Australians Who Won't Unlock Their Phones Could Face 10 Years In Jail

An anonymous reader quotes the Sophos security blog: The Australian government wants to force companies to help it get at suspected criminals' data. If they can't, it would jail people for up to a decade if they refuse to unlock their phones. The country's Assistance and Access Bill, introduced this week for public consultation, strengthens the penalties for people who refuse to unlock their phones for the police. Under Australia's existing Crimes Act, judges could jail a person for two years for not handing over their data. The proposed Bill extends that to up to ten years, arguing that the existing penalty wasn't strong enough...

[C]ompanies would be subject to two kinds of government order that would compel them to help retrieve a suspect's information. The first of these is a "technical assistance notice" that requires telcos to hand over any decryption keys they hold. This notice would help the government in end-to-end encryption cases where the target lets a service provider hold their own encryption keys. But what if the suspect stores the keys themselves? In that case, the government would pull out the big guns with a second kind of order called a technical capability notice. It forces communications providers to build new capabilities that would help the government access a target's information where possible. In short, the government asks companies whether they can access the data. If they can't, then the second order asks them to figure out a way....

The government's explanatory note says that the Bill could force a manufacturer to hand over detailed specs of a device, install government software on it, help agencies develop their own "systems and capabilities", and notify agencies of major changes to their systems.
"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."

More or Less Rights

[Anonymous Coward]

Dangerous shift...

Re:

[Aighearach]

I'll bet they don't even have Freedom Fries down there!

Its a slippery slope ...

[Anne Thwacks]

Next year it will be 10 years for possession of a phone.

Great ...

[Misagon]

Ten years for forgetting my pin number. I have done that.
They might just as well lock everyone up in advance, just in case.

Re: Great ...

[thundercattt]

I keep my password on a written piece of paper in my wallet. It's 25 digits long, numbers letters symbols. Upon being arrested, I ate said paper.

Re:

[JaredOfEuropa]

Very clever. That's 10 years in clink for you. You'll be in there with rapists, robbers, pedophiles... who are very likely to have received a lighter sentence than you.

You want my key ....

[argee]

... just take a shit and give it to them.

Re: Great ...

[mSparks43]

Nah, they only put people who care about privacy in prison in her majesties colonies. The rapists get given jobs in the schools and hospitals.

Re: Great ...

[rtb61]

Very unlikely, once subject to constitutional challenge the law will be scrubbed because you can not by law force any one to remember anything, to do so, would be the direct equivalent of torturing to force a confessions. You can not make legal demands of memory, not constitutional, sure write in a crap law temporarily until it is challenged constitutional, then it fails. Very tricky to try to prove someone remembered something, without them proving they remember it by remembering it in court, so you would be only guilty of the crime if you denied remembering it and then changed your mind but wait sometimes memory works like that, stress does weird things with memory.

So charging someone with a crime for having a bad memory or an accident or suffering from stress it would be interesting in the Australia High Court, trying to prove someone remembers something, hmm, brain surgery and inserted torture probes I guess perhaps.

Re:

[Pseudonym]

Very unlikely, once subject to constitutional challenge the law will be scrubbed because you can not by law force any one to remember anything, to do so, would be the direct equivalent of torturing to force a confessions.

I don't know how much you know about the Australian constitution, but good luck on that one. We already have secret quasi-courts with Star Chamber powers, such as the power to compel testimony and imprison silent witnesses, in the form of the various state anti-corruption commissions.

Re: Great ...

[sg_oneill]

[blockquote]I don't know how much you know about the Australian constitution, but good luck on that one. We already have secret quasi-courts with Star Chamber powers, such as the power to compel testimony and imprison silent witnesses, in the form of the various state anti-corruption commissions.[/blockquote]
Its worse than that. The Libs (for our american friends, our Liberal party is equivilent to your Republican party, I know, confusing right?) gave the industrial relations courts have those powers too, as a way to get unions to hand over membership lists and the like. Doesn't work though, getting done for contempt of court for refusing to snitch on your unions considered a badge of honor for many in the movement,

The worst part is , its tradition now that whenever a state or federal Liberal party gets power, the first thing they try to do is drag the labor party through the same court process to try and find out what sort of sneaky politicians have been nice to unions, or whatever the thoughtcrime allegation of the week is. Those and the Royal commissions that the libs like to do to intimidate labor never really find much except a few politicians that have fucked some reciepts for taxi fares or whatever, but its not about finding guilt, its about intimidation.

