Australian Industry and Tech Groups Unite To Fight Encryption-Busting Bill (zdnet.com) 66
A new encryption bill that's expected to be passed in Australia is facing strong opposition from tech heavyweights. A new group called "Alliance for a Safe and Secure Internet" has been formed by Australian industry, technology, and human rights groups to persuade the country from passing the bill, reports ZDNet. "The membership of the new alliance consists of Australian Communications Consumer Action Network, Access Now, Ai Group, Australian Information Industry Association, Amnesty International Australia, AMTA, Blueprint for Free Speech, members of Communications Alliance sans NBN, DIGI, Digital Rights Watch, Future Wise, Hack for Privacy, Human Rights Law Centre, Internet Australia, IoT Alliance Australia, and Liberty Victoria." The Guardian also notes that Google and Facebook are part of the group. From the report: The Bill is currently before the Parliamentary Joint Committee on Intelligence and Security, with a minuscule three-week window for submissions closing on Friday, October 12 and a hearing set for Friday, October 19. The proposed legislation would allow the nation's police and anti-corruption forces to ask, before forcing, internet companies, telcos, messaging providers, or anyone deemed necessary, to break into whatever content interception agencies want access to.
"This Bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia," said board member of Digital Rights Watch and alliance spokesperson Lizzie O'Shea. "The rushed processes coupled with the lack of transparency can only mean that expert opinions from Australia and abroad are being disregarded, and deep concerns about privacy erosion and lack of judicial review have simply been tossed aside."
"This Bill stands to have a huge impact on millions of Australians, so it is crucial that lawmakers reject this proposal in its present form before we sleepwalk into a digital dystopia," said board member of Digital Rights Watch and alliance spokesperson Lizzie O'Shea. "The rushed processes coupled with the lack of transparency can only mean that expert opinions from Australia and abroad are being disregarded, and deep concerns about privacy erosion and lack of judicial review have simply been tossed aside."
Re: (Score:2)
You people really are blinded by your delusions
Re: Tell them to fuck off (Score:1)
And when it's the EU ordering that, what are you going to do? No, freedom is dead and the ideals of a free and democratic internet are dead. Privacy is dead and freedom of speech is dying. Now hail your masters and komisars and shut up.
Re: (Score:3)
This is an attempt to backdoor all encryption (Score:1)
Similar to how environmentalist use California to force their truthy feel good environmentalism on the world. Australia as a vassal of the five eyes have been told to pass this law to break encryption for the western world.
Brought it on themselves. (Score:1)
Who could've possibly foreseen that deliberately stoking irrational anti-government paranoia and developing technology explicitly designed to prevent governments from executing one of their core functions - all for the sake of selling more phones/apps/ads - would lead to those governments fighting back by regulating this technology? Now we get to see whether tech corporations or elected governments *really* run the world, and neither answer leads to anything good in this case.
All Apple had to do was unlock
Re: (Score:2, Interesting)
Remember when people thought you had to make up some bullshit about "spreading democracy" and "weapons of mass destruction" before you could raise an army to fight for corporate profits? Turns out all you need is a hashtag.
opposition from tech heavyweights? (Score:2)
opposition to this legislation is probably warranted from everyone, but "strong opposition from tech heavyweights", instead of strengthening the case for such opposition, is suspicious and needs explaining, given the joined at the hip relationship between all the main "tech heavyweights" and surveillance apparatus of government of usa.
it is quite possible that what "tech heavyweights" really don't like is the open scrutiny and democratically accountable oversight of surveillance (especially by non usa gove
Re:opposition from tech heavyweights? (Score:5, Insightful)
Re: (Score:2)
Or do you really think it's a good idea to put your banking information out somewhere where pretty much anyone can get at it (to pay their own bills, for instance)?
Re: (Score:1)
This is a very bad bill, but it's hard to see how it affects shopping or bill payment, since the authorities can just demand the unencrypted data from the target website rather than try to decrypt the TLS stream.
This is surely aimed very much at devices where the manufacturer does not possess either keys or unencrypted data.
Re: (Score:1)
The website/service might just be an intermediary between other which does nog have access to the information exchanged between those parties. Or teh website might be hosted in a different country.
