Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Australia Encryption Government

Australian Officials Want Encryption Laws To Fight 'Terrorist Messaging' (arstechnica.com) 195

An anonymous reader quotes Ars Technica: Two top Australian government officials said Sunday that they will push for "thwarting the encryption of terrorist messaging" during an upcoming meeting next week of the so-called "Five Eyes" group of English-speaking nations that routinely share intelligence... According to a statement released by Attorney General George Brandis, and Peter Dutton, the country's top immigration official, Australia will press for new laws, pressure private companies, and urge for a new international data sharing agreement amongst the quintet of countries... "Within a short number of years, effectively, 100 per cent of communications are going to use encryption," Brandis told Australian newspaper The Age recently. "This problem is going to degrade if not destroy our capacity to gather and act upon intelligence unless it's addressed"... Many experts say, however, that any method that would allow the government access even during certain situations would weaken overall security for everyone.
America's former American director of national intelligence recently urged Silicon Valley to "apply that same creativity, innovation to figuring out a way that both the interests of privacy as well as security can be guaranteed." Though he also added, "I don't know what the answer is. I'm not an IT geek, but I just don't think we're in a very good place right now."
This discussion has been archived. No new comments can be posted.

Australian Officials Want Encryption Laws To Fight 'Terrorist Messaging'

Comments Filter:
  • by Snotnose ( 212196 ) on Sunday June 25, 2017 @06:43PM (#54688643)
    Let them be forced to use weakened encryption, then see how their tune changes when their banks accounts get raided.

    They ain't gonna learn on their own, let them pay a heavy price for ignoring what people who know what they're taking about are saying.
    • by Rick Schumann ( 4662797 ) on Sunday June 25, 2017 @08:32PM (#54689009) Journal
      I agree with you, except you're not aware of how this would actually work: The politicians (and the rich, of course) would be allowed to use totally unbreakable encryption to protect themselves. It's us filthy common citizens who would have to go back to paying cash and mailing paper checks for things, or risk having our lives ruined by criminals.
      • by Cryacin ( 657549 )
        Cash? There's no such thing in East Asia! It's all electronic because of, erm... Terrorism! Think of the children.
      • It's us filthy common citizens who would have to go back to paying cash

        Some of us filthy common citizens are ahead of the curve and never really stopped paying cash for things. I estimate that I pay cash with about 80% of my purchases.

        • Hello, fellow Filthy Common Citizen here.. :-)
          The last two weeks I started carrying cash again to pay for most day-to-day things, weekly groceries, fuel, etc.; so far so good. I may even go back to mailing checks for bills, although I know damned well that they're scanned and processed electronically these days, so likely no more secure than paying online. I really don't want to have to go all the way to showing up at offices during business hours and paying cash for my monthly utility bills, though, that
    • by AmiMoJo ( 196126 )

      You are not wrong, but we need to move past this simple argument and make a more realistic one that helps politicians see the practical results of their proposed actions.

      They are not proposing banning strong encryption, merely starting a game of whack-a-mole with encrypted chat services. As can be seen with P2P, if they start that game they might score a few early victories but ultimately the providers of such software will make sure they can't be forced to weaken their security.

      Even so, they could simply m

    • I've been thinking that this latest round of politicians asking for encryption backdoors is running on "Ask for a pony to get a dog" logic. If you ask for a dog, you get a hamster.

      They know backdoors are impractical to impossible. But if they push for backdoors, tech companies will step up their censorship and user screening efforts. When they ask for greater censorship and screening, they get a "meh we're already doing that" response.

      I've been thinking about setting up a GPLed encrypted chat client (maybe

  • cause and effect (Score:5, Insightful)

    by Gravis Zero ( 934156 ) on Sunday June 25, 2017 @06:55PM (#54688689)

    "Within a short number of years, effectively, 100 per cent of communications are going to use encryption,"

    Gee, I wonder why that is. [wikipedia.org] -_-

    Good luck, assholes.

