The nuclear option is probably to just stop selling their products in Australia. The population of Australia is only 25 million people. It would be a huge hit but not insurmountable, and then the Australian politicians would face significant backlash and probably walk back the law.
Someone needs to. With EU laws, Australian laws, US laws, and more and more every day, the internet is rapidly becoming a tool of the least common denominator. In other words, whatever country has the toughest laws will govern the planetary internet system as all others will have to follow by extension. Apple, for example, can't make an iphone for every country to comply with that countries individual laws that differ from every other country, which also change with a regular basis.
Of course though, there will always be hackers skating on top relatively free. We're becoming a two-tiered internet. The relatively few who know how to get around the restrictions, and everybody else.
All Apple has to do is float the possibility they may not sell their products in Australia anymore, and point out why. The rest would take care of itself.
All they'd really have to do is announce that they are considering it. Just write up an analysis and stick it on their website. The world will notice, immediately. How many hours do you think it would take before it was a major news story everywhere?
Well, they can. You can do a lot when you're a trillion dollar company. It's just grossly inefficient and ugly and they'll try to avoid it if they can, sharing as much as possible when they can't, the same way everyone deals with multiple possible configurations they have to support. I too hope they put their foot down, though.
I'd hate to think of what a special iPhone would cost just for the Australian market, which is relatively small, should Apple (and others) decide to not foist this on everyone else world-wide. Just come out with different hardware that's easier to hack just for Australia - only to be sold in Australia, and charge appropriately. Make them pay more to be less secure. It would be justifiable if the hardware was different for a smaller market. It's no different than if they came up with their own cellular system that was incompatible with international standards. It would cost more to build for it because it's a small market with unique requirements.
Disclosure: I work for Apple.
Values are useful, but not as useful as an attractive stock-price.
These new voyuer laws in Australia are obviously much more severe, but there is precedent for a company to customise phones by jurisdiction.
Since Apple sold iPhones only through carriers initially, they complied with this agreement.
A better example of this would be Apple disabling FaceTime on phones sold in the UAE, which is the result of a law, and the feature stays disabled even if the region is changed from/the phone is removed from the UAE.
One is a law requiring phones to try to alert people whose privacy is being invaded in some circumstances.
The other is a law requiring phones to invade people’s privacy in some circumstances.
I think it is quite reasonable to follow the former, just as it could be reasonable for laws to require phones to broadcast tsunami warnings or meet various antitrust requirements.
A law that restricts my freedom to customize my device. Plus their privacy was being invaded from the moment that I looked at them, taking a photo would not change anything.
> just as it could be reasonable for laws to require phones to broadcast tsunami warnings
As long as it is configurable, sure.
The golden times for the internet are over anyway. It went from an optimistic dream of free expression of information to a platform for delivering ads.
The Internet serves people all-over the world and must respect local laws, because it serves the local people.
Also, free expression is stronger than ever before. You can now even claim your opinion is a fact.
This is a dumb, untenable, largely unenforceable and pointless law.
Even if Apple were to start delaying product releases in Australia by six months to do "legislative compliance reviews" or some such. With telcos on-board, this might encourage our politicians to listen to actual experts when touting this kind of legislation.
The stupidy here crosses the isle.
I suspect Apple can trivially walk away from Australia as a market if they think it's for a very good cause. It won't be a huge hit, it's a small hit (~1.7% of annual global iPhone sales).
Australia is worth maybe $6-$7 billion per year in total sales to Apple. They sell about four million iPhones per year there (9.2m smartphones sold last year, Apple has 44% of the market), then throw in Macs, iPads, watches and services.
It's an affluent market and it would suck to give it up, as it'd be very difficult to regain the market share afterward. I'd worry that the reality would be that easy product substitution would make the move meaningless in terms of benefiting Australians (even though it would still be an important moral stand for Apple to take). There would be short-term blowback about it and that would pass in a matter of weeks.
They could potentially stop selling software products and disable service access entirely.
What if all customer photos on iCloud become inaccessible, all iTunes and App purchases become inaccessible and OS updates stop. Then Apple stores shut down, customer support or repairs become unavailable, thousands of jobs are lost. I feel like the blowback would last much longer than a few weeks.
That's an extreme response, but if Apple really wanted to get the point across they can easily include it alongside any other threatening proposals.
Why? They clearly have cooperated with countries' requests even if it seemingly went against their principles (e.g. Chinese laws around iCloud data). And they also have a history of not even making it known they disagree, fought against it, or anything via public statement. You won't know whether they comply or not, may not know whether they are OK with it, and judging from history they probably will comply.
