
Australian parliament passes encryption laws unamended - dhx
https://www.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944
======
anotherhuman0
Somebody over on Reddit [1] went through all the submissions (there was a
consultation period) and summarised and tallied them [2]. Fully 99%+ of
submissions were against the bill. A sad day for democracy indeed. A church in
Tasmania was in favour, because child pornography.

1\.
[https://www.reddit.com/r/australia/comments/a3j466/assistanc...](https://www.reddit.com/r/australia/comments/a3j466/assistance_and_access_bill_2018_just_passed_the/eb75et6/)

2\.
[https://docs.google.com/spreadsheets/d/1dowpZ_Xtr1N_DgkHJN8i...](https://docs.google.com/spreadsheets/d/1dowpZ_Xtr1N_DgkHJN8iinbqRd1peTgQp_fSL0vELDA/edit#gid=0)

~~~
stephen_g
Lots of people reporting that the offices of MPs and senators were inundated
with calls today and over the last few days. Twitter was on fire too. Ignored,
just like the expert testimony before the PJCIS. Who do these fools think they
were representing?

Today I watched my country's democracy die via livestream, with the words
"Labor withdraws all amendments".

~~~
ern
>Who do these fools think they were representing

Voters? I don’t mean to be snarky, but while Tweets, submissions and letters
may inform the content of bills in democracies, but the counts of these are
not numerically representative of much, apart from the feelings of people who
feel strongly about an issue.

That said, these laws sound exceedingly stupid.

~~~
magduf
As Churchill said, the strongest argument against democracy is a five-minute
conversation with the average voter. The voters are getting what they voted
for.

------
_Nat_
Some of the comments so far seem to suggest that this bill would require
software to include backdoors. However, it looks like [the bill's
PDF]([https://parlinfo.aph.gov.au/parlInfo/download/legislation/bi...](https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_first-
reps/toc_pdf/18204b01.pdf;fileType=application%2Fpdf#search=%22legislation/bills/r6195_first-
reps/0000%22)) includes:

> Division 7—Limitations

> 317ZG Designated communications provider must not be required to implement
> or build a systemic weakness or systemic vulnerability etc.

> (1) A technical assistance notice or technical capability notice must not
> have the effect of:

> (a) requiring a designated communications provider to implement or build a
> systemic weakness, or a systemic vulnerability, into a form of electronic
> protection; or (b) preventing a designated communications provider from
> rectifying a systemic weakness, or a systemic vulnerability, in a form of
> electronic protection.

> (2) The reference in paragraph (1)(a) to implement or build a systemic
> weakness, or a systemic vulnerability, into a form of electronic protection
> includes a reference to implement or build a new decryption capability in
> relation to a form of electronic protection.

> (3) The reference in paragraph (1)(a) to implement or build a systemic
> weakness, or a systemic vulnerability, into a form of electronic protection
> includes a reference to one or more actions that would render systemic
> methods of authentication or encryption less effective.

These limitations would seem to imply that the bill can't require a "systemic
weakness", either by introducing a new one or prohibiting the patching of an
existing one, which would seem to suggest that end-to-end crypto wouldn't be
affected.

Is this a correct reading? Or are there concerns that the government might,
say, require end-to-end crypto to be vulnerable to a government-held golden
key?

\---

Edit: Part of the text,

> to implement or build a new decryption capability in relation to a form of
> electronic protection

, sounds like it's prohibiting golden-key-based schemes.

~~~
brokenmachine
They were going to supply a definition of "systemic weakness", but I can't
find one in the bill itself.

I'm patiently waiting for their proposed method of reading end-to-end
encrypted messages without introducing a systemic weakness.

But the meaning of words don't seem to matter anymore in the reality
distortion field that is the Australian government. This is all supposedly to
somehow make us more secure for Christmas.

~~~
StavrosK
Indeed, the laws of mathematics make this impossible. Count yourself lucky to
be living in a country where the laws of mathematics don't apply.

~~~
brokenmachine
The laws of mathematics are "commendable", but they're nothing compared to
Australian laws hurriedly passed 5 minutes before the Christmas holidays.

