Hacker News new | comments | ask | show | jobs | submit login
Did Australia Poke a Hole in Your Phone’s Security? (nytimes.com)
212 points by boyter 24 days ago | hide | past | web | favorite | 147 comments



I doubt that Apple will build a significant backdoor. Most likely they will figure out some symbolic way to accommodate this law, exploiting the vague wording.

The nuclear option is probably to just stop selling their products in Australia. The population of Australia is only 25 million people. It would be a huge hit but not insurmountable, and then the Australian politicians would face significant backlash and probably walk back the law.


> The nuclear option is probably to just stop selling their products in Australia.

Someone needs to. With EU laws, Australian laws, US laws, and more and more every day, the internet is rapidly becoming a tool of the least common denominator. In other words, whatever country has the toughest laws will govern the planetary internet system as all others will have to follow by extension. Apple, for example, can't make an iphone for every country to comply with that countries individual laws that differ from every other country, which also change with a regular basis.

Of course though, there will always be hackers skating on top relatively free. We're becoming a two-tiered internet. The relatively few who know how to get around the restrictions, and everybody else.

All Apple has to do is float the possibility they may not sell their products in Australia anymore, and point out why. The rest would take care of itself.


As an Australian with Apple products, I really hope Apple pulls out of the market. Some large entity definitely needs to take a stand.


In this specific case, I hope that's the outcome. But in the general case, I hope we don't end up in a world where global megacorps have that much sway over governments (maybe we're in that world already...)


I don't think it is necessarily the sway of corporations as much as the sway of the citizens. If Apple got out of Australia it could cause a lot of media attention which could get citizens riled up, especially if they could no longer get Apple products.


> If Apple got out of Australia it could cause a lot of media attention which could get citizens riled up

All they'd really have to do is announce that they are considering it. Just write up an analysis and stick it on their website. The world will notice, immediately. How many hours do you think it would take before it was a major news story everywhere?


> Apple, for example, can't make an iphone for every country to comply with that countries individual laws that differ from every other country, which also change with a regular basis.

Well, they can. You can do a lot when you're a trillion dollar company. It's just grossly inefficient and ugly and they'll try to avoid it if they can, sharing as much as possible when they can't, the same way everyone deals with multiple possible configurations they have to support. I too hope they put their foot down, though.


Yes I should have said impractical.

I'd hate to think of what a special iPhone would cost just for the Australian market, which is relatively small, should Apple (and others) decide to not foist this on everyone else world-wide. Just come out with different hardware that's easier to hack just for Australia - only to be sold in Australia, and charge appropriately. Make them pay more to be less secure. It would be justifiable if the hardware was different for a smaller market. It's no different than if they came up with their own cellular system that was incompatible with international standards. It would cost more to build for it because it's a small market with unique requirements.


That would be fundamentally against Apple’s values.

Disclosure: I work for Apple.


iMessage decryption keys on servers controlled by the Chinese government went ahead just fine.

Values are useful, but not as useful as an attractive stock-price.


Apple is required by law in Japan to make iPhones make a sound when taking a photo, and they complied.

These new voyuer laws in Australia are obviously much more severe, but there is precedent for a company to customise phones by jurisdiction.


This isn't a law, it was a voluntary agreement between the carriers to make all phones they (the carriers) sell have a permanent shutter sound. This was done to stop the moral panic due to "upskirting" on subways/etc.

Since Apple sold iPhones only through carriers initially, they complied with this agreement.

A better example of this would be Apple disabling FaceTime on phones sold in the UAE, which is the result of a law, and the feature stays disabled even if the region is changed from/the phone is removed from the UAE.


Camera shutter sounds aren’t a moral issue apple has staked a position on.


Wouldn't it be nice, as a courtesy from Apple, if your phone emitted a sound everytime the government attempted to access private data off your phone


These things are quite obviously very different and I can’t find a way to read this in good faith (except perhaps from an extreme libertarian point of view), let alone in a good light.

One is a law requiring phones to try to alert people whose privacy is being invaded in some circumstances.

The other is a law requiring phones to invade people’s privacy in some circumstances.

I think it is quite reasonable to follow the former, just as it could be reasonable for laws to require phones to broadcast tsunami warnings or meet various antitrust requirements.


> One is a law requiring phones to try to alert people whose privacy is being invaded in some circumstances.

A law that restricts my freedom to customize my device. Plus their privacy was being invaded from the moment that I looked at them, taking a photo would not change anything.

> just as it could be reasonable for laws to require phones to broadcast tsunami warnings

As long as it is configurable, sure.


