Schneier Slams Australia's Encryption Laws and CyberCon Speaker Bans

Governments breaking encryption is bad, and "will get worse once breaking encryption means people can die," says one of the world's leading security experts. From a report: "Australia has some pretty draconian laws about forcing tech companies to break security," says cryptographer and computer security professional Bruce Schneier. He's referring to the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, which came into force in December. "I actually don't like that, because stuff that you do flows downhill to the US. So stop doing that," he told the Australian Cybersecurity Conference, or CyberCon, in Melbourne on Wednesday. Schneier's argument against breaking encrypted communications is simple. "You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have 'We get to spy, you don't.' That's not the way the tech works," he said. "As this tech becomes more critical to life, we simply have to believe, accept, that securing it is more important than leaving it insecure so you can eavesdrop on the bad guys."

Still not clear enough for politicians

[DontBeAMoran]

"You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have 'We get to spy, you don't.' That's not the way the tech works."

It can't be more clear than that, but politicians think that since people can be corrupted, then tech has to be corruptible too.

They have to understand that once you corrupt security, then there is no more security for anyone.

Re:Still not clear enough for politicians

[infolation]

Either everyone gets to spy, or no one gets to spy.

Surely this equation doesn't account for the bad guys. Ultimately, no one will be spying on lawbreakers.

The law, Australian or otherwise, doesn't prevent someone from obtaining Tails, encrypting documents then storing or communicating them freely online via Tor in a way that completely disassociates the encrypted documents from their real identity or equipment.

So the equation is more like 'everyone gets to spy on everybody except the lawbreakers for whom it's business-as-usual'

Re:

[fafalone]

For the 0.0001% of lawbreakers motivated and competent enough to do that? Sure. That's not the point of these laws. It's for mass surveillance and mass enforcement of drug crimes and simple possession of CP crimes against low level criminals who usually lack the competency to set something like that up, or in the case of low level drugs will absolutely have to be talking to people who lack the competency.

Slashdot is really bad at overlooking this, because we assume that because non-compromised encryption

Re:

[lgw]

Indeed, the purpose of this law was never to go after the bad guys. The purpose of the law is to control ordinary people. Exactly like Australia's gun confiscation.

Citizens are armed, uncensored, outspoken, and the government fears them. Subjects are disarmed, censored, afraid to speak out, and afraid of their government.

Which do you want to be?

Re:

[pezezin]

Oh yes, I'm pretty sure the American government is terrified of its citizens /s

Re:

[fuzznutz]

Oh yes, I'm pretty sure the American government is terrified of its citizens /s

Your sarcasm is well justified. No fear whatsoever. That's why they disbanded the Secret Service, took down the fencing around Federal buildings, no longer have no-fly zones around DC and why roads, overpasses, and buildings no longer get closed off whenever a VIP rolls through town.

Re:

[pezezin]

Do you realize that pretty much every country in the world does that, right?

Re:

[AHuxley]

NSA and GCHQ did that for decades. So can any 5 eye nation.
PRISM worked well and without comment by experts and brands.
The new trick is to make it legal :)

Re:

[Opportunist]

The tech is corruptible. There is no such thing as a "government only" backdoor. Just like a politician and any other kind of whore, as soon as technology bends over for someone, it bends over for everyone.

Re:

[gweihir]

Actually, whores have standards and will refuse unacceptable customers. Politicians don't.

Re:

[AmiMoJo]

Politicians don't know anything other than what the security services tell them. It's the spies who are lying to them who are the problem.

Not just the Australians, GCHQ does it too, the NSA seems to be doing it, the FBI has done it.

Re:

[gweihir]

Indeed. Qui bono. The scum in the secret agencies are just trying to give themselves ultimate power. As they have tried so many times before. But politicians are routinely not only clueless as to how things work, they are clueless as to their responsibilities here and regarding history.

Re:

[gweihir]

They have to understand that once you corrupt security, then there is no more security for anyone.

By now I am deeply convinced that these people are just completely incapable of understanding what a "fact" is and that they do not create technological reality. Hence I think they are completely incapable of understanding this fact. The only sane thing is to vote them out of office as soon as possible.

Democide

[Empiric]

...once breaking encryption means people can die

Worthy of consideration in trusting governments with "encryption back doors" is that, worldwide, the national government most likely to kill you is your own [wikipedia.org].

Re:

[DontBeAMoran]

Then I'm glad to be Canadian. I mean sure, death by maple syrup is horrible, but it does start with the sweetest minutes you ever had in your life.