We have a *very* anti-democratic conservative movement here.

Re:

[kenai_alpenglow]

Here in the states we just let the IRS have at you when the democrats get power.

Re:

[Mashiki]

Rapists and pedophiles in most countries end up in solitary for most of their lives. The general population has a tendency of killing them, because even a murderer has lines they won't cross.

Silk and Cyanide

[aberglas]

This was actually an issue for agents during WW2. Marks got agents to stop using memorized encryption keys and instead use one time codes written on silk, with instructions to burn each piece after use.

That way the Nazis could not torture there code out of them and then read their back traffic, which could be very serious.

Re:

[AHuxley]

The other method learned was not to have the code and resulting plain text kept in a book when caught.
https://en.wikipedia.org/wiki/... [wikipedia.org]
".. her notebooks. Contrary to security regulations, she had copied out all the messages she had sent as an SOE operative"
".. her misunderstanding what a reference to filing"

Re:

[Agripa]

I keep my password on a written piece of paper in my wallet. It's 25 digits long, numbers letters symbols. Upon being arrested, I ate said paper.

My password is stored as the last 4 digits from the serial numbers contained on a stack of bills sorted by denomination in an envelope on my desk. Hey, where are the 100s and 50s?

Re:

[Type44Q]

They might just as well lock everyone up in advance, just in case.

This is them installing the locks right now.

Re:Great ...

[Kjella]

Ten years for forgetting my pin number. I have done that. They might just as well lock everyone up in advance, just in case./quote

Uh, you're in Australia. You just haven't noticed. /s

Re:Great ...

[Vinegar Joe]

Maybe instead they'll just transport them to the UK. That'd be a fate worse than death.

New means to supress dissent

[currently_awake]

Arrest someone your government dislikes, take phone, demand pin, change pin, tell detainee their pin doesn't work so you must have lied, put in jail for 10 years.

Unlikely

[aepervius]

Arrest someone your government dislikes, take phone, demand pin, change pin, tell detainee their pin doesn't work so you must have lied, put in jail for 10 years.

a country that far gone through the rabbit hole of fascism, does not need that. Just go to the culprit home and drop a bundle of child porn in mag form, photo of what "could" look like the suspect having sex with a child, et voila, and contrary to a phone that does not leave potential electronic evidence like changing the pin (which may have been

Re:

[misnohmer]

You are missing a bigger picture. Someone you pissed off manages to grab your pin (video tape you entering it, or just peek over your shoulder), then changes it, calls in an anonymous tip to the police, you can't unlock it, bye-bye for the next decade. Easier than framing someone for a crime.

Re:

[thegarbz]

Ten years for forgetting my pin number. I have done that.

Firstly it's a PIN, not a PIN number.
Secondly I don't buy for a moment that you've forgotten the PIN to your smartphone, a device that constantly asks you for it, frequently needs to be rebooted, and will die if it doesn't see a power outlet for a day.

I mean it should be a legitimate legal excuse, but we know you're lying in this case.

Re:

[Zarhan]

Actually, I have forgotten my PIN.

11 hour redeye flight from Helsinki to Osaka, Japan after a badly slept previous night.

Turn on cellphone, drowsy as hell, after customs. Enter PIN. Reject. WTF. Try again, still reject. Try again, once more reject. SIM now locked, please enter PUK code. Crap.

I was able to call my telco from the hotel and get the SIM unlocked. Then it hit me - after the flight, I had kept typing in the PIN for my credit card. No wonder it didn't work since it was the completely wrong PIN.

Poi

Re:

[thegarbz]

SIM now locked

Cool story but the SIM PIN is not the one that locks the data on your phone and also is not the one I was talking about.

Then it hit me - after the flight, I had kept typing in the PIN for my credit card. No wonder it didn't work since it was the completely wrong PIN.