A software tweak is a lot easier to change than hardware accelerated encryption.


The alternative, that may very well come to pass, is that the internet will cluster into different subnetworks for different ideologies. I could very well see that happen with the EU.

The golden times for the internet are over anyway. It went from an optimistic dream of free expression of information to a platform for delivering ads.


The Internet was English speaking, western and had a keyboard with the Latin alphabet. These days are over, but it's injust to argue with ideology and a negative tone here.

The Internet serves people all-over the world and must respect local laws, because it serves the local people.

Also, free expression is stronger than ever before. You can now even claim your opinion is a fact.


Australian here. I hope Apple etc.do just walk away. Our government has been a continual embarrassment for a decade now and they're just getting worse. Until they start getting reality checks they'll just continue pulling stupid stunts like this.


Absolutely agree.

This is a dumb, untenable, largely unenforceable and pointless law.

Even if Apple were to start delaying product releases in Australia by six months to do "legislative compliance reviews" or some such. With telcos on-board, this might encourage our politicians to listen to actual experts when touting this kind of legislation.


This law was passed with support from the opposition labor party.

The stupidy here crosses the isle.


Oh, totally. I meant "government" in the sense of the entire institution, not just the current party in power. The whole of Canberra needs to get its shit together.


> It would be a huge hit but not insurmountable

I suspect Apple can trivially walk away from Australia as a market if they think it's for a very good cause. It won't be a huge hit, it's a small hit (~1.7% of annual global iPhone sales).

Australia is worth maybe $6-$7 billion per year in total sales to Apple. They sell about four million iPhones per year there (9.2m smartphones sold last year, Apple has 44% of the market), then throw in Macs, iPads, watches and services.

It's an affluent market and it would suck to give it up, as it'd be very difficult to regain the market share afterward. I'd worry that the reality would be that easy product substitution would make the move meaningless in terms of benefiting Australians (even though it would still be an important moral stand for Apple to take). There would be short-term blowback about it and that would pass in a matter of weeks.


> There would be short-term blowback about it and that would pass in a matter of weeks.

They could potentially stop selling software products and disable service access entirely.

What if all customer photos on iCloud become inaccessible, all iTunes and App purchases become inaccessible and OS updates stop. Then Apple stores shut down, customer support or repairs become unavailable, thousands of jobs are lost. I feel like the blowback would last much longer than a few weeks.

That's an extreme response, but if Apple really wanted to get the point across they can easily include it alongside any other threatening proposals.


I would think if Apple, Google and Samsung all walked away from the Australian market together, they'd get the message.


I doubt that a typical large company would give up even ~1.7% of its revenue just out of principle. It can also say that "obeying Australian law" is a perfectly good principle. The Australian government has also kindly offered to reimburse the financial costs of complying.


> I doubt that Apple will build a significant backdoor

Why? They clearly have cooperated with countries' requests even if it seemingly went against their principles (e.g. Chinese laws around iCloud data). And they also have a history of not even making it known they disagree, fought against it, or anything via public statement. You won't know whether they comply or not, may not know whether they are OK with it, and judging from history they probably will comply.


I for sure believe this is the proper course of action. I also think companies that operate websites with sensitive data should block Australians from using their services because of the large possibility of being accessed by compromised devices. And if you want to go really all the way to full paranoid mode, Australia's peering points should be blackholed/shut off due to security concerns.


>>I doubt that Apple will build a significant backdoor. Most likely they will figure out some symbolic way to accommodate this law, exploiting the vague wording.

This is version 1.0. The law can be redrafted to remove any doubts. Once Australia gets it, so will USA and others via sharing agreements (5 eyes).


> The nuclear option is probably to just stop selling their products in Australia

Or sell a clearly-branded Australia version without the Secure Enclave.


Phase 1

- Criminals and people of all types would use imported iPhones.

- To counter this the carriers would have to use IMEI filters to only allow approved phones.

- Intl visitors would have to get a local handset (probably not such a drama as their corp wouldn't allow bringing the IT gear to Australia anyway, much like going to China).

- So you use a local phone for Wifi hotspot and run an imported phone using iMessage/Signal etc.

- Carrier locked devices disable hotspot? Special Apple app to only allow sharing to registered devices? Extra madness.

OR:

- Apple has Australian hosted iMessage zone, when you roam here it tells you and your contacts that your messages might be intercepted by the Au Gov, Click Okay to Continue?

- Same for FB/WhatsApp etc.

- Non-compliant apps are banned from launching in Australia, baseband asks carrier for updates to this list (bloom filter) daily.