History will not remember these people well.

~~~
bigiain
History will most likely remember these people as the completely incompetent
board of director of the fossil fuel industry that presided over the final
execution of the planet's habitable eco system. The fact that they were
politicians or even the Prime Minister for 5 minutes briefly in late 2018
won't even be a footnote...

------
white-flame
This is government-compelled labor, whose product is only of value to
government, and which labors in direct opposition to the personal safety and
well-being of the entire general population.

Australia, you fail at the very notion of free western civilization.

~~~
steve_taylor
It’s also government compelled lying.

------
healsjnr1
This is another thing that adds to my deep sense of shame to live in this
country (sadly, that list is long and growing).

This bill does nothing to prevent the kinds of things it is intended to
prevent. The apps this law targets were engineered specifically to prevent
this kind of interference. The idea that passing legislation will suddenly
change that, magically allowing decryption of messages is beyond idiotic.

The legal and technical barriers to getting anything useful from this
legislation are huge. Not to mention the ease with which this can be bypassed
(run OpenVPN and IRC on an overseas server, done).

The justification for rushing this was so that Australia could be kept 'safe'
over Christmas. It's beyond difficult to describe how ridiculous that is.

Edit: Sorry, I also have to add that in the same sitting of Parliament the
government also filibustered legislation that would have enabled medical
evacuation of refugee children from child detention on Nauru. It's been a bad
day for Human rights in Australia.

~~~
apatters
> This is another thing that adds to my deep sense of shame to live in this
> country (sadly, that list is long and growing).

I don't support this legislation, but I have to ask, which country is doing a
better job on human rights issues than Australia in your opinion? Surely not
China or nearly any country in Asia, Africa, or South America? Surely not the
US? Probably not much of Europe?

~~~
oger
This is a classical‘whataboutism‘ trying to deflect from the real subject by
bringing up another. But keeping in line with that theme: what about detaining
immigrants in Nauru, Christmans Island, Manus Island etc. under doubtful
circumstances with no open access for press and NGOs?

~~~
StavrosK
I didn't read the comment as tu quoque, I read it as "it's a bit shit
everywhere". Even Canada treats native populations badly, I don't know what
things are like in the Scandinavian countries.

Too bad, it's almost 2020 and we still can't get "treat people well" right.
What hope do animals or the environment have?

------
jacques_chester
If you are an Australian software engineer, you have one advantage that other
nationalities do not: the E3 visa. It is a US working visa that is
_specifically reserved for Australians_ and consequently it is much easier to
get than an H1B.

My advice is that the Australian tech industry just got nuked from orbit, so
come work in the USA. The pay is better, the work is more interesting and the
tech companies actually have sway over policy here.

~~~
sn41
I am not sure that migrating will help. If I read the bill right, it implies
that every person providing any service used (or "likely to be used") in
Australia is under legal obligation to insert these backdoors. I don't think
it specifically mentions software developed in Australia.

The bill seems to be a nightmare - it even says that the technical assistance
request can be given orally. What the bloody ....?

To me, it reads like this - if you're a Nigerian developer working in Germany
and refuse to do this for some software (after all, every software is "likely
to be used" in Australia), you are still breaking the Australian law. But you
need not be prosecutable if Germany does not have an extradition agreement
with Australia. If you are an Australian anywhere in the world however, then
refusing this makes you a criminal, probably later a fugitive. This is my
understanding. Can someone confirm?

~~~
zanny
Australia does not have the economy to force such a perverse violation of
privacy on foreign business. If they try it, Google et al will be much better
served pulling a Spain and blocking access in Oz than by complying.

The courts of most nations would laugh out the notion of extraditing their own
citizens to Australia for hosting a website and not giving the AU government a
backdoor to it.

------
acutesoftware
I am an Australian software developer and am currently getting
[https://www.lifepim.com](https://www.lifepim.com) ready for release which,
funnily enough has the main selling point as "Your data is private, secure and
free from adverts" \- what a joke.

The scary part is not knowing how the law is going to be implemented - I am
hopeful that smart people work on the implementation of it in terms of
practicality.

If it is an on request thing "give us the details of terrorist@blah.com" then
that is doable, but if they really want backdoor access to all accounts, then
that is ridiculous amount of work and a lot of security risks to worry about.

Wait and see I guess.

~~~
marcus_holmes
Don't launch in Australia.

Or don't launch in Europe.

GDPR and this legislation are in direct conflict. Pick a market...

~~~
acutesoftware
Can launches can be targeted (legally) to a country? The site is hosted in
London and am already GDPR compliant - wonder if this is means it is not under
Australian laws?