So you did know the PIN. I'm sure after a good night's rest you would have been fine, no need to spend 10 years in jail trying to remember then, which is kind of my point. The "I forgot it" isn't really a legit excuse for something we use so often.

Re:

[bill_mcgonigle]

So you only have one device and you use it every day and you don't frequently rotate your PIN numbers?

These aren't ATM machines - you are in control of security (but not adopted adjectives).

Re:

[thegarbz]

and you don't frequently rotate your PIN numbers

I'll do you one better: My PIN is 0000. Steal my phone. You may be able to do something as nasty as read an email before it gets remote wiped.

Re:

[gwjgwj]

Firstly it's a PIN, not a PIN number.

Wrong. It's a Personal PIN Number.

Re:

[ras]

Ten years for forgetting my pin number.

That's not what they are proposing. The article got it completely wrong - the bill isn't targeting end users at all. I guess that's not entirely surprising given the articles rush to have the First Post on the department of Home Affairs explanatory document for the Assistance and Access Bill 2018 [homeaffairs.gov.au]. The ironic thing is, in their rush to get the most click baity article the could think out out, the managed to understate what the government is planning. By a lot. Thi

Re:

[Agripa]

Ten years for forgetting my pin number. I have done that.
They might just as well lock everyone up in advance, just in case.

Well, it *is* an island initially populated by criminals.

Re:Great ...

[Scarletdown]

So, when arriving in Australia and the Customs guys ask if you have any criminal history (if they ask such a thing), is asking back, "Is that still a requirement?" safe or unwise?

Is that something they hear all the time? :D

Re:

[cheekyboy]

Whats in the form is most important, but the thing they most get angry about is if you bring 200 packets of mushrooms or some shit from china like stupid chineese do.

Dont bring food, unless its from 711, tick YES if your unsure, so they dont get angry over the apple Qantas gave you.

https://www.lifestyle.com.au/t... [lifestyle.com.au]

In AU it's worse than that

[Artem S. Tashkinov]

Can one "plead the fifth" in Australia? [quora.com]

Re:In AU it's worse than that

[thegarbz]

It's worse than that in most countries. Don't normalise America's constitution on the internet, you only represent 5% of the world.

Re:

[fafalone]

It's currently an open question as to whether or not you can plead the 5th in the US. Some courts have dishonestly tried to claim a passphrase/PIN is more like a key than a combination to a safe, and therefore can be ordered to be used. If you say no or say you forget, you can be held indefinitely under a contempt of court charge. The case that's gone the furthest has seen the 3rd Circuit Court of Appeals affirm this nonsense, ruling it's basically just fine to hold anyone for an effective life sentence bec

Fruit of the poisonous tree

[Anonymous Coward]

"[T]he proposed legislation also creates a new class of access warrant that lets police officers get evidence from devices in secret before the device encrypts it, including intercepting communications and using other computers to access the data. It also amends existing search and seizure warrants, allowing the cops to access data remotely, including online accounts."

With such capabilities, how could the courts prove the evidence was not tampered with, invented whole-cloth, planted by the police, or merely stored on the target device by a third party for purposes of framing or obfuscation?

Re:

[gweihir]

Simple: They cannot. But they think that whatever the government wants trumps whatever residual rights citizens may have. This is simply a step in the process of making any rights citizens have optional and to be done away with when any government official says so. Sure, they are not there yet, but the direction is amply clear.

Re:

[thegarbz]

With such capabilities, how could the courts prove the evidence was not tampered with, invented whole-cloth, planted by the police, or merely stored on the target device by a third party for purposes of framing or obfuscation?

How can courts prove it currently for things not currently done "on a phone"?

