened.

      After all, if the laws of mathematics can be bypassed, physics and chemistry should be easy and reversal of entropy not far behind.

    2. Anonymous Coward
      Anonymous Coward

      Re: Question:

      Too late!

      I've already reported Bob and Alice to the Department of Magic Backdoors!

      Carol and Ted are next!

      * anyone old enough for that reference?

      1. Anonymous Coward
        Anonymous Coward

        Re: Question:

        "anyone old enough for that reference?"

        The film (1969) in spite of an over-18 rating was eclipsed by "Women in Love" at our local flea pit.

        1. Thoguht Silver badge

          Re: Question:

          Bob and Carol and Ted and Alice was rated "X", so that's over-16, not over-18. It's rated 15 now.

          1. Anonymous Coward
            Anonymous Coward

            Re: Question:

            "[...] was rated "X", so that's over-16, not over-18."

            According to Wikipedia - from 1963 to 1982 the British Certificate X was 18 and over. The films in question were released in the UK in 1969/70.

            My mistake earlier by saying "over 18" when I meant "18 and over".

          2. 's water music Silver badge

            Re: Question:

            rated "X", so that's over-16, not over-18

            You made me look, and I see that 1969 was the last year before the X classification was changed to over-18 (which is my own memory of it. Sadly I was not old enough to manage to see any X-rated film before the change-over to to the much less evocative 18 classification in 1982. I remember the anticipation of Channel Four's Red Triangle films

        2. Mike Ozanne

          Re: Question:

          "The film (1969) in spite of an over-18 rating was eclipsed by "Women in Love" at our local flea pit."

          You all wanted to see Olly Reed wrestling naked?

          1. Anonymous Coward
            Anonymous Coward

            Re: Question:

            "You all wanted to see Olly Reed wrestling naked?"

            The young women in our group of friends wanted to see that scene. It was another year before any of us saw the opposite sex naked in the flesh.

    3. Doctor Syntax Silver badge

      Re: Question:

      " if Alice hands letters to Bob, Bob reads and then burns them, they cannot be compelled to supply the information lost surely?"

      It doesn't work like that. Alice hands the letters to the gummint. The gummint reads them, makes a copy, decides whether to hand them on. If they decide to hand them on they do, Bob reads them and burns them. Gummint keeps its copy.

    4. Kabukiwookie Bronze badge

      Re: Question:

      Simple. Alice goes to jail or gets find $50,000.

      1. Anonymous Coward
        Coat

        Re: Question:

        > Alice goes to jail or gets find $50,000

        There's a choice? I'd prefer to find $50,000.

        (sorry - mine's the one with $50k in the pocket)

    5. Schultz
      Mushroom

      What if ... Bob reads and then burns the letter?

      It's a matter of time until the dangerous act of Making Fire will be regulated. It's one of the oldest tool of terrorist!

      1. jonathan keith

        Re: What if ... Bob reads and then burns the letter?

        Bob will have made a mistake. After a period of re-education, Bob will be returned to society, secure in the knowledge that it is *books* he should be burning. Perhaps he might even get a job with the Fire Brigade.

  6. Oengus Silver badge

    The Holy Trinity

    "the government wants to apprehend terrorists, paedophiles and organised crime"

    Ah, the Holy Trinity of the security agencies. Why is that every privacy invading idea from the governments and security agencies across the globe have the same target but the legislation is always so broad that it encompasses everyone?

    1. Bush_rat

      Re: The Holy Trinity

      What, do you support paedophilia?

      /s

    2. Vanir

      Re: The Holy Trinity

      Because anyone of everyone could be a terrorist, paedophile or participant in organised crime.

      Security services of the Western democracies have to have evidence that can be presented to a court of law and a jury.

      If these agencies are denied the means to get evidence from communication channels then there is no chance of them carrying out their legal responsibilities.

      One of the primary responsibilities of democratic government is to protect the people that put them in office. If a these governments cannot do this then what do we have?

      1. Uncle Slacky Silver badge
        FAIL

        Re: The Holy Trinity

        > If these agencies are denied the means to get evidence from communication channels then there is no chance of them carrying out their legal responsibilities.

        Not our problem. Police work is only easy in a police state.

        > One of the primary responsibilities of democratic government is to protect the people that put them in office. If a these governments cannot do this then what do we have?

        Well, we could guarantee to "protect" everyone by locking everyone up in solitary confinement from birth - some compromises are required in a free society.

        1. Anonymous Coward
          Anonymous Coward

          Re: The Holy Trinity

          "Well, we could guarantee to "protect" everyone by locking everyone up in solitary confinement from birth - some compromises are required in a free society."

          No, because the same compromises are used against you, and there's no way around the fact the compromises inevitably take you down, resulting in anarchy. So you're ultimately left with a dilemma: anarchy or the police state?

          1. phuzz Silver badge
            Facepalm

            Re: The Holy Trinity

            So you're ultimately left with a dilemma: anarchy or the police state?

            You might have noticed that while some countries are effectively anarchies, and some are police states, there also exist many (ie most) countries which manage to strike a balance between the two. Very likely you live in one of those 'middle' countries.

            So really the dilemma is; anarchy, a police state, or a sensible compromise between the two.

            1. Anonymous Coward
              Anonymous Coward

              Re: The Holy Trinity

              "there also exist many (ie most) countries which manage to strike a balance between the two."

              FOR NOW. Longer-term, however, none of them stay very stable because the balance is too difficult to keep. Ultimately, someone comes along strong enough to just flat upset it. America''s probably on the cusp of this right now. Others provide recent evidence. It's only a matter of time.

              1. Anonymous Coward
                Anonymous Coward

                Re: The Holy Trinity

                "FOR NOW. Longer-term, however, none of them stay very stable because the balance is too difficult to keep. Ultimately, someone comes along strong enough to just flat upset it. America''s probably on the cusp of this right now. Others provide recent evidence. It's only a matter of time."

                Citations needed. Besides, unless these powers are used reasonably against known criminals, ordinary folks will just find some other way to communicate that the powers that be cannot snoop on. Don't forget, it was Snowden's confirmation of mass surveillance that led to more widespread use of encryption in the first place. If this unreasonable invasion of privacy continues, someone will just invent a new way to communicate that has a new way to evade the snooping, therefore closing the door to the current methods used by the government so they'll end up with less data rather than more. I am sure that the police would be far better served searching a database of relevant data populated with known criminals than trying to find meaning in a haystack of infinite size containing mostly law abiding citizens, which would only serve to mask the true criminals hidden within.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: The Holy Trinity

                  "If this unreasonable invasion of privacy continues, someone will just invent a new way to communicate that has a new way to evade the snooping, therefore closing the door to the current methods used by the government so they'll end up with less data rather than more."