- Criminals continue to operate encrypted comms from black market wifi devices, like the old contraband 'unlocked' Raspberry Pi, even though possession of one results in 5y in gaol.

- Mandatory GPS location reporting from phones, for public safety.

- Warrant requirement is dropped for AI access. Messages flagged by AI get auto warrants.

- Spook's are unable to sort wheat from chaff, terrorist attacks continue.

Phase 2

- Political activists start getting convicted for conspiracy to plan illegal gatherings, spreading Fake News, etc, based on their messages.

- Social credit system to crack down on car hoons, welfare cheats and drug users, has full access to your messages and location.

- Undesirable elements are send to rural areas for compulsory education and 'work for the dole'.

- SoCred made public to Shame those misbehaving.

- SoCred expands to include 'disrespecting religion', 'mocking the PM'. Companies lose contracts if too many of their staff have low SoCred.

- Banks, insurance, schools, employers use SoCred in deciding whether to deal with you.

- China and other regimes thank Australia for lighting the way.

- The end of the 3rd Age of Crypto.


What do you think apple already does in china? This isn't really a big deal compared to that and bottom line apple is there to make money, not take on political causes.


This sort of thing happens because the tech industry doesn't bother with lobbying or really any political fighting other than the occasional angry letter.

Meanwhile, the mining industry successfully countered a law they didn't like a few years ago by spending a few million on tv advertising demonising the government. The gambling industry got rid of a law by suing the government. The banking industry managed to convince the regulator to not use their powers through a combination of making it extremely costly and basically infiltrating them.

Only the tech industry is like children when it comes to lobbying and politics.

Ideally, every industry would be like the tech industry and not manipulate the government. But if they want to get rid of this particular law then there is plenty of examples to learn from.


You mean by offering some future payback whether a cushy overpaid consulting or lobbying job or an industry recognition award like Barnaby Joyce got from Gina?

I think witholding future products or services and running ad campaigns to say they wont be offering them in Australia due to the law would be the way to do it. If we could collectively get our act together, boycotting Federal Government for IT services would get the message across - chance of that happening is probably <1%.


All of it.

Basically what I am saying is that if the tech industry doesn't want the risk of future laws ruining their fun then they will have to engage in lobbying just like everyone else.

Sitting back and relying on the politicians to not do anything stupid is, well stupid... Stupid is the default.

In this particular case an advertising campaign is probably the only thing that is going to work, but with an election in the not too distant future, it should be pretty efficient in scaring the politicians into getting rid of the law.


I'm coming around to the opinion that anything the Government does (particularly if they think it's a clever policy) triggers the Law of Unintended Consequences.

Except for some situations where they correct or curtail market excesses, most programs seem to end up causing more damage than they try to solve and worse outcomes long term.

One of the few exceptions was Rudd simply handing out cash to the general population in the middle of the GFC to keep the economy turning over. Generally most incentives don't have the desired effect.



"The law says the Australian authorities cannot ask a company to build universal decryption capabilities or introduce systemwide weaknesses."

I've seen this proposed as an enormous loophole, since every backdoor is a "systemwide weakness", and the lawmakers just don't understand that fact.


The law also defines "systemwide weaknesses" in a way that, uhh, allows for having actual systemwide weaknesses without being able to claim that they're being made to introduce "systemwide weaknesses" under the text of the law.


What counts as a systemwide weakness"? For example, if it allows the Australian government to decrypt things, but does not make it any easier for anyone else to decrypt things unless they do so by going through the Australian government (either with Australia's cooperation, or by hacking them, or by the Australian government leaking private keys), would that be a systemwide weakness?


You either store the keys centrally, or use a weaker encryption strategy. Those are the only ways to decrypt something. Either one makes it easier for anybody to hack.

The classic metaphor is that of a castle wall. If you put a gate in it, no matter how well your fortify that gate, it remains a weak point compared to the rest of the wall.


> You either store the keys centrally, or use a weaker encryption strategy. Those are the only ways to decrypt something. Either one makes it easier for anybody to hack.

That was right before 1973. The development of public key cryptography in 1973 adds another option. Take the symmetrical key the device uses to encrypt user data and encrypt a copy of that key using a public key of the entity that the back door is for.

The authorized back door user can decrypt that copy using their private key. If the public key system parameters are chosen correctly anyone else trying to get in who does not have a copy of that private key faces a problem at least as hard as brute forcing the underlying device encryption.