Re:opposition from tech heavyweights? (Score:4, Insightful)
Or do you really think it's a good idea to put your banking information out somewhere where pretty much anyone can get at it (to pay their own bills, for instance)?
you are confused.
as the other comment says, governments(which by your own logic is "somewhere where pretty much anyone can get at it ") already have access to payment and banking data (hence the propaganda promoting cashless society btw). this bill is something else.
bill should be opposed for very good reasons, but goodwill and motives of "tech heavyweights" should be doubted. two different things. don't get confused.
From my notes reviewing this bill (Score:4, Informative)
Either that, or the tech heavyweights know perfectly well that if they can bypass someone's encryption, so can the bad guys. Which means no more online purchases, or bill payment, or anything like that.
I think they can see this will collapse the online purchases paradigm. If the govt can get in, black hats can too. Everyone knows this except the general public and government.
The Bill intentionally says "No backdoors" however what it means is that govt wants front door access to be designed into what-ever software and infrastructure is produced which allowed prescribed agencies to trample all existing efforts to secure infrastructure.
TAN's "Technical Assistance Notices" are disruptive under 317MA. If business doesn't drop what they are doing and assist the government before the expiry period, you are assessed as non compliant and exposed to civil liability from the govts activities. Under clause 317G, if you are a coder or a sysadmin and you refuse to help with a "TCN" or Technical Capabilities Notice, you are labeled as "un-cooperative" and exposed to any civil liability arising from the govts activities.
To put the cherry on the cake, under 317R, they tell *you* what is technically feasible on your infrastructure. More so 317T allows govt to install software and infrastructure which business must maintain to remain compliant. 317X govt can vary scope, specification and responsibilities connected with "eligible activities". 317ZF make individuals personally responsible for any unauthorised disclosure and makes it a criminal offense for IT professionals to disclose anything even to their colleagues. Even on you're own infrastructure, it's a diabolical double bind, psychologically.
I could go on, I'm just picking random notes from the exposure draft I have beside me. There just isn't anything good anywhere in this bill if you are in IT. You either spy on your users or they have the option to destroy your entire business. Everything I've pointed to here is in the first 50 pages of a 176 page bill.
I've been analysing these Bills for over 20 years, this is the worst Bill I've ever seen. If you can, please help raise awareness, politely write to your representatives and tell them you object to this incursion to your free speech rights. Consider that this Bill imposes criminal liability for pretty much the entire audience of slashdot if you do not co-operate. Tell your friends, social media - whatever you think is appropriate, just do something. My critique of the Bill is elsewhere in this thread - feel free to copy it and use it.
Have no doubt, this is heading to the UK/US/Canada and NZ. Australia's Attorney General is in international consultations *right now* about implementing this in all five eyes countries.
So this is heading your way.
Re: (Score:3)
In this case it's understandable: If there is a mandatory backdoor in your servers holding your trade secrets, they quickly become public knowledge, making you quite a bit less competitive.
Re:opposition from tech heavyweights? (Score:5, Interesting)
Unlike the politicians, the "tech heavyweights" at least listen to some degree to experts, or they go out of business in the long run. That means they are aware of the utter stupidity of this legislation. Quite a few companies would probably have to stop doing business in Australia to not endanger their global business.
Re: (Score:2)
sorry but state of one's surveillance shouldn't be decided by "tech heavyweights" listening to "experts".
this legislation is bad, and as you say stupid, but trusting profit motivated "tech heavyweights" to secretly make decisions on surveillance, in league with unaccountable bureaucrats of usa, is also stupid.
Re:opposition from tech heavyweights? (Score:5, Insightful)
I agree. I just explain why these companies speak up.
These companies would have zero problems dealing with a surveillance state, a police state or any other authoritarian regime. Just look whether you can find them in China, for example. They are not opposed because of any moral grounds or because they care about individual freedoms. They are opposed because this legislation is so utterly stupid that it ignores technological reality and will cause a massive host of severe problems for their businesses.
Re: (Score:3)
Unlike the politicians, the "tech heavyweights" at least listen to some degree to experts, or they go out of business in the long run. That means they are aware of the utter stupidity of this legislation. Quite a few companies would probably have to stop doing business in Australia to not endanger their global business.
The thing is, Australia's never had a big IT sector. Our politicians are far too short sighted for that, especially when the money from mining was rolling in left right and centre when we should have been investing in tech.
What the politicans really don't get is how unenforcable this is. Australia isn't as powerful as China, we cant simply turn to local industries and say "copy this" and then deny sales to overseas vendors who don't comply, firstly because said industries do not exist, secondly because A
Re: (Score:2)
However this kind of stupidity is what you get when you let the far right take over. The LNP has been trying to oust the remaining centrist for years and has managed to do a good job of it at the expense of the economy, living standards and education.