Re:

[Rick Schumann]

What you just said is in fact goddamned insightful; why are you just an AC?
I've been one to talk about how our allegedly 1st-world-country governments are wanting to treat us like we're in a 3rd-world-country, and also destroy any value encryption has in their mad rush to get ALL THE DATA!, but that's an even more important point: the abuse potential such power would give LEOs and governments, to frame whoever they want to take the fall for something. If legislation like this is allowed to happen in ANY co

Re:

[Anonymous Coward]

I hate to break it to you, but the government and courts are already a sham. I've been involved in police accountability work for a few years. I've also been arrested for crossing the street legally and charged with disorderly conduct for *FILMING* the police. The reality is the courts and the police and the prosecutors are corrupt. You half a 50% chance of winning when your genuinely innocent and no crime has been committed and there is video of evidence of the supposed crime. I didn't take a plea deal, bu

Re:

[Rick Schumann]

Well, I'm sorry if your country (Australia) is such a total shit-hole of corruption. I've had the displeasure of having to work for Australians who bought out a small company I worked for, and they're about as unscupulous, unethical, and amoral as anyone could be, and it was a medical device company so I fear for the patients that might end up affected by their inevitable corner-cutting. Makes me wonder when your citizenry is going to wake up and do something definitive to take back their country from this

Time to stop carrying a phone

[gweihir]

This is an act of establishing fascism, where ultimately the citizens have no rights and the government can do whatever it likes to them. The time to for a decisive "no" to the authoritarian scum making laws like this would be now, but the citizens are deeply asleep.

Re:

[gweihir]

Well, you basically say human society always goes for fascism. I do not see things that bleak, but you could be right, unfortunately.

Re:

[jfdavis668]

That's why I only use pay phones.

Steganography now mandatory in Australia

[ffkom]

So everyone with an interest in privacy will use steganographic tools, while everyone else has no privacy. Well done, Australia!

Re:

[ebvwfbw]

Nothing to see here, move along - https://goo.gl/images/A6cYjz [goo.gl] ... or is there?
https://goo.gl/images/Pb6Ldz [goo.gl]
https://goo.gl/images/zQedmW [goo.gl]

Heh.
I know, not steganography. Old fashioned grade school communications.

As an australian

[Rainwulf]

This is fucking awful.

I bet they wouldn't like it the public got access to THEIR phones, but its ok for them to get access to ours?

Fuckers.

Australia

[PPH]

Isn't that just a big penal colony?

If the guards want to toss your cell, what's to stop them?

Re:

[Falconhell]

How ironic, someone from a country with the highest imprisonment rate in the western world calling Australia penal colony. That has not been the case for over 200 years.

Re:

[rtb61]

Cough, cough, for Adelaide and South Australia, it never was the case, https://en.wikipedia.org/wiki/... [wikipedia.org], only the eastern states criminal bunch that they are, trouble makers from north to south and even cross the Bass ;D.

Re:

[Falconhell]

I know, I live in Adelaide you insensitive clod. :)

Re:

[fafalone]

How ironic, someone from a country with the highest imprisonment rate in the western world calling Australia penal colony.

How dare you sir. I will not stand here while you insult the great land of freedom that is the United States. We have the highest number of prisoners, in both raw number and per capita, in the entire world [prisonstudies.org], not just the Western world. Rest of the world always trying to minimize our accomplishments... We're Number 1! And not even the most oppressive authoritarian and totalitarian regimes in the world can touch our incarceration rate. Wait a second... if... Nevermind! Credit where credit is due, we take great

Re:

[Falconhell]

I couldn’t care less. There is nothing on my phone I care about hiding. Never will be, no phone can be trusted to be secure.

One thing that might help

[presidenteloco]

Imagine a function built in to Android or IOS which re-encrypts the storage with a transient key which it then throws away.

It could be triggered by entering a special pin code or something similar.

Re:One thing that might help

[zm]

Imagine a function built in to Android or IOS which re-encrypts the storage with a transient key which it then throws away.

It could be triggered by entering a special pin code or something similar.

Then imagine another ten years in jail for tampering with the evidence.

Re:

[presidenteloco]

Evidence of what?

Re:

[Aighearach]

Evidence of what?

Another ten years.

Re:

[thegarbz]

Evidence of your innocence is still evidence.

Re:

[Highdude702]

Most police aren't that smart.

Two keys

[JaneTheIgnorantSlut]

The phone needs two keys - one unlocks it and the other wipes it and then unlocks it.

Re:

[Anonymous Coward]

Or more subtly than that... the second key just wipes any data marked "sensitive". That way, the authorities won't have an obvious cause to go after you for destroying evidence. They won't know what was there before you unlocked it with the second key, yet they'll still see a normal, functioning device.