    • You can see it in terms of an arms race. The endgame with the digital arms race may be "nobody can read anything"... which beats the hell out of "mutually assured destruction", which is where the military arms race gets us. I say, let's take the information arms race all the way to the bitter end.
      • by rtb61 ( 674572 )

        Weak encryption means, spoofing like it is going to be out of control. No matter who they detect doing what, the chances are, the people they detect are the ones doing nothing because they have been hacked and now look like the digital terrorist. In Australia not that bad because we still have police (apart from terrorists being hidden in a crowd of spoofed targets), in the US a disaster as law enforcers start shooting their way through the general public in no knock shoot first, last and everything in betw

  • Peter Dutton (Score:5, Informative)

    by Anonymous Coward on Sunday June 25, 2017 @07:06PM (#54688725)

    Peter Dutton is actually the immigration minister, in case anyone here cared about accuracy.

  • The same crap that UK and France (and several US senators times ago) have been pushing for.
    I'm getting so completely tired of this rhetoric that part of me wants for these moronic laws written by people who have no clue on what they are talking about to pass, only to see terrorists using cryptographic technology from other countries, with the only result of this being weakened security for everyone in the country, including politicians who will end up being targeted by hackers, criminals and terrorists for

  • by Opportunist ( 166417 ) on Sunday June 25, 2017 @07:10PM (#54688749)

    To write this here. Because I write it every single time some politician comes up with this bullshit.

    There is no such thing as a "backdoor", a "secret key" or any other way to break encryption that only a nation or a group of nations will have. And you don't even have to be a computer geek to understand this. Simply politics explains it fully, no higher brain power necessary, so even politicians should be able to understand this.

    1. This is the key to ALL secrets. Because if someone or something is exempt, the terrorists will use that kind of encryption, too. Because someone who plans to kill people and potentially himself doesn't give a fuck about petty laws like this.
    2. This also means that all trade secrets of all corporations worldwide have to be vulnerable to this key.

    Can you imagine how valuable this key is? Can you see corporations or even nations being interested in acquiring this key, no matter the money or force required?

    Or, so even a prime minister can understand it: Everything, every access, you get that way, Iran and North Korea do, too.

    • You're totally and 100% correct. Also, anyone who watches any number of TV shows knows this one: Book encryption. Unless you know what book(s) are being used, you'll never decrypt the message being sent. Anyone can use it, doesn't require a computer, doesn't even require a high IQ to implement, and it's highly effective. This is just one example of ways around a world without digital encryption or with compromised encryption, there are many more I'm sure. What these morons want is stupid and pointless and I
      • Unless some company built a huge database of all the books...

      • by nasch ( 598556 )

        I wouldn't rely on book encryption. I've seen enough TV to know the police will always have a brilliant investigator who will find a clue that tells him or her what book to use.

        You have to pick a book that is personally significant to you right, not just a random one from the library?

      • Book ciphers have the advantage of being very convenient. They also have the disadvantage of not being particularly secure. They are vulnerable to most of the usual cipher-breaking methods.

    • by Nemyst ( 1383049 )
      Moreover, there's also another issue these politicians don't seem to take into account: non-backdoored encryption is already out there. Do they really think terrorists or criminals will sheepishly move to backdoored encryption when you can whip up something now that authorities can't break? They'll just end up with even less visible software, more obscure channels, and communication will still happen. They'll resort to sharing the software by mailing USB keys if need be, but they'll do it.

      All of this is e
      • But in a world where DPI is running on all the routers those users have now highlighted what they are doing. If everyone uses the same strong encryption: needle in a haystack problem. If almost everyone uses weak encryption: whack a mole. Every single strongly encrypted stream is now a crime: warrants available for more intense scrutiny, just like any other authoritarian regime.

        • by nasch ( 598556 )

          I don't think DPI would be sufficient. Strong and backdoored encryption would both look like random bits. You couldn't tell which is which without decrypting everything in real time, which is impossible. Maybe a backbone provider could decrypt ROT13 in real time but not much more than that.

        • by Nemyst ( 1383049 )
          This implies performing the decryption over every encrypted stream, since it's the only way to know whether the encrypted stream is a legal weak encryption or an illegal strong one. This means every single ISP would have to collectively spend billions building up huge compute infrastructure to be able to do that in real time on all data being transmitted transparently, and that the decryption key would be available to virtually anyone rather than a select few. A weak encryption world is already unlikely, bu
    • I'm loathe to give good advice to a bad idea, but one possible way to "break the encryption" for Government wouldn't be a direct attack on the cryptography, but a sanctioned attack on the client:

      "Hey, Facebook. Government agency here. Could you silently instruct the Messenger app on target X or all users in Y area to encrypt using this escrow key for Z days? Tnx."