No surprise. The far-right is utterly disconnected from reality, even more so than the rest of the politicos. The sad thing is that the one thing they can do well is manipulate voters, because they have absolutely no honor and will work on fear and use lies without any restraint.
Good idea, Australia! (Score:5, Insightful)
Less competition in IT is certainly something the rest of the world could well use. Because if you're not allowed to encrypt in your country, the very first thing that will happen is that ANYONE who has remotely any data worth protecting will FLEE your country. Any data storage will happen abroad. And since I probably won't even be allowed to transport data in encrypted format into your country, I will make sure that anything remotely important will NOT touch your soil in any way.
In simple terms, so even politicians can grasp it: Pass this bill and kiss R&D, finance and IT good bye.
Because no backdoor is "government only" for long. At least not YOUR government-only. Such a back door is the holy grail, the gold ticket, the fast pass to industrial espionage. Do you think countries like North Korea would be above kidnapping the loved ones of someone holding that key and blackmail them so they don't get killed? Do you think your backdoor will be secret for long? And do you think anyone who's not completely insane will do any research or data storage in your country anymore?
Re: (Score:3)
Do you think countries like North Korea would be above kidnapping the loved ones of someone holding that key and blackmail them so they don't get killed?
Do you really think anyone would need to go to that much trouble?? This is the Internet we're talking about...
Re: (Score:2)
Where's the trouble? If you have trained goons without conscience at your disposal, this is actually a pretty straight forward and easy solution.
Good idea, US, UK, NZ, Canada, Australia! (Score:2)
In simple terms, so even politicians can grasp it: Pass this bill and kiss R&D, finance and IT good bye.
I asserted those points in my critique of the bill I sent to the government. However you should keep in mind that Australia's Attorney General is currently in negations with all Five Eyes, Echelon, SIGINT [zdnet.com] countries to implement the same laws in those countries.
All these countries ministers were invited to the Gold Coast last month to discuss implementation in their respective countries.
Re: (Score:2)
Great, another industry moving to China...
Now wouldn't this be the pinnacle of irony if industries started fleeing to China to escape industrial espionage?
Re: (Score:2)
Great, another industry moving to China...
Now wouldn't this be the pinnacle of irony if industries started fleeing to China to escape industrial espionage?
Exactly. These laws are the Stasi's wet dream. At best they had the ability to tap 40 phone lines. These laws makes anything communist countries pass look like a joke in comparison. No foreign power would ever have to have operatives stationed overseas ever again, just look it up. There isn't a single piece of infrastructure excluded, from the server to the phone. This is politicians attempting to install themselves as the elite.
Imagine what happens when all of this intelligence is being conducted wi
Re: (Score:3)
Yes, the Soviet Union protected our freedoms.
As long as it existed, our leaders had to pretend they're the good guys...
Re: (Score:2)
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
I've often looked at your sig and though how true that is.
Critique of The Assistance and Access Bill 2018 (Score:5, Informative)
I submitted the following critique of the proposed Bill during the feedback period:
Greetings Honourable Members,
I am a active professional in the Information Technology industry for 30 years, I offer a critique of the The Assistance and Access Bill 2018 herein "this Bill".
The first and most obvious contradiction is that this bill cannot achieve its intended objection of monitoring paedophiles and terrorists because there is nothing to stop these parties from writing their own software. There is nothing extra-ordinary about exchanging media and messages and this is not difficult software to create. This would also apply to organised crime, there is very little from stopping them from developing their own software to exchange messages. Attempting to police this act is effectively a limitation on the innovative engines of our economy that drives business, the creation of software.
So whilst it is clear the Bill is attempting to enable access to communications for law enforcement and intelligence agencies, there is questionable benefit if it is unenforceable or ineffective for its legislative purpose.
The premise for not introducing "backdoors" and vectors for attacking systems is very shallow. Instead it is clear from 317C and 317D that any and all computer infrastructure deployed in Australia will have to have governmental monitoring subsystems installed in them, possibly by multiple government agencies. None of these clauses will stop, capture or decode messages by anyone determined enough to send them.