Re:

[OpenSourced]

A problem with this is that you erase all your valuable data for perhaps just a random check in some customs. If the check is not random, the fully erased data is easy to recognize and marks you as an enemy of the state too. Even if you only delete data from some contacts previously marked as "sensible", the oppressor state (I'm assuming of course that you are a brave reporter fighting for the freedom of Whateverstan, not a child trafficker) can probably check your calls and internet use and see if they mat

Re:

[argee]

I like it. And you designate which part holds your files. Family pictures, keep after the "wipe". The Kiddie Porn and the Nuclear Secrets, "real wipe."
They would not suspect a thing.

That sound

[Anonymous Coward]

That sound you hear is a collective middle finger from every tech company on the planet towards Mr Malcom Turnbull and buddies. In reality, Australia is too small a market for them to give two shits about and any company could withdraw from the Australian market and it wouldn't change a pixel of their bottom line. Sure, it would piss the Australian people off if they couldn't get an iPhone or decent Android, but there are only 25 million of us.

Hellstra and Optarse would release their own branded devices

What if you you can't unlock it?

[mark-t]

Although we might not yet have the tech to do this, I can easily imagine a password system in the not too distant future that is tied with a wetware mechanism that analyzes the state of mind of the person entering the password to determine who is entering the password and their emotional state while they are entering it. If the person is under any duress while they are entering the password, then it will not unlock.

Thus, it would be provable that you have no ability to unlock it for them.... what would

Re:

[kenai_alpenglow]

10 years in prison. Jupiter years.

Re:

[mark-t]

Possible, though they could likely give you something to help get you in the right state of mind.

If they gave you something to artificially try and induce a cooperative state, then the tech should be able to discern that you were not in a normal frame of mind, and could still refuse access.

The principle behind using such mechanisms would be that if a would-be snoop knows in advance that such mechanism are in place, then they would not try to coerce someone to give them access in the first place because t

Re:

[mark-t]

Yes, they could still do that, of course. But at that point they are arresting a person because they want to, and could not even try to make the argument that they were arresting the person because they posed any threat to public safety or security unless they had other evidence to go on.

Re:

[mark-t]

Oh, and one more point... if you need to call emergency, then you don't need to unlock the phone in the first place. Same as it is right now.

No doubt about it ..

[Jerry]

Australia has jumped the Marxist shark.

They cannot keep any personal information secret because the gov equates accusation with guilt and you have to prove yourself innocent.
They cannot express a dissenting political or social opinion without violating "hate speech" laws.
They are disarmed and they cannot rollback to democracy, let alone defend themselves from thugs and terrorists who ignore weapons laws. When seconds count the police are only minutes away. In the outback HOURS away, if they come at all..
W

Delusional drivel.

[Falconhell]

Oh the irony, the current Australian government responsible for this is the conservative right wing LNP, verging on far right. If you were even reasonably informed you would know this, but your paranoia about duh Marxist does not allow you to conceive that this is the work of the right wing, as was the removal of a lot of guns by the same parties as currently in government.
Virtually nobody here cares about owning guns, and those who live in the country on farms frequently do have weapons on hand.
You are pretty much wrong in every single point, your lack of any knowledge is disturbing, tell me which part of the US are you from?

Re:

[Ol Olsoc]

Oh the irony, the current Australian government responsible for this is the conservative right wing LNP, verging on far right.

Behold, Jerry, the ultimate tool of the lunatic crypto-conservative movement.

Anything that offends their delicate sensibilities is immediately labeled as marxist, or socialist.

So you can get a far right government doing some of the heinous things a government can do, and somehow magickly, it becomes the fault of Leeeburl's socialists, or Marxists.

Tools for tools, as it were.

Re:

[The Evil Atheist]

No, they are also right of the Democratic party. They are the party of pro-white, anti-coloured immigration. The party of corporate tax cuts based on free-market voodoo. The party of climate change denial and the offloading of climate related economic and political troubles to later generations.

And no, not even the 10% who own guns cares enough about guns to complain about gun laws. Requiring a reason, and a licence, to own a gun is not considered unreasonable among most of the 10%.