      • That will work exactly once. If that. Afterwards, they'll simply use another way to communicate where eavesdropping is impossible due to it not being controlled by a single entity. If everything fails, use email encrypted by GPG means.

      • by AmiMoJo ( 196126 )

        They want mass surveillance, not targeted. They want to be able to read everything all the time.

        Anyway, even targeted surveillance is not acceptable. You might not mind the Australian government going to court and presenting its evidence, but what about the Chinese government? Or the US government? No thanks, I'm blocking all of them.

    • by gweihir ( 88907 )

      The sheer stupidity of this politicretins is astonishing. But I guess until we find a way to deal with really stupid people (maybe do stop putting them in power?), this will have to be repeated over and over again.

    • One additional point: the unbreakable encryption genie left the bottle decades ago - millions upon millions know how to "roll their own" even if only a handful will ever bother to do so. Those who feel they need it will either do it for themselves or find someone who can do it for them, using commodity tools.

      It's not like explosives where you can track large purchases of certain chemicals, unbreakable encryption uses the same computers, same development tools, and same bits that fly across the internet for

      • by nasch ( 598556 )

        It's not like explosives where you can track large purchases of certain chemicals, unbreakable encryption uses the same computers, same development tools, and same bits that fly across the internet for everything else - virtually indistinguishable from "legitimate, ordinary traffic."

        Only if you use steganography. My understanding is encrypted traffic is easily distinguished from clear text.

        • My understanding is encrypted traffic is easily distinguished from clear text.

          Yes and no. Properly encrypted data looks indistinguishable from random data. If everyone simply sent random data to each other frequently, then it would be impossible to tell which of that is crypto.

        • Properly encrypted data looks just like random data. But so does well-compressed data. Identifying encrypted data usually means looking for headers, not any sort of statistical analysis.

  • Here it is again (Score:5, Insightful)

    by willoughby ( 1367773 ) on Sunday June 25, 2017 @07:23PM (#54688797)

    "We can't be free because we have to be safe."

    • Don't forget about the children. Someone think of the children. No, not their safety, fuck those little proles. Don't forget about brainwashing them while they're young to grow up and disregard personal liberty and privacy. Scare the living shit out of them and some overrated boogie man that wants to kill them yet accounts for very little death in the grand scheme of things.

  • by sit1963nz ( 934837 ) on Sunday June 25, 2017 @07:27PM (#54688807)
    This is what we get when decisions are made using fear and paranoia...... stupidity.

    So, for the Australian MPs, please go and ask the Brits how the IRA was able to function as a terrorist group before the age of the internet and encryption. Please also google "Numbers stations"

    Now think real slow here (OK, you are Politicians this part should come naturally to you), if you have a back door, and it gets discovered (which it eventually will by good luck, mismanagement , bad actor, or shear stupidity), how is the end result any different than terrorists getting the Nuclear bomb codes ?

    This is such a monumentally stupid idea that any government official who thinks it is a good idea should be take out the back and shot for treason.

    Are you going to give the codes to every government ?
    Explain to me if not why not. Are you going to tell me that Jewish lives are worth less than Australian lives ?

    Now that you have announced that your future encryption is faulty, please explain why every other government and citizen will not use a different more secure encryption. Oh, "we will make a law".... yeah that works so bloody well for murder, rape, assault, theft, etc etc etc... FFS you can't even get drugs off the street or kiddie porn off the internet or stop priests from sodomising choir boys.
    Or perhaps Australian politicians are so bloody racist that they believe only white people can do this stuff ?

    So, all you are going to achieve is to put every citizens information at risk for no effing benefit.

    And THAT is why you should be taken out and shot for treason, you have put at risk all of your citizens for zero benefit.
    • by Maritz ( 1829006 )

      They don't care about any of that, they know it's not about making things safer, and they actually share many motivations with terrorists.

      When an attack happens, cunts like these are rubbing their hands together knowing they can steer the narrative back to gaining additional powers.

      If people and the media were smart, they would call them out on this and it would stop. But they aren't, and they don't, so it won't.

    • by quenda ( 644621 )

      ABC says "unsecure"!? How literacy standards have fallen at the public broadcaster :-(
      Can they no longer even afford a spellchecker?