This is version 1.0. The law can be redrafted to remove any doubts. Once Australia gets it, so will USA and others via sharing agreements (5 eyes).
Or sell a clearly-branded Australia version without the Secure Enclave.
- Criminals and people of all types would use imported iPhones.
- To counter this the carriers would have to use IMEI filters to only allow approved phones.
- Intl visitors would have to get a local handset (probably not such a drama as their corp wouldn't allow bringing the IT gear to Australia anyway, much like going to China).
- So you use a local phone for Wifi hotspot and run an imported phone using iMessage/Signal etc.
- Carrier locked devices disable hotspot? Special Apple app to only allow sharing to registered devices? Extra madness.
- Apple has Australian hosted iMessage zone, when you roam here it tells you and your contacts that your messages might be intercepted by the Au Gov, Click Okay to Continue?
- Same for FB/WhatsApp etc.
- Non-compliant apps are banned from launching in Australia, baseband asks carrier for updates to this list (bloom filter) daily.
- Criminals continue to operate encrypted comms from black market wifi devices, like the old contraband 'unlocked' Raspberry Pi, even though possession of one results in 5y in gaol.
- Mandatory GPS location reporting from phones, for public safety.
- Warrant requirement is dropped for AI access. Messages flagged by AI get auto warrants.
- Spook's are unable to sort wheat from chaff, terrorist attacks continue.
- Political activists start getting convicted for conspiracy to plan illegal gatherings, spreading Fake News, etc, based on their messages.
- Social credit system to crack down on car hoons, welfare cheats and drug users, has full access to your messages and location.
- Undesirable elements are send to rural areas for compulsory education and 'work for the dole'.
- SoCred made public to Shame those misbehaving.
- SoCred expands to include 'disrespecting religion', 'mocking the PM'. Companies lose contracts if too many of their staff have low SoCred.
- Banks, insurance, schools, employers use SoCred in deciding whether to deal with you.
- China and other regimes thank Australia for lighting the way.
- The end of the 3rd Age of Crypto.
Meanwhile, the mining industry successfully countered a law they didn't like a few years ago by spending a few million on tv advertising demonising the government.
The gambling industry got rid of a law by suing the government.
The banking industry managed to convince the regulator to not use their powers through a combination of making it extremely costly and basically infiltrating them.
Only the tech industry is like children when it comes to lobbying and politics.
Ideally, every industry would be like the tech industry and not manipulate the government. But if they want to get rid of this particular law then there is plenty of examples to learn from.
I think witholding future products or services and running ad campaigns to say they wont be offering them in Australia due to the law would be the way to do it. If we could collectively get our act together, boycotting Federal Government for IT services would get the message across - chance of that happening is probably <1%.
Basically what I am saying is that if the tech industry doesn't want the risk of future laws ruining their fun then they will have to engage in lobbying just like everyone else.
Sitting back and relying on the politicians to not do anything stupid is, well stupid... Stupid is the default.
In this particular case an advertising campaign is probably the only thing that is going to work, but with an election in the not too distant future, it should be pretty efficient in scaring the politicians into getting rid of the law.
Except for some situations where they correct or curtail market excesses, most programs seem to end up causing more damage than they try to solve and worse outcomes long term.
One of the few exceptions was Rudd simply handing out cash to the general population in the middle of the GFC to keep the economy turning over. Generally most incentives don't have the desired effect.
I've seen this proposed as an enormous loophole, since every backdoor is a "systemwide weakness", and the lawmakers just don't understand that fact.
The classic metaphor is that of a castle wall. If you put a gate in it, no matter how well your fortify that gate, it remains a weak point compared to the rest of the wall.
That was right before 1973. The development of public key cryptography in 1973 adds another option. Take the symmetrical key the device uses to encrypt user data and encrypt a copy of that key using a public key of the entity that the back door is for.
The authorized back door user can decrypt that copy using their private key. If the public key system parameters are chosen correctly anyone else trying to get in who does not have a copy of that private key faces a problem at least as hard as brute forcing the underlying device encryption.
That's always worked... /s
>Labor’s amendments would also clarify that a “systemic weakness” is one that “would or may create a material risk that otherwise secure information would or may in the future be accessed, used, manipulated, disclosed or otherwise compromised by an unauthorised third party”. 
I'm not sure how this doesn't cover all exploits - there have been a few cases of vulnerabilities discovered by state agencies being leaked/disclosed .
This is a counter-argument to all the comments I see on HN about "waiting and see if the proposal goes anywhere".
It's usually too late to stop it if you do that and allow most if not all of the negotiation between parties to take place by the time you wake up and react.
When the bill was being considered by the Parliamentary Joint Committee for Intelligence and Security, some of these groups were called up. I read the Hansard (transcript) of the hearing - the testimony was impeccable. Clear, concise, and absolutely demolished the bill. Unfortunately, to give you the level some of the senators were working at, a lot of the questions came back to "but don't you think we need to stop terrorists?" when going through how it's technically impossible to do what the law enforcement wants without creating systemic weaknesses/vulnerabilities, and you can't just define that away like the bill tried to...
Coming up to it being passed, there was a huge amount of calls, emails and letters to the members of parliament and senators. Several mentioned the unusual volume in Parliament, and also many in the opposition mentioned multiple times how many problems there was with the bill. They illogically passed it in mid-December to "keep Australia safe over Christmas" (despite the fact that nothing in the bill could be put into effect for months and Australian law enforcement and intelligence services already have far more over-reaching powers to do all sorts of stuff that would be illegal in the US and Europe).
Opposition to the bill was way better organised, and way bigger than anything previous for the tech industry. We are getting better at the politics, but given the irrational actions of the opposition in voting for it (who had the numbers in the Senate to block the bill) I can only conclude that there must have been some dirty dealing going on either between the parties, or between the intelligence services and the parliamentarians.
The testimony from the experts was great, and the questions and responses from our senators was embarrassing. Just search 'terror' for some of them like the ones I paraphrased.
Also known as the "Brexit strategy"
Of course, the principled thing would be to pull out of the AUS market, but even Apple has not proved themselves to be that principled.
I think it's actually quite reasonable and doable for companies to boycott Australia over this, and I hope we see some. It'd be free press for the company and cost relatively little - I'd imagine the press would pay for any missed Australian sales. And it'd put some pressure on the Australian government for this idiocy.
But that's not really the problem here -- it's more that Australian products and employees may be tainted by unknown government interference.
Other companies have done similar things in the past, though probably not for the same reasons.
I had a GRiD Compass laptop that had a big sticker on the back with a surprisingly long list of countries where it was illegal to bring the computer. The only one I remember offhand was Israel.
There are plenty of businesses and invividuals in Australia that this law adversely affects. What are they suppose to do?
Is my phone now compromised?
Is the Amazon AWS Sydney data centre now backdoored?
Without clarity, it appears the big tech companies plan to comply with the legislation, which means they might be backdoored.
The A&A bill specifically prohibits this. You can't answer yes or no to the question of whether you have been served a notice. Warrant canaries are not effective -- they're not even allowed, on my reading.
I'm sorry - what?
Having moved to Australia from the UK I am continually amazed at the tech industry here, sure in comparison to the US ours is small but that is because there is a vast difference between our populations. America only sees size as a measure of strength
This law is a bad law.
AABill has already been accepted.
It's definitely a bipartisan policy for Internet censorship in Australia. Most Australians don't care.
Complying would violate EU law where the data is stored or compromise the entire system and all devices.
they're gonna do it regardless, but the politicians may agree to forcing them down a process that is publicly auditable in the long run...
basically if late auditability makes it possible for them to do their jobs, then the basis for today's sketchy down low approach is ameliorated.
The idea of storing release hashes (or public keys) in a distributed, permissionless, append-only log actually makes a lot of sense, and there are several serious proposals for how to do this, such as EthIKS:
Does math not apply in Australia? Is this where "new math" comes from?
You see, both terrorists and sex offenders are known to use maths. We must control maths for your own good. If you oppose us, you are supporting terrorism.
(This is just the latest episode of anti-science politicians nerfing the Australian knowledge economy. See also their mishandling of the national broadband network, the latest cybersec laws destroying remote work, and the gutting of the CSIRO.)
> Australian parliament passes encryption laws unamended
We have lockout laws preventing us from entering drinking establishments after 1am (no shots after midnight!) because we cannot handle our booze, so do you think we can handle Math?? AND ENCRYPTION???
It's a nanny state. OP is correct. Don't call people nob ends, no need to be rude.
> We have lockout laws preventing us from entering drinking establishments after 1am
Currently for a large section of the Sydney CBD and inner suburbs encompassing Kings Cross new entrants to venues are blocked after 1:30am and last drinks are 3am. This does not apply to areas of the City of Sydney like Surry Hills or Newtown, which can remain open all night. I believe the trading hours for licensed premises have been recently relaxed by City of Sydney to areas including Glebe, however I'm not 100% on that.