Re:

[Highdude702]

Except your not allowed to use self defense as a reason, for anything.

Re:

[The Evil Atheist]

Yes you are. You're just not allow to cause the death of someone with self-defence using excessive force. That's not "for anything". That's literally for just one outcome. There are plenty of outcomes in self-defence that does not require death.

Something is wrong with Americans. You guys keep trying to find an excuse to kill people to make yourself feel macho for having been wronged.

Re:

[Highdude702]

I hope you also enjoy your 10 years in prison for not unlocking your phone, the one you didn't even realize you owned.

Re:

[Falconhell]

No chance, I don’t keep anything that would cause concern on my phone. If you do, you’re an idiot. Surprisingly, I know all the phones I own, you dont?

Re:

[damn_registrars]

And this fucked up "agree/disagree"-based moderation scoring that shows exactly why I browse at -1. I find more posts of truth at -1, and groupthink at +5.

Bull. Shit.

His posting at -1 has nothing to do with "groupthink" or "agree/disagree". Roman posts at -1 because the majority of his posts are either recruitment efforts for his religion, plainly insulting, or both. If he could participate in discussion here like a normal mature human being he would not have karma in the shitter. He's even started at least one sock puppet account in the interest of either increasing his karma or simply ignoring it, and that has been similarly moderated down.

If y

Re:

[SvnLyrBrto]

"roman_mir" routinely posts claims that he is a business owner who employs only people in ex-soviet satellite nations in Eastern Europe and in third-world nations; specifically so that he can take advantage of the lack of worker protections in those countries so that he can get away with mistreating and underpaying said workers. There are two ways that can break down:

1). He's a liar and therefore a troll account; which deserves a "-1 Troll" mod every single time.

or

2). He's telling the truth and is simply a

Re:No doubt about it ..

[Strider-]

Australia has jumped the Marxist shark.

This is much closer to fascist than anything else. Marxist is an economic ideology. Fascism is political/legal.

so apple will pull out but will cave in china!

[Joe_Dragon]

so apple will pull out but will cave in china!

There's an App for that

[Archfeld]

Just get an app that has 2 codes, one that unlocks the phone, and another that wipes the phone. If they are requiring the phone un locked to look for evidence how can they prove that it was there in the first place ? The only thing I keep on my phone is the contact list, I delete call history, received, and outgoing, as well as all my text history on a daily basis already.

People Don't Need That Level of Security

[mentil]

In other news, Australian authorities now requiring safe manufacturers to provide backdoor access, says they are 'too secure'.

far queue

[bigtreeman]

tell them to join the far queue

Re:

[account_deleted]

Comment removed based on user account deletion

Then the data must be hidden

[Karmashock]

If I can't protect my data with encryption then I have to go to other means. Data that cannot be found cannot be demanded.

Here people will say "but that isn't how I do things right now"... always the way with everything since always. We don't do things a certain way until we do.

Easy enough to do... does require pushing the data to secured remote servers or obscuring the data on the phone such that it doesn't appear to be data... at least enough so that the investigators and courts don't notice it.

Hmm

[nehumanuscrede]

With all the uproar over access to private / personal data that is stored on a smartphone, I am shocked they don't simply secretly upload said data periodically to a cloud server instead and call it a backup.

Then they just have to bribe . . . . er. . . promise lucrative contracts to the Telco for access.

Then again, they may already do so and the rest of this is just misdirection.

Fake News

[argee]

God help you if they finally unlock the journalist's phone and find Fake News!

Re:

[Highdude702]

I like the way you think.

Re:

[Anonymous Coward]

This happened in Canada to Minister of Public Safety Vic Toews [techdirt.com]. Douchebag publicly advocated for invading citizens privacy. When his personal info started getting leaked, he sure didn't like it.

Re:

[ebvwfbw]

Really? You're willing to give up 10 years of your life? Wow.
Understand that once you're in jail your life isn't worth a nickel. Someone could end it at any time.

Better to vote the bums out. Repeal all of their failed gun control laws.

Re:

[ebvwfbw]

Does that mean NTFS is outlawed?

(That's a joke, Son!)