~~~
marcus_holmes
If you're not an Aussie company, and don't have any staff in Australia, then
it's a long reach for them to do something to you.

If you specifically reject all customers attempting to sign up from an Aussie
IP address, or with an Aussie physical address (if you have that), then you're
on pretty firm ground to tell them to piss off if they come knocking.

But, y'know, I'm not a lawyer, and you might be subject to whatever whims any
country cares to hit you with. Get some legal advice before trusting some
random internet comment ;)

~~~
marcus_holmes
I guess the poster child for this is Kim Dotcom. Launched a file sharing
service from New Zealand that didn't break any NZ laws.

USA didn't like it though, and asked NZ to extradite him to face charges in
the USA.

Legal battle still going, I think... but the business is dead.

I doubt Australia has that much clout, but you never know when an extradition
will be the price of some favour to someone...

------
brokenmachine
I have to say, the coverage of this bill on the news has been atrocious.

I've seen zero discussion of the possible ramifications of losing all security
companies in Australia. Any software company that depends on security (and
which one doesn't?) would be insane in the membrane to think they could
credibly work in Australia now.

All they are saying is "the bill was passed to access encrypted communications
of terrorists and criminals".

No discussion of no judicial oversight either.

News orgs are shooting themselves in the foot because there's no possibility
of a journalist protecting their sources anymore with this nightmare.

~~~
ffoxd
Australia doesn’t have much in the way of judicial oversight. The joys of
parliamentary supremacy and a weak constitution.

------
artichokeheart
To anyone with a business from anywhere else in the world. Yes please do,
publicly and loudly, cease to deal with us (Australia) due to the very real
possibility that all of you private and commercially sensitive communications
will be monitored and recorded (Also given the five eyes agreement shared with
other countries.) Australia already have a history of using their spy services
for commercial gain.
[https://en.m.wikipedia.org/wiki/Australia%E2%80%93East_Timor...](https://en.m.wikipedia.org/wiki/Australia%E2%80%93East_Timor_spying_scandal)

~~~
brokenmachine
God this is so true. I am so ashamed of our so-called representatives.

Please, Apple, do what you know is right and disable all iPhones in Australia.
Google, please do the same with Android.

If you have a website, geoblock Australia from it.

Quarantine us from the world. We are sick and will infect you all.

~~~
Tor3
> If you have a website, geoblock Australia from it.

Just did.. won't even respond to icmp. My Tokyo and UK sites.

~~~
brokenmachine
Thanks.

Actually, if it's possible, you could redirect to a page saying the reason you
are blocking, that would be even better.

Seriously the world should quarantine us.

------
bwilli123
Does this mean that if I take my iphone into an Apple Store in Australia for
repair that a Genius could load unknown software (under legal compulsion)
without Apple itself knowing?

~~~
Whitestrake
They have to attempt to keep Apple from learning about it, as I understand it.
I wonder what steps Apple will take to bar this kind of eventuality. If an
employee makes a good faith attempt to comply with this request, which is then
blocked by the overseas manufacturer, can they throw their hands up and say,
"Well, I tried!"? Would this allow them to avoid the $50k fine and 10 years in
jail the Government can hand out for not complying?

------
lwansbrough
Literally zero percent chance I touch any software made in Australia now.

~~~
TheChaplain
Isn't Atlassian Australian? Or did they move?

~~~
askaboutit
They’re Australian but have offices in other countries. I believe they would
move for the right reasons. This seems like a pretty big reason, considering
they’re targeted at enterprise. But move where? UK will have this next,
America does this without any laws at much greater effect and scale.

~~~
mikro2nd
California. I had to agree to some changes to their ToS the other day (for
Bitbucket) in which I agreed to dispute resolution under California law. I
suppose that's a pretty good indication of their thinking. It's not like this
legislation is unexpected or sudden.

~~~
emiliobumachar
Are the U.S. "gag orders" equivalent to this new Australian law?

~~~
cyphar
No, the new law has no judicial review and has a few other things that
wouldn't fly in the US. It's markedly worse (though don't get me wrong, the US
definitely has it pretty bad in this area too).

