
Australia's anti-encryption laws used to bypass journalist protections: expert - vermilingua
https://www.theguardian.com/australia-news/2019/jul/08/australias-anti-encryption-laws-being-used-to-bypass-journalist-protections-expert-says
======
atoav
These things _should_ be surprising, but they are _not._

And this is true around the globe, independent of evidence politician demand
ever crazier methods (while at the same time usually reducing both the
paychecks and numbers of police officers). I wonder how we, the people, can
protect our democratic systems from these dangers?

~~~
umvi
> I wonder how we, the people, can protect our democratic systems from these
> dangers?

Stop trading freedom for security?

Politicians will always tantalize you by proposing you <limit guns, limit
speech, limit privacy, etc.> for <fewer deaths, fewer suicides, fewer
terrorists, etc.> but if you let it go forever, you'll find all your freedoms
have been traded for safety.

~~~
Bartweiss
I'm always worried about discouraging people with the pessimistic view here,
but it's not actually clear to me that we have a choice in that matter.

Most innocently, because the number of people worried about this remains
relatively low, and regularly gets overwhelmed by other groups. That's how
democracy works, obviously, but it alarms me because privacy is a partially
unrecoverable resource; even if people organize and win, a great deal of
damage may have been done.

More cynically, though, because it feels like many of our democratic systems
_don 't work_ on this problem.

By its own admission, the CIA violated its charter - and in many cases federal
law - numerous times from the 1950s to 1970s. These events were documented
internally in 1973, but no one appears to have faced consequences, and the
"Family Jewels" weren't publicly released until 2007. Also in the 1970s, the
Church Committee concluded that the NSA had conducted illegal surveillance,
failed to shut it down when instructed to do so, and then followed up by lying
to Congress about the entire mess. It _also_ concluded that no one could be
prosecuted for this, essentially because the tracks had been covered too well
to convict any specific individual. The history of other Five Eyes nations in
not substantially more comforting, as a look at e.g. UK practice in Northern
Ireland will testify.

Today, the state of privacy law in the US isn't even known, because much of it
is decided in secret court hearings with no one but the government present.
National Security Letters help ensure that the public can't object to state
surveillance by forcing private citizens to keep it secret, and interfering
with basic access to counsel for the recipients. James Clapper gave testimony
to Congress that was prima facie perjury, for which he faced no consequences.
The list goes on at enormous and alarming length.

I don't know what we do about this. Voting for candidates who oppose war and
surveillance is good, but they generally perform poorly, the ones who do well
often seem to reverse course after election, and the ones who follow through
(like Wyden and Udall) are frequently stonewalled and outright lied to by
intelligence services. It feels alarmingly like we've created a surveillance
system which operates independent of any democratic decisionmaking, and no
longer know how to walk it back.

------
roenxi
The really concerning part is that legislation of this nature often receives
bipartisan support in the Australian parliament. I don't recall if it was this
bill or a different one, but the opposition released a strongly worded
statement saying "we have concerns with this legislation", then voted for it
ASAP. A thinner fig leaf of an excuse I have yet to see in politics.

~~~
Silhouette
This type of bipartisan support seems to be a recurring concern with the more
authoritarian "national security" legislation being passed around the world.
We have the same thing in the UK, where both of the big parties have tended to
support intrusive government surveillance powers. Because of our voting
system, the more liberal but smaller parties that would challenge such
measures tend to be disproportionately under-represented at national level, so
authoritarianism almost always wins.

This leads to claims that most people support such measures, yet not so long
ago we had a huge grass roots campaign against mandatory ID cards (and related
measures like the database behind those cards) that ultimately succeeded in
preventing their introduction, so clearly it's not really as simple as that.
Certainly some reports based on polling that get brought out to demonstrate
that public "support" for these measures have glossed over heavily loaded
questions in the polls themselves. (They're not quite "Terrorism is a really
serious threat and a nuke might kill everyone. Do you support stronger
government powers to prevent bad people doing these bad things and keep your
children safe?" but sometimes they get awfully close.)

This is the reality of the politics of fear in the Western world today.
Personally I'm _slightly_ optimistic that things will turn for the best within
the next few years. We seem to have widespread concern about "fake news" and
unwarranted interference in democratic processes, to the point that now we see
explicit "fact checking" becoming a common practice in media reporting of
political statements and we're seeing big social media platforms trying to
rein in the more questionable propaganda and stop their systems from becoming
little more than a rumour-driven mob on a national or global scale.

Maybe someone will finally notice that the threat from terrorism is actually
pretty small, the threat from excessive government powers is actually pretty
big, and in any case all of these resources might be better spent on other
areas of government like education or healthcare or infrastructure projects
that could make a much bigger difference to a lot more people anyway. We can
hope...

