Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Encryption Australia

Aussie Attorney General's War On Encrypted Web Services 151

Posted by samzenpus
from the no-code-for-you dept.
Bismillah writes "If Attorney-General Brandis gets his way in the process of revising Australia's Telecommunications Interception Act, users and providers of VPNs and other encrypted services will by law be required to decrypt government intercepted data. Because, 'sophisticated criminals and terrorists.' New Zealand already has a similar law, the Telecommunications Interception and Computer Security Act. Apparently, large Internet service providers such as Microsoft and Facebook won't be exempt from the TICSA and must facilitate interception of traffic."
This discussion has been archived. No new comments can be posted.

Aussie Attorney General's War On Encrypted Web Services

Comments Filter:
  • I don't think this will stop any terrorista.
    • Yeah. There are about as many terrorists in Australia as there are snakes in Ireland. PS. Happy St Patrick's Day.
      • You mean Australians have terrorists as pets and in zoos?

        • by gargleblast (683147) on Monday March 17, 2014 @06:51AM (#46504379)

          You know what? We just about do.

          When a Lib/Nat government thinks it has a whiff of a terrorist, it goes crazy apeshit bonkers. The last "terrorist" they caught was Muhamed Haneef [wikipedia.org]. A doctor, born in India. An ordinary, or better than average, guy. His crime? He "recklessly" provided a SIM card to a dimwit second cousin of his, who failed spectacularly at blowing up Glasgow Airport. Haneef was locked up for weeks until a magistrate said "hey police guys, this case is a crock of shit" and the DPP said "Oh my tittyfucking God you're right" and dropped the charges. The government then instantly cancelled his visa and deported him.

          Note that, while Haneef was detained, he was cause celebre in Australia. He was the AFP's prize possession. He may as well have been, as you say, an exhibit in a zoo.

          And that is the closest thing there is to an Australian terrorist.

      • by sg_oneill (159032)

        We had a few arse-backwards white supremacists in the 1980s blow up some chinese resturants and a few things. Somehow doubt those hillbillies are going to be particularly sophisticated about their communication.

    • You know, I know, possibly he knows, but it seems to still work on the dimwits keeping him in office.

  • Gravity (Score:5, Insightful)

    by scsirob (246572) on Monday March 17, 2014 @01:21AM (#46503241)

    The attorney-general can write a law to defy gravity, but putting a signature on such law will not make people fly.

    In other words: madness.

    • by Number42 (3443229)
      Madness? THIS! IS! AUSTRALIA!
    • by gweihir (88907)

      Many in power that come from the legal profession do not realize that "the law" is just a bad crutch and cannot deliver most things it is supposed to deliver. Instead they think they are shaping reality. It is some specific form of serious mental disability. It is also a threat to society.

    • by Mashiki (184564)

      I hereby give you, scientist made with power. [youtube.com] Courtesy of Robot Chicken.

  • How would one claim plausible deniability?

    "Your honor, I was simply transmitting random ASCII to a friend! He replied with random PETSCII!"

    • by dkf (304284)

      How would one claim plausible deniability?

      "Your honor, I was simply transmitting random ASCII to a friend! He replied with random PETSCII!"

      Well, that sort of argument by itself will just get you into deep trouble. (Taking the piss with a court is a good way to get into trouble, and your argument is hardly plausible in the first place.) Steganography might work, but then you've got the problem of distributing the baselines so that the other party can decrypt; sending lots of visually-identical-but-not-bit-identical copies of the same image would usually be a dead giveaway that you're using steganography.

      Or that you use Google+; I keep seeing th

    • by sg_oneill (159032)

      Don't. Just forget the password. They can't prove you haven't. In fact its actually really common for people under duress to forget passwords for real, since memory can get quite impaired by anxiety (Its part of why torture doesnt work. The more people are freaked out, the more the brain reverts to a fight-or-flight baseline with faster reflexes and diminished cognitive skills)

      • by Kjella (173770)

        (Its part of why torture doesnt work. The more people are freaked out, the more the brain reverts to a fight-or-flight baseline with faster reflexes and diminished cognitive skills)

        Spoken like one of the millions that has not cracked under torture throughout history. No, the reason it doesn't work so well is that they don't know if you're just making shit up to avoid being tortured more. And even if you do tell they're likely to torture you some more because they'll assume you're still holding something back, so even if you get some truth it's maybe half-truth or mixed up with lies. If they had a safe and they knew for sure you have the combination and could instantly verify if you to

        • by Wootery (1087023)

          No, the reason it doesn't work so well is that they don't know if you're just making shit up to avoid being tortured more.

