back to article Tech sector meekly waves arms in another bid to get Oz to amend its crypto-busting laws

An alliance of Australia's tech and industry advocacy groups hopes, yet again, to have the country's encryption-busting legislation tweaked before the government goes to an election no later than May. Rather than a complete repeal of the Telecommunications (Assistance and Access) Act, the Communications Alliance-led group is …

  1. Michael Hoffmann
    Facepalm

    Straya...

    ... the testing ground for non-GDPR supposedly Western liberal democracies to see how far they can push while still saying "at least we're not Russia or China".

    Even if one day you can't even fit a sheet of toilet paper in the gap.

    I still don't understand what this will achieve even IF they force tech companies to use broken encryption. Anybody with half a brain cell will simply run their own unbroken crypto on top of whatever broken layer sits underneath. Is the end game that in that case they wave iron rods around while glancing meaningfully at my knee caps until I give in and hand them my own keys?

    1. StargateSg7 Bronze badge

      Re: Straya...

      If you want encryption, you will get it and there a DIP ALL Australia can do about! So Piss Off!

      The people will GET ENCRYPTION AS THEY SEE FIT !!! And I will MAKE SURE they get it!

      some anti-Quantum Computing, fully Shor's Algorithm Resistant tech you will get FOR FREE !!!!!

      1. Anonymous Coward
        Anonymous Coward

        @StargateSg7 - crypto software

        Two months ago you were going to "put it up this next week in various places!" : https://forums.theregister.co.uk/forum/all/2018/12/07/australias_crypto_legislation/#c_3674128

        Is it available now?

  2. Anonymous Coward
    Anonymous Coward

    "Is this what you wanted to see?"

    "deniable encryption is equipped with a faking algorithm which allows parties to generate fake keys and randomness that make the ciphertext appear consistent with any plaintext of the parties’ choice."

    https://eprint.iacr.org/2018/1244

    1. cbars

      Re: "Is this what you wanted to see?"

      I have not read the link so apologies for willful ignorance but that just sounds like a one time pad. Otherwise you can't choose your ciphertext, and you certainly can't re-use it, that is fundamental cryptography so it's likely that scheme is broken...

      I remember TrueCrypt had something similar with hidden volumes but it all takes space and is detectable if you're looking for it

      1. Cynic_999 Silver badge

        Re: "Is this what you wanted to see?"

        "

        I remember TrueCrypt had something similar with hidden volumes but it all takes space and is detectable if you're looking for it

        "

        Yes, it takes a little space - but it certainly cannot be detected however hard you look. At most you might find signs that increase *suspicion* that a hidden volume exists, but nothing that can *prove* (even on balance of probability) that it really does exist.

        1. Yet Another Anonymous coward Silver badge

          Re: "Is this what you wanted to see?"

          Except in truecrypt's case you could. The first N bytes of each encrypted volume, hidden or not were a known value encrypted with the chosen algorithm (so it could detect which algorithm was used)

          Of course you could say that it was a pure coincidence that the big block of random number filled "unused" space on your drive happened to begin with the AES encryption of "truecrypt" - but it probably would be enough to get a warrant.

          1. Olivier2553 Silver badge

            Re: "Is this what you wanted to see?"

            If the block of first N bytes is a known value, it is easy to remove it when you don't need the data.

            It was there only for convenience, you could ask the user what is the encryption format used before attempting any decypher.

    2. Michael Wojcik Silver badge

      Re: "Is this what you wanted to see?"

      Deniable encryption has been around for decades - see for example Canetti et al [1997], or Rivest's Chaffing and Winnowing protocol [1998].

  3. Aodhhan Bronze badge

    You have to wonder

    ...if law enforcement's best chance of prosecuting someone is using files which are encrypted, then the case is likely weak to begin with--and/or they are rushing through the investigation.

    If you really need to get at encrypted files, there are ways to get them, but patience is a must along with a good enuf reason--and enuf evidence--to receive a warrant to tap into an individual's cyber communications.

    You have to wonder, just how tech savvy a government is, who keeps launching this fight against encryption.