                  You assume there IS a way, but you overestimate the intelligence of the average human being or have your forgotten the while President Trump deal? Unless you can make it turnkey easy AND bulletproof at the same time (which I bet you can't--security and ease of use tend to be on opposite ends of the scale: see front doors), there WILL be weaknesses that a state (where money isn't always an object) can exploit (thus the data center in Utah, which I still believe is just a front for a black-project quantum computer--black projects HAVE come from the US in the past; see the SR-71).

                  1. Jack of Shadows Silver badge

                    Re: The Holy Trinity

                    Aside from your over the top levels of arrogance contained in your post, the particular group of people I hang out with every week happen to consider this a challenge, not an impossibility. I'm involved in the hardware and process engineering end of things, others in software, and the cryptographers are the source of the maths needed. I'd do maths but I long ago lost any interest in the theoretical side. Applying what's been learned is my meat and potatoes.

                    Thanks though for mentioning the SR-71. Take everything you've read and chuck it right out the window. It flew earlier than 1964. Much earlier. My mother was there for an emergency landing at her naval air station. She also got to see it going flat out after it took off. Right time to see what wasn't allowed talking about.

                  2. GIRZiM

                    Re: The Holy Trinity

                    "Unless you can make it turnkey easy AND bulletproof at the same time (which I bet you can't--security and ease of use tend to be on opposite ends of the scale: see front doors), there WILL be weaknesses that a state (where money isn't always an object) can exploit."

                    Football matches are pretty loud - you can probably communicate with your criminal compatriots by word of mouth at one of those without too much difficulty, provided you use a (not necessarily too complex) code.

                    I believe spies/secret agents used to talk to each other F2F in bathrooms with the shower/bath taps running in the days before email/IRC/Facebook.

                    It may not be bulletproof: I may be wrong but football scarves aren't generally so to the best of my knowledge and it might be a good idea to plan your crimes in countries where the police/locals aren't armed (just in case, you know).

                    But, unless one (or more) of you is deaf/mute, It's pretty easy - I'd go so far as to say 'turnkey easy' myself.

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: The Holy Trinity

                      Ubiquitous high-res cameras and lip readers. Noise and location are no longer an issue. Try again.

                      1. GIRZiM
                        FAIL

                        Re: The Holy Trinity

                        Lip-readers?

                        Ha ha ha ha ha!

                        Know many deaf people, do you?

                        I've known a few myself.

                        Lip-reading ain't what you think it is and the 'Bad Lip-reading' videos are pretty much on the button.

                        Add to that the fact that people turn their heads from time to time and you lose whole sections of what they're saying because (inconveniently) they didn't face another camera directly.

                        Done much work with surveillance cameras, have you?

                        I've done a bit myself and while there's some impressive tech available, it's expensive and not terribly widespread.

                        People with their collars up don't help matters.

                        People with scarves over their mouths because it's cold (which happens quite frequently in countries that aren't the U.K., Australia or California) don't help help either.

                        People sitting at an awkward angle.

                        People sitting too far from the outdated, low cost, low quality publicly installed camera that was the only thing that had an angle on your target because you didn't have the budget for more than one observation team and could only capture one of them... you guessed it, they don't help much either.

                        Yeah, it's all very impressive and intimidating when you watch 'Mission Impossible' or 'Minority Report' or whatever but they're not terribly representative of what actually happens in the real world.

                        In the real world almost nobody has the budget for that kind of operation and, when they do, it's targeted and the technology required not at all ubiquitous.

                        Try again.

                    2. onefang Silver badge

                      Re: The Holy Trinity

                      "it might be a good idea to plan your crimes in countries where the police/locals aren't armed"

                      Police in Australia are armed, the locals not so much.

          2. Anonymous Coward
            Anonymous Coward

            Re: The Holy Trinity

            "No, because the same compromises are used against you, and there's no way around the fact the compromises inevitably take you down, resulting in anarchy. So you're ultimately left with a dilemma: anarchy or the police state?"

            Your 'argument' of "police state or anarchy" (with nothing in between) is just another loaded phrase along the lines of "if you've nothing to hide you've nothing to fear". Where do people get this bullshit idea from that it's either anarchy or a police state? Ever heard of balance? I doubt many people would have a problem with the police/government only going after known bad guys and leaving the rest of society some modicum of privacy, that sounds fairly reasonable, but why does every Tom, Dick and Charles 9 need the state or anyone else rummaging through their personal business? There's absolutely no valid reason for it at all. If you really believe that, please post your banking details, account numbers, sort code, PIN number, email login, etc. etc. After all, you wouldn't want anarchy taking over, now would you?

          3. Uncle Slacky Silver badge
            Black Helicopters

            Re: The Holy Trinity

            > resulting in anarchy.

            What's so bad about anarchy anyway?

            https://thebreadbook.org/

          4. Schultz
            Boffin

            The dilemma: anarchy or the police state?

            To address that dilemma, democratic society need separation of powers with strong oversight by an independent justice system and through public scrutiny. There is a lot of room between anarchy and the police state, but the damage by moving close to either extreme may be terrible and quite irreversible.

            We have this discussion, which is evidence that Australia is neither an anarchy nor a police state. But laws that establish powers keeping "providers [...] quiet about agencies' covert operations, enforced by jail time and massive fines" would remove public scrutiny and judicial oversight and might do some damage. Judge for yourself where the right balance should be.

          5. Loyal Commenter Silver badge

            Re: The Holy Trinity

            So you're ultimately left with a dilemma: anarchy or the police state?

            s/dilemma/false dichotomy/

            There, fixed that for you. The invoice's in the post. The Aussie government may or may not have already read it.

            1. Charles 9 Silver badge

              Re: The Holy Trinity

              PROVE it's a false dichotomy. I propose the middle is UNHAPPY, meaning the natural gravitation is toward one or the other extreme, thus making it a dilemma long term. Or why else has no government haven't undergone serious upheaval if not serious replacement once a century or so? Even the US had a civil war about 150 years ago.