          This really makes passwords an 'ideal case' for torture, if there can be such a thing: it can immediately be verified whether you're telling the truth.

          I've read some stories from WWII that makes waterboarding sound very tame

          Spoken like someone who's never been waterboarded.

      • by countach (534280)

        Why bother with that story? Just say you wrote it on a bit of paper, and you can't find it. But hey, if you release me from jail, I can spend the next 50 years searching for it.

  • by grahammm (9083) <graham@gmurray.org.uk> on Monday March 17, 2014 @01:41AM (#46503321)

    So they would ban the use of Perfect Forward Secrecy. Using PFS it is impossible to decrypt the intercepted content even with the Certificate's private key.

    • by Anonymous Coward

      not impossible, infeasible

    • by countach (534280)

      By the sound of the article, they might be too stupid to ban it. Rather they'd write some law that says you have to hand over any keys you have, but inconveniently for them, there would be nothing useful to hand over.

  • Genius (Score:5, Insightful)

    by pitchpipe (708843) on Monday March 17, 2014 @01:42AM (#46503325)
    Yeah! Let's weaken security on networks that most major financial transactions travel over, because we really have no problems with criminals committing fraud over these networks.

    Yes Mr. Contractor, for the new ultra-hardened backdoor with super-duper locks I'd like you to leave the key over there under that rock. No, I'm sure only our RSA, NSA, TLA certified guys will be using it. How would anyone else know it's there?

  • Snowden (Score:4, Insightful)

    by TubeSteak (669689) on Monday March 17, 2014 @01:51AM (#46503361) Journal

    The department argues the obligation on service providers would merely "formalise" existing arrangements.

    This is fallout from the Snowden leaks.
    What was once done in secret is now being brought into the light.
    I guess I was hoping they'd just stop, instead of legalizing the invasive spying programs.

    • Re:Snowden (Score:5, Insightful)

      by TapeCutter (624760) on Monday March 17, 2014 @02:51AM (#46503511) Journal

      This is fallout from the Snowden leaks.

      No, Brandis doesn't need an excuse for this behaviour, he was like this before Snowden was born. His predecessor (and mentor) from the Howard government was Ruddock, Ruddock was the guy who threw out the Magna Carta in order to make a political prisoner out of David Hicks, it was the most shameful act of any Aussie AG I have witnessed in the last 50 odd years. I will be very surprised if Brandis does not sink even lower than Ruddock (assuming that's possible).

      People who thirst for the power that comes with the role of AG should somehow be banned from applying for the job.

    • by AHuxley (892839)
      Australia has had a long like for this legal idea. If you cant catch the person, make sure they help catch themselves later.
      In the past it was known as verballing - after a long "interview" you where happy to sign "your" confession.
      Your lawyer would be up against the trust and charm of the police vs the guilty person who had signed a detailed confession.
      This method worked very well in Australia until video and audio recording during interviews was established after law reforms.
      This is a return to the
  • This is more of a result of the recent hysteria by the Australian Federal Police and Australian Crime Commission over local criminals using Phantom Secure phones to coordinate contract hits allegedly. http://www.abc.net.au/news/201... [abc.net.au] Brandis might have good intentions, but he's about as illiterate as they get in the NLP on such technology matters. These gangs don't rollover. Even rivals will not roll on rivals. This is a naive idea and will fail miserably in practice, if it ever sees the light of day. Gi
    • Who'd have thought you'd ever be happy about a deadlocked legislative, hmm?

    • by AHuxley (892839)
      They hope to get another aspect to rollover - the needed clean people that can move funds around the world who never asked real questions about amounts, origin, destination.
      Will it work? It has been tried in the UK and the justice system leaked before many big cases could gain traction. The top police then spend more time hunting in their own ranks, the press and within the legal system for who leaked. Then the funding runs out or investigations just stop :)
  • Every time a government forces a company to make or create a back door or hand over keys to them, it makes it easier for countries like China to hack the hell out of our companies. Utter stupidity.
    • by mlts (1038732)

      Nail, head, hit. We have enough issues with software that is just poorly programmed, much less stuff that has to back doors put in by law.

