Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Aussie Attorney General's War On Encrypted Web Services

samzenpus posted about 8 months ago | from the no-code-for-you dept.

Encryption 151

Bismillah writes "If Attorney-General Brandis gets his way in the process of revising Australia's Telecommunications Interception Act, users and providers of VPNs and other encrypted services will by law be required to decrypt government intercepted data. Because, 'sophisticated criminals and terrorists.' New Zealand already has a similar law, the Telecommunications Interception and Computer Security Act. Apparently, large Internet service providers such as Microsoft and Facebook won't be exempt from the TICSA and must facilitate interception of traffic."

Sorry! There are no comments related to the filter you selected.

Take your pants down (0, Insightful)

Anonymous Coward | about 8 months ago | (#46503183)

or else...

>or else what?

We'll take your pants down.

2 choices. One involves bravery, and integrity.

That's ONE choice (1)

Anonymous Coward | about 8 months ago | (#46503327)

Just once when a bad guy says "2 choices" I'd like the lead character to go "No, that's 1 choice between 2 options!" punching the guy in the face on each number.

Re:That's ONE choice (-1, Troll)

Anonymous Coward | about 8 months ago | (#46503369)

http://m.dictionary.com/defini... [dictionary.com]

Look at definition 3. Choice and option are synonyms.

Is English not your first language? In this language the same word can sometimes have multiple meanings.

Re:That's ONE choice (1)

alexborges (313924) | about 8 months ago | (#46503625)

All languages share that characteristic, you insensitive clod.

Re:That's ONE choice (1)

Anonymous Coward | about 8 months ago | (#46504541)

Is English not your first language? In this language we have jokes.

Re:Take your pants down (2)

Opportunist (166417) | about 8 months ago | (#46503575)

Here's the third: Take your business elsewhere.

The world is a large place. Someone might want to tell Mr. Bigwig that his laws mean jack in all but one country.

Re:Take your pants down (5, Insightful)

BlueStrat (756137) | about 8 months ago | (#46504287)

Here's the third: Take your business elsewhere.

The world is a large place. Someone might want to tell Mr. Bigwig that his laws mean jack in all but one country.

Except that this trend towards increased government surveillance of the general populace by government intelligence and LE agencies, often in blatant violation of their nations' own laws and founding documents & principles, is a global phenomenon, particularly in the West, and no longer limited to a handful of dictatorships and totalitarian nations.

Blowing this stuff off because "just switch to a foreign provider" is short-sighted.

Individual freedom around the world, particularly digital privacy/security against intrusive, and often illegal by their own laws, digital spying by governments against their own citizens, is on a downward trend as the US and other Western nations grow increasingly paranoid and authoritarian.

The struggle against such invasive surveillance must likewise be global as these regimes work together both in the actual surveillance and also on the political side to increase their scope and power ever further.

This is particularly true among "Five Eyes" nations like Australia. What good would it do to switch to using services outside the country you're in if all the practical alternatives are just as bad or worse?

Strat

Insanity (0)

Anonymous Coward | about 8 months ago | (#46503189)

What is wrong with this world? Seriously. First .uk, now .au. Just move to .kp if you hate freedom so much.

Re:Insanity (2)

x0ra (1249540) | about 8 months ago | (#46503431)

People in power trying to stay in power ?

Re:Insanity (4, Informative)

ozmanjusri (601766) | about 8 months ago | (#46503517)

People in power trying to stay in power ?

Almost, but this guy doesn't have the brains to think that far.

George Brandis is s sneering scumbag and lying rodent who wants to be Dick Cheney when he grows up, but lacks the compassion, gun skills and wit.

He used taxpayer money to go to a friend's wedding, but has accepted the task of writing a ministerial code of conduct. He's also told the Australian arts community that they don't have the right to refuse funding from corporate sponsors whose ethical values conflict with those of the artists, and plans to punish them if they don't comply.

Re:Insanity (0)

Anonymous Coward | about 8 months ago | (#46503583)

Dick Cheney? Gun skills? That's pretty hilarious. Assuming you are aware of the fact that he managed to shoot his buddy, wearing a bright orange vest no less, while attempting to murder quail -- and no, firing buckshot at hapless tiny birds does not count as "hunting". Apparently the bastard never even apologized.

Re: Insanity (0)

Anonymous Coward | about 8 months ago | (#46503611)

Well, that went completely over your head.

OW! HEY! You could put an eye out! (1)

Anonymous Coward | about 8 months ago | (#46505027)

He wishes.

Re:Insanity (5, Funny)

Anonymous Coward | about 8 months ago | (#46503687)

Above is the whooshiest whoosh ever to have wooshed.

Re:Insanity (1)

Anonymous Coward | about 8 months ago | (#46503747)

Dick Cheney? Gun skills? That's pretty hilarious. Assuming you are aware of the fact that he managed to shoot his buddy, wearing a bright orange vest no less, while attempting to murder quail -- and no, firing buckshot at hapless tiny birds does not count as "hunting". Apparently the bastard never even apologized.

More power to him if he really was using buck shot (which i seriously doubt) - reduces the chance of hitting the bird radically compared to bird shot... Spot the difference [shootingillustrated.com]

Re:Insanity (0)

Anonymous Coward | about 8 months ago | (#46503831)

Apparently the bastard never even apologized.

I'm pretty sure Dick made the guy apologize to him, you know, for getting in the way of his shot and all.

Dick the Compassionate (0)

Anonymous Coward | about 8 months ago | (#46503597)

I can't even imagine what someone less compassionate than him is like.
I seem to recall the Joker having a better sense of morals...