Consequently, criminal actors will now have a well defined target that they know exists and only has to be found for it to be used, making their task of covertly capturing data on average Australian citizens much easier. Criminals certainly won't be concerned about breaking laws if they already are. For those reasons once the infrastructure this Bill implies is established and deployed it will put the honest person and businesses at a disadvantage when they comply because the governmental monitoring subsystems will be a known target within their infrastructure.
Cyber crime, identity theft and other fraud against Australians are more likely to succeed with the taxation dollars from ordinary Australians used to build the means to defraud them of assets and income. I am very concerned that passing this Bill will lead to increased fraud against the average everyday Australia who is trying to use the internet to do everyday tasks and save time. No one will be spared, the Honourable Members themselves still have to interact in our society and will be exposed at some level.
There are much better ways for achieving law enforcement's objectives than with obtuse and overt access clauses as the main issue with deploying any kind of technology is unexpected side effects. The obvious unexpected side-effect of the government's proposed initiative is how they will be used against those companies who co-operate. If deployed world wide, which I see is something our government is championing, I cannot help but seeing it lead the world to some sort of digital feudalism broken down into virtual fifedoms.
I urge the government and all honourable members not to hand organised crime a weapon against our citizenry as powerful as this one. The intention of these laws is clearly for gathering data, which is exactly the goal of cyber-criminals. Instead the government could seek to protect its citizens by implementing technology laws that protect us from cyber-crime and fraud, in ways that lead to intelligence outcomes. Laws that use encryption technology to reduce opportunities for fraud against Australians as opposed to increasing them.
Thank you for taking the time to read this.
Regards
Re: Critique of The Assistance and Access Bill 201 (Score:1)
Welcome to the blacklist. I hope you won't need to apply for any job in the foreseeable future.
Re: Critique of The Assistance and Access Bill 201 (Score:4, Interesting)
Welcome to the blacklist. I hope you won't need to apply for any job in the foreseeable future.
I've been on the blacklist for my entire career. Govt know's exactly who I am. I have a four page letter from the AG arguing my position and letters from politicians thanking me for raising awareness and bringing the issues to their attention.
If I didn't have a job, I'd be a bigger pain in the ass than I am now. Frankly most of the time advising the government means diverting them from doing something stupid that will cause economic damage to the country. This and prevention of fraud is a completely valid criticism of the Bill, even after all free speech issues have been considered.
Once this bill is passed Mr AC you will cease to exist.
Re: (Score:2)
Sounds like what a paedophile would say in order to protect himself!
Stop projecting. I don't need the benefit of your experience. What you are doing is wrong.
Re: Critique of The Assistance and Access Bill 201 (Score:2)
"When encryption is outlawed, only paedophiles and terrorists will use encryption."
-Adapted from a gun rights advocacy slogan.
And really... if exceptions are carved out for a few limited forms of traffic, like financial transactions in specific channels, the only encrypted traffic would point right at the criminals. Of course, no more playing 'stateless-anonymous' games on the Internet. Very few regular people will have a problem with that.
Re: (Score:2)
Re: (Score:3)
Well you entirely misstated the goal. They don't give a shit about the miniscule percent of criminals smart enough to evade, they care about mass surveillance of the general public.
Which is exactly what they *don't* listen to.
Demonstrate to them, in a respectful way, how it will effect business and economic outcomes and you get their attention. Besides, the bill is 176 pages, I have only so much time.
Re: (Score:1)
Re:I am not seeing the crypto issue (Score:4, Informative)
You don't "persuade [...] from [...]" (Score:1)
destined to fail (Score:1)
they can't even choose the right name for their group...
not
"Alliance for a Safe and Secure Internet"
but it should have been
"Alliance United for a Safe and Secure Internet for Everyone"
Re: (Score:2)
they can't even choose the right name for their group...
not
"Alliance for a Safe and Secure Internet"
but it should have been
"Alliance United for a Safe and Secure Internet for Everyone"
Here is their membership page [digitalrig...tch.org.au] join, bring a motion for them to have a more aussie sounding name.
Re: (Score:2)
Potential teachable moment? (Score:2)
On the other hand, if they're not, then I guess we'll see what the real-world effect is of totally buggering and gutting encryption.
China (Score:3)
Also, the ability of the Chinese government to force nationals to do the bidding of their intelligence agencies was cited as a reason to ban Huawei and ZTE from supplying 5G equipment.
It created a possible legal conflict of interest where a Chinese run company might be required to, but not able to abide by both Chinese and Australian law.
The Australian government are deepening divide of personal and national security. Tech companies caught in the middle.