They still hold a copy of their own private key somewhere, you're just punting the issue a little bit. Plus, there would have to be a single key for all users, or you'd have to give every user's key to the institution as well. That means more travel over the wire, that means central storage of skeleton keys, etc. Each of these factors introduces another vector of possible attack. If there's a gate, there's a way to get in, and no matter how many keys are required or where they're kept, they'll always be more vulnerable than a wall with no gate.


How do you secure the private key?


How do you make something easy for one party to decrypt but remain difficult for everyone else?


By giving that party another key. Key escrow is even harder to implement than regular security, but it is in use. FileVault on macOS and Mobile Device Management for iOS have Institutional Recovery Keys already implemented. https://developer.apple.com/business/documentation/MDM-Proto...


I think that they think it's only a system-wide weakness if someone blabs. And no-one will blab because that's a significant amount of jail time.

That's always worked... /s


It's an interesting position. Labor (our sorta left-wing party) are considering amendments to the bill:

>Labor’s amendments would also clarify that a “systemic weakness” is one that “would or may create a material risk that otherwise secure information would or may in the future be accessed, used, manipulated, disclosed or otherwise compromised by an unauthorised third party”. [0]

I'm not sure how this doesn't cover all exploits - there have been a few cases of vulnerabilities discovered by state agencies being leaked/disclosed [1].

[0] https://www.theguardian.com/australia-news/2019/jan/21/home-...

[1] https://www.telegraph.co.uk/technology/2017/05/15/microsoft-...


> “We never thought it would pass,” said Alan Jones, chief executive of M8 Ventures, a tech investment firm in Sydney. “We all just figured that Australia’s political leaders would consider the expert advice that told them this was nuts.”

This is a counter-argument to all the comments I see on HN about "waiting and see if the proposal goes anywhere".

It's usually too late to stop it if you do that and allow most if not all of the negotiation between parties to take place by the time you wake up and react.


This time there actually was a big ground-swell of opposition. In the consultation period there were hundreds of submissions, all of them negative (except one from some random church in Tasmania). These were a mix of letters from technical groups, business groups, law groups, human rights groups, civil society groups, and individuals (both developers/specialists and regular concerned citizens).

When the bill was being considered by the Parliamentary Joint Committee for Intelligence and Security, some of these groups were called up. I read the Hansard (transcript) of the hearing - the testimony was impeccable. Clear, concise, and absolutely demolished the bill. Unfortunately, to give you the level some of the senators were working at, a lot of the questions came back to "but don't you think we need to stop terrorists?" when going through how it's technically impossible to do what the law enforcement wants without creating systemic weaknesses/vulnerabilities, and you can't just define that away like the bill tried to...

Coming up to it being passed, there was a huge amount of calls, emails and letters to the members of parliament and senators. Several mentioned the unusual volume in Parliament, and also many in the opposition mentioned multiple times how many problems there was with the bill. They illogically passed it in mid-December to "keep Australia safe over Christmas" (despite the fact that nothing in the bill could be put into effect for months and Australian law enforcement and intelligence services already have far more over-reaching powers to do all sorts of stuff that would be illegal in the US and Europe).

Opposition to the bill was way better organised, and way bigger than anything previous for the tech industry. We are getting better at the politics, but given the irrational actions of the opposition in voting for it (who had the numbers in the Senate to block the bill) I can only conclude that there must have been some dirty dealing going on either between the parties, or between the intelligence services and the parliamentarians.


That's crazy. Can you provide the link to we need to stop terrorists quote?


Could you provide a link to that transcript?


Here is the PDF transcript:

https://parlinfo.aph.gov.au/parlInfo/download/committees/com...

The testimony from the experts was great, and the questions and responses from our senators was embarrassing. Just search 'terror' for some of them like the ones I paraphrased.


The transcript mentions a couple of times interference in the process by Peter Dutton and Scott Morrison, the PM, does anyone know what this is referring to?


>“We never thought it would pass,” ... “We all just figured that Australia’s political leaders would consider the expert advice that told them this was nuts.”

Also known as the "Brexit strategy"


(Alan Jones here) I should clarify my comments in the article. By “we” I meant our venture fund, M8 Ventures. I didn’t mean to imply no one in the local tech industry lobbied against it. A large number of industry groups, tech companies and individuals argued persuasively and at length against the many flaws in the legislation. I did not make a submission to the committee or speak in Canberra. I did, however, expect that expert advice would be listened to, understood, and acted on. And I did expect the Australian Labor Party to make good on their commitment to not allow the legislation to pass without amendment. Sadly, I was wrong. We are being governed by people driven by dogma who feel no responsibility to consider facts, science or data in their policy decisions.