      I'm reminded of the Clipper chip. Yes, the LEAF key escrow system would make it easy for LEOs to get access. However, what would happen if the bad guys got ahold of the backdoor [1]? It would be a catastrophe of compromised that would make last year's leaks of information look tiny in comparison.

      [1]: Trust me, if all the eggs are in one basket, the keys are obtainabl

    • In political terms too.

      While I'd still say China is worse, human rights wise, than western countries, asshats like the Australian government are working hard at erasing the difference.

  • The article is rubbish so, with that in mind, here are some excerpts:

    The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions. The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.

    Where issued to a service provider, such notices would formalise existing arrangements....

    When issued to a person other than a service provider, such as the subject of a warrant, the Department’s preliminary view is that a notice would operate in a similar fashion to orders made under section 3LA of the Crimes Act 1914. Section 3LA permits agencies that have seized physical hardware, such as a computer or an external hard drive, under a search warrant to apply for a further warrant requiring a person to ‘provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form.

    ...issuing authorities should be able to authorise an agency to issue ‘intelligibility assistance notices’, requiring a person to provide information or assistance to place previously lawfully accessed communications into an intelligible form, as discussed by the PJCIS at Recommendation 16...

    Recommendation 16
    The Committee recommends that, should the Government decide to develop an offence for failure to assist in decrypting communications, the offence be developed in consultation with the telecommunications industry, the Department of Broadband Communications and the Digital Economy, and the Australian Communications and Media Authority. It is important that any such offence be expressed with sufficient specificity so that telecommunications providers are left with a clear understanding of their obligations. ...
    The Department’s preliminary view is to support recommendation 16 in principle.

    - Comprehensive revision of the Telecommunications (Interception and Access) Act 1979, Submission 26 [aph.gov.au]

    • by SJ2000 (1128057)
      With the rise of deniability [truecrypt.org] features [jetico.com] in data-at-rest encryption products, I'm not sure how this is going to work in the real world. Wouldn't be hard to use these technologies for communications too.
      • Steganography is neither limited to data at rest nor to pictures. As long as you can transmit data that need not have a certain format to be considered "normal", you can transmit data hidden inside other data. If everything fails, transmit a lolcat pic that contains the data you want to transmit as a mail attachment.

        What's harder to hide is source and destination of your traffic, though with a bit of creativity and the use of international providers even that's not completely out of the question.

        Use interna

        • by grahamm (8844)

          Hiding the destination need not be difficult. You just do the electronic equivalent of putting a coded small ad in a newspaper. Everyone can read it, but only the intemded recipient can decode it and there is no indication as to whom the message is intended for.

          • Well, in theory, yes, but it's not very practical. Not only do you and your recepient have to agree on a code, it can also be pretty suspicious if the person trying to eavesdrop on you knows a fair lot about you (e.g. that you'd probably not usually do a birth announcement in a newspaper because you're living alone).

            If that's what you plan to do, in this day and age it's probably less suspicious if you start a Facebook page, recruit a few thousand "friends" via some FB game that rewards you for having a lot

  • by Anonymous Coward

    No more need be siad.

  • What about firm which communicate using VPN ? No entities are in Australia , just maybe a worker or two communicating with a german firm for example.
    • I've been pondering if a VPN could be encrypted using a one-time pad. Obviously the amount of data transfered would be limited by the size of the pad, but with modern storage that might not be such an issue. A remote worker or someone going on a business trip could easily fill up on two hundred gig or so of random data at company headquarters - enough to last them through a couple of weeks of typical usage while they are traveling. So long as no-one can get access to their laptop long enough to copy it off

    • by AHuxley (892839)
      It would depend where and how the VPN is found in the wild.
      10 people using IRC, 5 on VPN, 5 on TOR.
      Police can get someone suggesting the others use VPN based in EU?US?UK to stay a member... i.e. that one firm of a list of VPN providers is the only way to be secure.
      Overtime Australian police can get to any Western VPN firm and get evidence on more people as they use their real details/ip or become comfortable and let more trackable aspects slip.
      A firm which communicates with VPN (any Australian connectio
  • This is pretty stupid, for two reasons: First, there are enough cases where keys exist temporarily and cannot be reconstructed (e.g. all DH-established keys) and second, it allows users to find out what exactly was intercepted, by using a new key for every unit of data.

