
Mozilla may treat Aussie staff as 'insider threats' to code base - anotherevan
https://www.itnews.com.au/news/mozilla-may-treat-aussie-staff-as-insider-threats-to-code-base-519793
======
anotherevan
Related: FastMail loses customers, faces calls to move over anti-encryption
laws

[https://www.itnews.com.au/news/fastmail-loses-customers-
face...](https://www.itnews.com.au/news/fastmail-loses-customers-faces-calls-
to-move-over-anti-encryption-laws-519783)

[https://news.ycombinator.com/item?id=19242698](https://news.ycombinator.com/item?id=19242698)

------
rovyko
>... that individual employees could be targeted by law enforcement to make
secret changes to systems

So with the TOLA act, who is under the Australian government's jurisdiction
and can be compelled to do this? Only those residing in Australia? Any citizen
anywhere in the world? Anyone with assets or interests that could be
leveraged?

What does this mean for Australians seeking employment in other countries?

[https://www.aph.gov.au/Parliamentary_Business/Bills_Legislat...](https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195)

~~~
x0x0
it means if the PR was submitted by an Aussie (or resident) you better make
sure your code review has a non-Aussie on it.

~~~
rovyko
Do you think the presence of a code review practices alone will be enough of a
deterrent against agencies using devs for this purpose?

Even if you pressure someone to make a backdoor and they get caught, you've
just exposed your intentions when it could have been easier to go straight to
the company.

~~~
mikerg87
I don’t think A PR is the only attack vector. I would be suspect of the entire
CI/CD pipeline and any production systems or distribution systems in employed

~~~
MrEldritch
Also, if I were an Aussie and I'd gotten a request like this, I'd feel pretty
incentivized to make the backdoor as blatant and suspicious-looking as
possible. The government ordered you to do it; it did not order you to do a
_good job_.

So "evil PR" would probably be the easiest thing to catch, and it definitely
seems like other compromise vectors are where the real danger is.

~~~
noir_lord

        public function rot13_GbgnyylAbgNOnpxqbbe()
    

Something subtle like that?

Fwiw the UK has near identical legislation and I'm pretty sure the Aussie gov
looked at ours first.

We lead the world in subtly corrupting democracy.

------
opwieurposiu
The NSA has been putting back doors into various tech for decades. The NSA,
and many other covert orgs, cares little for what is legal or illegal.
Australians are minuscule part of the total threat.

~~~
gumby
This matters to those of us who are Aussie citizens and developers.

Also NSA has been doing this surreptitiously while TOLA allows the government
to compel a private citizen to take action.

But yes, we know we're a small country -- not much larger than a 1/2
California. :-/

