Today I watched my country's democracy die via livestream, with the words "Labor withdraws all amendments".
The US government and their agenda to spread similar laws in their country and across the world.
Labor was always on board with the core of the legislation; likely as they were aware of some unreported Five Eye's agreement that Australia will be the 'thin edge of the wedge' to introduce such laws worldwide.
Any amendments proposed wouldn't have changed the goal and was simply the basis for some political theatre to look like such a law has been considered and debated by the politicians. The outcome had already been decided a lot earlier than that point.
Voters? I don’t mean to be snarky, but while Tweets, submissions and letters may inform the content of bills in democracies, but the counts of these are not numerically representative of much, apart from the feelings of people who feel strongly about an issue.
That said, these laws sound exceedingly stupid.
For me, this was the 50tone block of concrete on the lead coffin on the rotting cadaver of a political system that serves humanity in a balanced manner.
The same interests they are always representing. Themselves. The organisations and lobbyists that got them voted in. The organisations they're looking forward to offers of high-priced consultancies and directorships after the next election.
Did you expect anything else?
For context, here was the letter we sent: http://i.imgur.com/yRrZHAq.jpg
In talking with some other companies, some of them are looking at potentially moving any role that would have the ability to compromise encryption outside of the country. That way there'd be no way any employee could be legally forced to implement any backdoors or weakening of encryption. That's an extreme measure and is probably overkill right now as the loophole that states you don't have to do anything to weaken your security will likely be used as a challenge against building in any backdoors. We'll have to wait and see how things pan out.
I saw that, but another part of the bill that I've seen (on a cursory review, and as a non-professional) is the sweeping, extreme secrecy measures surrounding the execution of any part of the bill.
Basically, my understanding is that you can't tell me as a customer if you've been required to compromise my privacy.
So say you even take the extreme measure and ship some sensitive roles overseas. If for any reason that's not enough, and your government requires you to surrender some of my data, then you will be legally unable to tell me.
That will destroy all trust.
I like Atlassian and am extremely sorry to see this happening to you.
I've read an interpretation that indicates that all Australian citizen employees are now essentially compromised, as they could be compelled under penalty of jail time to insert backdoors into an application without informing their employers.
>The Synod has some hesitancy about ‘safeguarding national security’ being one of the objectives of the notices, as it is not clear what additional activities this captures that are not criminal activities. For example, notices to address terrorist activities are already about enforcing criminal laws as would be notices targeting foreign espionage. We have a concern that ‘safeguarding national security’ might mean the desire of a government of the day to target civil society groups and individuals that oppose its policies or to target whistleblowers that expose wrong-doing by the government of the day. It would be good if the explanatory memorandum of the Bill includes an explanation of what non-criminal activities are intended
to be caught under ‘safeguarding national security’ under the Bill.
So, yeah, a great day for humanity that didn't want this.
As with most deeply technical issues, it is hard to communicate to the general population exactly what the proposed problem and solution is, so the politicians are allowed to freely pass legislation (without understanding it themselves mostly) without much opposition besides the vocal minority.
> Division 7—Limitations
> 317ZG Designated communications provider must not be required to implement or build a systemic weakness or systemic vulnerability etc.
> (1) A technical assistance notice or technical capability notice must not have the effect of:
> (a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or (b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection.
> (2) The reference in paragraph (1)(a) to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to implement or build a new decryption capability in relation to a form of electronic protection.
> (3) The reference in paragraph (1)(a) to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to one or more actions that would render systemic methods of authentication or encryption less effective.
These limitations would seem to imply that the bill can't require a "systemic weakness", either by introducing a new one or prohibiting the patching of an existing one, which would seem to suggest that end-to-end crypto wouldn't be affected.
Is this a correct reading? Or are there concerns that the government might, say, require end-to-end crypto to be vulnerable to a government-held golden key?
Edit: Part of the text,
> to implement or build a new decryption capability in relation to a form of electronic protection
, sounds like it's prohibiting golden-key-based schemes.
The basic gems are that I got from reading the draft legislation was:
- If you have server side encryption, & we want you to decrypt a particular person's data, then we expect you to do so - ad infinitum.