              1. Charles 9 Silver badge

                Re: The Holy Trinity

                Too late to edit, so I'll follow on my own post. There's also the chance of a brute-force takeover, when someone gathers enough power to simply shove the existing government aside, at which point all the laws in the books are just ink on a page.

        2. Mark 85 Silver badge

          Re: The Holy Trinity

          Well, we could guarantee to "protect" everyone by locking everyone up in solitary confinement from birth - some compromises are required in a free society.

          Good solution but there's a small problem: who watches the turnkeys and then who watches the watchers?

        3. Vanir

          Re: The Holy Trinity

          @ Uncle Slacky

          "Not our problem." Very glib.

          Until it is, which is now.

          Every Western democratic government is dealing with this issue, thus by their electorates.

          That's you and me.

          "Well, we could guarantee to "protect" everyone by locking everyone up in solitary confinement from birth" - so that's what we have from you? reductio ad absurdum.

          "some compromises are required in a free society".

          That's the issue, the problem, electorates of 'free' societies now face.

          What will be the consequences of any 'compromise' on a 'free' society.

          I'm not surprised at the downvotes.

          1. Francis Boyle Silver badge

            Re: The Holy Trinity

            "That's the issue, the problem, electorates of 'free' societies now face."

            And what is this problem? The statistically insignificant problem or terrorism? Predatory paedophiles who have always existed even if we chose to ignore them? Emmanuel Goldstein? (He's out there, you know.)

            O.K. I'll tell you. The problem is, always has been, and probably always will be, the desire of those in power to grab more of it.

            In short, nothing's changed.

      2. Anonymous Coward
        Anonymous Coward

        Re: The Holy Trinity

        "If these agencies are denied the means to get evidence from communication channels then there is no chance of them carrying out their legal responsibilities."

        That same justification has been made for extracting confessions by torture - and all deemed perfectly legal.

      3. Doctor Syntax Silver badge
        Joke

        Re: The Holy Trinity

        @Vanir

        Did you forget this icon?

      4. JohnFen Silver badge

        Re: The Holy Trinity

        "If these agencies are denied the means to get evidence from communication channels then there is no chance of them carrying out their legal responsibilities"

        This is simply and plainly incorrect.

      5. GIRZiM

        Re: The Holy Trinity

        "If a [sic] these governments cannot do this then what do we have?"

        Good question, Vlad.

        What were Donny Boy's thoughts on the matter?

    3. Anonymous Coward
      Anonymous Coward

      Re: The Holy Trinity

      "[...] but the legislation is always so broad that it encompasses everyone?"

      They make the legislation apparently quite definite. Then subsequently they gradually widen the scope of interpretations of "terrorists, paedophiles and organised crime".

      1. nagyeger

        Re: The Holy Trinity

        You forgot extremists.

        I notice that "extremists" now potentially includes your grandma and / or the local vicar, assuming they still hold views they've held for 40 years.

      2. Adam 1 Silver badge

        Re: The Holy Trinity

        > They make the legislation apparently quite definite. Then subsequently they gradually widen the scope of interpretations of "terrorists, paedophiles and organised crime".

        It already covers "protecting the public revenue", so add to that library/parking/dog shat on the footpath fines as technically meeting the criteria.

    4. Chris G Silver badge

      Re: The Holy Trinity

      "the government wants to apprehend terrorists, paedophiles and organised crime"

      I don't know why but I keep reading that as 'wants to apprehend Tourists' , maybe I have watched that Oz Customs show too many times.

    5. Chairman of the Bored Silver badge

      Re: The Holy Trinity

      @Oengus, +1 for coining The Holy Trinity of security agencies. When we were growing up The Man worried about me having too much sax, drums, and rock 'n' roll ... but I guess times have changed

    6. GIRZiM

      Re: The Holy Trinity

      "the government wants to apprehend terrorists, paedophiles and organised crime"

      Well they certainly don't seem to do anything about disorganised crime, that's for sure - muggings, burglaries, stolen cars, if you're not robbing Rotarians/Masons/local councillors, you can pretty much do what you like in the name of agile/flexible individual enterprise.

  7. Jack of Shadows Silver badge
    WTF?

    I'm still wrapping my head around Australia being able to compel me, either in my capacity as an OEM/ODM, or as a provider of a service from here in the US, to someone physically present in Australia and facilitate their criminal justice system. I guess I'll wait to see the enabling the US is going to provide in return to Australia. That won't get them anywhere. I am already in prison for all intensive purposes. I rather suspect the medical care in an Australian prison has got to be an improvement over the Veterans Administration care that I'm receiving here.

    I wish I were joking.

    1. Anonymous Cowerd
      Headmaster

      "all intensive purposes"

      LMFTFY

      "all intents and purposes"

      1. GIRZiM

        Re: "all intensive purposes"

        I could be wrong about this but, given the mention of the Veterans' Association/Administration and being a 'prisoner', you can probably safely assume that it was a deliberate play on words based around being hospitalised/incapacitated in some way, rather than a grammatical error.

        It does help to stop and apply some reading comprehension before firing V2 grammar-rockets at people.

        1. Anonymous Cowerd
          Facepalm

          Re: "all intensive purposes"

          My comprehension is fine, thanks. I've seen this grammatical error many times, so I seriously doubt that this is intentional; it's just wrong.

    2. Adam 1 Silver badge

      Maybe it would help to understand if you substitute USA where you see Australia and, geez, pick any law, but let's go with DMCA, or EU and GDPR.

      Our collective Muppets-in-charge can not get their head around the limits of their legislative powers.

      You can ignore this unless:

      (a) you planning to visit our fine shores; or

      (b) you starting up a local company presence; or

      (c) Some trade agreement where your own country has agreed to limit you in this area; or

      (d) Your customer is subject to these laws and requires that you agree to the technical assistance measures to the extent that your law permits you to. (You are of course free to not accept such customers).

      TL;DR, if you're the cow on the hill, feel free to ignore Yertle bellowing from the pond.

  8. Guus Leeuw

    Dear sir,

    if they already know the sentence is 3 years or more, why do they still need access to data?

    Best regards,

    Guus

    1. jhop

      The sentence IF THEY WERE FOUND GUILTY would be 3 years of more.

      So if the prosecution brings a case, and the judge says 'lets assume everything you say is true, the sentence is 6 months' then you dont get one.

      For example if the crime is littering, that's a $60 fine. You cant get access to the data to prove this, even if they are guilty as sin.

  9. FozzyBear Silver badge
    Black Helicopters

    that the powers would only be invoked for “serious crimes” involving sentences of three years or greater.