    • by johnjones ( 14274 ) on Sunday June 25, 2017 @08:40PM (#54689043) Homepage Journal

      exactly

      The Australian Prime Minister like the President of the United States of America actively avoids being recorded for offical purposes (laws enacted to keep a record)

      Australia has some of the most bizarre privacy laws and data retention laws, china and the rest of the Asia is quite clear, the state can own your data and can compel that data to be released or you will face charges (jail).

      The onus has been pushed onto private sector to retain meta data and grants provided to do so (the ISP's collect the meta data basically).

      The hilarious bit is the proliferation of Certificate Authorities (CA). Previously the government and agents could simply compel the CA to be compromised however with the built in keys for entities beyond their control they can no longer intercept this traffic and worry more importantly that others are doing what they do (compromising the CA/keys and reading the data of the wire which is a preferred tactic of the PLA via the firewall ).

      The solution to this is to secure the DNS root and have each service use their own key (equivalent to DANE) and have laws to allow interception.
      (that way each service is secure and the gov can intercept if they compel the service provider) the days of being able to read everything off the wire are over and the agents need to realise that and modify their behaviour to be selective.

      They are never going to get all the signed traffic any more, the real worry is that others are collecting data and how to secure that while still allowing for interception. They need to agree on a compromise solution and Fast.

      Regards

      John Jones

    • Most of the new White House is using encrypted, extra-governmental messaging services as well. There is a lawsuit making its way through the courts about it now. Something about preserving records.
  • by Anonymous Coward on Sunday June 25, 2017 @07:39PM (#54688849)

    Escrow your keys with the government. They know how to keep a secret.

  • Wouldn't that had been great?

    • I preferred Barnes & Noble myself, but with today's technology, that sort of thing seems to be on the way out.
    • by Maritz ( 1829006 )

      So in a discussion about encryption, you reckon we don't need it, because we should have borders instead?

      Are you brain damaged?

      You think there are no borders?

      Feel bad for you, man.

  • by Rick Schumann ( 4662797 ) on Sunday June 25, 2017 @08:29PM (#54688997) Journal
    Encryption either works or it does not work. There is no middle ground; weakening it is the same as eliminating it's use entirely.

    Do they really think that criminals and terrorists aren't going to use their own, non-compromised encryption or cipher techniques, to do their 'business' regardless? Maybe even mislead government officials by planting bullshit on the 'compromised' channels? I'm no criminal or terrorist and I can think of these things, what makes them think that THEY won't think of them and more?

    The only possible path to what they want (total and complete surveillance into ALL non-government, non-military communications) is to ban non-government, non-military use of any and all encryption technologies. HOWEVER: Doing so will, in essence, destroy the Internet. No commerce or transfer of funds will be able to take place without being done 'in the clear', where anyone and everyone with the technical chops to do so can tap into it; you'd be nuts to put any banking or personal information of any kind over the Internet if that's the way it worked.

    If, here in the U.S., they managed to force legislation requiring so-called 'backdoors' into all encryption, I, for one, would have to go back to getting paper bills in the mail, and mailing paper checks. I'm already back to paying cash for everything I can, because I've reached the point where I'm no longer trusting EFT (Electronic Funds Transfer) for day-to-day expenses (too much hacking going on); destroying encryption or banning it will just make EFT hacking problems that much worse.

    Really, seriously, honestly: Why are all these politicians so gods-be-damned retarded when it comes to this subject? Do they not have technical experts that they trust advising them, telling them that what they want is not possible without destroying the value of encryption entirely? Do they not understand the disaster they'd be bringing down on their own heads? Or do they just not care, so long as they can peer into anyone and everyone's private business, regardless of being criminal/terrorist or being innocent of everything?
    • Or do they just not care, so long as they can peer into anyone and everyone's private business, regardless of being criminal/terrorist or being innocent of everything?

      Pretty much this, to a greater or lesser degree.

      Power, and the lust for more of it, not only corrupts it also blinds with hubris.

      They dream that if they can just obtain *enough* power quickly enough, they will not suffer any negative consequences for any of their past or present actions.

