Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Australia Encryption Communications Government Security United States

Australia To Pass Bill Providing Backdoors Into Encrypted Devices, Communications (theregister.co.uk) 168

An anonymous reader quotes a report from The Register: The Australian government has scheduled its "not-a-backdoor" crypto-busting bill to land in parliament in the spring session, and we still don't know what will be in it. The legislation is included in the Department of Prime Minister and Cabinet's schedule of proposed laws to be debated from today (13 August) all the way into December. All we know, however, is what's already on the public record: a speech by Minister for Law Enforcement and Cybersecurity Angus Taylor in June, and the following from the digest of bills for the spring session: "Implement measures to address the impact of encrypted communications and devices on national security and law enforcement investigations. The bill provides a framework for agencies to work with the private sector so that law enforcement can adapt to the increasingly complex online environment. The bill requires both domestic and foreign companies supplying services to Australia to provide greater assistance to agencies."

Apart from the dodgy technological sophistry involved, this belief somewhat contradicts what Angus Taylor said in June (our only contemporary reference to what the government has in mind). "We need access to digital networks and devices, and to the data on them, when there are reasonable grounds to do so," he said (emphasis added). If this accurately reflects the purpose of the legislation, then the Australian government wants access to the networks, not just the devices. It wants a break-in that will work on networks, if law enforcement demands it, and that takes us back to the "government wants a backdoor" problem. And it remains clear that the government's magical thinking remains in place: having no idea how to achieve the impossible, it wants the industry to cover for it under the guise of "greater assistance to agencies."

This discussion has been archived. No new comments can be posted.

Australia To Pass Bill Providing Backdoors Into Encrypted Devices, Communications

Comments Filter:
  • by SysEngineer ( 4726931 ) on Monday August 13, 2018 @06:23PM (#57119288)
    Companies may have to comply, but people can tell the government where to go. There will be scripts that will setup VPNs, crypto social networks, encrypted devices with no backdoor. The analogy of this is drinking, underage people can not go to bars or buy, but they can always find a way around the law. Only if Australia wants to have the same distinction as China will they even come close to preventing crypto.
    • by Anonymous Coward

      There will be scripts that will setup VPNs, crypto social networks, encrypted devices with no backdoor.

      The last one will be illegal, and thus a tiny niche thing, and others don't mater. All they have to do is mandate a way for the device to capture data before it enters your lovely VPN and crypted social networks. You type it, the devices says, "Here you go AU!", and then passes it along to your crypted social network. All the encryption in the world does no good. And yes, that is a horrible horrible idea for the reasons we all know, but that makes no difference to the law.

      That is exactly where the road

      • That will last about a week, until somebody important wants to buy some electronics and finds out they can't, because Australia only has niche devices.

    • Re: (Score:3, Insightful)

      by brunes69 ( 86786 )

      Unless said things are made illegal.

      If unbreakable encryption is illegal then ISPs can tell law enforcement of anyone using it on their networks. They don't need to be able to see whats inside to know you're using it.

      • by gweihir ( 88907 )

        Wrong. The only real way to identify crypto not in line with demented laws is to try and break it.

        • by brunes69 ( 86786 )

          No, you're wrong... because you are confusing how crypto works TODAY with how they COULD legislate it. "Breakable crypto" can be made easily identifiable in the datastream, vs "unbreakable". Its a very trivial thing to mandate actually, if they wanted to.

          • by gweihir ( 88907 )

            Have a look into the research literature before you claim complete nonsense, will you?

      • If unbreakable encryption is illegal then ISPs can tell law enforcement of anyone using it on their networks.

        Only against low hanging fruit making no attempt to mask the fact encrypted communication is taking place.