    Common Assault, malicious damage to a letter box, hell, drink driving all carry a possible gaol sentence of more than 5 years. Assault and Malicious damage carry possible 7 years.

    And I was worried about google and the like sniffing my location on mobiles. I need to rethink my tech strategy.

    Whats the baud rate for a tin cup and and a piece of string?

    1. Steve Davies 3 Silver badge

      re: Baud Rate

      It depends on how wet the string is obviously.

    2. Chris G Silver badge

      Baud rate

      @ Fozzy. Depends on your string material and how tight it is. What's to stop a third actor tying on to the string at any point between cups?

      Also I suspect the same laser technology used to evesdrop via window glass could work with the vibrations in the string, best thing is don't talk to or communicate with anyone.

      Is the Oz government intent on making all Aussies into criminals? The laws there seem to be getting tougher and tougher

      1. Anonymous Coward
        Anonymous Coward

        Re: Baud rate

        Is the Oz government intent on making all Aussies into criminals?

        AGAIN!

        Remember Transportation!

        1. m0rt Silver badge

          Re: Baud rate

          Better still - just use encryption over radio. That way everyone can listen in, and you expect it. Just ensure you use a good encryption.

          Numbers stations are still in use. Why? Because they work. You may be able to pinpoint a recipient to a rough continent, but that is it.

          1. Doctor Syntax Silver badge

            Re: Baud rate

            "You may be able to pinpoint a recipient to a rough continent"

            Is there a continent that isn't?

        2. onefang Silver badge

          Re: Baud rate

          "Is the Oz government intent on making all Aussies into criminals?

          "AGAIN!

          "Remember Transportation!"

          But not everyone transported to The Great Prison Oz where criminals, they also sent politicians to manage them. Oh wait ...

          1. bikerdev

            Re: Baud rate

            One of my ancestors was transported ( Great Great great Grandfather I think ). His heinous crime was to be found with a gun in private woodland and accused of poaching. His choices were then death or transportation.

            I believe the general idea was to just export suspected criminals rather than provide actual justice, as the former was cheaper.

      2. Grikath Silver badge

        Re: Baud rate

        "Is the Oz government intent on making all Aussies into criminals?"

        Whelp.... Once upon a Glorious Time, the Oz population consisted of Good Citizens ( under martial law) , Convicts ( under martial law ) , ex-Convicts ( under martial law if the Good Citizens felt like it ), Outlaws ( automatic death sentence ) and Savages ( who didn't count ) .

        It seems that in the past decades the Ozzie government is doing its damnedest to recreate that state of affairs. For the Good of the People , of course.

        1. Adelio

          Re: Baud rate

          Don't forget politians (who are always whiter that white and should NEVER be investigated)!

    3. nagyeger
      Joke

      data rate

      Whats the baud rate for a tin cup and and a piece of string?

      If you can get hold of some light, inextensible string, as beloved by high-school physics teachers, then your signals arrive instantaneously (0 propagation delay, since the string will not extend) and depending on the mass of your cup then your data rate could exceed that of all known network cables.

      Unfortunately the last time I looked, they'd stopped making it. Something about the laws of physics.

      1. onefang Silver badge

        Re: data rate

        "Something about the laws of physics."

        I don't think string theory has been completely ruled out yet. Though the main problem with those sorts of strings is that both ends have to be very very close together. You might be better off just whispering in their ear.

    4. GIRZiM

      Re: baud rate

      Is that a fully laden tin cup?

      1. Loyal Commenter Silver badge

        Re: baud rate

        Is that a fully laden tin cup?

        A spherical one in a vacuum.

        1. GIRZiM

          Re: baud rate

          > A spherical one in a vacuum

          Oops - wrong answer :-O

  10. DougS Silver badge

    If Apple didn't knuckle under to the FBI

    When they made a similar request for ONE phone, they sure as heck won't knuckle under to the Aussie government wanting this capability for every phone. I can't imagine they will have much more luck getting other companies that have encrypted messaging where they don't control the key redesigning their protocols to allow snooping.

    1. Hans Neeson-Bumpsadese Silver badge

      Re: If Apple didn't knuckle under to the FBI

      When they made a similar request for ONE phone, they sure as heck won't knuckle under to the Aussie government wanting this capability for every phone. I can't imagine they will have much more luck getting other companies that have encrypted messaging where they don't control the key redesigning their protocols to allow snooping.

      Where those vendors are outside Australia, as it the case with Apple, I gues the Australian government's weapon of last resort would be to deny them a licence to import their products. Either comply, or say goodbye to your business in the country.

    2. usbac

      Re: If Apple didn't knuckle under to the FBI

      Well, if Apple, Google, Samsung, etc. stop importing devices into Australia, how long do you think the political career of these idiots will last? If all of the device manufacturers put a note on all of their websites like "* devices are not available in Australia, contact your MP for details why." how long do think this nonsense will last?

      We will see how long the citizens of Oz like living in North Korea?

      1. DougS Silver badge

        Re: If Apple didn't knuckle under to the FBI

        Apple has nearly half the market in Australia - similar to the US in that regard. So politicians who banned their import because they wanted to be able to spy on citizens would probably get a lot of backlash! Maybe enough to bring the whole Aussie "backdoor" plan down...

  11. m0rt Silver badge

    Intersting place we are in right now. All of a sudden the reams of data that we daily spew, the trillions of bytes of cats, porn, txtspk and selfies and are flung are all considered 'rightfully' yours; the domain of the security agencies.

    We get it. You are keeping us 'safe'. And for a given value of safe, you are. Even if, using this method, you caught or interrupted *one* bad thing, this is a definition of keeping us safe. Thanks for that. But I, personally, don't trust you. You see things with lines stating this is a good citizen and this is a citizen to watch because certain patterns cross over. And you watch, 24/7 and add up all these little extras that once were maybe deemed eccentric by others, and they cause you concern because they dont equate to the idea of a good citizen.

    There are far more people like me, than people like you, though.

    So you need stricter fines, methods for control to keep the 'undesirables' under control. But this doesn't work. So these methods become more corporal in nature. Because this works, right?

    Then what? You think 'this will never happen, we won't repeat history'.

    And of course, as you know, you already are.

    Because what will happen? A generally disatisfied populace will end up voting in a government that actually looks like it is leading, is forceful and gets things done as opposed to the clowns currently operating. And then that government has the tools, thoughtfully put in place by you, to ensure that they continue to be forceful and Get Things Done™.