~~~
girvo
You say that like FISA Courts are actually judicial review and not rubbing
stamps... where you win is that you have a stronger set of rights and case law
about it.

~~~
cyphar
The difference is that there isn't even _fake_ judicial review. And I disagree
that we have a stronger set of rights -- the difference is that the NSA
explicitly ignores your constitutional rights.

All of our rights (other than the right to a jury for certain criminal trials,
freedom of religion, the aquisition of property must be 'on just terms', the
right to be a senator if you can vote, and the right to vote in federal
elections) are in common law. This means that any new law can overturn those
interpretations.

Personally I think Australia needs to push for a constitutional bill of
rights. Unfortunately this is going to be a very hard battle to win, given the
enormous requirements to get a constitutional amendment passed.

------
ENGNR
Doesn't this also effect git repositories maintained by Australians? (I say
this as an Australian who wants secure software)

All it takes is one malicious npm package

~~~
cyphar
As an Australian software developer who has written encryption software in the
past, I'm also very concerned. I'm also doubly concerned that projects will
now reject my patches because of my nationality. What an amazing shitshow of a
government.

~~~
steve_taylor
I’m seriously considering moving from Australia to a country that isn’t part
of the Five Eyes.

~~~
brokenmachine
I'm thinking about moving to NZ. How are they?

~~~
toyg
They are in Five Eyes, were instrumental in Echelon, illegally raided
Dotcom... NZ is a beautiful country, but one of the weakest-willed in
international terms. (Also, by all reports, internet connectivity sucks big
time).

~~~
stephen_g
NZ actually took inspiration from our (Australia's) fibre-based national
broadband network back in 2010 or so (before the current Australian Government
got in and turned it into an absolute farce - instead of a new fibre network
it became an upgrade to the existing old copper network, which is basically a
few years off end-of-life, with the change supposed to save billions but that
somehow managed to cost just as much money in the end).

As a result you can get gigabit fibre in places on their UFB network for a
similar price we pay for 50-100Mbps.

------
brokenmachine
Could an expat Australian dev be compelled to put backdoors in software even
while overseas, under threat of being prosecuted when he returns?

If so, Australians can't even be employed in foreign software companies.

~~~
isostatic
Could any developer put backdoors in under promise of a suitcase of cash?

If your review system fails because your Aussie developer "may be
compromised", it fails because your $good_country developer may also be
compromised.

~~~
cloverich
The difference is the type of person that would do it for cash likely has
other personality traits that make them at least somewhat easier to spot. If
this could compel upstanding, trustworthy individuals to do the same, that's a
bit harder to handle.

------
dbetteridge
Business opportunity for EU devs provide Australian businesses with PR and
code review to ensure their software isn't backdoor'd

~~~
brokenmachine
And if it is, then what?

Good idea though. Maybe some kind of Certification?

~~~
dbetteridge
Well ideally you get in early and catch it in a mandatory PR process, all PR's
pass through EU devs who are the only ones who can merge.

Otherwise yes, security certification process to review existing code and then
maintain as above.

------
dhx
Full text of bill:
[https://www.aph.gov.au/Parliamentary_Business/Bills_Legislat...](https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195)

------
jstanley
> "Do I go home and say well I hope nothing happens and I hope that the
> Government's politics don't backfire on the safety of Australians? I'm not
> prepared to do it," Mr Shorten said.

And yet, that is precisely what has happened here.

------
ACow_Adonis
Is there a (non-alarmist/non-defensive/non-partisan) summary available of what
the bill actually contains and what its practical effects might be?

~~~
cyphar
I'd recommend actually reading the bill to form your own conclusions. The main
problem is that it mostly is a series of amendments, and many of them are
quite unrelated.

Most of the discussion is about the Technical Capability Notice section (which
allows the government to compel a telecommunication provider, under threat of
5 years imprisonment, to create the ability to access communications otherwise
inaccessible) but very few people are talking about the Computer Access
Warrant sections...

 _And_ it's possible for employees to be forced to do this, and you cannot
reveal information about these technical notices to your employer -- in fact
you are given immunity from civil persecution precisely for this reason. So
you now have to sabotage your employer because of an order by the Australian
government. Good luck keeping your job.

~~~
rswail
The best discussion I've found in terms of the legislation is at [1].

The most insidious part to me as a programmer, is the definition of a
"Designated Communications Provider" which (amongst others) includes (S317C,
item 6):

"the person develops, supplies or updates software used, for use, or likely to
be used, in connection with: (a) a listed carriage service; or (b) an
electronic service that has one or more end-users in Australia"

and the "eligible activities" are:

(a) the development by the person of any such software; or (b) the supply by
the person of any such software; or (c) the updating by the person of any such
software"

[1]
[https://parlinfo.aph.gov.au/parlInfo/download/legislation/bi...](https://parlinfo.aph.gov.au/parlInfo/download/legislation/billsdgs/6370016/upload_binary/6370016.pdf;fileType=application/pdf)

~~~
ashildr
So australian software developers have become pretty much toxic now?

------
shakna
It's over. I may as well not be a programmer anymore.

The government has effectively made it possible that anyone and everyone who
develops software or hardware used by anyone in the country, or where they
feel national security comes into play, must compromise their software, and
tell no one.

They can ask any intern to break the software, and not tell their employer.

It's bad enough to have a gaping hole in your security, but now they can ask
people who have no idea what they're doing to create a backdoor.

All Australian software has now been rendered completely untrustworthy, and
when those compromises in security are found, by the nation states who now
know that Australian software will have holes in it, it will result in the
very thing that this bill claims to prevent.

Our infrastructure has been opened up for attack, by any of our neighbours who
have a reason to do so, whilst simultaneously gutting the economy of IT in
Australia. Who wants to buy shitty backdoored Chinese software? It's the same
now for Australia.

Australia's government has now opened the door for widescale cyberterrorism to
have a chance at wreaking destruction.

~~~
stonith
Isn't this pretty much the same as the US and their National Security Letters?
They can compel engineers/companies to do pretty much anything, and the veil
of secrecy is the same.

~~~
tssva
National Security Letters can't compel engineers/companies to do pretty much
anything. National Security Letters can only request non-content information.
A NSL also can't compel the gathering of additional non-content information
beyond that already being gathered.

So a NSL could request the records for who you are sending encrypted messages
to but not the content of the messages and if your messaging provider can't or
doesn't already gather that information they can't be compelled to start
gathering such information.

If a NSL requests information which the recipient believes violates that
guidelines of information which can be requested they can disclose the NSL to
legal counsel and challenge the NSL in court.

------
hestefisk
I live in Australia and this is the dumbest bill I have ever seen in
parliament. Australian politicians have no clue what the fuck they have just
done. Rushed through in less than four days so they can go on holidays.
Bigots.

~~~
rswail
To quote our last PM (well, this week anyway):

"The laws of Australia prevail in Australia, I can assure you of that. The
laws of mathematics are very commendable, but the only law that applies in
Australia is the law of Australia."

~~~
nailer
Oh god. I left Oz in 2008 when Turnbull was a small-l-liberal, pro-business,
pro-tech guy. From what I hear from home he became another deliberately
ignorant Aussie conservative.

~~~
shusson
Ha, you forget how often we change our PMs :p

~~~
nailer
When I left it was just Kevin 07, before all that started.

------
rswail
It's a stupid law passed by stupid politicians. The only thing to do now is to
demand that ALP politicians reverse it in the next sitting of Parliament.

~~~
cyphar
ALP voted for it unanimously. I don't hold out much hope that they'll reverse
course -- we should push for third parties in the next election.

~~~
rswail
They voted for it to cover Bill's ass on the last day of parliament and 2
weeks of Dutton and ScoMo getting dumb people scared about Xmas.

The amendments to this stupid act do gut a lot of the stupidities (not
completely), so the pressure now is to make this (and the Nauru re-settlement)
the _only_ thing that the ALP allows on the first days of parliament next
year.

Write to your MPs, the shadow ministers and the cross bench.

Writing to the LNP politicians is a pointless exercise.

~~~
jsmeaton
Cop a beating over Christmas, who cares? No one is going to remember by
election time anyway. The opposition had an easy win today, and they threw it
back to the gov.

------
k_sze
Can somebody write up a tutorial/guide on how to block all network
communications (incoming or outgoing) with Australian IPs, on all or select
ports, under common OSes (Windows, Linux, Mac, BSD).

~~~
Tor3
Can't write the guide for you, but the raw material can be found here (and
other places): [http://www.ipdeny.com/ipblocks/data/aggregated/au-
aggregated...](http://www.ipdeny.com/ipblocks/data/aggregated/au-
aggregated.zone) That's a list of the (current) IPv4 Australian blocks. Each
value (e.g. 1.0.4.0/22) can be used directly as a parameter for iptables on
Linux, e.g. /sbin/iptables -A INPUT -s 1.0.4.0/22 -j DROP (to really block any
communication - or use REJECT instead) A script to walk through the file works
fine.

