
Australians who won't unlock their phones could face ten years in jail - luord
https://nakedsecurity.sophos.com/2018/08/16/australians-who-wont-unlock-their-phones-could-face-10-years-in-jail/
======
kodablah
Also concerning is what they are doing towards companies (pardon the tangent):

> It covers [...] device vendors [...] as long as they have "a nexus to
> Australia"

> But what if the suspect stores the keys themselves? In that case, the
> government would pull out the big guns with a second kind of order called a
> technical capability notice. It forces communications providers to build new
> capabilities that would help the government access a target’s information
> where possible.

> What if the communications provider doesn’t want to help? Then they could
> face penalties from the government, or "injunctions or enforceable
> undertakings".

Yeah, right. But the precedent is alarming, because what is happening (and you
see it with other "pro law enforcement" or "pro privacy" legislation too) is
governments are giving themselves broad enforcement powers to ask for things
and then only using it when push really comes to shove. This they-can-but-
they-probably-won't approach towards enforcement is dangerous as it removes
predictability in favor of government subjectivity. What does it mean in
practice? It can mean that while Samsung or Apple would give them the middle
finger resting on their size/leverage, a smaller company can't do that. So the
enforcement agencies proportionalize their punishments to the amount tolerable
without citizen backlash.

Everyone should just remember this tactic when we go around praising laws with
big punishments for big companies just because we happen to like the spirit of
the law. And also remember this when people call us stupid for questioning
subjectivity of statute enforcement or the lack of statute enforcement in
general when new versions of these laws are crafted.

~~~
ShorsHammer
The article mentions both child abusers and terrorists yet the laws will
rarely be used for that. Mandatory metadata retention was also bought in for
the same reasons and has barely appeared as evidence in any subsequent cases,
despite >300,000 warrantless metadata requests last year, overseen by a
handful of public servants behind closed doors, in a country of 25 million
people.

Another very concerning law is about "fixated persons", which was bought in
with big budgets and huge teams of detectives solely dedicated to going after
lone wolf terrorists, so far the only person charged is a former mining
executive who was a respected lawyer and Head of Compliance at one of
Australia's biggest gas companies (One of the largest gas exporters in the
world.)

She turned whistleblower on some corrupt deals and environmental coverups
involving certain fracking leases and the government. After contacting the
Mining Minister about it over the space of a few months, instead of
investigating, the Minister referred her to the police, she was then deemed a
"fixated person", which involved incarceration without charge, being taken to
a mental institution and forcibly injected with anti-psychotic drugs for
months. Eventually a judge decided she could go home. All media coverage of it
is banned in Australia until the trial is finished, which has been postponed
at every hearing for over a year now, time heals all wounds I guess.

It's naive to think that those in power wouldn't abuse such laws. I'm all for
giving police the powers they need and perhaps even more as long as there is
transparent oversight and it's targeted, but the complete opposite is
happening in many places on Earth right now. Monsters flourish in the
darkness.

~~~
remoteorbust
> she was then deemed a "fixated person", which involved incarceration without
> charge, being taken to a mental institution and forcibly injected with anti-
> psychotic drugs for months. Eventually a judge decided she could go home.
> All media coverage of it is banned in Australia until the trial is finished,
> which has been postponed at every hearing for over a year now

Holy shit. Maybe I'll stop complaining about the US plastering the names of
the accused all over if this is the alternative.

~~~
homonculus1
Yep, that's the entire point. It would be horrifying to have your name
broadcast in connection to some heinous crime you didn't commit, but the
alternative to broadcasting that is effectively secret trials. People should
be able to view due process, they just need to withhold judgement until the
facts come out in court.

~~~
techdragon
The problem is that the average passer by, John/Jane Doe, doesn’t on average
care enough about the abstract reasons why they should withhold judgment, they
instead react along the line of “well if they are being investigated they are
probably guilty” which is results in the public typically judging anyone
dragged into the judicial process.

So it’s actually inverted outcomes from what you described, secret is normally
good, (with obvious exceptions, such as the case in point) and public is
normally bad.

~~~
ShorsHammer
Completely agree, most trials should be reported fearlessly after completion
and not have speculation or the court of public opinion loom over the
judge/jury beforehand.

Yet it seems to be abused here in order to protect cozy relationships between
a certain big business and the government. Whistleblowers proven correct
should be held up on a pedestal and highly respected, not thrown to the wolves
with little chance of future employment.