- If you do client side encryption then we expect you to put into place a system that allows us to decrypt a particular person's data. (One assumes that a modification should be made for the particular client such that their data can be gathered in an unencrypted manner).
So, irrespective of the caveats that you've mentioned, the bill still stands. The caveats you've mentioned are the standard bait-and-switch style legalese, to make it sound more palatable. I'd assume that in reality, it's up to the company (at their own legal cost) to prove that what needs to be created is in fact, a back door.
Note that an interception agency also includes "the Police Force" p9
It later states that if a provider willingly complies:
"an officer, employee or agent of the provider is not subject to any civil liability for, or in relation to, an act or thing done by the officer, employee or agent in connection with the act or thing mentioned in paragraph (b)" p17
Meaning, you're up for civil charges if you fail to respond to a non-warrant request.
And if that's the case, software really is dead in Australia. You can't trust an Australian company, even if their leadership says they've never received a request, because one of their employees may have.
* TARs and TANs both generally require that an agency be investigating a serious crime (one that takes). There are some toy protections against abuse but they're basically meaningless (the AG or chief officer needs to be "satisfied" that it's reasonable and a few other token requirements -- need I remind you that we imprison refugees in sub-human conditions without the right to a trial, so "reasonable" is a stretch).
* TCNs are even more general. They can be done purely "in the interests of national security".
They mentioned oversight of a "retired judge" and a "technology expert" in the autoplay video at the bottom of https://www.news.com.au/technology/online/security/inprincip...
I'm patiently waiting for their proposed method of reading end-to-end encrypted messages without introducing a systemic weakness.
But the meaning of words don't seem to matter anymore in the reality distortion field that is the Australian government. This is all supposedly to somehow make us more secure for Christmas.
History will not remember these people well.
I imagine that they ask for some tailored malware to be delivered to the specifically targeted device/user.
Which, of course, leads on to a somewhat less specifically targeted "Bulk equipment interference", because once we have the capability, it'll _surely_ not get misused, right? I'm eagerly awaiting the hilarious verbal gymnastics they'll come up with to make a Technical Assistance Notice compelled "Bulk equipment interference" capability some how not a "systemic weakness"... I'm sure that'll end up in linguistics textbooks and industry jokes for decades...
The govt will just secretly compel them, and their activity stays secret - except the bad guys can now hack our compromised infrastructure and there will be inevitable leaks of data and exploits, just like Wannacry which was originally an NSA exploit.
From memory, the Aust internet filter was originally introduced using similar excuses. eg stop terrorist recruitment, pedos, etc.
The copyright cartel was having "pirate" sites blocked not long after, and has been expanding it's approach since.
Seems like a similar play book in action with this.
Chilling effects is a desired outcome of this legislation.
What's the maximum sentence for copyright infringement?
There's no definition of what "render systemic methods of authentication or encryption less effective".
The Australian Government has historically been somewhat arrogant in any area of technology.
Their attitude, in this case and others, is similar to that of management at a company with a poor technology culture. "we're in charge and we're making this law, now you nerds can go sort out the details".
You'd think something like that would not be carelessly omitted by accident, no? What this means in practice is that virtually nothing they do will ever amount to that being a "systemic weakness", just like Obama kept saying post-Snowden revelations that there have been "no abuses" of intelligence powers and that nobody in the NSA did anything wrong (even after revelations of LOVEINT, etc came out).
An Australian government order for decryption could turn into another EternalBlue-type exploit affecting millions of PCs, and the government will likely still claim that wasn't a systemic issue because they "didn't intended it to be one" (as if spy agencies ever intend their backdoors to be used by rival nations - and yet that happens every time).
> access, when used in relation to material, includes:
> (a) access that is subject to a pre-condition (for example, the use of a password); and
> (b) access by way
of push technology; and
> (c) access by way of a standing request
So whilst you may not build a systemic weakness, you may be required to provide a variant of your software to a specific user. Or provide the government with a "pre-condition" such as a golden key.