    Perhaps it's about time Australia's citizens to begin looking at who they are voting in to government--and placing a high value on someone who understands technology beyond typing on Twitter.

    1. cbars

      Re: You have to wonder

      placing a high value on someone who understands anything beyond typing on Twitter

      FTFY

    2. Oengus Silver badge
      Pint

      Re: You have to wonder

      Perhaps it's about time Australia's citizens to begin looking at who they are voting in to government--and placing a high value on someone who understands technology beyond typing on Twitter.

      When you look at the options we get you have a choice between the idiots from one of the two parties that have a chance to form government, who will toe the party line regardless of their individual understanding, and a sprinkling of idiots who have no chance of influencing the outcome but will support whoever will give them the most concessions for their preferred minority view (Yes, I am looking at you Greens). Both of the majors are so under the control of the TLAs that they will give the TLAs whatever they want under the banner of National security, crime fighting or "think of the children".

      The only power we have is to keep changing the idiot in control and that is best done by getting their own party to replace them due to "Poor polling (social media rating)". Mind you, changing the idiot in control doesn't stop the stupid legislation getting enacted.

      Have a beer, it's the Australia Day long weekend coming up so all of the politicians will be out trying to drum up as much patriotic fervour as they can and hope it will carry them through until the election later this year.

  4. Mike 16 Silver badge

    Crocodile clips

    Just had an image from my youth re-surface. One of a particular sort of test clip used on Central Office frames back when things were a lot more electromechanical. They were bent 90 degrees and had a nice (wooden?) handle with a button t open the jaws . So, these clips tended to go walkies quite a bit, and local users of The Devil's Weed tended to have them despite having nothing to do with the local TelCo, other than knowing someone who worked there.

    Anyway, I wonder what other uses a "virtual crocodile clip" could be used for? Drowd maintenance?

  5. Maelstorm Bronze badge

    ISP DNS Black Hole....

    "movie studios can get courts to poison ISPs' DNS records in a regime expanded last year to sweep up Google, and the government's telecommunications data retention scheme happened against tech's objections."

    Poison DNS records? DNS server software is specifically designed to NOT allow that to happen. You would have to manually go in and edit the zone mapping files. For most non-tech people, that will stop them. But for the tech crowd, such as the people who read this site, it is trivial to setup your own DNS server to bypass that. I have my own DNS server that I use to block advertising networks, but that's a topic for a different discussion.

    1. Olivier2553 Silver badge

      Re: ISP DNS Black Hole....

      Unless you use some encrypted DNS, it is easy for your ISP to intercept the DNS request from your own DNS server on the fly and send back the reply they deem appropriate.

  6. ThatOne Silver badge
    WTF?

    Who watches the voyeurs?

    We all know what self-imposed restrictions and controls are worth. Reality has proven it over and over again, all over the world.

    So "fighting for more restrictions" is like applying another layer of lipstick to the pig in question. Don't know about you, but I still wouldn't kiss it.

    1. Olivier2553 Silver badge

      Re: Who watches the voyeurs?

      Controls and restrictions is a political problem. That does not solve the technical question of "providing a method of access to law enforcement with the risk that sooner or later, that method of access is known by just everyone and his dog".

      And that will be even sooner than expected, because once the bad guys know the method exist, they will invest a lot of resources to find it.

  7. Sebastian A

    Are companies/developers/platforms not simply going to say "Sorry, complying with these rules in order to access a market as small as Australia is not worth compromising our ability to do business with 7½ Billion other people. We decline your demands for access and will make our product unavailable in your region."?

    1. Yet Another Anonymous coward Silver badge

      And similarly aren't going to use any Australian components in their systems.

      Unless you want to be the one explaining to the nice gentlemen with the short haircuts and earpieces why the system you just delivered to the US government seems to be full of Aussie spyware

  8. johnrobyclayton

    If anyone is interested in my thoughts on secure communications

    Some thoughts that I have had on anonymity and security.

    https://github.com/johnrobyclayton/SecureCommunicationsInfrastructure/wiki

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019