    That it is also completely unethical and only worthy of a totalitarian regime (where the "sophisticated criminals and terrorists" have taken over the government) is just the icing.

  • Land of the seriously fucked.

    Your wildlife all wants to kill you, your government wants to turn you back into one big penal colony.

    Viva la revolution!

  • God save the Queen and the fascist regime.
    Tony Abbott and his strong arm tactics.
    He uses secrecy for the governments actions
    and is pushing his conservative, fascist agenda.

  • Abbott and his mates can legislate Pi to be 22/7 for all I care though they will have to convince the senate. Anyone who depends on modern technology to conduct business will just move elsewhere just as manufacturing has. The poor bastards like me who are too tied down to consider moving will just work around their stupidity as we always have. Fortunately unless my fellow Australians have gone completely insane he will be out after one term and the Libs can take a broom to the arsehole conservatives who hav

  • New Zealand is going (maybe) to get a new flag (new FLAG, I said, oh what this isnt 4chan, nevermind) well anyway the Enzedders are planning a nice black flag with a silver fern leaf. Like the logo of their football team, the All Blacks. Classy.Very nice.
    I would like to see as new Australian flag which replaces the English cross (the combination of wales england and scotland crosses) (oh there's a thought... what if Scotland _does_ leave the United Kingdom. Does this mean all the ex-commonwealth countries h

  • "One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors." ~ Plato

    • Mod the parent up! This is so true. The same end is also reached by allowing your elected officials to think for you instead of making them your servants.
    • by compro01 (777531)

      This is Australia. Mandatory voting means not participating requires a bit of effort.

  • > "Because, 'sophisticated criminals and terrorists.'"

    When speaking in post-l33tspeak, one wouldn't put a comma between "because" and the unqualified phrase because stupid.

    • The idiocy of this entire thing is that the smarter of the criminals will adapt and overcome. The funny thing is that most of us are in very little danger of foreign terrorist attacks. The real danger is domestic and not terrorism either. The real danger is our political system causing an implosion.
  • These efforts are a call to arms for private citizens to build their own networks far away from the prying eyes of government. The technology is now a commodity. Anyone who wants to do this, has the ability.
    • When I was 19 I was using Gnutella. I had started to work out a peer-to-peer network service that would act as a majorly encrypted world wide web.

      What I had was actually quite robust. I didn't think up a good message distribution scheme. The first one I modeled was a hyperbuck--a nested buckminsterfullerine, fully connected, with each level outward connecting singly to the corresponding node inside; it was N+8 to reach anywhere for N levels, which scaled too linearly. I inverted this--made each node

  • Seems to me that would prevent decryption, just just tunnel over top of the VPN. If the provider would decrypt the data, but it would still be encrypted with your private key.
  • encrypt your message, send it in clear, no one but no one can decrypt it unless you give up the key. Never heard of one time pads? Google it.
  • by PPH (736903)

    What about VPNs hosted outside of Australia? I'm guessing that this is pushback by the Aussie branches of content providers. Too many people are bypassing their local high prices by getting iTunes and Netflix from the USA over VPNs.

    If they think that 'bad guys' are going to rely upon a service's key management for nefarious communication, they are nuts. All the criminals/terrorists are going to use end to end encryption on top of any other transport service.

  • by Anonymous Coward

    The crack smoking is strong in this one.

    Really, you shouldn't take what Georgio says too seriously, after all America passed a law that effectively made VPNs illegal (exact language was it was illegal to obscure the source and destination of a transmission). The result of which was absolutely bugger all. The reason for that being that today, without VPNs, everything would fall apart. Georgio takes it a little differently saying that you have to let us in to your VPN so we can unencrypt your transmission. Th

A meeting is an event at which the minutes are kept and the hours are lost.

Working...