~~~
felix_nagaand
There seems to be a rather simple solution. Trials must occur within four
weeks. Prosecution is not allowed extensions to this so long as the accused is
charged with a crime and in custody or released on conditions. Any charges not
tried for within thirty days are automatically dismissed, expunged, and the
defendant paid compensatory damages out of the prosecutor's budget. Defendants
may petition for limited extensions on the explicitly defined grounds of
preparing a defense.

This will obviously never happen because it's far more lucrative to draw
trials out for years.

------
squarefoot
Plausible deniability. The system should allow two (or more) passwords, one
unlocks only the important stuff and one unlocks much less dangerous stuff
while destroying any evidence of the first, including the multiple passwords
protection layer. To add some credibility, the less dangerous data should
contain something one could get in trouble for but not enough to have his life
destroyed. As an example, if after being forced to reveal a password my phone
showed photos of myself having sex with a hooker, I don't think many
prosecutors would believe I put them there to protect other more sensitive
stuff that would ruin my entire life and not just my relationship. And if they
did, I just served them with real proof of why I encrypted my phone which
should be enough to counter their unfounded accusations.

~~~
cryptonector
LEO are not stupid. If you are using tech with this feature then they'll ask
for both passwords.

~~~
caconym_
If it's impossible to prove that you've set up the second password, they can't
reasonably demand that you provide it if you deny that it exists.

They could _un_ reasonably demand a working second password and
incarcerate/torture you until you either provide one or die, but that's the
next level.

~~~
cryptonector
LEO and courts will (reasonably!) make the following inference:

    
    
      "MIGHT be another password-protected partition"
        ->
          "is a password-protected partition"

~~~
caconym_
How does the Truecrypt version of this idea work? I was under the impression
that the double-secret data were written in such a way as to be
indistinguishable from random bits that normally appear in the files that
contain encrypted volumes, with no metadata (e.g. a partition table) to
suggest that those random bits are actually interesting.

I figure there is at least one good reason to include amenable "filler" in a
"single-secret" file containing encrypted data: it means the size of the
plaintext data cannot be inferred from the size of the file. So there is
plausible deniability for having amenable "random" data present on that basis
alone.

I'm not saying it's easy to extend this scheme to accommodate all environments
and/or user experiences. As you say, you can't just e.g. have another
partition sitting around full of nothing but suspicious random data.

------
ThrustVectoring
The article buries the lede pretty badly.

>The government’s explanatory note says that the Bill could force a
manufacturer to ... install government software on it

If the bill passes, using a phone purchased in Australia is no longer secure.
I know my security threat model excludes manufacturer-installed root kits - is
there a reasonable strategy for mitigating this risk? Buying a phone in the US
and importing it yourself is one, but that seems very awkward.

edit: reading the actual text, there's some protection in section 317ZG, which
prohibits the law from being used to cause "systematic weakness" or
"systematic vulnerability", but explicitly carves out an exception for
targeting specific devices. So for a specific example, the bill would allow
the Australian government to compel Apple to secretly push an over-the-air
update to backdoor a specific device of interest.

>The mere fact that a capability to selectively assist agencies with access to
a target device exists will not necessarily mean that a systemic weakness has
been built.

Yeah, the bill is definitely designed to allow _exactly_ the scenario I
described. They're after using the code-signing keys and technical expertise
of device manufacturers and communication program developers to target
individual devices with encryption backdoors.

>Likewise, a notice may require a provider to facilitate access to information
prior to or after an encryption method is employed, as this does not weaken
the encryption itself.

Definitely planning on backdooring devices and reading the messages pre-
encryption and post-decryption.

~~~
rstuart4133
> Definitely planning on backdooring devices and reading the messages pre-
> encryption and post-decryption.

They actually explicitly said that was the aim. From
[https://www.homeaffairs.gov.au/consultations/Documents/expla...](https://www.homeaffairs.gov.au/consultations/Documents/explanatory-
document.pdf) :

> This includes accessing communications at points where it is not encrypted.

I am an Australian, and I have been listening to the Minister for months tell
everybody they were going to do something about encryption, but then
categorically ruling out weakening crypto with back doors. I wondered what he
was on about. Now I know I guess.

In case it's not obvious, they aren't just targeting phones. Anything with an
app store or automatic updates is fair game. So this includes Microsoft
updating Windows and Edge, Google updating Chrome and Chromebooks, and of
course all of Apple's products. They don't have the expertise to write the
software bugs to do this of course - but the bill allows for this by making
provision for forcing the tech companies to provide whatever technical
assistance is required (and encourages them to go further by providing
voluntary assistance).

I see a few comments here that seem to think that encryption on (eg, Signal,
PGP, encrypted hard disks, bimetrics) will save you. The entire point of these
provisions is to get to the data when it is not decrypted, which it must be if
you want to use it. Nothing will save you on these devices - once the bug is
installed they are an open book. Possibly more open than you imagine, as they
can turn on the microphone, camera, gps without you knowing.

Since there are commercial organisations they are targeting, I expect once
they roll over they will do it in the most efficient way possible. Which is to
say I expect it will be automated - something like the law enforcement agency
will provide a MAC or some other unique identified and a few minutes later the
bug is installed and sending data back.

What that means it is will be highly centralised, meaning you can compromise
just a few people and/or pieces of equipment and you have the keys to the
entire thing. A spy machine that can track everyone - it's an impossibly
attractive target. I can't imagine state actors like Russia or China not to
turning a gift like that from the democracies into something useful.

They are arguably sticking to the letter their promise not to back door
encryption, but in reality they are legislating a centralised system that can
see even banking password, everything you read, and everything you say, and
everywhere you have been. It's pretty much the same outcome.

Way to go, guys.

~~~
cmroanirgo
> once they roll over they will do it in the most efficient way possible

Yes. To be clear, Telstra has installed devices of mass surveillance. So, this
new bill is about undoing the 'snowden world' as you suggest.

From this article: [https://theintercept.com/2016/10/23/endace-mass-
surveillance...](https://theintercept.com/2016/10/23/endace-mass-surveillance-
gchq-governments/)

This clearly shows how an Australian company was giving assistance in the
construction of the hardware for a NZ company, Endace:
[https://theintercept.com/document/2016/10/23/medusa-
weekly-s...](https://theintercept.com/document/2016/10/23/medusa-weekly-
status-report/)

"Both prototype boards have been returned to Sourceman in Aussie with DDR
memory issues and PCB baord issues" [Their typo].

Telstra has Endace hardware installed for the purpose of monitoring
Australians: [https://theintercept.com/document/2016/10/23/sprint-
endace-l...](https://theintercept.com/document/2016/10/23/sprint-endace-
lawful-intercept/)

"The packet capture abilities... sold to Telstra"

~~~
rstuart4133
A few years ago I read references to LEA Racks (Law Enforcement Agency Racks)
being installed into every NBN POI. I think I saw it in the NBN design
documents, but a few years later I could not find it again so who knows.

After getting over the initial shock of the implications, I put my engineering
hat on and then it was "of course there are LEA racks, you idiot". I presume
when the TIA was written (1979) getting a tap involved filing a request with
Telecom who then raised a work order for some department, and it wormed it's
way down the management layers until some worker was directed to install the
thing. If I was in charge of optimising that process, I too would have created
LEA Racks, filled it with gear and told the LEA's "here, you look after it,
and try not to bother me again".

I'd be amazed if the process hasn't been automated to the extent ASIO doesn't
now have a button in Canberra somewhere they can press to tap phone or
internet connection. There is no doubt in my mind commercial forces will mean
Apple, Google and Microsoft go down the same road. Someone who had a hand in
drafting this bill has dreams of a future where the old telephone line taps
will become part of ancient history - it's all done via bugs installed at the
touch of a button onto the end users devices.

I doubt their idea of utopia will last for very long. The likes of Russia and
China must be delighted with the idea of democracies building a surveillance
of the likes they could only dream about, and then handing it to them on a
platter by just leaving it in control of just few humans easily manipulated
with social engineering hacks, and a few machines they can focus enormous
resources at cracking.

That's if it lasts that long. It's trivially easy to bypass now by simply
using Open Source. The timing is bad for them as Debian has just added the
final nail making that all possible by creating the first ecosystem using
repeatable builds.

If anyone is wondering why Open Source is the solution - it's because the root
cause of the problem is they are putting control in a central choke point.
Compromise that choke point in a way that no one notices you have own whatever
it controls. The people in charge believe they can fix that by heavily
fortifying the choke point. But as the saying goes, every man has his price,
as oddly does every computer and every SIM. If you are centralising, you are
making the worth of what the choke point controls higher and higher, then
eventually you will hit that price. They have created something that can
reveal every banking password, every confidential email discussing corporate
takeovers worth billions, all trade secrets and government secrets.

Open source solves that (as indeed did world the TIA was born into with its
work orders involving many people) by making the cost scale. Over time there
are thousands of programmer looking at the source in Debian - that's why it's
called Open. You have to compromise every one of those programmers.

------
matheusmoreira
A government's ability to control its population weakens as subversive
technology evolves. The law is always behind the state of the art. This
frustrates officials so much they react with incredulity and throw childish
tantrums. In order to maintain control, the government must ask for more and
more power and become more and more totalitarian. It's like a politico-
technological arms race.

What will be the end of this? Will the technology evolve so much the
government won't be able to win no matter what it does and surrender? Or are
they going to ban encryption, non-vulnerable computers and everything that
could stand in the way of prosecuting people they don't like?

~~~
aeternus
Technology can already more or less deal with this.

Encryption plus a hidden volume (the existence of which cannot be proven)
provides the ability for someone to 'unlock' the phone but still not provide
access to the real data.

It would be quite difficult to ban encryption without causing a ton of other
problems.

~~~
gnode
But the argument being made is that in the face of such technology, the
government will make increasingly drastic laws to compensate. E.g. require you
use vulnerable phone software approved by them, and allow inferences of guilt
if you use something else.

------
kazinator
Don't keep anything sensitive on your phone, encrypted or otherwise. Keep it
on some storage medium whose very existence is secret.

They can't accuse you of refusing to unlock something whose whereabouts are
unknown and, indeed, whose very existence is only alleged.

~~~
jpindar
I'd pay extra for Android apps that have an option to force me to enter a
password EVERY SINGLE TIME. Or at least provide a way to log out.

There are a few that do, but not many.

~~~
kazinator
Doesn't help if you're asked for the password, or else face prison.

~~~
jpindar
There are other contexts for this than being in government custody.

------
BLKNSLVR
The draft of the bill is accessible here:
[https://www.homeaffairs.gov.au/consultations/Documents/the-a...](https://www.homeaffairs.gov.au/consultations/Documents/the-
assistance-access-bill-2018.pdf)

I am not a lawyer, and I haven't read the document in detail. There are three
places where penalties of 10 years in jail are mentioned:

\- 64A (Person with knowledge of a computer or a computer system to assist
access etc.), which comes under the "Schedule 2: Computer Access Warrants etc"

\- 3LA(5) which comes under "Schedule 3: Search warrants issued under the
Crimes Act 1914"

\- 201(A) (Use of electronic equipment at other place), which comes under
"Schedule 4: Search warrants issued under the Customs Act 1901"

10 years in jail appears to be a penalty for not unlocking your phone when a
warrant has been issued to do so. As long as a warrant is required, I don't
really have a problem with this, it doesn't seem to be an unreasonable
extension into the electronic world from the analogue. Warrants already exist
to search your house and everything in it - that's pretty much the biggest
privacy invasion you could have, but it requires paperwork and sign-off by
"certain parties".

(The trustworthiness of those doing the paperwork and the "certain parties"
signing-off on warrants is a separate argument as that's not "new" to this
change in legislation).

It doesn't appear that you could get thrown in the clink for 10 years for
refusing to unlock your phone during a random traffic stop.

Happy to hear why my take on this may be wrong though.

------
tessi3r
Seems like the only logical solution is to carry a hammer to destroy your
phone if necessary.

If the heat hasn't told you they want your phone, there's nothing legally
stopping you from destroying your own property if you see them coming...

~~~
tzakrajs
Or snap it in half, most phones will do this easily.

~~~
fredley
Would you, under immediate threat, be able to locate and destroy the memory
chips—and specifically the memory chips—on your phone? If they're prepared to
lock you up for 10 years, they're prepared to do some serious digital
forensics on some unsnapped chips.

~~~
gautamnarula
Would factory resetting your phone be sufficient, or is data still recoverable
even after the standard factory reset option on Android (and I assume,
iPhones)? I don't really know much about these "serious forensics."

~~~
jonknee
If the storage is encrypted (standard on iOS, depends for Android) then the
data should be pretty well unrecoverable.

------
ada1981
Has anyone created a mobile OS that has a feature where if a certain password
is entered on the unlock screen that it boots up a dummy desktop while
silently encrypting or erasing the phone in the background?

~~~
gknoy
That doesn't seem like it would be helpful from a forensics standpoint -- if a
court is asking for my password, they probably already have an image cloned
from my device, so any such things seem like they would either be noticeable,
or simply be ineffective.

~~~
ada1981
If they have a cloned copy of an encrypted phone; and a suspect gives them a
password that gives them an experience of having access to the phone, They
might be satisfied with that. (Especially if they aren’t reading this thread)

------
y-c-o-m-b
It's evident citizens are not going to win the fight for privacy by trying to
change policy. Voting has become nearly meaningless in the modern age when it
comes to changing politics. Influencing businesses to do what's right is
becoming more challenging too as this order shows they can just be forced to
hand over data by authorities.

I don't want the "bad guys" getting away with their activities either, but I
don't want some jackass in a volatile country to obtain my confidential data
because the authorities are too incompetent to store it securely on their
servers. It's just begging for identity theft and black-mail. Time and time
again we've been shown that even the most sensitive data can't be secured
properly (e.g. Equifax, Google, Yahoo, Anthem, NSA/CIA hacks and leaks).

I also don't want some corrupt cop having a bad day make up an absurdly false
reason to go through my private life. It's bad enough with people getting
drugs planted by corrupt cops; authorities just can't be trusted and there is
no proper oversight to make sure they're acting ethically.

The only way to fight this is by developing tools to counteract these measures
in a reasonably intelligent manner. Hidden multi-layer partitions, hidden
"remote" hosts, encrypted decoys that show faux private content so it appears
you're cooperating when real content is hidden, etc.

~~~
eftychis
I disagree that voting has become meaningless. The issue is that young people
think and feel that voting is meaningless. Thus politicians don't really have
to pay attention to what young people think or want.

(You don't vote, you don't count.)

If you don't vote, your peers don't vote. You transfer your power to other
people. Think of NRA. It is a small relatively movement. But if they say to
their members go vote X, 100% of them are voting X. This conviction makes a
difference. Even if they have 200 votes say, those 200 people are going to
make sure everyone around them is going to vote appropriately. And the numbers
stack. Also, as usual in the U.S. call your representatives, create a group
and take legal action through courts, etc.

You have other tools in your belt too, which you mention. These are the "oh
shit". But you wouldn't want 20 years from now, to have to use them, or go to
jail for using them, because they were illegal.

~~~
offbytwo
>I disagree that voting has become meaningless

You literally have better odds of winning the powerball than your vote having
any effect on the outcome of a general election. Even if it did, the people
put in office are worried about themselves and the people they owe money to --
not your opinions.

------
dfsegoat
Genuinely curious - What is the current state / precedent for this type of
situation in the US?

~~~
ransom1538
US: Life sentence. If a judge orders you to unlock your laptop/phone and you
don't -- it could be a life sentence. IMHO, they go around the constitution
with "Contempt of court".

[https://arstechnica.com/tech-policy/2017/03/man-jailed-
indef...](https://arstechnica.com/tech-policy/2017/03/man-jailed-indefinitely-
for-refusing-to-decrypt-hard-drives-loses-appeal/)

~~~
peeters
Granted my source for this is _The Newsroom_ , but IIRC contempt of court is a
tool that can only be used coercively, and not punitively. In other words, if
you refuse to give your password, you could be detained indefinitely for
contempt. But if you forget your password, you should be released immediately.
Obviously that's open to interpretation and abuse, I'm just saying contempt
would only be correctly applied here if there was reason to believe a
witness/suspect was withholding the information, not when they're not able to
provide the information.

~~~
gknoy

        refuse to give your password: detained indefinitely
        forget your password: should be released immediately
    

How could that possibly work? The court has no way of knowing whether someone
is refusing to comply, versus being unable to because they don't know (or
never knew) a secret. Because of this, it seems very likely that any claim of
having forgotten (or having never known) something will be treated as
contempt.

~~~
candiodari
Every system builds on the humans implementing it. So in other words, this
system gives judges the power to imprison anyone indefinitely.

These guys, for example:
[https://en.wikipedia.org/wiki/Kids_for_cash_scandal](https://en.wikipedia.org/wiki/Kids_for_cash_scandal)

------
wpdev_63
They don't really have to ask to get into your phone if you are with a US
carrier. If they absolutely need access to your phone, they will get on it
with very little resistance.
[https://motherboard.vice.com/en_us/article/7xdxg9/fbi-
hackin...](https://motherboard.vice.com/en_us/article/7xdxg9/fbi-hacking-
investigations-classified-remote-operations-unit)
[https://techcrunch.com/2018/06/25/nsa-att-intercept-
surveill...](https://techcrunch.com/2018/06/25/nsa-att-intercept-
surveillance/)
[https://wikileaks.org/ciav7p1/#EXAMPLES](https://wikileaks.org/ciav7p1/#EXAMPLES)

------
gyani95
Wish you could configure a finger to erase all data if needed.

------
voidmain
We need a certificate transparency type solution that makes pushing
compromised firmware to individual devices impractical.

That still leaves forcing manufacturers to insert backdoors in all devices,
which as far as I know can only be made tamper evident by open sourcing (and
using reproducible builds for) all security critical software and hardware.

------
crb002
Absurd. I forget passwords all the time.

------
evntllyCnsistnt
What about straight-up smashing your phone?

And never carrying another one again?

Watch this happen.

~~~
SmellyGeekBoy
Or just use a dumbphone, which most serious criminals have already worked out.

------
fredley
Like a $5 wrench[1], but more socially acceptable.

1: [https://xkcd.com/538/](https://xkcd.com/538/)

~~~
dingaling
For a couple of decades pre-XKCD that technique was called "rubber-hose
decryption". I don't know why he thought it necessary to change the implement;
a hose causes repeatable pain, a wrench can cause fatal damage.

------
grosjona
I think it's fine. If you did nothing wrong then you have nothing to lose by
unlocking your phone. So if you don't unlock your phone, it's an admission of
guilt.

People are way too paranoid. Nobody cares about what you do with your phone.

Sometimes I feel like the upper classes of society (especially hypocrites who
have money and a reputation to protect) are projecting their fears on all
other classes. Then like fools, the honest proletariat adopts all these
ridiculous fears as their own.

~~~
jasonbarrah
"Arguing that you don't care about the right to privacy because you have
nothing to hie is no different than saying you don't care about free speech
because you have nothing to say." -E. Snowden

~~~
grosjona
I disagree with that statement because they have fundamentally different
purposes.

Free speech affects my ability to improve society. Right to privacy affects my
ability to cover my own ass.

~~~
ajuc
Free speech in a country that goes authoritarian is very harmful for your
career. People in power have connections, they can make it hard for you to
make a living without even breaking the law, just asking the right people for
a favor. Anonymity is one of the things that make people more likely to say
what's need to be said.

Without protection of privacy - very few people will exercise their free
speech when things get hard.

~~~
grosjona
Maybe these types of people would not have power if everyone knew who they
really where.

That said I understand people who are afraid that loss of privacy would be
asymmetric but I don't think that would happen. Celebrities and public figures
will always have less privacy than everyone else.

~~~
ajuc
> I understand people who are afraid that loss of privacy would be asymmetric
> but I don't think that would happen

If Trump wants to know your tax returns - he will. You don't know his, no
matter how much you want to.

And anyway, Trump insist he could murder someone and give himself a pardon.
You can't. So, even if the information flow is symetric - the consequences
aren't.