What's the defense to this? For starters I think you'd want to close your Australian offices and lay off any Australian-born personnel, but what else?


Well, it seems the specific argument about implications for US citizens doesn't hold much water to me. Apple's legal standing for refusing decryption requests in the US is because the tool has not yet been built yet, and they cannot be compelled to build a circumvention tool; it seems they could continue to rely on this defense even if they were to build a circumvention tool that only circumvents the specific, circumventable encryption scheme used in their custom AUS-market firmware.

Of course, the principled thing would be to pull out of the AUS market, but even Apple has not proved themselves to be that principled.


I think the defense is to absolutely not do business in Australia, and to mark your products as not for sale there.


Which, I'd like to point out, isn't a big loss: it's population 24 million, about the size of Taiwan. If you're making a physical product, shipping and taxes will make it criminally expensive to sell there, and if you're making a digital product, there's this and the considerations of slow internet and a different time zone.

I think it's actually quite reasonable and doable for companies to boycott Australia over this, and I hope we see some. It'd be free press for the company and cost relatively little - I'd imagine the press would pay for any missed Australian sales. And it'd put some pressure on the Australian government for this idiocy.


Australians are quite accustomed to bypassing geoblocks and import restrictions, in any case.

But that's not really the problem here -- it's more that Australian products and employees may be tainted by unknown government interference.


As an Australian, I'd almost rather this so then it actually makes it a problem for everyone. Then the politicians might take a good hard look at what they're trying to do.


and to mark your products as not for sale there.

Other companies have done similar things in the past, though probably not for the same reasons.

I had a GRiD Compass laptop that had a big sticker on the back with a surprisingly long list of countries where it was illegal to bring the computer. The only one I remember offhand was Israel.


And what about if you are an Australian? What defenses do you have if you're stuck here?

There are plenty of businesses and invividuals in Australia that this law adversely affects. What are they suppose to do?


The hope is that a boycott from global businesses would pressure the politicians into a reversal. Protest and voting by citizens would pressure them from the other direction. For better or worse that's how democracy works: you're stuck with the decisions your elected officials make, so you better vote accordingly.


On the ground it's looking like the answer to that is protest. I'm sharing posts like these with as many as I can to show how negatively the sentiment towards us is becoming as a result. The next step is to protest.


I want Amazon, Apple, Microsoft and Facebook to make clear statements as to whether or not their systems have been compromised by Australia's security laws.

Is my phone now compromised?

Is the Amazon AWS Sydney data centre now backdoored?

Without clarity, it appears the big tech companies plan to comply with the legislation, which means they might be backdoored.


> I want Amazon, Apple, Microsoft and Facebook to make clear statements as to whether or not their systems have been compromised by Australia's security laws.

The A&A bill specifically prohibits this. You can't answer yes or no to the question of whether you have been served a notice. Warrant canaries are not effective -- they're not even allowed, on my reading.


How is it possible to be backdoored in secret? You would instantly know from a prosecution evidence in court, unless every time they make a parallel construction.


They can say 6 months after the notification in public about how many requests they have received in the last 6 months.


"Australia does not have a strong tech industry..."

I'm sorry - what?

Having moved to Australia from the UK I am continually amazed at the tech industry here, sure in comparison to the US ours is small but that is because there is a vast difference between our populations. America only sees size as a measure of strength


Literally no one understands this bill. The best resource I've found so far is this: https://github.com/alfiedotwtf/AABillFAQ


A big criticism of the bill by people like the Law Council (apart from it being irresponsibly rushed through with way too little oversight) was that it was intentionally vague and broad in a lot of it's definitions. So you have a lot of people saying it's incredibly bad, and a lot of others saying, "no, it's not quite that bad - only really, really bad" but nobody really knows until you get a notice. It's all up to how the law enforcement and intelligence services interpret it, and there's insufficient judicial oversight and almost no recourse if they are telling you to do something that you think goes beyond what the law allows, and you have to keep it secret, so it will be hard to tell how far they take it or if it's being abused.


I understand the lawmakers decided the anti corruption bodies should not be granted any access to the powers it offers. Really, that says enough about how threatening they consider them to be, don't you think?


* Honest Government Ad | Anti Encryption Law - YouTube || https://www.youtube.com/watch?v=eW-OMR-iWOE

This law is a bad law.


Australia always tries these types of laws, they tried a Great Wall of China-like firewall a few years ago it didn't go anywhere. I suspect this will be the same.


