top_left top_right
bottom_left
Next Event: Unknown | Forum Rules | QGL Website | Event Registration
openFolder AusForums.com
iconwatfolderLineopenFolder LANs
iconwatfolderLineopenFolder QGL
iconwatfolderLineopenFolder QGL Forum
Author
Topic: Assistance and Access Bill - weakening encryption
trog
AGN Admin
Posts: 39715
Location: Other International

Being discussed today in the House of Representatives is something called the Assistance and Access Bill, which is a new piece of legislation that aims to make us more secure by (amongst other things) requiring technology companies to include a way for law enforcement to be able to access encrypted information - for example, they want to legislate a system that compels (say) Facebook to allow the government to eavesdrop/intercept messages in (say) Whatsapp. The argument from law enforcement is that they can basically not spy on people because the current system of crypto is too good and terrorists are using it to do stuff.

You can listen/watch the live stream of this right now; as I am writing this someone from Digital Rights Watch is currently explaining their reservations with the system.

The general consensus of the technical community is that this bill is terrible because it will weaken encryption, making us all less safe online. Further, most of the solid crypto-based messaging systems are open source and any criminal will be able to trivially avoid this by using easily available open source software.

It is an interesting discussion; I'd encourage anyone interested in preserving their ability to maintain privacy to read more about it and you can help fight it by becoming an EFA member or donating to Digital Rights Watch.

In case anyone is not sure, encryption:
- keeps messages sent between you and someone else secure from eavesdroppers
- means if you lose your [modern] phone, people can't pick it up and pull all your data off it
- ensures your personal information can be stored safely in data centres so people can't just copy it off the disks and know everything about you
- makes sure you can bank online over wifi without having to worry about people intercepting and stealing all your money
- literally underpins almost every single thing you do on a computer, mobile phone, tablet, or anything that carries electricity these days

It's kind of a big deal.

Here is a Juice video:

system
--
BladeRunner
Posts: 2915
Location: Queensland

It is concerning but I am not sure how it is going to affect other things that use encryption. If whatsap and google build a backdoor into their encryption for their apps, how does that weaken my banks online banking? Is encryption all the same of is there many different types for many different purposes?

This is a difficult question, liberty vs security.
trog
AGN Admin
Posts: 39716
Location: Other International

It is concerning but I am not sure how it is going to affect other things that use encryption. If whatsap and google build a backdoor into their encryption for their apps, how does that weaken my banks online banking? Is encryption all the same of is there many different types for many different purposes?
Very good question! There are many different types. And you're right: the system used for whatsapp and other messaging applications is generally different to that used by online banking (although there are some shared elements), so a compromise in one doesn't /necessarily/ mean a compromise in others.

One concern about the legislation is that being rushed through it's broad enough to require /any/ cryptosystem to be necessarily compromised so that law enforcement can eavesdrop. It seems inevitable that this will encroach on things like web-based crypto at some point.

One thing that noone has really figured out how to do yet is to create a good cryptosystem that weakens it enough to allow law enforcement access to it but keeps is strong enough to stop attackers - i.e., short of key escrow (giving the government the actual password as well) or simply CCing them on every message or something, there just are no good technical solutions that allow us to preserve most security while giving up just enough of it for the feds to monitor.

Good news though, Labor have stepped up to the plate for a change and pushed back after yesterday's testimony
Twisted
Posts: 12364
Location: Brisbane, Queensland

In case anyone is not sure, encryption:
- Ensures the data has not been manipulated in transit.

Which is something state sponsored hackers and Govt. agencies (also just general malicious actors) have been doing for years, manipulating unencrypted data for tracking and identification purposes or to insert malicious code into site code in transit, etc.
to allow law enforcement access to it but keeps is strong enough to stop attackers
Pretty sure they're one in the same these days?
Raven
Posts: 9639
Location: Melbourne, Victoria
Which is something state sponsored hackers and Govt. agencies (also just general malicious actors) have been doing for years, manipulating unencrypted data for tracking and identification purposes or to insert malicious code into site code in transit, etc.

Not just governments, but ISPs. What, you think major ISPs haven't been using transparent proxies for decades to inject things like advertising and tracking over HTTP traffic?
Twisted
Posts: 12365
Location: Brisbane, Queensland

What, you think major ISPs haven't been using transparent proxies for decades to inject things like advertising and tracking over HTTP traffic?
They sure have and this shouldn't be news to anyone. It has been in practice for over a decade. People should be very concerned about the Internet, but they never are.
trog
AGN Admin
Posts: 39718
Location: Other International

- Ensures the data has not been manipulated in transit.
yes very important one and a big reason to start using HTTPS on your own websites if you're not already. Let's Encrypt makes this sooo easy
Twisted
Posts: 12367
Location: Brisbane, Queensland

Apparently the bill has bipartisan support again and will push through according to the news this morning...
ravn0s
Posts: 19188
Location: Brisbane, Queensland
well s***. i guess we deserve it for electing such morons.


i look forward to tech companies pulling out of australia and the first major hacking scandal.
Twisted
Posts: 12368
Location: Brisbane, Queensland

Yeah pretty much. In 1 go they've eroded any trust anyone could have in an Australian product.
Insom
Posts: 4673
Location: Brisbane, Queensland

it's all bulls***, and it's bad for ya

I guess this will cover a certain class of popular messaging apps, but won't it just drive the development of even more 'peer to peer' solutions? (or the adoption of those that exist)
Raven
Posts: 9642
Location: Melbourne, Victoria
While the dramatic version is "Australian companies stock prices will tank, noone will employ Australians", I think the more likely scenario will be that Australian companies will release their self-hosted software as Open-Source, enabling customers to compile and deploy that software themselves. Patches removing any malicious code will then be readily available allowing companies to remove or disable those sections of code.

Software as a Service and hosting will certainly die in Australia, however.
Hogfather
Posts: 16888
Location: Cairns, Queensland

Software as a Service and hosting will certainly die in Australia, however.

The hilarious thing is that Australians will probably have to host outside Australia to have proper data sovereignty.
system
--
Not a new post since your last visit.
New Post Since your last visit
Back To Forum
Advertise with Us | Privacy Policy | Contact Us
© Copyright 2001-2019 AusGamers Pty Ltd. ACN 093 772 242.
Hosted by Mammoth Networks - Australian VPS Hosting
Web development by Mammoth Media.