~~~
blackflame7000
Cryptography is unknown to many and many fear the unknown.

~~~
Silhouette
True. It certainly doesn't help that a lot of the elected representatives who
are making these laws evidently lack even a basic understanding of the
technical issues involved, so they are often guided by expert advice from
those who entirely coincidentally are the main beneficiaries of the stronger
powers being created.

------
traderjane
> One part of the law updated the powers law enforcement have in executing a
> warrant. Added into the Crimes Act was the power for agencies to “add, copy,
> delete or alter” data on computers as part of the execution of warrants.

~~~
SuperNinjaCat
When I first read this I interpreted it as possibly having something to do
with enabling offensive cyber operations (maybe?), it just sounded too weird
to be anything else.

One thing I did notice during the ABC raid was how the police ignored general
digital forensic practices and simply created an archive on the target drive
(overwriting any data previously there), dragged and dropped what they wanted
into it, then zipped it up and left (this was according to one ABC employees
twitter feed while they were in the office as it was happening).

~~~
brokenmachine
That struck me as well. How can they ever use that as evidence in a court case
when there is no chain of custody whatsoever?

Who cares I guess, they have the power to modify any data they want anyway.
It's crazy.

~~~
SuperNinjaCat
My first impression was that they had no intention of going to court with the
data they were after, but then again I've not read up on any legal case
studies involving digital forensic evidence handling which are publicly
available in Australia (how would a magistrate even deal with that sort of
evidence if it can legally be modified? I'm not sure any of these new laws
have been tested in court before).

It's nuts that something that used to be seen as solid evidence in court could
now be seen as totally unreliable, and just because someone may present it
saying "trust me because I'm a cop" means absolutely nothing when someone has
a duty to factor the human element into the equation. The guidelines regarding
the handling of digital forensic evidence (and all types of evidence for that
matter) were designed to deal with this. So yeah, I think what I'm trying to
say here is that among the new laws, that one in particular could do much more
harm than good due to being so vague in its wording and scope. From what I've
read about the US court system, this type of evidence would no longer be
permitted in 99.9% of cases, It wouldn't matter if you're the damn pope
presenting it, everyone's human. I actually wish I knew a magistrate in real
life to ask them how they would handle a case involving this law and a drive
handed to them by some prosecution team involving the AFP.

------
SiempreViernes
Reading more, I don't think there is any general lesson to learn about the
impact of the anti-encryption laws on journalistic freedom.

The relationship between the AFP and journalists in Australia seems pretty
adversarial, and this new law has simply been misused _facilitate_ already
occurring egregious behaviour. It does not appear to allow any _novel_
violations of journalistic rights.

~~~
jacques_chester
> _The relationship between the AFP and journalists in Australia seems pretty
> adversarial_

Well, yes. The AFP was, for a long time, an incompetent shambles. The media
reported on the generous vistas of incompetence, bastardry and shambolatry.

Now the AFP is essentially taking its revenge, with gusto.

------
SN76477
Being anti encryption is inviting abuse.

Politicians will not their position on the topic until they are personally
attacked.

When their private conversations, images, friends and families start leaking
they will begin to care.

~~~
torified
But, but, but... the bill specifically says that they're excluded from the
spying! So they're totally immune from that risk! /s

Yes, I'll laugh when their pants inevitably fall down. I wonder what the
reaction will be.

But seriously, I have to wonder what these politicians want the endgame to be.
A police state isn't good for anyone, including them.

I used to think Australia was the best country and think they were trying
their best for Australia's interests, but they are busily removing the good
things about Australia at a really scary rate. I don't want to trade a minor
increase in "safety" for living in a surveillance dystopia, which is 100%
where we're headed.

~~~
SN76477
With freedom comes risk, I live in the USA and I want to be able to walk down
the street without being monitored or tracked.

Along with that I must accept that petty crime is going to happen, because I
am not the only one walking down the street without being monitored.

I think that crime needs to be reevaluated. There needs to be a good financial
analysis of where the time and attention is best spent, they cannot find all
crime all of the time (which feels like the goal)

~~~
torified
Finding all crime is not the goal.

As the KGB saying goes, "Everyone has committed a crime, it's about who we
decide to prosecute".

------
Lanrei
This was from a letter from the Department of Homeland Affairs in regards to
the Assistance and Access Act. Notice that they cite terrorism as
necessitating the Act, but in actuality they just abuse it.

 _" Encryption is a vital security measure for digital data and the Australian
Government is committed to strong protections for personal and commercial
information. It makes the communications and devices of all people more
secure. While encryption is an important aspect of modern communications it is
routinely employed by terrorists, child sex offenders and criminal
organisations to mask illegal conduct. This is an impediment to our agencies’
ability to detect and disrupt serious threats to the public.

Rapid technological change means that valuable sources of evidence and
intelligence are diminishing; 95 per cent of the Australian Security
Intelligence Organisation’s (ASIO) most dangerous counter-terrorism targets
and 90 per cent of communications lawfully intercepted by the Australian
Federal Police (AFP) are encrypted and unreadable. By 2020, it is expected
that all communications among terrorists and organised crime groups will be
encrypted. The Assistance and Access Act was introduced as a direct response
to this challenge. The legislation passed both Houses on 6 December 2018 and
received Royal Assent on 8 December 2018.

The need for a modern and fit-for-purpose legal framework was highlighted by
the fatal terrorist attack in Melbourne in November 2018, and the subsequent
disruption of alleged planning for a mass casualty attack by three
individuals. Encrypted communications commonly facilitate the planning and
execution of such attacks and it is the Government’s duty to ensure that
Australia’s law enforcement and security agencies have the requisite tools to
protect the Australian public.

The Assistance and Access Act balances the needs of investigators with
important limitations and safeguards that protect the privacy of Australians,
maintain the security of digital systems and ensures law enforcement’s powers
are used appropriately. Robust transparency, oversight and independent
scrutiny measures ensure that industry and the public can maintain confidence
in the products and services that allow them to communicate securely online.
The new laws are not about breaking encryption. It is paramount that the
services and devices that Australians rely on remain secure. Through the
provisions of the Assistance and Access Act, Government can partner with
industry to modernise investigations and prosecute criminals that hide in
online spaces while ensuring their assistance does not make the communications
of innocent parties vulnerable. That is why the Assistance and Access Act
clearly prohibits law enforcement from requiring a communications or device
provider to build systemic weaknesses or backdoors into their systems (so
called ‘back doors’). The Assistance and Access Act also states a provider
cannot be prevented from fixing known weaknesses.

Australian agencies are committed to working collaboratively with industry.
The regime sets out how this collaboration will occur and builds greater
partnerships between providers and Australia’s key law enforcement and
security agencies. This is a framework for assistance and does not allow for
unwarranted access to communications content or data. Access to this material
remains subject to an underlying warrant or authorisation and strong
oversight.

The Government undertook an extensive three-stage consultation process to
develop and consult on these measures, engaging with industry and the public
on the entirety of the Act. Significant changes were made in response to
feedback from the technology community and civil society – this consultation
process improved the legislation, and ensures a more robust response to the
challenges posed by a rapidly evolving communications environment."_

~~~
SiempreViernes
On reading more, I don't really see how this particular legislation played a
mayor role in things like the ABC raid?

I doubt this "anti-encryption" legislation is what allows the police to stomp
into a journalist office and take things like cameras as the ABC warrant
allowed.

I mean, clearly a law supposed to help combat terrorism is gravely misapplied
when used to search for a journalists source, but the real problem is that
journalism seems to lack pretty basic protections at all in Australia.

~~~
torified
The entire article is to explain how the new anti-encryption laws augmented
the existing laws, removing the need for a special journalist information
warrant.

So it was exactly these horrible laws that allowed them to stomp through and
do whatever tf they want, including modifying data.

~~~
SiempreViernes
I'm not convinced, historically they appear to get those journalist warrants
easily enough, and those don't appear particularly limited in scope in regards
to what can be seized etc.

This circumvention seems to be mostly added convenience. The only novel bit is
the allowance for modifying data, but I doubt it matters much in practice as
the AFP will likely just take physical devices and at best hand it back wiped.