Do you mean the "ISP-only" DNS restrictions of 2016? That was just a lame attempt to appease the film and media companies. Unfortunately for Aus Gov, DNS registries are not solely operated by Australia.


What's particularly strange to me is that devices such as Google WiFi come preconfigured to point at Google's DNS, so a layman in Australia will be bypassing these blocks without deliberately doing so.


It did have some interesting effects though. I know of several of my old school acquaintances who were very technologically challenged that managed to navigate their network settings far enough to change DNS.


The mandatory filtering proposal was rejected before hitting parliament.

AABill has already been accepted.


Rejected? Yes, but the filtering has been active for a while now. Labor gave up but got AFP to censor for child porn etc. Liberals in power extended it to copyright infringement.

It's definitely a bipartisan policy for Internet censorship in Australia. Most Australians don't care.

https://en.wikipedia.org/wiki/Internet_censorship_in_Austral...


How are the data pipes to EU? HTTPS + no device caching

Complying would violate EU law where the data is stored or compromise the entire system and all devices.


They haven't considered the negative repercussions, like any oppressive government asking for the same tool and using to quell any dissidence. Fuck those people, amiright!? /s


could be interesting if the process involved publishing a txn to the bitcoin blockchain. that is, every unlock were made publicly and immutably visible thus putting the government in the hot seat to later justify all uses of the facility.


That does literally nothing because the government can just say "Push an update to this device to not do that" which is what the whole law is about.


the idea is that if there's a late auditable solution, then today's methods of doing it on the down low become distasteful.

they're gonna do it regardless, but the politicians may agree to forcing them down a process that is publicly auditable in the long run...

basically if late auditability makes it possible for them to do their jobs, then the basis for today's sketchy down low approach is ameliorated.


Right, this is basically Binary Transparency, with the same sort of social mechanisms in place as Certificate Transparency has for dealing with misbehaving CAs.

The idea of storing release hashes (or public keys) in a distributed, permissionless, append-only log actually makes a lot of sense, and there are several serious proposals for how to do this, such as EthIKS:

http://www.jbonneau.com/doc/B16b-BITCOIN-ethiks.pdf

and Contour:

https://arxiv.org/pdf/1712.08427.pdf


>Prime Minister Malcolm Turnbull of Australia said in July, “The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”

Does math not apply in Australia? Is this where "new math" comes from?


Maths is dangerous, and Australia is a nanny state. We must put a curfew on maths. Once the clock strikes 3am you may only continue a maths problem, no new maths can be commenced until 11am the next day.

You see, both terrorists and sex offenders are known to use maths. We must control maths for your own good. If you oppose us, you are supporting terrorism.

(This is just the latest episode of anti-science politicians nerfing the Australian knowledge economy. See also their mishandling of the national broadband network, the latest cybersec laws destroying remote work, and the gutting of the CSIRO.)


I tried looking for the cybersec laws with remote work but couldn't find a reference, I'm curious to read about it, do you have a reference handy?


I'm not sure about the effect on remote work, but I presume this one was meant:

> Australian parliament passes encryption laws unamended

https://news.ycombinator.com/item?id=18616303


[flagged]


They're not being rude, that's how it is - speaking as someone from AU.

We have lockout laws preventing us from entering drinking establishments after 1am (no shots after midnight!) because we cannot handle our booze, so do you think we can handle Math?? AND ENCRYPTION???

It's a nanny state. OP is correct. Don't call people nob ends, no need to be rude.


The other commenter is also clearly from Australia, using “they” about idiot politicians.


San Francisco and NYC have these too. SF (California) no drinks after 2am. NYC is 4am.


I'm not arguing with your point that Australia is a nanny state, but for clarification...

> We have lockout laws preventing us from entering drinking establishments after 1am

Currently for a large section of the Sydney CBD and inner suburbs encompassing Kings Cross new entrants to venues are blocked after 1:30am and last drinks are 3am. This does not apply to areas of the City of Sydney like Surry Hills or Newtown, which can remain open all night. I believe the trading hours for licensed premises have been recently relaxed by City of Sydney to areas including Glebe, however I'm not 100% on that.

Still, it's pretty sad as Sydney's nightlife, particularly in Kings Cross, was a big draw-card for younger visitors and residents alike.


I don't think he is being rude, he is just ridiculing the stupidity of it all - whereas in your short comment you made 2 ad hominem comments


What part of this is rude?


I’m totally against the Australian approach and goal here, but come off it, you know that isn’t what was meant.

Three lines of argument are especially noteworthy:

“It is impossible to regulate cryptography.” or “Banning cryptography is like banning math.”