~~~
k_sze
Great starting point!

------
aiisahik
As an Australian citizen who has spent many years in the US, I can say that
this law is in line with the main ideology of the Australian government:
extreme parentalism. You run a red light: fine for $450 in the mail. No court
date, no arguments. You exceed the speed limit by 5km/h: $200 fine in the
mail. No arguments. It is brutal but it's hard to deny that it works.
Australia has some of the lowest per capital road deaths in the OECD. The
problem is that the government wants to regulate the internet the say way they
regulate road traffic. You can read up all the idiotic attempts here:
[https://en.wikipedia.org/wiki/Internet_censorship_in_Austral...](https://en.wikipedia.org/wiki/Internet_censorship_in_Australia)
I wonder if this means Australia will have the ability to ban apps like
Telegram from the app store?

~~~
brokenmachine
They are trying to _secretly force tech companies into unpaid labour to
destroy the security of their own products_ in their ham-fisted stupid
attempts however.

This is much worse than the authoritarian way they handle traffic fines.

There is no legal representation, no judicial oversight and no actual
definitions of essential terms in the bill.

Make no mistake, this is a dictatorship.

~~~
brokenmachine
Oops. Actually, it's a totalitarian regime.

------
sn41
Okay - a quick question: how does bitbucket deal with this, since Atlassian is
an Australian company? Am I making an error here?

~~~
boyter
1 billion lost from the company already. I am hoping for them to depart
Australia for good on this.

~~~
netheril96
> 1 billion

Is that metaphorical or actual number? If latter, I am interested in the
source.

~~~
BigJono
Their stock is down 4.3% today and their market cap is around $20B

~~~
Tor3
Thay _may_ be unrelated - most stock markets went down about that much today
(and I'm glaring at my own stocks at the moment - none in Atlassian, they're
down an average of 4.23% as of now)

------
chris_wot
Bill Shorten is an idiot for letting this get through.

~~~
pascalo
He was a push over on metadata retention, why would it have been different
this time? What a joke!

------
mimixco
This is a big deal for people of all countries as the major tech firms will
quickly build-in the required backdoors to stay in compliance -- and they
won't just be there for Australian citizens; they'll be there for all of us.

~~~
mvid
Will they? Is Australia a big enough market to give up global credibility as a
company?

~~~
mimixco
We can only hope not.

------
krautjakob
Ouch.

Since I'm using Fastmail ... can anybody recommend a good alternative? I don't
mind paying for a good and secure E-Mailprovider.

Protonmail looks nice, but it does not seem to offer IMAP (because mails are
end2end encrypted).

~~~
climb_stealth
From what I remember fastmail has always cooperated with law enforcement. It
is not zero-knowledge so they always had access to the user data already.

Their promise has been to not use it for advertising purposes or share it with
third parties. I don't see much changing here, but I would like to know if it
is.

~~~
brongondwana
Yep, we already blogged about this. It's shit legislation, but it is unlikely
to affect our customers at all. Public perception on the other hand, it's
going to hurt that plenty.

Like basically all of Australian tech right now, we're super disappointed in
our politicians and their games. I spoke to a couple of senators' offices
today, and they were sure it would die in amendment hell. Genius.

------
wallace_f
What kicked this off the front page?

Note that the most-upvoted post in the past month, critical of Google, was at
the time mysteriously kicked off the front page as well.

~~~
wolfgang42
I believe HN has a flame war detector that trips when the number of comments
is greater than the number of votes, and pulls the submission off the front
page. (I haven't looked, but this is probably what happened to the Google post
as well.)

Since it's back on the front page now, I'd guess that the HN mods decided that
this was important and un-tripped the detector.

------
jhauris
Can anyone comment on how this affects those of us in other five eyes
countries? Are we now subject to any provisions of this law by proxy?