    So thanks for that.

    Total bullshit of course. Just a little eccentricity of mine, thinking like this whilst I have my breakfast.

  12. Duncan Macdonald Silver badge
    Flame

    PGP ?

    Offline encryption and decryption using PGP makes all these proposed measures ineffective for serious criminals. However that is not the point of this or similar legislation - there are two main intents - (1) to grab useful commercial data to enrich the politicians - (2) to provide a method for removing political opponents. Criminals of all types are NOT the target of the laws (except by accident).

    Politicians make the Kray brothers and Al Capone seem like honest trustworthy citizens.

    1. Nick Kew Silver badge

      Re: PGP ?

      Actually orthogonal to the legislation (as I read the article).

      It'll mean you can't sell gnupg in Oz. And if you sell a tool that implements PGP, you'll have to be prepared to cooperate with the stasi.

      Basically what it seeks to prevent is not unbreakable encryption, but rather making unbreakable encryption available to the Great Unwashed.

      Those of us who can use gnupg are the tech equivalent of people capable of manufacturing drugs or weapons. You don't wipe us out, but you come down heavily on a person who supplies them to anyone else.

      Ironic that it was an Aussie (Eric Young) who originally wrote the software that later became OpenSSL, back in the days when that would've been illegal in the US.

  13. Peter Prof Fox

    The copper from Woggablogga

    It doesn't work like "I say old boy, decode this message for me, there's a good chap" In reality it's fishing TB.

    So let's suppose the copper from Woggablogga claims you're a baddie 'cos 'he knows' you're an ansty sort. Obviously his warrant will be for everything including bank logins, chats to girlfriends, horse racing tips and social media references to what his wife gets up to with the boys from Cloudsville Creek. Really the latter.

    Oh and for good measure, if your logins are hacked, even if the copper from Woggablogga told you and you had the money, you couldn't go to court to prove the government (ie some official in the council with the power to check on litter-dropping) were responsible.

  14. Giovani Tapini

    Who would pay?

    Disregarding the stupidity of the idea itself.

    Building capabilities to break encrypted traffic is likely to be both non trivial, and involve multiple companies, some of which may not indeed have the capacity to deal with requests from hundreds of clients.

    There would end up being whole chains of liability as you go through resellers, providers, technical partners, data center or cloud delivery organisations in implementing such schemes. This would not be straightforward even if all the groups agreed on what could or should be delivered...

    It sounds like a recipe for corporate disaster... never mind the moral or ethical dimensions...

    1. Serif

      Re: Who would pay?

      Just what I was thinking. The way the proposals are written seems to assume that any company called on to cooperate in providing intercept have the capabilities to do that in house. In practice of course they will more than likely be using 3rd party services and kit which they do not have control over. So they'll need to request help from these 3rd parties who in turn may be in the same position.

      So a couple of questions. Who's going to pay for this assistance and how are you going to even be able to request it given that you are not allowed to tell 3rd parties what you're up to?

    2. Richard51

      Re: Who would pay?

      Simple book codes, if only used once would be unbreakable even then. Without foreknowledge of the book in question and where in the book the encryption starts they are totally unbreakable.

      1. Charles 9 Silver badge

        Re: Who would pay?

        Not even to a Utah-class data center and/or a secret quantum computer?

      2. Anonymous Coward
        Anonymous Coward

        Re: Who would pay?

        Simple book codes, if only used once would be unbreakable even then. Without foreknowledge of the book in question and where in the book the encryption starts they are totally unbreakable.

        ---------------------------------------------------------------------------------------------------------

        No, they are not.

        Read up on the history of cryptanalysis.

        There is too much order in a book.

  15. mark l 2 Silver badge

    Unfortunately I can see the UK government looking at this bill and thinking it sounds great, once they have finished with the fiasco of leaving the European Union I suspect we will have something very similar on the cards (refuse to call it Brexit as it is a word that sounds like something a child would make up)

    1. Doctor Syntax Silver badge

      "a word that sounds like something a child would make up"

      OK, someone had to

      If we have to wait until they finish dealing with the fiasco we don't have to worry. That'll be a very long time.

  16. Wolfclaw Silver badge

    So any member of 5eyes, can come up with BS excuse that they are using Aussie comms services and the Aussies will invetsigate on their behalf and order a company to open up and they can't even complain or go to court incase it gets leaked .. is Australia becoming the enxt Nazis state ?

  17. Christoph Silver badge

    " the powers would only be invoked for “serious crimes” involving sentences of three years or greater."

    And we know that they will stick to those limitations, because?

    If nobody is allowed to know what they are doing because any whistle-blower gets a 5 year sentence, then they will misuse it. Any time some group gets completely unsupervised power, it gets misused.

    This is well known - the Snowden revelations showed that security agencies go way past what they are theoretically allowed to do as a matter of routine every day operation.

    1. swampdog

      Make it easy

      I've always said the best way around this is to tell the security agencies they can do whatever they want but if they get caught doing it the people responsible face the same laws as the rest of us.

      After all, a security agency worth having, shouldn't be getting caught in the first place.

      1. Charles 9 Silver badge

        Re: Make it easy

        Ever heard of, "Screw the Rules, We MAKE Them"?

  18. tallenglish

    And we thought China was bad

    China and its great wall is starting to look progressive. Australia is obviously trying to get rid of all the criminals we didn't want from the UK.

    Providers from USA and others need to ban Australia out of principle like we do to China to protect encryption products and people in Australia are going to need to get VPN and slow down their already shite connection speeds.

    Yay, you gotta love Aussy progress from the land that dredges the great barrier reef to let coal mining ships through.

  19. tallenglish

    David Ike was right

    Problem: government creates the problem by not doing the job they are already paid to do. (underfunding police, creating weapons, etc).

    Reaction: government reacts by hyping up all their failures (terrorism, pedophiles, organised crime).

    Solution: government provides the solution to greater control, requiring more government. (more taxes, more usless laws).

    Real Solution: get rid of the problem, get rid of the idiots in charge that are just creating more work for themselves to feed their massive egos.

    1. Anonymous Coward
      Anonymous Coward

      Re: David Ike was right

      You forgot that the politicians are usually reacting to the "popular" public demands stirred by various media outfits or organisations with a vested interest.

      Solution: Education

      Oh I forgot - that's another area where the government has cut funding - and outsourced control to commercial and religious bodies with a dogma interest in limiting educational knowledge.