The words aren't defined at all in the bill (which should be a massive red flag), but even the amendments that include definitions completely miss the point and basically imply that only something like Dual_EC_DRBG is considered a "systemic weakness".
There is a lot of doomsaying because it is very seriously, no-kidding bad. Not to mention that denying such a request should almost certainly be done with some very serious (and expensive) legal advice.
Australia may be leading the path toward a Kafka-esque state but we're not there yet.
That's a pretty big call to refuse a secret request that you're not allowed to disclose to anyone, risking a lengthy jail term without the possibility of even seeking legal advice.
War Is Peace, Freedom Is Slavery, Ignorance Is Strength.
Have a safe Christmas Australia! Papers please!!
At the end of the day, if they tell you to do it, chances are you'll have to do it. And you can't complain to anybody.
If I were to write some software of this nature these days, I'd make sure that the client would be aware of any changes in the api - sort of like a personal warrant canary. (Note that a warrant canary is legal in this legislation).
(For those wondering how they can be illegal, in Australia it's illegal to state the existence or non-existence of certain kinds of secret warrants. So a statement of a canary is, itself, illegal.)
- A person who is: ...
...may, in the person’s capacity as such a provider or employee, disclose:
(e) the total number of technical assistance notices given to the provider during a period of at least 6 months; or
(f) the total number of technical capability notices given to the provider during a period of at least 6 months; or
(g) the total number of technical assistance requests given to the provider during a period of at least 6 months.
This subsection authorises the disclosure of aggregate statistical information. That information cannot be broken down:
(a) by agency; or
(b) in any other way.
 pp50-51, http://parlinfo.aph.gov.au/parlInfo/download/legislation/bil...
I mean, a literal reading would allow you to provide minute-by-minute 6-month windows (or a new 6-month window each time you get a request) which could be used to get very detailed alerts each time a new request was given but obviously you'd get into hot water by doing that.
I have not had any communications requesting investigative cooperation from any Australian law enforcement or intelligence agency.
But I believe the bill which passed actually includes the ability to publish aggregated statistics about how many notices you've received. Removing the need for warrant canaries.
(And you wouldn't have to be a citizen, just a subject of Australian law which means that you are either a citizen, are a constitutional corporation, or physically present within Australia. Same as any other nation's laws.)
But those stats would be useless as each notice can target an arbitrary number of people. The law as written can literally ask for the data of every one of your users.
As I understand it, there can be no stats about the number of individuals targeted, only the number of notices received.
Australia, you fail at the very notion of free western civilization.
This bill does nothing to prevent the kinds of things it is intended to prevent. The apps this law targets were engineered specifically to prevent this kind of interference. The idea that passing legislation will suddenly change that, magically allowing decryption of messages is beyond idiotic.
The legal and technical barriers to getting anything useful from this legislation are huge. Not to mention the ease with which this can be bypassed (run OpenVPN and IRC on an overseas server, done).
The justification for rushing this was so that Australia could be kept 'safe' over Christmas. It's beyond difficult to describe how ridiculous that is.
Edit: Sorry, I also have to add that in the same sitting of Parliament the government also filibustered legislation that would have enabled medical evacuation of refugee children from child detention on Nauru. It's been a bad day for Human rights in Australia.
Especially since ASIO (who really wanted this bill to pass) has stated that even if the bill passed today, they wouldn't have the necessary powers before Christmas.
In terms of Australia I'm not sure what we could actually do about this. Given that it's ASIO and other government departments that want these powers and that they have tried to introduce this sort of law over the course of the last decade. Both major parties have introduced legislation such as this and both voted for it. Maybe it is time for civil disobedience, and have everyone create and distribute encryption applications for all devices, because they couldn't possibly jail everyone right? I just wonder who will be the first person jailed or the first company fined for refusing these orders.
In terms of the world at large, which country should we trust now? A lot of the Western Democracies are becoming rapidly "security" focused authoritarian, and the other countries powerful enough to stand up to them are not much better. Should we trust applications with code written in Russia? What about hardware products manufactured in China? Should we trust services running in the USA? Now we also have to be wary of any company that runs a service in the Five Eyes countries.