------
turblety
Obviously this law and ones like it have no place in a modern, free society,
but in regards to the risk with using business apps, it's just the same as
before. You can not trust app's from companies incorporated in the five eyes
[1]. If you are using a product made in any of the five eyes you are already
compromised. By compromised, I mean you can be almost 100% sure that if the
owner's of those countries want your data they will get it, and they will get
it easily too. They do not need warrants, courts or judges to sign of on
anything and haven't done for a long time. To clarify my position on this.
Whether a law like this is actually passed or not, you should assume that
every company incorporated in these countries have been forced to place
backdoors in their systems. I'm not saying that every company has done this.
I'm saying you should assume they have.

1\.
[https://en.wikipedia.org/wiki/Five_Eyes](https://en.wikipedia.org/wiki/Five_Eyes)

------
75dvtwin
Australia -- the 1st world leader of the modern Progressive policies.

2018 -- citizens loose communication privacy protection [0]

2017 -- whistleblowers and dissidents are committed to mental institutions [1]

2016 -- citizens loose financial transaction privacy (the cashless society
with finalized transition by 2020) [2]

1996 -- government confiscated all firearms from the hands of private, law
abiding citizens

Sweden, and Canada are next.

Basically -- step-by-step methodology to run country-sized Mafia operation is
being implemented.

[0] this article

[1] [http://www.blotreport.com/australian-politics/are-the-
though...](http://www.blotreport.com/australian-politics/are-the-thought-
police-coming/)

[2] [https://bitsonline.com/australia-cashless-2020-payments-
netw...](https://bitsonline.com/australia-cashless-2020-payments-network/)

~~~
hnzix
_> government confiscated all firearms_

It's relatively easy to get access to firearms in Australia, including semi-
automatic pistols. [0]

The gun control laws mainly affected semi-automatic rifles and shotguns.

[0] [https://www.huffingtonpost.com.au/2017/10/04/australias-
gun-...](https://www.huffingtonpost.com.au/2017/10/04/australias-gun-laws-
arent-as-tough-as-you-think-and-standards-are-slipping_a_23233112/)

~~~
75dvtwin
thx for the correction. You are right.

I should have said the confiscation (mandatory bayback) started with all semi-
automatics and pump-action in 1996.

WRT pistols, the pistols that are allowed, have less lethal power than bow and
arrow (if the below excerpt is correct).

"....

they can then attend at a licenced firearm dealer and select a handgun which
is suitable for the competition in which they intend to take part. This
firearm may be a single-shot air pistol, a single-shot .22-calibre pistol or a
.22-calibre revolver or self-loading pistol. …"

[https://ssaa.org.au/news-resources/research-
archive/handgun-...](https://ssaa.org.au/news-resources/research-
archive/handgun-ownership-facts-in-australia/)

not sure if this was also the case before '96 and self-defense was already
banned then.

The bolt actions that are allowed, cannot have pistol grip and must not look
'military'.

------
CalRobert
How can someone know whether their software is compromised by this?

~~~
steve_taylor
Officially, they can’t, but you can be absolutely certain that iMessage,
WhatsApp, Signal and Telegram are going to be immediately targeted with TCNs
(technical capability notice), requiring them to bundle Australian government
spyware and requiring that those apps send all conversations to the spyware.

~~~
cyphar
This isn't quite true. The bill allows companies to provide statistics on how
many TARs, TANs, and TCNs they've been served within a 6-month window. The
obvious problem is that nothing stops them from lying or just omitting that
information -- because why would you admit that your software is insecure?

~~~
shakna
Employees of a company may also be served, and required not to tell their
employer. So a company may not know if they are compromised.

~~~
pascalo
I seriously wonder how that would work in practice?

"Hey Joey, will you work on the fizzibizzi feature that does xyz?"

I can't, I have other stuff to do?

"What kind of stuff? This feature is the top priority for the whole team?"

I JUST CAN'T TELL YOU OKAY!!!

~~~
brokenmachine
Also, you can't ask anyone else on the team for help implementing it.

These backdoors are going to be the worst code possible. What kind of crap
quality code do you think a single dev under threat of jail time and the
pressure of not being able to communicate with his co-workers or legal
representation is going to pump out?

~~~
Lio
It'll be handy cover though if you get caught introducing your own backdoor
code.

"Git says you were the person who introduced this backdoor into our banking
platform. We could loose millions though that. Explain yourself now before I
call the cops!"

[whilst tapping nose] "I'm sorry boss I've been told not to discuss that with
anyone..."

"Say no more. I understand perfectly. ;) Carry on and don't tell the others."

------
techsin101
Reminds me of that book