    2. GIRZiM

      Re: David Ike was right

      So this is what a psychotic break must feel like then - except that it's reality that's bent not my mind.

      You know that the entire universe has jumped the shark into unknown territory and disappeared down the rabbit hole in the middle when sentences like "David Ike was right" actually make sense.

  20. Anonymous Coward
    Anonymous Coward

    RE: PGP?

    @Duncan Macdonald -- PGP?

    *

    Two points:

    - There's nothing any individual can do about governments having prying access to corporately managed communications (e.g. mobile phone, online banking, online shopping, etc. etc.). However, although it's less convenient and slower, each of these can be avoided by using CASH! In the case of mobile phones, a new mobile, cash for a SIM, cash for minutes means that the communication, although not private is at least anonymous if used carefully.

    - There IS something that a group of individuals can do for messaging -- namely use a privately implemented cipher scheme. To some extent it doesn't matter if it can be broken, as long as the breaking takes months or weeks. The eavesdroppers need near real-time access, which only the owners of the cipher scheme possess! This gets round the possibility (remote I know) that even PGP can be broken quickly. The private scheme might only be implemented for text messages.

    *

    Example of a randomised word replacement scheme for a short message:

    quivery Ivesdale laboredly vacations derotreme creamless Genucius DLS rhodanate admonitory Witte unprovisioned dragman starboards maggle correlatives Stillingia colibertus inclinatory diarticular Gallicolae snake-eyed microphonic rain-soaked entoplasm uranorrhaphy scoliorachitic redacts chevalier lumen whip-corrected rencontres aquariist contractors subpectinate imperceivable hough overborne sophronizing audacious pachypleuritic nukes time-tested rainbows unclotting diskery

    1. Omgwtfbbqtime Silver badge
      Thumb Up

      Re: RE: PGP?

      Frottage biennial customised psycho-the-rapist.

    2. Anonymous Coward
      Anonymous Coward

      Re: RE: PGP?

      "In the case of mobile phones, a new mobile, cash for a SIM, cash for minutes means that the communication, although not private is at least anonymous if used carefully. "

      * * *

      Only if used in only conjunction with other equally well managed anonymous phones.

      In particular:

      You cannot use it to phone non-anonymous phones except on a one time basis, to numbers that have zero connection to you.

      You cannot leave it turned on, or it can be de-anonymised relatively easily.

      You should probably disable or cover the you-facing camera, the other camera, and the microphone.

      You cannot turn it on where you have had a non-anonymous phone turned on - not just on the network, the phone will store location data whether or not it is in aeroplane mode.

      You cannot talk on it without a text to voice converter, or your voiceprint will identify you. Again, disable the microphone, as many apps ask for or get access.

      SMS messages are probably trackable.

      You cannot turn it on in places associated with you.

      You cannot turn it on in places where surveillance can put you or your vehicle.

      You cannot use it in respect of a number of different issues or interests, or that constellation will identify you, along with metadata, including time and place of use.

      You cannot continue to use it. When you replace it, you have to avoid contacting previously contacted anonymous phones - the whole network has to roll over at the same time - an identity, metadata, and connection graph reset.

      Your best bet is probably anonymised encrypted IP based text messaging using electronic drops, supported by VPNs, MAC changers, Tor, antifingerprinting techniques, etc.

      A paper based one time pad helps with some issues but raises others... worth thinking about, but there are several potential weaknesses. Use inside other secure encryption.

      You have to pay attention to surveillance, including dashcams, traffic cams, and cell tower records for other phones when buying anonymous phones.

      Note that connected cars are inherently trackable all the time.

      Any card based public transport is trackable and generally under heavy surveillance, and data is likely retained almost forever.

      You cannot trust CAs, certificates, etc.

      Privacy and security are not easy, and getting harder.

      A non-connected car can be tracked by the tire pressure monitor transmitters on the wheels - mandatory in the US. In the EU, all cars need cell transmitters in case of accident.

      I have left some things out, and don't know about others... nor do you.

      1. onefang Silver badge

        Re: RE: PGP?

        "I have left some things out, and don't know about others... nor do you."

        One thing I keep seeing being left out of any discussion about burner phones in Australia, by law you need to provide identification to get mobile service. This makes things a bit more difficult for the burner phone consumer, and a bit more lucrative for the fake / stolen ID market.

    3. Charles 9 Silver badge

      Re: RE: PGP?

      "There IS something that a group of individuals can do for messaging -- namely use a privately implemented cipher scheme. To some extent it doesn't matter if it can be broken, as long as the breaking takes months or weeks. The eavesdroppers need near real-time access, which only the owners of the cipher scheme possess! This gets round the possibility (remote I know) that even PGP can be broken quickly. The private scheme might only be implemented for text messages."

      Does it HAVE to be real-time, or can they just use the whole "Give me Six Lines" bit and work from there?

  21. Crisp Silver badge

    This sounds like a really well thought out piece of legislation

    Unfortunately it isn't. And it is predicated on a massive misunderstanding around how encrypted services on the internet works.

    If Alice sends an encrypted message to Bob, then the only point the message should be unencrypted when it's displayed on screen.

    1. Charles 9 Silver badge

      Re: This sounds like a really well thought out piece of legislation

      But that's exactly the point where they get you: outside the envelope.

    2. Anonymous Coward
      Anonymous Coward

      Re: This sounds like a really well thought out piece of legislation

      "If Alice sends an encrypted message to Bob, then the only point the message should be unencrypted when it's displayed on screen."

      And, according to their goals, it should not be encrypted wherever it is convenient for them to take a copy.

      Remember, they are not interested in your privacy and security, they are interested in their power and ubiquitous surveillance of all your activity.

  22. Milton Silver badge

    Disadvantages everyone—except the actual bad guys

    Disadvantages everyone—except the actual bad guys, who will use any one of a dozen superb freely available encryption algorithms and code, along with nice big keys, to secure their data or messages, storing them among randomised data blocks on their systems providing plausible deniability if seized, thereafter to steganographically embed the encrypted data at a very low rate among some large but poorly-resolved, "noisy" images on the web (with only two billion per day to choose from).

    Law enforcement will ultimately be in the position of having to demand passwords from suspects. Thus it will have to have been through the process in which it identified suspects, established in most jurisdictions some form of probable cause, got warrants, extradited or otherwise actually found and detained the supposed malefactor, proved that there even is some encrypted data, somewhere, and finally said "Give us the key". The latter part of the process will be conducted with defence lawyers present and the distinct possibility that even if you have arrested a Black Hat, you cannot be sure that s/he has encrypted anything in the places you've searched. Maybe that scruffy 5Mb image has some "off" byte values; or maybe it's just got noisy crap in it. Maybe that disk sector is a random mess of junk, or it's a diagram of beryllium straws for stage two of a nuke; maybe BH really has forgotten the password.

    Not only will you have to prove your case through a jury, you might notice that almost all the work you did to get to the point of having a suspect to interrogate is the exact same shoe-leather-heavy, tedious, detail-oriented, human-based police work that you had to do in the past, before all these tech miracles and encryption came along.

    In other words, while trying to create impossible and useless backdoor policies, you've proven that there are actually no magic technology bullets and that you should have concentrated on proper police work in the first place.

    1. Anonymous Coward
      Anonymous Coward

      Re: Disadvantages everyone—except the actual bad guys

      "maybe BH really has forgotten the password."

      There might not even be a password for what is incorrectly suspected as being encrypted data. In which case the person is likely to go to prison indefinitely through a revolving door for "refusing to reveal the password".

    2. GIRZiM

      Re: Disadvantages everyone—except the actual bad guys

      "In other words, while trying to create impossible and useless backdoor policies, you've proven that there are actually no magic technology bullets and that you should have concentrated on proper police work in the first place."

      Colour me cynical if you like, but so what?

      Are other agencies doing it?

      Are they getting a bigger budget than mine as a result?

      Right, well, we've got to do it too - can't have those other bastards lording it over everyone with how they've got a bigger budget .

      Will the people paying the budget understand why we aren't solving any more crime than before or can we baffle them with bullshit blind them with science (toss some 'hi-tech' sounding buzzwords around, throw in a few 'procedural's, 'transaction's, 'target's and 'acquisition's), scare them with a few bogeymen ('anonymous actors', 'invisible intentions', 'public failure') and get the ignorant, simple-minded stuffed shirts to fund another two-to-five years before we have to talk to anyone again and, if the latter, what's the minimum time-frame to ensure the next people we speak to will be new to the role and just as gullible as the last lot were at the start?

      1. Anonymous Coward
        Anonymous Coward

        Re: Disadvantages everyone—except the actual bad guys

        "[...] what's the minimum time-frame to ensure the next people we speak to will be new to the role and just as gullible as the last lot were at the start?"

        On the current Westminster trend - only a matter of weeks.

        1. GIRZiM

          Re: Disadvantages everyone—except the actual bad guys

          > On the current Westminster trend - only a matter of weeks.

          Really?

          I wish I still had faith in the human race the way you do.

          Unfortunately, in my (embittered) experience, even a born retarded goldfish that has since acquired both dementia and Alzheimer's has a longer attention span than most people, never mind most of the people we elect to manage things on our behalf.

          Myself, I don't reckon you need longer than it takes to ask them to leave the room, knock on the door and re-enter the room - long before they get back into the room they've not only forgotten that they were just in there but can't even remember why they're knocking on the door (if they even understood that much the first time!)

  23. StuntMisanthrope Bronze badge

    The Perfect Crime.

    It’s over. Done, dusted and sent to Australia. The problem is no human, government or indeed an agency or citizen is without mistake or fault.

    The balance of justice is exactly that, in equilibrium.

    Does the purpose, that leveraging technology against the populace, improve society as a whole or make it worse.

    I’d personally prefer, to terrorise inequality and mental health with education for the many with the cost to a few, than the opposite. #thebuginthedatacentrewiththeterminal

  24. The Central Scrutinizer

    So it is a back door

    If law enforcement gets the right to provide hardware or software that companies have to deploy then it's a bloody back door. What could possibly go wrong?

    Mission creep would inevitability rear its ugly head. The temptation would be far too great. The next step will be to accuse people of using encryption that they must be up to no good.

    Unfortunately most people just don't give a shit, as long as their Facebook feed isn't interrupted.

  25. Herring`

    I don't see the problem

    As a vendor of encryption technology, you can point out to the government that they absolutely can break public key encryption. You can even tell them how to do it. All they need to do is apply sufficient computing resources.

    1. Giovani Tapini

      Re: I don't see the problem

      Potentially true, however they don't want to go to the effort and cost of doing this privately like the Americans, they want business to go through all the cost and complexity of delivering this. Any comms provider will become part of the police state by proxy...

  26. Chairman of the Bored Silver badge

    Anyone see the word "component"....

    ...in the list of compulsory collaborators? What's a component? Obvious switch 'n' router vendors will become part of the state. But are we also talking semiconductor components (clipper chip redux, anyone)?

    What about software components... lets say I write kernel drivers for a video card. Large, complex, hard to audit, can have interesting privileges... whats to say under this legislation a software developer doing something like Linux kernel driver or xorg development wouldn't get a tap on the shoulder...?

    1. Wensleydale Cheese Silver badge

      Re: Anyone see the word "component"....

      "lets say I write kernel drivers for a video card."

      ...

      "whats to say under this legislation a software developer doing something like Linux kernel driver or xorg development wouldn't get a tap on the shoulder...?"

      If we are talking screen shots of decrypted messages, then quite likely that video developers could be targeted.

    2. onefang Silver badge

      Re: Anyone see the word "component"....

      What I kept seeing is the word "company", I'm not sure if any of these new laws apply outside of a company supplying goods or services.

      "whats to say under this legislation a software developer doing something like Linux kernel driver or xorg development wouldn't get a tap on the shoulder"

      So perhaps open source developers doing it for free are exempt? Shhh, don't let the gruberment know about this little loophole. I'm hoping the laws don't apply to my European server that doesn't sell anything.

  27. Anonymous Coward
    Anonymous Coward

    As usual with all pronouncements

    What or who is NOT on the list is probably more important.

  28. Steve Graham

    Progressive, democratic Australia

    "Australian senator calls for 'final solution to immigration problem'."

    https://www.theguardian.com/australia-news/2018/aug/14/australian-senator-calls-for-final-solution-to-immigration-problem

    (He's not a member of the governing party, but the accusation is that the current government tolerates, perhaps even courts, such opinions.)

    1. onefang Silver badge

      Re: Progressive, democratic Australia

      'final solution to immigration problem'

      Historically, anything called 'final solution' doesn't end well.

  29. Franco Silver badge

    A mate of mine is off to Australia for a month, so I'd better exchange OTPs with him before he goes lest his pictures of the Great Barrier Reef be interpreted as scouting an attack on it.

    Only making jokes because Australia will most certainly not be the last country to try and get this kind of nonsense in to law.

    1. Anonymous Coward
      Anonymous Coward

      I recommend

      Little red cards with one time codes imprinted, folded in half then sealed in Perspex with a breakpoint. I may have been distracted with old school launch codes there....

      Or perhaps a constantly changing keys e.g. RSA or google token generator style... This avoids accidental re-use of the same keys... Interestingly would also be a separate "component" not directly involved in the encryption process. Who knows, this may even take you out of scope.

      Or simply confuse them by making all your comms in plaintext - they are probably not even looking at plaintext - just agree some codenames for your mates...Mr Pink, Mr Black, Mr Brown etc :)

      1. Anonymous Coward
        Anonymous Coward

        Re: I recommend

        There is also the method where you each have access to a standard edition of a chosen book or books. Each word is described by its position on a page in the selected book. In that way even the same word can have a different descriptor each time it is used.

        You never use pages near the end of the book - as that limit could indicate a selection criterion in code breaking.

        Not quick to encode and decode - but impossible? to break by interception.

  30. Anonymous Coward
    Anonymous Coward

    When they say you have nothing to hide...

    ...ask them for their banking passwords

  31. Stevie Silver badge

    Bah!

    I can see this educating the masses on the use of burner phones, as used by serious terrorists for, well, since burner phones.

    At least, if OBL's son can be believed.

    1. Herring`

      Re: Bah!

      I would've thought that some in the security services see this sort of action as a problem. Take the pr0n age checking in the UK - before that, hardly anyone knew what a VPN was. In a bid to satisfy the Daily Mail brigade, the UK government have just made the security services' haystack a shedload bigger.

  32. Anonymous Coward
    Anonymous Coward

    Oh, look, it's 9 months until the election and they're already talking about bending the laws of mathematics.

    Good to know the colonies haven't lost the art.

    1. Anonymous Coward
      Anonymous Coward

      they're already talking about bending the laws of mathematics.

      -------------------------------------------------------------------------------------------------------

      No, they are not.

      Their scheme involves the 'legal' version of rubber hose cryptanalysis. No math needed.

      1. Mycho Silver badge

        Still I just checked with an aussie compatriot and yes, they did just pass a key point in the process of calling an election just a few days ago.

        This is pre-election bluster. As usual.

  33. JohnFen Silver badge

    To their credit

    They've found a solution that gives them everything they desire while still being able to claim that they aren't mandating backdoors.

    It's called "lying".

  34. EnviableOne Bronze badge

    Universal Human rights

    Article 11.

    (1) Everyone charged with a penal offence has the right to be presumed innocent until proved guilty according to law in a public trial at which he has had all the guarantees necessary for his defence.

    (2) No one shall be held guilty of any penal offence on account of any act or omission which did not constitute a penal offence, under national or international law, at the time when it was committed. Nor shall a heavier penalty be imposed than the one that was applicable at the time the penal offence was committed.

    Article 12.

    No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.

    1. Anonymous Coward
      Anonymous Coward

      Re: Universal Human rights

      In England - to be arrested without any subsequent charge means that in future you are officially considered less than innocent - even if it was only a police "fishing expedition". You are marked in records that might be retained indefinitely - and the contents made available to other people.

  35. Anonymous Coward
    Anonymous Coward

    In other news...

    Since I am in the USA, if someone in Oz gets a hold of the software that I write, the Oz government will have a hard time getting what they want because of the following reasons:

    1. I am a US citizen. Therefore their laws do not apply to me.

    2. Even if I did try to help them, my software is written in such a way that not even I can break it.

    3. If the suspect hit the panic button, then nobody (not even the suspect) will be able to decrypt it.

    I recently had to go before a Judge about my software. A court order was issued that I decrypt the data for an agency that was dealing with a pedophile. The suspect hit the panic button. Now in my software, once you hit the panic button, the master key is obliterated. And because the password only decrypts the master key, once the master key has been obliterated, there is no way that the files can be decrypted.

    I can see something like this becoming law in the land of the free....

    1. Jack of Shadows Silver badge
      Thumb Up

      Re: In other news...

      Nice design, meets my fail safe criteria. Similarly, I'm waiting for this to become law here in the states. Notice how Australia and New Zealand prominently feature in the next iteration of the Crypto Wars each and every iteration. Their the canary in the coal mine it seems. Or, more likely, subjecting their citizenry to see where the level of heat required to quietly bring the lobster or frog to a boil.

  36. earl grey Silver badge
    Mushroom

    looks like a skunk

    smells like a skunk

    it's only the backdoor of a Mephitis mephitis.

    Don't hold your breath waiting for the stink of this to go away.

  37. Kaltern Silver badge

    What happens if Bob sends Alice an encrypted email, but spoofs it so it looks like it came from Tom - who is oblivious to his intent to blow up Parliament, and wouldn't know the password anyway?

    Let's be honest, it isn't exactly difficult to spoof an email so it looks authentic enough for the police to take action.

  38. steviebuk Silver badge

    Another reason...

    ..not to live in Australia. I think New Zealand is just as bad with the way they handled the Kim Dotcom issue.

  39. The Aussie Paradox
    Boffin

    Simple solution

    I think we are all over thinking it here.... The simple solution is to brand everyone "guilty" of <Insert generic crime here> and if you can prove you are innocent of all charges, you can go free.

    What could go wrong?

  40. gnarlymarley

    NSA going to leak your "not-a-backdoor"

    I am surprised that more folks are not against this based solely on the grounds that the NSA will leak the backdoor to the bad guys. Note that the USA NSA is able to get backdoor stuff in the past from other governments, so no matter which country you belong too, it will be leaked. The question is a matter of time, not "if" but "when".

    If all governments get their way, there goes your bank account's security.

  41. Drew Scriver

    Just a ploy to circumvent the GDPR?

    Unless governments find a way to get copies of the data before people exercise their "right to be forgotten" they are likely to find that the information they are after has been erased.

    Kind of like hackers who delete/alter the log files to erase their tracks.

    Could bills/laws like the one that's being considered in Australia just be a tactic to ensure they get around the GDRP?

  42. Mark Wallace

    So it's clearly a back door, but they're saying it's a front door?

    They've obviously got it upside-down, or something.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019