Sometimes I wonder if we really have it better than people in the middle ages or other earlier periods, in some ways it clearly is, but in others it's just the same smell coming from different shit.
Chilling effect? More like dipped-in-liquid-nitrogen effect.
I hope Australia will have its own Edward Snowden, but the immediate repercussions would be far more severe in Australia.
You would be knowingly putting your name to a vulnerability, and if someone asks then you have to keep it a secret and feign incompetence. Then if they revert your change you'll have to re-implement it.
If you do tell your superiors (which would be most likely what would happen, even before writing the code) then you would be in violation and could be put in jail.
If you refuse you would be put in jail, or they would go to the next person in their list.
I think you could immediately resign. It's not a slavery bill... is it?
After the first few times they use these new powers, the people who're gonna come asking are 99.9% likely to know exactly who the person who will write, commit, and code review the backdoor they're demanding... And their direct manager, and the management chain all the way to the C suite...
I think I need to quit this entire industry, maybe take up boatbuilding or something...
It just seems like a hotter, drier America at this point.
New Zealand still looks lovely though. Maybe they could invade you?
And it isn't like other western countries aren't thinking of doing something similar. While this is a bad law, being smug about it is the wrong reaction.
I wish I knew more western countries who were defending privacy, and the environment for that matter. For a period it kind of looked like Germany _might_ but that hasn't stood up (Who knows, maybe the Pirate Party will get a chancellor someday). The Nordics don't seem amazing either.
What does that leave us with? Some rocky archipelago in the middle of the Pacific? Developing nations that simply don't care or lack the ability to have meaningful enforcement? I'm really struggling to think of something.
The answer from the intelligence agencies is that there must be a known specific threat in order for the threat level to be increased (from "Probable" to "Expected")
So, they're saying that it's important for this legislation to be passed for the sake of the safety of Australian citizens despite the fact there's no specific threat that's worth raising Australia's threat level for.
Add this to the huge list of WTF's surrounding this situation.
From small portion to none.
And basically Australian software developers are unemployable now.
Make no mistake, with the rise of ML governments will be able to crush social movements in the nascent stage before they become too big to stop. People will be arrested for thought crimes because they posted the wrong thing on the wrong website. And currently a large number of people would cheer because the people getting arrested are on the "other" side of the political spectrum. Be careful what you wish for
The GDPR explicitly allows for government surveillance to be excluded from the directive's protection.
Privacy International and a bunch of other NGOs have filed complaints against "Belgium, Czech Republic, France, Germany, Ireland, Italy, Poland, Portugal, Spain, Sweden, and the U.K." for violating rulings by the European Court of Justice over illegal mass surveillance. Here's another article.
Or it can shoot up a pre-school.
Only one of these things actually happens outside of adolescent power fantasies.
There are counter examples to every case, but my point was the Australian government can do what it wants because it's populous let's them.
Who we are contemporary with are the parents of a lot of dead kids; maybe you should explain to them the necessity of guns to protect them from harm.
But keep on living in the past. If events like Sandy Hooks can't change your collective opinion, I doubt that anything will. It's all on your hands, you proud all-american weekend warriors.
I think you misunderstand. I'm asking you to imagine, or in other words, pretend for the sake of argument, that you lived at that time, and then ask yourself whether you'd join the loyalists in calling for the colonists to be disarmed. Does that make sense? If you cannot understand why many Americans are unwilling to discard a right that was fundamental to the very existence of their nation, then you'll never be able to debate this topic productively.
> maybe you should explain to them the necessity of guns to protect them from harm.
Certainly, just as I have (gently) tried to convince people who have lost loved ones to drunk driving or alcoholism that criminalizing alcohol would not be a moral response to their loss. Would you disagree? Keep in mind that alcohol kills tens of thousands of people every year, including thousands of children killed by alcohol-impaired drivers. Is this also a problem that needs to be solved by criminalizing all alcohol? If not, what's the difference in your opinion?
Alcohol hasn't been criminalized, but it has been regulated.
Regulation, in Australia's case at least, works. We went from several large public shootings, to next to none. We currently have more guns than when regulation was brought in , but by preventing those who too unstable from gaining access, we've prevented many attacks on the public.
Regulation isn't a ban. It isn't suppressing a right. It's protecting the populace from those who bring harm, and themselves would be harmed, by access. And when they find a way to recover in those areas of concern, access is available.
Yes, and that clearly isn't enough. That's my whole point. Alcohol is still killing tens of thousands of people. Way more than firearms do (apart from war).
> Regulation isn't a ban. It isn't suppressing a right. It's protecting the populace from those who bring harm, and themselves would be harmed, by access.
No kidding. You seem to assume that you're arguing with absolutist libertarian gun-nuts here. I'm all in favor of sensible regulation. I'm merely pushing back a bit on craigsmansion's brainless knee-jerk "But Sandy Hook!!!" reflex, which is as useless here as it is in similar debates over other dangers like drugs and alcohol.
We're not living in the past. "Fundamental to very existence of the nation" is simpleton claptrap. Eradicating Native Americans was also fundamental to the very existence of the nation. It has no bearing on the present, no matter how much your kind would like to obfuscate the matter with jingoist bombast.
> which is as useless here as it is in similar debates over other dangers like drugs and alcohol
Not talking about drugs or alcohol, but sure, change the subject. "But what about...?"
> "But Sandy Hook!!!" reflex
That's not a reflex. That's a shrug: there's simply no event terrible enough that will evoke change. Apparently this actually is what you want. It's sad for the children, because they never got the chance to vote, but for the rest of you: just stay afraid, wave that flag, and polish the caskets.
> "Fundamental to very existence of the nation" is simpleton claptrap.
This is a bit ironic coming from someone who then says, "Apparently this actually is what you want", and, "wave that flag, and polish the caskets." You're not really interested in hearing or saying anything that's not claptrap, are you? Be honest.
> Eradicating Native Americans was also fundamental to the very existence of the nation.
I agree! However this is a strawman. No one would argue that genocide should be continued for the good of America. However you will find many, like myself, that say the Bill of Rights was and continues to be critical for democracy in the U.S. Would you disagree? Would you say that fighting for freedom of expression (1st amendment) is "living in the past"? If not, how do you justify treating it so differently from the 2nd amendment?
The parallels between firearms and other highly dangerous substances such as drugs and alcohol are highly instructive. Or at least they could be if you were willing to consider them rationally. Again, by any measure you care to take, alcohol is a greater danger than civilian gun ownership. Why should we not criminalize alcohol? Why not consider criminalizing every dangerous substance or activity? You appear to think this thought process is irrelevant, but you're unable to articulate why. I really think you haven't thought this through very well.
I don't support this legislation, but I have to ask, which country is doing a better job on human rights issues than Australia in your opinion? Surely not China or nearly any country in Asia, Africa, or South America? Surely not the US? Probably not much of Europe?
Australia's government blocked legislation that would help kids not die. Because they came on a boat. Which has never been the primary way illegal immigrants get into this country.
Nauru was declared a human rights travesty by the UN.
The medical board that decides whether or not it is a medical emergency that needs to be treated in Australia is staffed by lawyers and only occasionally features a doctor.
We're killing people from neglect, because they dared to take any avenue available to them to escape their homes.
If we put half the effort into assessing their case as we do into making sure they stay in a place reminiscent of WWII slave encampments, there would be no issues.
The most disturbing aspect is the strong bipartisan and public support for the ongoing abuse. Every Australian should wake up in the morning, take a long hard look in the mirror and ask themselves if they're proud of what they've become.
Is there really public support? Everyone I've talked to thinks it's a disgrace.
That being said being a "coastal elite" in a progressive area isn't necessarily a good litmus test
Other points I noticed:
- Coming across as emotional about the harm and suffering on Nauru or escaping war, they will dismiss all arguments as immature and feel like they're being an adult to you.
- Some are persuaded by increased economic activity and net welfare investment benefits but want more screening but wouldn't know how to do this effectively.
Source: Asking random people about policies. Some people you can try asking: mechanics, tradies, checkout people, business people, asking people who handout stuff for Liberal/Labor. To get a deep understanding, read their sources, any of the Murdoch rags or right wing morning shows (ie Alan Jones).
Meanwhile we're letting every man and his dog waltz in through the front door, as long as they have money.
But we don't want those dirty refugees! Lock them up in our own Aussie Guantanamo and throw away the key. It's sickening.
See for instance https://en.wikipedia.org/wiki/World_Index_of_Moral_Freedom#W...
But yeah, “cryptonomicon” utopias are hard to get by, these days.
Too bad, it's almost 2020 and we still can't get "treat people well" right. What hope do animals or the environment have?
My advice is that the Australian tech industry just got nuked from orbit, so come work in the USA. The pay is better, the work is more interesting and the tech companies actually have sway over policy here.
The bill seems to be a nightmare - it even says that the technical assistance request can be given orally. What the bloody ....?
To me, it reads like this - if you're a Nigerian developer working in Germany and refuse to do this for some software (after all, every software is "likely to be used" in Australia), you are still breaking the Australian law. But you need not be prosecutable if Germany does not have an extradition agreement with Australia. If you are an Australian anywhere in the world however, then refusing this makes you a criminal, probably later a fugitive. This is my understanding. Can someone confirm?
The courts of most nations would laugh out the notion of extraditing their own citizens to Australia for hosting a website and not giving the AU government a backdoor to it.
Maybe I'll just work on a farm instead of this technology madness.
I don't like the US shonkiness any more than anyone else. But these situations are not precisely equivalent, especially since this bill passed.
Six of one, half dozen of the other.
> Apple stared down the FBI in a mass murder case, because it was [legally] possible for them to do so.
So far we haven't seen the Australian government ignore its own laws so completely.
If a sickness/injury is bad enough to need to fly back to Australia, there's a pretty good chance you won't be allowed on a plane.
That's fine. You're ok with taking that chance, I'm not.
As far as the ATO is concerned, unless you discontinue both, you're considered an Australian resident for tax purposes.
Even though the US considers you a resident alien, the ATO requires you to at least look like you won't be coming back for >1 year.
After ~3 years the IRS considers me a resident for tax purposes. The ATO only cares about my income because they want to collect HECS payments.
The scary part is not knowing how the law is going to be implemented - I am hopeful that smart people work on the implementation of it in terms of practicality.
If it is an on request thing "give us the details of email@example.com" then that is doable, but if they really want backdoor access to all accounts, then that is ridiculous amount of work and a lot of security risks to worry about.
Wait and see I guess.
Sadly our government has failed us. We are the laughing stock of the whole world (except maybe China).
We got the full dictatorship version with no reporting at all.
Realistically could we just setup all code to be hosted overseas and then pay a set of reviewers in Europe to check PR's for possible backdoors?
Don't think the law let's them compell you to build the backdoor in a super secret and hidden way...
Or don't launch in Europe.
GDPR and this legislation are in direct conflict. Pick a market...
easy choice to make.
All my hosting is done in the US, but that doesn't mean any of my businesses are necessarily American.
If you specifically reject all customers attempting to sign up from an Aussie IP address, or with an Aussie physical address (if you have that), then you're on pretty firm ground to tell them to piss off if they come knocking.
But, y'know, I'm not a lawyer, and you might be subject to whatever whims any country cares to hit you with. Get some legal advice before trusting some random internet comment ;)
USA didn't like it though, and asked NZ to extradite him to face charges in the USA.
Legal battle still going, I think... but the business is dead.
I doubt Australia has that much clout, but you never know when an extradition will be the price of some favour to someone...
Time to find a new career, sorry.
I've seen zero discussion of the possible ramifications of losing all security companies in Australia. Any software company that depends on security (and which one doesn't?) would be insane in the membrane to think they could credibly work in Australia now.
All they are saying is "the bill was passed to access encrypted communications of terrorists and criminals".
No discussion of no judicial oversight either.
News orgs are shooting themselves in the foot because there's no possibility of a journalist protecting their sources anymore with this nightmare.
