
Setback in the outback - markovbot
https://signal.org/blog/setback-in-the-outback/
======
bicubic
I applaud the technical community rallying against the bill like this, but I
fear that technical solutions are ultimately useless for this issue.

If the political climate stays the course, all the technical solutions for
overcoming surveillance will eventually become marginalised and labelled as
terrorist materials. Access will be blocked, anyone in possession may
eventually face jail time.

AU customs is already searching the phones of people entering the country,
it's not hard to imagine they might start denying entry to people with strong
crypto capable apps like Signal.

I think this is a losing battle if it can't be fought at the legislation
level...

~~~
zimablue
There are two levels where ultimately tech wins: 1: end to end cryptography is
easier to make than break When what you're describing happens and it's banned,
there's a level two technical solution: 2: put the software onto your machine
in such a way that it's not possible to know that the software is on the
machine without entering a specific code. Basically an at-rest encrypted
volume, which looks like unwritten blocks. I'm not a crypto guy but that seems
in principle impossible to detect or ban in the long run.

~~~
nradov
That's only possible if application hiding is integrated into the OS. Mobile
device vendors are unlikely to support such a feature.

------
keyle
Yes, like most bills passed in the technology space in Australia, the
politicians have no idea what they're asking for and its implications, and
neither do the ones voting on it.

In application, it may be half-assed anyway. The worst part is that it set
precedent for the world to follow.

~~~
stephen_g
It's true. There were over 15,000 submissions from the public and industry,
most of which weren't published (the few hundred that were were overwhelmingly
negative). In the hearings of the Parliamentary Joint Committee for
Intelligence and Security, there was testimony provided by technical experts,
industry groups, human rights groups, legal experts, and digital rights
groups, all saying that the bill was flawed, needed to be significantly
overhauled, and shouldn't be passed. Apparently the offices of MPs and
senators all over the country were inundated with phone calls, letters and
emails in opposition of the bill too.

Even Labor (opposition, who had the numbers with the cross bench to block the
bill in the Senate) the week before it was passed basically said they wouldn't
support it, and even earlier in the day they rolled over were still saying how
terribly flawed it is.

After it was passed, in email correspondence with the office of my federal MP,
basically all they said was "The intelligence services say they really need
this to keep us safe over Christmas from terrorists and paedophiles." A clear
example of post-truth politics - let's ignore all the experts and instead use
an emotional argument!

The worst bit was that it was patently false. The Secretary-General of
Security at ASIO had actually admitted in a PJCIS hearing two weeks prior
(with the potential to be charged with contempt of the Senate if he was found
to be lying) that they didn't actually have any specific threats that they
needed this for over Christmas! Not to mention that the bill had a 28 day
response window for most of the notices and then implementation would take at
least weeks, so there is no way anything could be put into action for months!
One of the only things they got that they could actually use immediately was a
much harsher penalty for not giving up your phone passcode to police or the
intelligence services if they ask you for it...

I'm not into conspiracy theories, but the BS is so strong and this bill being
passed so anti-democratic that it really makes you wonder if the intelligence
services are pulling strings in the background behind this.

~~~
ageofwant
Labour does not want to give the Libs any reason to point any fingers should
'something' happen open Christmas. That can be the only half-arsed reason for
this farce. The rest are all full-arsed horseshit as everybody, including
Labour, knows.

Facts just don't matter anymore, if they ever did.

One could hope the whole thing gets canned after Labour wins in May.

------
BLKNSLVR
This situation is making me think about a couple of silver linings:

1\. Open Source software is better prepared to deal with this kind of threat.

2\. Self-hosting the encrypted communication platform means that there's no
one but you for the Govt to approach

~~~
giancarlostoro
>2\. Self-hosting the encrypted communication platform means that there's no
one but you for the Govt to approach

Assuming they don't James Bond style break in unnoticed and plant a backdoor
on your soft/hard-ware.

~~~
stephen_g
Which, unfortunately, our secret intelligence services are legally able to do.
Unlike in the US where it would likely be against the 4th amendment, ours are
allowed to hack any computers/network equipment and enter premises to plant
listening devices, alter computer equipment, etc.

The most problematic bit is that they are allowed to do things like alter
timestamps in files if required to conceal their hacking, which could
potentially be destroying exonerating evidence if the target is innocent!

------
aussieguy1234
While the government can't crack Signal or put a backdoor in its official
code, it could force your favorite appstore to send its own backdoored Signal
to your phone as a push update.

Same goes for any apps, people will probably start turning off auto update
now, makes for a much more secure world doesn't it?

~~~
darkengine
I was under the impression that Google Play Store apps were cryptographically
signed by the developer/publisher (not by Google), and the phone would refuse
to update the app if the key behind the signature had changed. Am I wrong on
this?

~~~
ShorsHammer
Wouldn't playstore itself be the the simplest yet most effective target for
these laws rather than Signal?

Signal themselves aren't on f-droid which has far more protections and the apk
download is basically hidden on their site.

Google certainly has no qualms about China, is draconian Australia much of a
stretch?

~~~
eythian
Applications are signed by Signal, so Google can't make fake ones.

------
macintux
Some previous discussions on the passage of the law:

[https://news.ycombinator.com/item?id=18665033](https://news.ycombinator.com/item?id=18665033)

[https://news.ycombinator.com/item?id=18661483](https://news.ycombinator.com/item?id=18661483)

------
bacon_waffle
Kiwis: What should we be doing to make sure that we don't wind up in a similar
situation?

~~~
BigJono
Keep voting left, disassociate yourselves as much as possible, and pretty
please accept my request for citizenship >.>

~~~
steve_taylor
It's not so much a left-right thing as it is libertarian-authoritarian.

~~~
docdeek
This is correct. The nominally center-left party in Australia, the ALP, voted
with the center-right Coalition to get this passed. On the edges of the left
and the right there were voices against this, but the center (where the most
people are) went with backdoors.

~~~
BigJono
As of 2013 there's no way the Coalition can be called "centre-right" by any
definition of the scale I've seen.

------
interfixus
Tangential, but when even avowedly privacy-conscious entities like Signal
cannot see fit to serve a simple web-page without realtime reporting all user
access to assorted third parties (including divisions of the Google and
Microsoft empires), it actually saps my hope more thoroughly than the
unsurprising idiocy an malevolence of some Aussie politicians.

------
i_feel_great
They want backdoors but are afraid of Huawei spying on everything and
everyone.

~~~
chopin
Learn from the best...