      Strat

    • by AHuxley ( 892839 )
      Its a change in thinking from the UK to US methods, hardware, software, contractors.
      The UK was all about spying and later action that was never in public, in any courts, or that police or the media could see or comment on.
      The USA has the need for funding, spending on contractors, political support and using courts.
      Encryption will exist just that it will be gov junk and big brands will have to share keys.
      The government, ex staff, former staff, contractors, other trusted nations staff will have the keys
      • You're REALLY hard to follow. Are you saying this is all about something as mundane and pedestrian as money? If so that's even worse than I thought.
    • by gweihir ( 88907 )

      These people have a learning-disability connected to a hugely inflated sense self-worth. That is the old fatal combination of stupidity and arrogance. It makes people unable to understand things, because they are under the mistaken impression that they already understand everything, and it is just "details" they are missing and these details are of course beneath them.

      Usually you find people like that at the very low end of society, doing unskilled labor because they have not managed to even finish school.

    • by eth1 ( 94901 )

      No commerce or transfer of funds will be able to take place without being done 'in the clear', where anyone and everyone with the technical chops to do so can tap into it; you'd be nuts to put any banking or personal information of any kind over the Internet if that's the way it worked.

      Not necessarily... You can still use encryption to authenticate without also including confidentiality. For example, you buy something at a shop, and put your payment card in the POS terminal. The terminal reads your account number, and generates a request to transfer funds from your account to theirs, and signs it with their private key. It sends it to your card, where you approve the transfer, and your card signs it with your private key. It can then be sent in the clear to your bank. The whole internet w

    • Encryption either works or it does not work. There is no middle ground

      Strictly speaking, then, this rule means that there are very nearly no encryption methods that work, and those few that do are not suitable for the sorts of uses we want encryption for.

      Almost all crypto can be thought of in the same terms as physical security: there is no such thing as absolute security. The goal of crypto is to delay the exposure of the secret information for long enough that when it is exposed, the information is no longer so valuable.

  • by Anonymous Coward

    Dutton is a potato on a neck who can't understand why people say mean things when he lies about whether refugees have been tortured or even exist at all, and who managed to get himself kicked out of one of the most corrupt police forces in Australia's history (which is really saying something). Also he owns a chain of childcare centres in Queensland and nobody can quite work out how he got the money to buy them.

    Brandis is the jerkwad who thought other people wouldn't understand the term 'metadata' because h

  • Muggles should not be allowed to create laws pertaining to magic.
    • Muggles should not be allowed to create laws pertaining to magic.

      That'll only happen when you can 'magic'-away bullets.

      Strat

  • by chrism238 ( 657741 ) on Sunday June 25, 2017 @09:25PM (#54689185)
    Sadly, Australia's Attorney General George Brandis is an embarrassment, and now he wants to proselytize about the correct use of encryption. Sheeeesh! See his description of metadata here: https://www.youtube.com/watch?... [youtube.com]
  • >"urged Silicon Valley to "apply that same creativity, innovation to figuring out a way that both the interests of privacy as well as security can be guaranteed." "

    Um, impossible. Pick one. Either encryption is broken or it works as designed. There is no in-between. I hope we pick that it will continue to work.

  • How about the power grids? What havoc could be done to them?
  • by Chas ( 5144 ) on Monday June 26, 2017 @01:20AM (#54689763) Homepage Journal

    Move on to develop new means of surveilling criminals and terrorists.

    They sound like a buggy whip salesmen trying to pass a statute forcing people to buy buggy whips regardless of need.

  • If this goes ahead then how do you enforce it effectively and fairly?
    Say a group gets together and, for the sake of art, to test bandwidth speeds, packet routes, fragmentation, whatever your excuse, you arrange to open up some TCP ports between your group members and, down these pipes, stuff random bytes of no value which go straight to /dev/null on the receiving end.
    Mr Spook is going to sniff that and flag it as encrypted.
    Then they are going to round up the group and demand keys, which is when you hand the

    • Then they are going to round up the group and demand keys, which is when you hand them the terminal and let them see they've been watching nothing but white noise generated by a random byte generator.

      And hope they believe you.

      • by seoras ( 147590 )

        That's part of my point.
        How do you distinguish between what's just nonsense, test data and what's encrypted?
        As I said at the start of my post - how do you enforce it effectively and fairly?

  • In fact it has been so quite a while ago and repeatedly. These people are clueless. Nonetheless they are demanding more power and more intrusion into citizen's privacy.

  • by account_deleted ( 4530225 ) on Monday June 26, 2017 @05:45AM (#54690317)
    Comment removed based on user account deletion

The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones

Working...