This argument misses the point in confusing the knowledge about cryptography with the wide-spread use of cryptography - or more specifically the use of cryptography to protect confidentiality. While it would be beyond the reach of governments to remove the knowledge about cryptography from the public sphere, it is certainly not impossible to threaten those that employ “illegal” cryptography with sanction.

This is exactly what happens with most regulation: Speed limits do not prevent the thought about driving fast, instead they address actually driving fast. It is behavior that is regulated, not thought.

So, similar arguments about the futility of regulation or the impossibility of enforcement aim a bit too high. Regulation does not require perfect adherence. Often it is enough if some people adhere to the specific law, and others can be punished in case of being caught. Again, speed limits are not perfectly enforceable, but they limit the number of drivers that drive recklessly, and it allows taking action against some drivers and thus nudging other drivers into compliance.

https://opaque.link/post/fog_of_cryptowar/

Shallow arguments don’t help anyone, they just marginalize the speaker beyond a narrow audience that already agrees with them.


Australia requires companies to provide backdoors. It does not (and can't) require that non-companies do the same. This means every Jihadi with half a brain will be using XMPP with OTR or something like that.

At the same time, it provides a requirement for EMPLOYEES to make backdoors when asked without letting their employers know.


> it provides a requirement for EMPLOYEES to make backdoors when asked without letting their employers know.

I'm very curious about how this will actually work, in practice, anywhere that uses any form of source control and even a modicum of process.

I mean, do you sneak this into an unrelated pull request and hope everyone reviewing it doesn't catch it? Do these changes by committing directly to master (assuming you even can do that), and just hope no one notices? What commit message do you use?

Even if you don't put this in source control, how do you get it deployed? Do you just tell your ops team "uh, don't use the automated deployment or the artifacts the build server produced, instead install from this zip file I made on my machine"? What happens if they are deploying a new version on a day you happen to not be there?

Even assuming you manage to do all this, what happens when you're eventually caught? For example, someone finds a remote exploit bug in the code, does a blame, sees your name next to an innocent-sounding-but-clearly-misleading commit message and injection of an apparent deliberate exploit... are you allowed to explain? I would assume, especially if you can't/won't explain, that the employer could fire you on the spot, so do you just have to go along with that?


> I'm very curious about how this will actually work, in practice, anywhere that uses any form of source control and even a modicum of process.

A capable ;) agency wouldn't target the developers. They'd target the SysAdmin's who look after the build servers.

With agency backed er... malware added to the build servers, they'd be capable of adding on-the-fly exploit code to the shipped binaries.

Things like reproducible builds - gaining popularity among some OSS Communities for few years now - help to at least detect this.

Could be very difficult to detect for lots of situations. eg side loaded mobile apps, proprietary desktop apps, likely others too


>This means every Jihadi with half a brain will be using XMPP with OTR or something like that.

Or they could just use SMS and still be fine because the government has no idea how to actually identify problem data in the sea of data they have.


In this case it doesn't appear that the government intends to mass-decrypt data, but rather only tap into targeted individuals' communications.


Today.


As I said, I don’t agree with either their methods or their goals. It’s because I don’t want these kinds of laws in the world that I want to see shallow dismissals of them replaced by effective arguments. No one here needs convincing, what they need is to improve their ability to communicate beyond the tech bubble.


Meanwhile the same guy wanted Australia to become an "innovation nation" [1]. You can not innovate technology without mathematics and when you can not export due to fear of it being compromised.

[1] https://www.abc.net.au/news/2017-07-17/innovation-nation-tak...


During the same tenure as he and his party were promoting innovation, they were also talking down renewable and talking up the future of coal whilst also stopping the rollout of fiber infrastructure, opting to maintain the existing infrastructure which was primarily copper plus some coax.

Australians ran out of faces for the palming.


It's worth noting that he also rode into power on the back of a reputation of being a 'progressive conservative', partly due to his business ties wherein he invested in an ISP in the 90s and early 2000s and made a large sum of money. Supporters paraded it as evidence for why he'd do the innovation and tech 'right', but any more than a cursory glance at his credentials for this revealed that it was purely a business decision not one of interest in the industry.


Turned out the progressives were very wrong and he basically sold his soul to the big coal/climate change denying/religious right faction of the Liberals to become PM. In saying that Peter Garrett in Labor was not the Midnight Oil firebrand everyone expected.

Turnbull's replacement of FTTP with FTTN in deference to Telstra was shameful and showed how much weight he gave innovation. One year on NBN and I've already had a week offline (and no landline phone) due to faulty copper.