Still, it's pretty sad as Sydney's nightlife, particularly in Kings Cross, was a big draw-card for younger visitors and residents alike.
Three lines of argument are especially noteworthy:
“It is impossible to regulate cryptography.” or “Banning cryptography is like banning math.”
This argument misses the point in confusing the knowledge about cryptography with the wide-spread use of cryptography - or more specifically the use of cryptography to protect confidentiality. While it would be beyond the reach of governments to remove the knowledge about cryptography from the public sphere, it is certainly not impossible to threaten those that employ “illegal” cryptography with sanction.
This is exactly what happens with most regulation: Speed limits do not prevent the thought about driving fast, instead they address actually driving fast. It is behavior that is regulated, not thought.
So, similar arguments about the futility of regulation or the impossibility of enforcement aim a bit too high. Regulation does not require perfect adherence. Often it is enough if some people adhere to the specific law, and others can be punished in case of being caught. Again, speed limits are not perfectly enforceable, but they limit the number of drivers that drive recklessly, and it allows taking action against some drivers and thus nudging other drivers into compliance.
Shallow arguments don’t help anyone, they just marginalize the speaker beyond a narrow audience that already agrees with them.
At the same time, it provides a requirement for EMPLOYEES to make backdoors when asked without letting their employers know.
I'm very curious about how this will actually work, in practice, anywhere that uses any form of source control and even a modicum of process.
I mean, do you sneak this into an unrelated pull request and hope everyone reviewing it doesn't catch it? Do these changes by committing directly to master (assuming you even can do that), and just hope no one notices? What commit message do you use?
Even if you don't put this in source control, how do you get it deployed? Do you just tell your ops team "uh, don't use the automated deployment or the artifacts the build server produced, instead install from this zip file I made on my machine"? What happens if they are deploying a new version on a day you happen to not be there?
Even assuming you manage to do all this, what happens when you're eventually caught? For example, someone finds a remote exploit bug in the code, does a blame, sees your name next to an innocent-sounding-but-clearly-misleading commit message and injection of an apparent deliberate exploit... are you allowed to explain? I would assume, especially if you can't/won't explain, that the employer could fire you on the spot, so do you just have to go along with that?
A capable ;) agency wouldn't target the developers. They'd target the SysAdmin's who look after the build servers.
With agency backed er... malware added to the build servers, they'd be capable of adding on-the-fly exploit code to the shipped binaries.
Things like reproducible builds - gaining popularity among some OSS Communities for few years now - help to at least detect this.
Could be very difficult to detect for lots of situations. eg side loaded mobile apps, proprietary desktop apps, likely others too
Or they could just use SMS and still be fine because the government has no idea how to actually identify problem data in the sea of data they have.
Australians ran out of faces for the palming.
Turnbull's replacement of FTTP with FTTN in deference to Telstra was shameful and showed how much weight he gave innovation. One year on NBN and I've already had a week offline (and no landline phone) due to faulty copper.
His appearance in the Panama Papers and alleged ties to Russian oligarchs bear out the reality of his world view: Malcolm is in it for Malcolm. I'd even question his Republican stance as being nothing more than posturing.
The copper at my street aged away and instead of laying a fiber optic, they put in new copper.
Physics laws exist and are fairly insurmountable. You throw an animal in a sack into a river and the law will get you arrested for it. This for not make the physics "fail to apply." And so it is with math, which software does.
What are good laws to have with respect software?
I'm wildly pro strong encryption myself. Software is not a law free zone, never has been, never will be. Saying otherwise is a little silly, just like the proposed (enacted) encryption laws are (imho) silly... In the US, Britain, Australia.
Hahaha brilliant! Thanks for making me laugh, that's the sharpest quip I've heard all day! :D
At the same time it reminds me of Tim Minchin talking about alternative medicine.
Very vague, weak citation: https://books.google.com/ngrams/graph?content=maths%2Cmath%2...
It was originally considered plural. That may even by why the transition from “mathematic” to “mathematics” happened in English.
But then I am from Australia.
The closest pattern to that is consistently not used with numbers of hundreds evenly divisible by ten. (OTOH, it is often used with “and”; the rule of not using and between components within the whole number portion but only to separate the whole number from a fractional part is not consistently applied in that informal alternative to the more formal thousands-hundreds form.)
ex: $270.50 -> Two hundred seventy dollars and fifty cents
Karma police, arrest this man
He talks in maths
He buzzes like a fridge
He's like a detuned radio
"Bring down the government. They don't, they don't speak for us."