Re:

[Empiric]

For there are five trees for you in Paradise which remain undisturbed summer and winter and whose leaves do not fall. Whoever becomes acquainted with them will not experience death.

You should be relatively prepared for the sweetest minutes you ever had including your afterlife, then.

Yes, that was a quite esoteric reference for this context. And it doesn't involve syrup.

Re:

[That Ordinary Guy]

You would almost need to be in Quebec to die from maple syrup. There isn't that many maple syrup trees outside of Quebec.

That would make the Canadian flag funny if Quebec ever succeeded in separating from Canada like they twice tried to do.

https://www.worldatlas.com/art... [worldatlas.com]

Re:

[RespekMyAthorati]

death by maple syrup is horrible

Better than being chewed to death by a beaver.

Re:

[Opportunist]

The government that has the most impact on a person is by definition the government that has direct jurisdiction over that person. It's simple logic that this is also the government most likely to kill you.

Re:

[Empiric]

No, it's actually not "simple" logic.

Most would have the perception that they are more likely to be killed in a war by a foreign country than by their own country's government. It's in the interest of governments (and educational institutions) to further that perspective, including minimizing information about totalitarian internal mass murder. Thus, we have the general narrative of sympathy with totalitarian China and disdain for democracies.

I'm not sure your point, but if you're trying to normalize tota

Re:

[Opportunist]

No, I'm just saying that I'm not in China (thank $deity) so the chance of their tinpot dictators affecting me is lower than the chance of my government doing so.

Re:GOV LAW ENFORCEMENT REQUIRES FULL ACCESS!!!

[flippy]

Let me ask a question, accepting your premises for the moment.

Do you think that serious criminals, who are already breaking the law, would have any problem using illegal encryption that couldn't be broken by the government, or that some programmer working for such criminals wouldn't create the illegal encryption for them to use?

Re:

[Ryzilynt]

using illegal encryption

What's illegal encryption?

Re:

[Local ID10T]

using illegal encryption

What's illegal encryption?

In the context of the topic being discussed:
Illegal encryption would be encryption that does not include the government mandated backdoors.

Re:

[Opportunist]

This isn't encryption. If you can't read it, it only means that you don't understand it.

And this is just a pretty picture of my car.

And on that hard drive is just random rubbish, I deleted it recently and overwrote it with garbage.

Re:

[Chozabu]

I'd expect so... In that I'd expect the government to tell ISPs to block unbreakable encryption and/or provide the address of the person transmitting.

They'd have to be on some "non-internet" network - even then, wireless can be triangulated, and wired - if the wire is found - can be physically followed

Re:

[sarren1901]

That's an interesting point. They may not know what you have encrypted, but if encrypting anything with illegal encryption is the law, it doesn't matter and you will be caught.

You would have to either some how hide it in plain site or as you said be on a non-Internet network.

Wireless would definitely be the best option since you would clearly provide fraudulent papers to your wireless carrier then it would come down to police directly trying to triangulate where you are. That'd be a good risk to take as a c

Re:

[Namarrgon]

I'd expect the government to tell ISPs to block unbreakable encryption

How's that been working out for them with media piracy? They can't even block all the main torrent sites, let alone the countless other streaming pages, swap forums, p2p apps, usenet channels, irc groups, loaded kodi boxes etc etc. Attempted blocking has had zero impact - the only thing that helped with their piracy problems was the rise of Spotify, Netflix and other cheap & legal streaming services.

It's not possible to "block unbreakable encryption" because it's already available everywhere. You only n

Re:

[flippy]

How exactly would ISPs determine what's "unbreakable encryption"? Any way you look at it, all data (clear, encrypted, whatever) is just bits going by. ISPs having to inspect all packets and aggregate them into individual streams (which they'd have to do since a single packet wouldn't be enough to determine what type of communication is going on) isn't feasable to accomplish with today's technology without slowing the ISPs network to a crawl.

Practice

[DrYak]

Do you think that serious criminals, who are already breaking the law, would have any problem using illegal encryption {...} ?

In theory: yes, well-organised criminal won't give a flying fuck about whether encryption is outlawed, they are already criminals to begin with.

In practice, these type of law aren't though for any extremely well-organised criminal. These laws are written against the stupid small-scale criminals that won't give much thoughs and just whatever is quickly available to them (i.e.: whatever is the default messaging app on their phone).

Without such law, the small petty criminal might *accidentally* be using good e

Re:

[flippy]

I disagree with the statement "These laws are written against the stupid small-scale criminals that won't give much thoughs and just whatever is quickly available to them". If you listen to any argument from lawmakers claiming they need backdoors, they're always talking about terrorists, organized crime, and most recently, mass shooters. While the mass shooters might fall into the category "stupid small-scale criminals", terrorist organizations and organized crime most certainly do not.

Re: Practice

[John.Banister]

But, your objection seems to be predicted on the notion that the actual purpose of the law is the same as the advertised purpose of the law.

Re:

[flippy]

Yes, it is. I have no tolerance for lawmakers who lie to me or attempt to mislead me about why their proposed law is necessary and important.

Re:

[Var1abl3]

NO For the common good and general public..... so vague as to be abused by those with power or those who want power. Look at China in Hong Kong right now. Is that the kind of government you want that is "working for the common good"? How about Venezuela? It that government working for the "general public"? North Korea, where millions are starving and have even shrunk? How about most of the mid-east? You know where women have all sorts of equal rights? In order for your plan to work we would have to someho

Trump's govt or Elizabeth Warren? Biden's?

[raymorris]

*Which* government do you want reading your emails and text messages, the Trump administration? Elizabeth Warren's administration, or maybe Clinton? All of the above?

Whatever powers you give to one administration pass on to the next administration, and the one after that.

If you by chance think J. Edgar Hoover was bad, you should see the guy running the FBI two years from now!

simple example

[SirLanse]

It would be great if the FBI had a key that worked on everyone's back door. Then they could get into a building without breaking down the door or letting them know you have a warrant eavesdrop on them. How long before every cop has a copy of the key? How long before ex-cops and convicts have copies of the key? Caller ID spoofing started out that way. Now you have no idea who is calling.

Re:

[Opportunist]

How long 'til a crook holds the family of a cop hostage so he lends him the key?

Re:

[dyfet]

This is not just a premise, it is a demonstrated fact. Long ago GM international actually created a master key for its trucks and buses, though they did stop doing that this past decade. It's not just that every county cop, but then two bit mobsters and other undesirables eventually got a hold of one, too.

Re:

[gweihir]

As even the NSA had its malware stolen, this would probably be in the hands of criminals within months. May also go much faster, it only requires one FBI agent on the take.

Time for 512-bit key?

[Ryzilynt]

I mean, unless there is an algorithm.

data forwarding rather than encryption backdoor?

[DrMika]

Although I don't actually want this... surely there can be a "we can listen but you can't" based on data forwarding and asymmetric encryption. e.g. the FBI publish rotating public keys (perhaps a. indexing key, b. metadata key and c. content key) and tell all businesses what information they must encrypt and forward and with which keys. Storing, filtering, indexing and access controls are entirely the responsibility of the FBI and hopefully a court order and super safe data handling requirements are enfor

Re:

[Opportunist]

The problem is you cannot ensure that these keys don't get into the wrong hands. A key that can decrypt any and all traffic from businesses of a country is something that is wanted by other governments. And I am fairly sure there is more than one that would send someone having those keys a letter along the lines of "Nice kids you have there, shame if anything bad happened to them. Let's talk about something you could do for us..."

Re:

[BlueStrat]

The problem is you cannot ensure that these keys don't get into the wrong hands. A key that can decrypt any and all traffic from businesses of a country is something that is wanted by other governments. And I am fairly sure there is more than one that would send someone having those keys a letter along the lines of "Nice kids you have there, shame if anything bad happened to them. Let's talk about something you could do for us..."

You understand the security problem but you miss on the perspective of those making these proposals. They understand all the consequences and failings. They count on them. They help provide cover for their own actions. They very much are "the wrong hands". They won't have to worry about threats and blackmail from criminals or spies desiring access as you describe because the plan from the beginning was and is *to sell access to it* while simultaneously using it to secure their own power and control over the

Re:

[gweihir]

Indeed. Remember that in fascism, a lot of very bad things (including mass-murder) may be legal. These people have the same mind-set. They are not in favor of freedoms or of conversations happening in private. They are, in fact, deathly afraid of citizens that may communicate and organize in private, because they know that are wearing no clothes and that all their grand promises are hot air.

Re:

[gweihir]

Actual experts have pondered this question for decades and have found that nothing can be done to really secure such backdoors. Also keep in mind that, for example, the NSA has had its malware stolen (to pretty bad effects) and the like. Unless only the sender and receiver has access, security must be regarded as generally broken, nothing else makes sense in the real world.

The authoritarians are afraid of free people

[gweihir]

Hence they believe they need to be able to look at everything and control everything. These people are the real problem and they do far, far more damage than "terrorists" ever could.