      • by mark-t ( 151149 )
        One word: steganography. Ideally, such unbreakable encryption won't be distinguishable from innocuous content.
        • by brunes69 ( 86786 )

          Most automated steganography is very easily detectable and/or defeatable by automated tools - even the simple act of compression and decompression of the data can defeat a lot of stenographic techniques. And if you made it open source, as you propose, it would also likely be extremely easy to detect and defeat. Making your plan work would require some kind of revolutionary discovery in steganography that gave it the same mathematical protections encryption.

          • by mark-t ( 151149 )

            One very simple steganographic technique that comes to mind that I do not think would be feasible for computers, or anyone, to detect would be hiding the data in the rightmost few decimal places of each x and y coordinate, each extending some number of digits past the decimal point so that alterations are not visually distinguishable. The hidden data, in turn, can be encrypted using whatever unbreakable encryption is desired. Unless you knew in advance that a particular svg image was using this techniq

            • by brunes69 ( 86786 )

              Its not that simple. You don't need to just create the technique, you also need to create a way that recieving programs can detect that the technique is being used. You also need to have a huge number of techniques to avoid behavioural and anomaly detection algorithms (it is pretty trivial to spot a pair of communicators who do nothing except shuffle SVG images all day, this would set off already-existing behavioural security alarms in any network monitoring package that exists today).

              • by mark-t ( 151149 )
                You don't need to create a way to detect it... the idea is that you have to know a-priori that the information is there in the first place. That would require intercepting a communication that may have very well occurred in person several months prior.

                Obviously, this technique is very low bandwidth, but its as fucking undetectable as shit.

      • by AmiMoJo ( 196126 )

        VPNs and Tor are illegal in China, but also widely used.

        They are not easy to detect either, even with their great firewall and full cooperation of the ISPs. For example, people host the VPNs and Tor proxies in the Microsoft Azure cloud so that the connections are indistinguishable for millions of others to secure web sites, streaming platforms, apps and games.

        • by brunes69 ( 86786 )

          *SIGH*

          Again, the reason this is not easy to detect, *is because other unbreakable encryption is legal, and you can't tell one encryption from another*. You can't look at a stream of HTTPS bytes and know if it is a VPN tunnel or other, non-VPN traffic - its impossible because the encyryption is not breakable.

          IF HOWEVER all encryption HAD to use flagged and breakable algorithms, this would no longer be the case. Any encrypted session that was using an unflagged algorithm would easily be detected during negoti

          • by AmiMoJo ( 196126 )

            But even China isn't crazy enough to even try that. They still use HTTPS for secure web site connections, for example.

            In practice they know they can't really stop it, what they actually want is the ability to throw charges at anyone they catch using it.

            • by brunes69 ( 86786 )

              Well, Australia is talking about doing it. That is exactly what this article is about, making unbreakable encryption illegal.

              RTFA.

    • by mikael ( 484 )

      They only need enough backdoors to view the contents of your screen, listen to the microphone and speaker output. How you stream data to your phone doesn't matter.

      • by mark-t ( 151149 )
        You realize that this means that speaking in a language that they don't know (or have a convenient translator for) would be illegal under this law... since they don't have any backdoor way to know what is being said.
        • You realize that this means that speaking in a language that they don't know (or have a convenient translator for) would be illegal under this law... since they don't have any backdoor way to know what is being said.

          You mean Welsh, right?

          • by mark-t ( 151149 )
            Not specifically, no... I meant any language that they didn't know. This would also make any privately created conlangs [wikipedia.org] illegal too.
            • I was going for a funny but apparently got a woosh.
              • by mark-t ( 151149 )
                Sorry for being dense, I just think that essentially making absolutely any communication that happens to be undecipherable illegal, even if it is otherwise entirely innocuous, to be quite serious. This could easily be the case with artificially constructed languages, where the number of parties that even know of the language's existence, let alone how to translate it, can be extremely tiny, and certainly impossible for any existing automated translation system to decipher
  • by Rick Schumann ( 4662797 ) on Monday August 13, 2018 @06:24PM (#57119294) Journal
    They can pass all the legislation they want, it will NOT change reality. 'Backdooring' encryption of ANY kind RUINS it. Proper encryption CANNOT be broken easily, if it can then it's garbage.
    • Didn't someone tell the AU government that they were asking the impossible with something like "you can't change the laws of physics" to which the Aussies replied "The only law we follow is Australian law"?