His appearance in the Panama Papers and alleged ties to Russian oligarchs bear out the reality of his world view: Malcolm is in it for Malcolm. I'd even question his Republican stance as being nothing more than posturing.


>One year on NBN and I've already had a week offline (and no landline phone) due to faulty copper.

The copper at my street aged away and instead of laying a fiber optic, they put in new copper.


Probably saved them a few cents. The sooner we can all go to wireless mesh the better.


What Turnbull means is that the technical measures don't matter when you can compel people with threats of fines and jail time. And he's right.


Well there's a difference between holding a gun to someone's head to force them to tell you their secret, and baking secret selling backdoors into the secrets themselves.


I think the policy is wrong but this is ridiculous.

Physics laws exist and are fairly insurmountable. You throw an animal in a sack into a river and the law will get you arrested for it. This for not make the physics "fail to apply." And so it is with math, which software does.

What are good laws to have with respect software?

I'm wildly pro strong encryption myself. Software is not a law free zone, never has been, never will be. Saying otherwise is a little silly, just like the proposed (enacted) encryption laws are (imho) silly... In the US, Britain, Australia.


If John Clarke were still alive, this would make for one hell of an interview.


"Is this where new math comes from?"

Hahaha brilliant! Thanks for making me laugh, that's the sharpest quip I've heard all day! :D


Finally, somewhere I can go without being bound by the law of gravity.


“I know this defies the law of gravity, but I never studied law!” Bugs Bunny


Ha, gravity exists with or without the need for math.


Better respect gravity. It‘s the law.


We will decide whether things should fall in this country, and the direction in which they fall!


As someone living down under, we refuse to fall off the face of the earth and to end up in space. Clearly maths isn't working here. ;-)


"Alternative Math"


I can imagine Dutton saying that totally straightfaced.(Kellyanne Conway would be proud)

At the same time it reminds me of Tim Minchin talking about alternative medicine.


'Math' is indeed not allowed in Australia. Here, outside the walls of the USA, we have 'maths' instead - although it's fairly similar.


It's very slightly annoying to me that people stopped properly abbreviating "mathematics" as "math's".


An apostrophe has never been in common use in “maths”, and so “math’s” would be incorrect except for indicating possession (e.g. in the US I can imagine people might say “the math’s sound” where in Australia I’d say “the maths is sound”). Not all abbreviations get an apostrophe just because some letters were dropped.

Very vague, weak citation: https://books.google.com/ngrams/graph?content=maths%2Cmath%2...


How does it make sense to tack on the last letter?


Because the plural of lego is lego, does not mean the plural of math is math..


The word mathematics is singular not plural. People say mathematics is hard not mathematics are hard.


The linguistic way to say that is to note that mathematics is an "uncountable noun", just like "water". It's plural, just you can't have just "one mathematic".


It's plural just in the way that "history" isn't.


At least we all still put our pants on the same way...


...over our fannies?! :O


Ah you’re taking me for a ride.


> The word mathematics is singular not plural.

It was originally considered plural. That may even by why the transition from “mathematic” to “mathematics” happened in English.


I know plenty of people who say "Legos".

But then I am from Australia.


Leggos. I mean who can go past pasta sauce advertised by bad Muppets?


Don't get me, or other queens-english speakers started on the american habit of twenty hundred one (notice no "and")


I've been in America for a few years short of five decades now and literally never heard “twenty hundred” (as a number; it is used in military timekeeping.)

The closest pattern to that is consistently not used with numbers of hundreds evenly divisible by ten. (OTOH, it is often used with “and”; the rule of not using and between components within the whole number portion but only to separate the whole number from a fractional part is not consistently applied in that informal alternative to the more formal thousands-hundreds form.)


Ok. Ignoring twenty hundred, any hundred AND something had an AND in it. For some reason the septics dropped AND.


I thought the 'and' was typically used to denote a decimal place.

ex: $270.50 -> Two hundred seventy dollars and fifty cents


Two or more and is fine by me mate!


EVERY time I hear/read of some country wanted to make encryption illegal, the lyrics of Radiohead's Karma Police come to mind:

Karma police, arrest this man

He talks in maths

He buzzes like a fridge

He's like a detuned radio


I went to school with the chaps that became Radiohead (Abingdon school aka Royce's). As it turns out posh blokes can strum a bit and come up with some decent lyrics.

Fancy that.


I also have No Surprises in my current rotation.

"Bring down the government. They don't, they don't speak for us."




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: