Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Encryption Australia Security IT

Schneier Slams Australia's Encryption Laws and CyberCon Speaker Bans (zdnet.com) 51

Governments breaking encryption is bad, and "will get worse once breaking encryption means people can die," says one of the world's leading security experts. From a report: "Australia has some pretty draconian laws about forcing tech companies to break security," says cryptographer and computer security professional Bruce Schneier. He's referring to the controversial Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, which came into force in December. "I actually don't like that, because stuff that you do flows downhill to the US. So stop doing that," he told the Australian Cybersecurity Conference, or CyberCon, in Melbourne on Wednesday. Schneier's argument against breaking encrypted communications is simple. "You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have 'We get to spy, you don't.' That's not the way the tech works," he said. "As this tech becomes more critical to life, we simply have to believe, accept, that securing it is more important than leaving it insecure so you can eavesdrop on the bad guys."
This discussion has been archived. No new comments can be posted.

Schneier Slams Australia's Encryption Laws and CyberCon Speaker Bans

Comments Filter:
  • by DontBeAMoran ( 4843879 ) on Wednesday October 09, 2019 @03:18PM (#59289404)

    "You have to make a choice. Either everyone gets to spy, or no one gets to spy. You can't have 'We get to spy, you don't.' That's not the way the tech works."

    It can't be more clear than that, but politicians think that since people can be corrupted, then tech has to be corruptible too.

    They have to understand that once you corrupt security, then there is no more security for anyone.

    • by infolation ( 840436 ) on Wednesday October 09, 2019 @03:40PM (#59289548)

      Either everyone gets to spy, or no one gets to spy.

      Surely this equation doesn't account for the bad guys. Ultimately, no one will be spying on lawbreakers.

      The law, Australian or otherwise, doesn't prevent someone from obtaining Tails, encrypting documents then storing or communicating them freely online via Tor in a way that completely disassociates the encrypted documents from their real identity or equipment.

      So the equation is more like 'everyone gets to spy on everybody except the lawbreakers for whom it's business-as-usual'

      • For the 0.0001% of lawbreakers motivated and competent enough to do that? Sure. That's not the point of these laws. It's for mass surveillance and mass enforcement of drug crimes and simple possession of CP crimes against low level criminals who usually lack the competency to set something like that up, or in the case of low level drugs will absolutely have to be talking to people who lack the competency.

        Slashdot is really bad at overlooking this, because we assume that because non-compromised encryption
      • by lgw ( 121541 )

        Indeed, the purpose of this law was never to go after the bad guys. The purpose of the law is to control ordinary people. Exactly like Australia's gun confiscation.

        Citizens are armed, uncensored, outspoken, and the government fears them. Subjects are disarmed, censored, afraid to speak out, and afraid of their government.

        Which do you want to be?

        • Oh yes, I'm pretty sure the American government is terrified of its citizens /s

          • Oh yes, I'm pretty sure the American government is terrified of its citizens /s

            Your sarcasm is well justified. No fear whatsoever. That's why they disbanded the Secret Service, took down the fencing around Federal buildings, no longer have no-fly zones around DC and why roads, overpasses, and buildings no longer get closed off whenever a VIP rolls through town.

    • by AHuxley ( 892839 )
      NSA and GCHQ did that for decades. So can any 5 eye nation.
      PRISM worked well and without comment by experts and brands.
      The new trick is to make it legal :)
    • The tech is corruptible. There is no such thing as a "government only" backdoor. Just like a politician and any other kind of whore, as soon as technology bends over for someone, it bends over for everyone.

      • by gweihir ( 88907 )

        Actually, whores have standards and will refuse unacceptable customers. Politicians don't.

    • by AmiMoJo ( 196126 )

      Politicians don't know anything other than what the security services tell them. It's the spies who are lying to them who are the problem.

      Not just the Australians, GCHQ does it too, the NSA seems to be doing it, the FBI has done it.

      • by gweihir ( 88907 )

        Indeed. Qui bono. The scum in the secret agencies are just trying to give themselves ultimate power. As they have tried so many times before. But politicians are routinely not only clueless as to how things work, they are clueless as to their responsibilities here and regarding history.

    • by gweihir ( 88907 )

      They have to understand that once you corrupt security, then there is no more security for anyone.

      By now I am deeply convinced that these people are just completely incapable of understanding what a "fact" is and that they do not create technological reality. Hence I think they are completely incapable of understanding this fact. The only sane thing is to vote them out of office as soon as possible.

  • by Empiric ( 675968 ) on Wednesday October 09, 2019 @03:19PM (#59289418)
    ...once breaking encryption means people can die

    Worthy of consideration in trusting governments with "encryption back doors" is that, worldwide, the national government most likely to kill you is your own [wikipedia.org].
    • Then I'm glad to be Canadian. I mean sure, death by maple syrup is horrible, but it does start with the sweetest minutes you ever had in your life.

      • by Empiric ( 675968 )
        For there are five trees for you in Paradise which remain undisturbed summer and winter and whose leaves do not fall. Whoever becomes acquainted with them will not experience death.

        You should be relatively prepared for the sweetest minutes you ever had including your afterlife, then.

        Yes, that was a quite esoteric reference for this context. And it doesn't involve syrup.
      • You would almost need to be in Quebec to die from maple syrup. There isn't that many maple syrup trees outside of Quebec.

        That would make the Canadian flag funny if Quebec ever succeeded in separating from Canada like they twice tried to do.

        https://www.worldatlas.com/art... [worldatlas.com]

      • death by maple syrup is horrible

        Better than being chewed to death by a beaver.

    • The government that has the most impact on a person is by definition the government that has direct jurisdiction over that person. It's simple logic that this is also the government most likely to kill you.

      • by Empiric ( 675968 )

        No, it's actually not "simple" logic.

        Most would have the perception that they are more likely to be killed in a war by a foreign country than by their own country's government. It's in the interest of governments (and educational institutions) to further that perspective, including minimizing information about totalitarian internal mass murder. Thus, we have the general narrative of sympathy with totalitarian China and disdain for democracies.

        I'm not sure your point, but if you're trying to normalize tota

        • No, I'm just saying that I'm not in China (thank $deity) so the chance of their tinpot dictators affecting me is lower than the chance of my government doing so.

  • by SirLanse ( 625210 ) <swwg69&yahoo,com> on Wednesday October 09, 2019 @04:14PM (#59289712)
    It would be great if the FBI had a key that worked on everyone's back door. Then they could get into a building without breaking down the door or letting them know you have a warrant eavesdrop on them. How long before every cop has a copy of the key? How long before ex-cops and convicts have copies of the key? Caller ID spoofing started out that way. Now you have no idea who is calling.
    • How long 'til a crook holds the family of a cop hostage so he lends him the key?

    • by dyfet ( 154716 )

      This is not just a premise, it is a demonstrated fact. Long ago GM international actually created a master key for its trucks and buses, though they did stop doing that this past decade. It's not just that every county cop, but then two bit mobsters and other undesirables eventually got a hold of one, too.

    • by gweihir ( 88907 )

      As even the NSA had its malware stolen, this would probably be in the hands of criminals within months. May also go much faster, it only requires one FBI agent on the take.

  • I mean, unless there is an algorithm.

  • Although I don't actually want this... surely there can be a "we can listen but you can't" based on data forwarding and asymmetric encryption. e.g. the FBI publish rotating public keys (perhaps a. indexing key, b. metadata key and c. content key) and tell all businesses what information they must encrypt and forward and with which keys. Storing, filtering, indexing and access controls are entirely the responsibility of the FBI and hopefully a court order and super safe data handling requirements are enfor
    • The problem is you cannot ensure that these keys don't get into the wrong hands. A key that can decrypt any and all traffic from businesses of a country is something that is wanted by other governments. And I am fairly sure there is more than one that would send someone having those keys a letter along the lines of "Nice kids you have there, shame if anything bad happened to them. Let's talk about something you could do for us..."

      • The problem is you cannot ensure that these keys don't get into the wrong hands. A key that can decrypt any and all traffic from businesses of a country is something that is wanted by other governments. And I am fairly sure there is more than one that would send someone having those keys a letter along the lines of "Nice kids you have there, shame if anything bad happened to them. Let's talk about something you could do for us..."

        You understand the security problem but you miss on the perspective of those making these proposals. They understand all the consequences and failings. They count on them. They help provide cover for their own actions. They very much are "the wrong hands". They won't have to worry about threats and blackmail from criminals or spies desiring access as you describe because the plan from the beginning was and is *to sell access to it* while simultaneously using it to secure their own power and control over the

        • by gweihir ( 88907 )

          Indeed. Remember that in fascism, a lot of very bad things (including mass-murder) may be legal. These people have the same mind-set. They are not in favor of freedoms or of conversations happening in private. They are, in fact, deathly afraid of citizens that may communicate and organize in private, because they know that are wearing no clothes and that all their grand promises are hot air.

    • by gweihir ( 88907 )

      Actual experts have pondered this question for decades and have found that nothing can be done to really secure such backdoors. Also keep in mind that, for example, the NSA has had its malware stolen (to pretty bad effects) and the like. Unless only the sender and receiver has access, security must be regarded as generally broken, nothing else makes sense in the real world.

  • Hence they believe they need to be able to look at everything and control everything. These people are the real problem and they do far, far more damage than "terrorists" ever could.

If you have a procedure with 10 parameters, you probably missed some.

Working...