    • They can pass all the legislation they want, it will NOT change reality. 'Backdooring' encryption of ANY kind RUINS it. Proper encryption CANNOT be broken easily, if it can then it's garbage.

      the laws don't require or request any such backdoor or breaking of encryption. What they appear to require is companies to provide what information they already have and the ability to force/compel them to comply.

      • The only 'information' they'll get, is "Strong encryption will take YEARS or DECADES to break, can you wait that long?". Of course then they'll just arrest everyone and hold them in contempt, believing that they're lying and actually have Magical Keys that can decrypt anything.
  • by Highdude702 ( 4456913 ) on Monday August 13, 2018 @06:28PM (#57119312)

    Sorry I mean, AAAAAHAHAHAHAHAHAHHAHAHAHAHHAHAHAahahahahahahahhahaAHAHHAHA!!!hah haha heh. Oh fuck they're serious.... AAAAAHAHAHAHAHAHAHAHAHAHAHAH!!!!

  • XYZthing* (Score:5, Insightful)

    by pubwvj ( 1045960 ) on Monday August 13, 2018 @06:39PM (#57119366)

    *This product is not available in Australia.

    • *This product is not officially available in Australia.

      FTFY. We haven't cared about what was available for many years, availability never stopped us.

  • The real situation (Score:5, Insightful)

    by Lurks ( 526137 ) on Monday August 13, 2018 @06:43PM (#57119384) Homepage

    This story says 'Australia to pass bill'. No, the bill is scheduled for debate and the government will hope to pass a bill, but they have a weak majority. It's likely to be contentious, I would not bet on it passing at all.

    Secondly, there's the implication of a encryption backdoor. This is lifted from the TFA which is an opinion piece. So far the only real source is a political speech made by Angus Taylor (minister for law enforcement and cyber security) in June [homeaffairs.gov.au]. The Register (TFA) implies encryption backdoor, despite the minister's own words ("This Government is committed to no 'backdoors' ... We simply don’t need to weaken encryption in order to get what we need.").

    That said, the TFA is right to be concerned because elsewhere Taylor says "We need access to digital networks and devices, and to the data on them", which does imply an attack on encryption. Now, I'm no fan of our current government, or regressive right-wing government in general, but I have to say, the speech demonstrates a fair bit more understanding than previous efforts in Australia, the UK and recently the US, aimed squarely at encryption. There's only one group arguing for golden keys, and that's the spooks. If a government listens to spooks *and* industry, they usually come to understand why it's not practical. Angus comes out and says industry has moved towards encryption, and that's good, that tech giants oppose weakening encryption, and that's not what they government wants to do. He spends more time talking about that, than the clumsily worded line that implies he's lying in all the other bits.

    I find myself in the unlikely position of defending the government in this narrow sense because miscategorising their position makes it harder to present a reasoned opposition when it is needed.

    The Register has, I think, the right of the real goal here. To ensure that end devices are breakable. Of course they dog whistle about phones shipping with 'root kits', but before we all get hysterical... this is what law enforcement already does. When they nab crooks, they break into their phones. I suppose if I was an American I'd be worried because it's pretty clear the US gov will want to systematically break into everyone's phone when they enter the country... but most of the industrialised world isn't there yet. We all worry about law enforcement overreach, we all know breaking or weakening encryption is impractical, regardless of what any one nation state desires (barring nuclear options available to systems like China's GFW).

    There are, however, probably some reasonable cases when you want law enforcement to be able to break into stuff. I don't know where the line is, I guess we'll be worrying about this for decades but it'd be nice if it wasn't categorised as a binary proposition. We get enough of that in politics.

    • Given the stuff Snowden released and a basic understanding of how Intelligence agencies work, you should assume that ALL cellphones come pre-installed with government spyware.
      • by Lurks ( 526137 )

        That's true, but intelligence agencies and law enforcement are entirely different silos. The secret methods of the former aren't available to the latter. Well, until it means there's an exploitable back door which happens to get commercialised and then sold to regular law enforcement. Intelligence services aren't usually staffed by idiots, so they generally keep a lid on things. As Snowden showed, they can be pretty damn effective...

        For me, I'm not worried about what spooks do*. They're not interested in me

    • Took a huge battle. Both Labor and Liberals (conservatives) were for it. But in the end the huge backlash won.

      That said, Labor will agree with any government moves on security. Tough on terror. Labor will have the worst aspects watered down, but will not disagree.

      You see, they have been invited to top secret security briefings in top secret rooms in which top secret people gravely discuss vague threats. Works every time.

      There has been steady increase in the power of security forces at the expense of ou

      • by Lurks ( 526137 )

        Yeah look, you might be right in the end. We've seen it before as you say.

        That said, what we *know* so far is only a speech and that wasn't a speech full of stupid. Sure it was full of dog whistling on crime, because that's what the Coalition does, it is a fear machine. It specifically acknowledges the views of the tech sector, and specifically said they don't intended to backdoor encryption.

        Of course we shall soon see when the bill arrives.

    • >"That said, the TFA is right to be concerned because elsewhere Taylor says "We need access to digital networks and devices, and to the data on them", which does imply an attack on encryption. Now, I'm no fan of our current government, or regressive right-wing government in general, but "

      I don't know about how it is with left/right in Australia, but in the US, it is not a "right-wing" issue. For example, the Patriot Act was passed by both parties and extended by both parties. Obama is quite "left-wing"

    • I don't think they are interested in breaking the encryption. I think they want to know who is talking to whom.

      The content of the messages themselves is less important than the people involved. They already have that data from phone providers and ISPs are required to record what sites / addresses people visit.

      When it comes to a messaging platform that encrypts the content of the message what the govt will be aiming for the participant data.

      An identified person of interest will have their communication net

    • by fedos ( 150319 )

      I find myself in the unlikely position of defending the government in this narrow sense because miscategorising their position makes it harder to present a reasoned opposition when it is needed.

      I don't see how it's a miscategorization to say that the government's postion is exactly what the govenment says it is.

  • That's amazing, I've got the same combination on my luggage!
  • by IonOtter ( 629215 ) on Monday August 13, 2018 @06:54PM (#57119414) Homepage

    Australia: "Please work with us to create this software."

    Company Programmers: "No."

    Australia: "Well then, you won't be able to sell your products here."

    Companies: "Okay. Bye."

    Australia: "Wait..."

  • >"and that takes us back to the "government wants a backdoor" "

    And if there are back doors, they *will* be found and used by everyone. Your government, private industries, malware, other governments, terrorists, everyone. Period.

  • As an American, I think I know who I'm supposed to be afraid of and that justifies government intrusion. It doesn't mean I believe it, but at least it seems plausible -- we've been bombing and killing plenty of people, so really any group fills in.

    How about Australians? I know there have been 1-2 incidents with Muslims, but is it that big a fear thing there? Or is a secret cabal of Chinese? Some kind of panic over a wave of Indonesians? Some kind of organized crime thing?

    It just seems odd that there wo

    • I think you hit a key issue, and a sort of proof of a kind.

      the proof: that countries are power-grabbing on the anti-privacy thing. they love to snoop (people who are attracted to power tend to be that kind of person) and they love to control others. they simply can't stand being told NO, to things.

      its not that they NEED to read our shit. but they feel left out if country A has this power and they don't.

      this is all there is to it. the need to control is so strong, with those sociopaths that they use any

  • There may well be a day when a slimebag(s) finds the backdoor and compromises consumer data. The Australian gov't would then have egg on its face.