1 billion dollars wiped from Atlassian already. I’m hoping the markets react more and destroy the industry here.
Might want to assume that all Australian developers are now potentially compromised.
Then they will coerce a telecommunications provider to install this application on the targets machine (says nothing about having it installed on everybody's machine accidentally or otherwise).
Then they shall profit.
I wish I was being facetious.
have little hope what will save what?
Just like Yandex in Russia - legally they buy all of the software from a company in Netherlands, at least that what I heard.
Apple Inc will sell the phones at high rates to Apple Australia, so Apple Australia can claim they are making zero profit in Australia, so hence have to pay no tax.
Please, Apple, do what you know is right and disable all iPhones in Australia. Google, please do the same with Android.
If you have a website, geoblock Australia from it.
Quarantine us from the world. We are sick and will infect you all.
Just did.. won't even respond to icmp. My Tokyo and UK sites.
Actually, if it's possible, you could redirect to a page saying the reason you are blocking, that would be even better.
Seriously the world should quarantine us.
But who knows, this bill seems to be the Christmas gift that keeps on giving! Merry Totalitarian Christmas, everyone!!
And since it’s not going to happen, other countries beyond China unfortunately start to get some funny ideas, too...
This is a civil rights nightmare.
If they want to continue doing business in Australia (and they very much do) then they'll be forced to comply, which means everybody in the world is negatively affected by this insanity.
Won't surprise me at all to find some businesses (like perhaps Whisper Systems) who's "doing business in Australia" doesn't actually earn them a single cent, yet will open them up to enormous reputational damage if they continue operating in Australia after this, might just choose to take thier app/service out of the .au app stores...
(BRB, backing up my iDevices and switching auto-update off...)
Meh. 25 million people, and not a top ten economy. Australia has a powerful reality distortion field that makes it seem more important than it is. Must be the tourist marketing and the fact that it punches above its weight in producing successful entertainers.
It’s more likely that WhatsApp and other encrypted messaging apps will just get pulled from the Australian App Store (if the Australian App Store remains in place, since it’s likely to be chosen as a distribution vector for compromised software).
But more importantly, because of the high GDP per capita and low income inequality, Australians are wealthy with lots of disposable income. And so most international marketplaces see disproportionately high amounts of Australian spending when considering population size.
For instance, where I work, the top 5 spending countries are the US, Canada, Australia, UK, China in that order.
With a somewhat heavy heart, but I shall be cancelling my service there.
4 the person provides an electronic service that has one or more end-users in Australia
5 the person provides a service that facilitates, or is ancillary or incidental to,the provision of an electronic service that has one or more end-users in Australia
6 the person develops, supplies or updates software used, for use, or likely to be used, in connection with:(a) a listed carriage service; or(b) an electronic service that has one or more end-users in Australia"
I believe ProtonMail falls into these categories. As an Austrlaian and a user of your services myself, will this mean getting service "officially" cut off in Australia?
I feel sorry for the people who started good businesses only to have them destroyed by this shitshow.
If it wasn't so scary as a citizen myself, it'd just be sad.
A user would have to double-VPN for ProtonVPN to be the solution. Right?
They'd need the system admins, CI infrastructure and code review team to be in a jurisdiction free of this kind of thing, and then treat all changes subject to laws like these as hostile
The alternative is sell software that everyone knows has backdoors. Pretty hard business case to make
All of our rights (other than the right to a jury for certain criminal trials, freedom of religion, the aquisition of property must be 'on just terms', the right to be a senator if you can vote, and the right to vote in federal elections) are in common law. This means that any new law can overturn those interpretations.
Personally I think Australia needs to push for a constitutional bill of rights. Unfortunately this is going to be a very hard battle to win, given the enormous requirements to get a constitutional amendment passed.
There is also an Australian entity `Atlassian Pty Ltd` but it’s not clear to me what role that has.
To be honest, Trello is the least of your worries, with Atlassian. Authorities having unfettered access to all your code, regardless of privacy settings, is more worrying imho. Then again, GitHub is US-based and the PATRIOT Act already gives that power to US authorities, so if you care about that, self-hosting in the only way.