
Australia Encrypted Messaging Bill to Pass After Labor Strikes Deal with Govt - TimTheTinker
https://tendaily.com.au/news/politics/a181204ser/encrypted-messaging-bill-to-pass-after-labor-strikes-deal-with-government-20181204
======
sctb
Current discussion:
[https://news.ycombinator.com/item?id=18616303](https://news.ycombinator.com/item?id=18616303).

------
kodablah
Maybe I don't understand all of the issues, but I'm gonna be as
straightforward as I can: if you are a messaging platform doing explicit
business in Australia under these rules, we have to assume you have or are
willing to backdoor your software. It is a reasonable assumption that it will
be hidden and that the backdoor is general enough for use outside of Australia
(even if you don't explicitly deploy/enable it elsewhere, you wrote it, it
exists). Therefore, if you do explicit business under these rules I have to
assume you are compromised or are willing to be compromised.

------
turblety
Obviously this law and ones like it have no place in a modern, free society,
but in regards to the risk with using business apps, it's just the same as
before. You can not trust app's from companies incorporated in the five eyes
[1]. If you are using a product made in any of the five eyes you are already
compromised. By compromised, I mean you can be almost 100% sure that if the
owner's of those countries want your data they will get it, and they will get
it easily too. They do not need warrants, courts or judges to sign of on
anything and haven't done for a long time.

To clarify my position on this. Whether a law like this is actually passed or
not, you should assume that every company incorporated in these countries have
been forced to place backdoors in their systems. I'm not saying that every
company __has __done this. I 'm saying you should __assume __they have.

1\.
[https://en.wikipedia.org/wiki/Five_Eyes](https://en.wikipedia.org/wiki/Five_Eyes)

------
aiisahik
As an Australian citizen who has spent many years in the US, I can say that
this law is in line with the main ideology of the Australian government:
extreme parentalism. You run a red light: fine for $450 in the mail. No court
date, no arguments. You exceed the speed limit by 5km/h: $200 fine in the
mail. No arguments. It is brutal but it's hard to deny that it works.
Australia has some of the lowest per capital road deaths in the OECD. The
problem is that the government wants to regulate the internet the say way they
regulate road traffic. You can read up all the idiotic attempts here:
[https://en.wikipedia.org/wiki/Internet_censorship_in_Austral...](https://en.wikipedia.org/wiki/Internet_censorship_in_Australia).
I wonder if this means Australia will have the ability to ban apps like
Telegram from the app store?

------
gsreenivas
Fastmail users should be on notice with this legislation if they chose this
service for privacy/security purposes.

~~~
kevin_b_er
Indeed. Fastmail is no longer secure by law as it is now illegal to have a
secure service the moment a govt official asks for access.

~~~
ubernostrum
Their statement:

[https://fastmail.blog/2018/09/10/access-and-assistance-
bill/](https://fastmail.blog/2018/09/10/access-and-assistance-bill/)

Which drives home the point a lot of people are forgetting: it was never
secure to begin with, unless you were going to the effort of encrypting all
your own emails client-side before sending, and only communicating with others
who did the same. Fastmail was never an end-to-end encrypted service, so they
_already_ could have been served orders from a government to hand over data,
and if that government had jurisdiction and the orders were properly formed
for that jurisdiction, they would've had to comply.

So as bad as this bill is, it doesn't really change things for Fastmail.

------
shiado
I was trying to figure out what exactly this bill says. I encourage people
look for themselves.

[https://www.aph.gov.au/Parliamentary_Business/Bills_Legislat...](https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195)

It is utterly and completely incomprehensible and it offers little to no
technical definitions of what exactly they want. There is a complete absence
of technical concrete definitions of what they want and the memoranda seem to
be highly conflicted. It reads as if some lawyers watched Mr. Robot and used
it as inspiration for their creative writing paper that was due the next day.

Edit: this appears to signal the true intent of the bill

[https://parlinfo.aph.gov.au/parlInfo/download/legislation/bi...](https://parlinfo.aph.gov.au/parlInfo/download/legislation/billsdgs/6370016/upload_binary/6370016.pdf;fileType=application/pdf)

It all seems to be one giant five eyes power play to make their jobs easier.

------
cjensen
This would be a good opportunity for Apple to draw a line in the sand. They
can afford to lose Australia, so they should just stop selling there. Better
to battle now rather than waiting for a bigger fight.

------
CiPHPerCoder
From the article:

> "This bill is far from perfect and there are likely to be significant
> outstanding issues, but this compromise will deliver security and
> enforcement agencies the powers they say they need over the Christmas
> period, and ensure adequate oversight and safeguards," shadow attorney-
> general Mark Dreyfus said on Tuesday.

... shadow attorney-general? That sounds rather ominous.

~~~
schoen
In parliamentary systems, parties in opposition commonly appoint members of
Parliament as "shadow ministers" who keep track of (and speak on) issues that
the parties in government have ministers handling. They can present the
opposition's official position on these portfolios.

[https://en.wikipedia.org/wiki/Shadow_Cabinet](https://en.wikipedia.org/wiki/Shadow_Cabinet)

~~~
CiPHPerCoder
Ah, good to know!

I thought, from first glance, that the next news headline would be "Shadow
Council Already Owns Your Secrets [And Your Souls]" if this trend continued.

------
rebuilder
What does the law require, exactly? That service providers build in the
ability to let law enforcement start monitoring specific communications? Or
that they build in the ability to decrypt messages already sent, if requested
to do so by law enforcement?

~~~
zmmmmm
Bottom line, they can ask a technology manufacture to do anything (literally
last time I looked the bill had the phrase "do a thing") and they have to do
it. But the specific intent is to have the manufacture deliver targeted
malware to people they want to monitor. A warrant is not required, but a crime
with a jail term of 3 or more years must be involved ("involved" because you
do not have to be a suspect, just useful to the investigation to receive the
malware).

~~~
manicdee
And all that is required from the agency making the claim is their word. This
assertion of justification is untraceable, unverifiable, the tech employee
can’t talk to anyone about it, and there are penalties in a secret court for
refusing to perform as demanded.

------
jwr
So, what happens to Signal in Australia if the bill passes?

~~~
kevin_b_er
Signal would have to find a way to send a special app to you which does not
encrypt or specially encrypts in order to funnel data to AU government. If it
does not, it becomes illegal. Considering signal warns people if the key
changes, it probably means Signal is now illegal as it might be
physically/mathematically impossible to satisfy the law.

Secure communication is now illegal in Australia.

~~~
CiPHPerCoder
Or they'll have the carriers in Australia push an OS update that specifically
exfiltrates your Signal session keys to the government.

Then it won't matter what Signal does or doesn't do, they can still get what
they want.

~~~
JoshTriplett
> Or they'll have the carriers in Australia push an OS update

One of many reasons you should not have your carrier control your OS update
channel.

------
rocqua
Does this law pertain to service providers or users as well.

That is, is using pgp still allowed? How about something signal-like that is
self-hosted / federated?