    But, lawmakers tend to think short-term, perhaps because constituents mostly only reward them for the short-term. The "tough on crime" angle seems to win votes more often than the side-effects of "tough on crime" lose votes. The second requires the attention span to understand nuance, while the first has a direct guttural feel to voters, along the lines of "burn

  • by Anonymous Coward

    The reason why is that while the gov can mandate being a middle man in encrypted channels between international ISPs as well as data going through international pipes - they can't prevent you from encrypting your data before it reaches the ISP. So we'll just end up adding an additional encryption layer on top of whatever layer they want to be able to inspect.

    Not even going to bother arguing about the fact that if the government is a middleman, there is no doubt that hackers and corrupt officials will be ab

  • It looks to be mostly about getting IPSs to help the government conduct man-in-the-middle attacks rather than backdoors (initially).

    There is better coverage of it at itnews;
    https://www.itnews.com.au/news... [itnews.com.au]

    Three types of notices;
    1. Request for Voluntary assistance
    2. Technical assistance (within their current capability, eg handover known keys)
    3. Technical capability notice (build/provide new capability)

    The third type is obviously most dangerous, especially the following can-of-worms;
    - Substituting,

    • by mark-t ( 151149 )
      MitM attacks only work on wired communications. Not all communication is over wires... radio is immune to MitM attacks unless the MitM can acquire complete control of the broadcasting antenna or receiver.
      • by bug1 ( 96678 )

        - Facilitating or assisting access to whatever law enforcement wants: a facility, device, service and any software used in conjunction with those things

        I assume that would include broadcasting antenna

        • by mark-t ( 151149 )
          So every private person who might have a broadcast antenna has to let the government install a MitM device on it? Interesting.... and not particularly tenable, considering how easy they are to make or jury-rig. Or are you suggesting that they employ 24/7 surveilance of every tall enough structure that might make a viable broadcast point, anywhere, to see if the owners are installing any kind of antenna, even if only temporarily?
    • by bug1 ( 96678 )

      Actually, i think i was overly optimistic.

      "Designated communications provider must not be required to implement or build a systemic weakness or systemic vulnerability etc"

      So the ISP isnt allowed to install a backdoor, but they can be required to conduct a man-in-the-middle attacks which can be used to install backdoors.

  • get it's nasty anti-consumer "tough on crime" bills like this through? In America we use racism to drive an undercurrent of fear, but I didn't think Australia had very much of that. Why would they put up with it? Or is it just relying on rural voters who either don't understand or don't care?
    • by quenda ( 644621 )

      Or is it just relying on rural voters who either don't understand or don't care?

      Australia is one of the most urbanised countries on earth, after Japan. We rely on city voters who either don't understand or don't care.

  • by Anonymous Coward

    The draft bill is now available from the Home Affairs website. https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018 contains seem details and factsheets; the draft bill is here: https://www.homeaffairs.gov.au/consultations/Documents/the-assistance-access-bill-2018.pdf

    Contains some provisions saying that the requests can't require a company to 'weaken' a cryptosystem or not-fix a flaw in the cryptosystem; that's presumably where the "no backdoors" thing comes in.

    Not clear to me

  • "the laws of mathematics come second to the law of the land"

    Australian Prime Minister Malcolm Turnbull [slashdot.org]

  • I'm sure the Chinese will provide you with such devices.

    "See! We have them all backdoored already!"

    Expect a bunch of people to have their lives ruined via this shit though.

    Banking? Compromised.
    Online spending? Compromised.

  • The Australian government has passed a law banning the tides coming into effect on 1st September. A government official has announced that the new law will allow Australias to head to the beach at any time of the day this summer and be assured that there will be enough sand left to lie on.

  • It is time to replace all your leaders. Time to replace your government. All of them.

Ummm, well, OK. The network's the network, the computer's the computer. Sorry for the confusion. -- Sun Microsystems

Working...