Re:Insanity (1)

sd4f (1891894) | about 8 months ago | (#46504547)

lol at the arts funding, he didn't tell them they "don't have the right to refuse funding from corporate sponsors whose ethical values conflict with those of the artists", he just said that if they do refuse corporate donations, the government shouldn't be filling in the fiscal shortfall due to the protest they are making.

If artists want to make a stand over something, good for them, it's their right to do so, but they shouldn't then be able to just fall back on taxpayer dollars by shaking the money bucket, every time they feel their purity is under threat. And even then, the government is the progenitor of this stand that they're taking, considering it's asylum seeker detention which they are against, so taking government money would, in a sense be, hypocritical.

After all, only the impotent are pure...

Re: Insanity (1)

jd2112 (1535857) | about 8 months ago | (#46504587)

No problem: This photo exhibit on environmental damage caused by oil spills is sponsored by Exxon and BP.

Re:Insanity (4, Insightful)

gweihir (88907) | about 8 months ago | (#46504003)

This is actually business as usual. If the population of a country forgets to kick their "representatives" in the face whenever they develop delusions, then the government slowly morphs into totalitarianism. The problem is that ordinary people are highly susceptible to manipulation and governments are getting better at it. The "we did not know what was happening"-excuse that so many Germans used after Nazi-Germany was overthrown will not fly this time.

Re:Insanity (2)

Travis Mansbridge (830557) | about 8 months ago | (#46504165)

The "five eyes" group sharing national security information under the ECHELON program is also sometimes called "Auscanzukus" for Australia, Canada, New Zealand, UK and US. I wouldn't trust any of these when it comes to signals intelligence.

We need a redesign (0)

Anonymous Coward | about 8 months ago | (#46503195)

All internet services should be redesigned so that it isn't possible for the ISP or anyone but the recipient to decrypt anything (or at least as little as possible).

Re:We need a redesign (3, Funny)

Opportunist (166417) | about 8 months ago | (#46503581)

You mean, like, say, end to end encryption?

What a novel idea, you should patent it...

Re:We need a redesign (1)

thegarbz (1787294) | about 8 months ago | (#46504657)

What a novel idea, you should patent it...

Shhh don't give him any stupid ideas.

wtf (0)

Anonymous Coward | about 8 months ago | (#46503205)

microsoft is an ISP? what a shit article

Re:wtf (1)

Anonymous Coward | about 8 months ago | (#46503349)

Don't worry, it's just a shit summary. TFA talks about Microsoft in the context of being a webmail provider.

Re:wtf (2)

gl4ss (559668) | about 8 months ago | (#46503629)

dumdidum.. they provide server hosting and internet services..

aaa (-1)

Anonymous Coward | about 8 months ago | (#46503213)

aaa

Be funny if... (0)

Anonymous Coward | about 8 months ago | (#46503221)

Be funny if everyone said Fuck You and just stopped letting Aussies use their services entirely.

Yup (0)

Anonymous Coward | about 8 months ago | (#46503477)

This will probably be the next step.

1. Make VPN services illegal in Australia.
2. Stop payment gateways from accepting payments from consumers to overseas 'blacklisted' VPN services.
3. Publishers overseas profit!

Re:Yup (1)

rvw (755107) | about 8 months ago | (#46504263)

This will probably be the next step.

1. Make VPN services illegal in Australia.

That will be fun! This will only work if SSH is banned as well. That means they can only use Telnet. I'm all for it. Let them do this and let us have a good laugh! ;-)

Umm... (0)

Anonymous Coward | about 8 months ago | (#46504577)

Well, would they really need to ban SSH?

More than likely all they need to do is force the VPN provider to log. Incoming and outgoing connections, the times at which they were made and the credit card information attached to the account - it's all they'll need to prosecute in Australia anyway. If the VPN provider doesn't cooperate and they're in Australia they're prosecuted. If the VPN provider doesn't cooperate and they're outside of Australia then their blacklisted at the payment gateways*.

I'm not saying it's going to be perfect, but it'll be a big step towards stopping people who use these services to avoid geographic blocks or use them as an anonymising service. With the TPP looming as well, it's just going to get worse in Australia.

* As an example, IIRC, Visa, Mastercard and Paypal blocked payments to iPredator recently. I'm sure that they'll accept other payment methods (bitcoin, etc.) but it's going to make business for the VPN provider and their potential customers more difficult, potentially enough so that they'll decide it's not worth it.

Like publicintelligence.net ? (0)

Anonymous Coward | about 8 months ago | (#46503227)

http://publicintelligence.net/ [publicintelligence.net]

how about the free PDF to image viewer you don't have to download?

http://view.samurajdata.se/ [samurajdata.se]

and how Tor can be used to visit A and view at B with all strict settings enabled and nothing relaxed? (no javascript required for example)

Srsly? (1)

dave.haku (1385799) | about 8 months ago | (#46503229)

I don't think this will stop any terrorista.

Re:Srsly? (1)

gargleblast (683147) | about 8 months ago | (#46503375)

Yeah. There are about as many terrorists in Australia as there are snakes in Ireland. PS. Happy St Patrick's Day.

Re:Srsly? (2)

michelcolman (1208008) | about 8 months ago | (#46503603)

You mean Australians have terrorists as pets and in zoos?

Re: Srsly? (0)

Anonymous Coward | about 8 months ago | (#46503787)

Sure do, Christmas Island, Manu's Island etc

Re: Srsly? (1)

KeensMustard (655606) | about 8 months ago | (#46504237)

Those aren't the terrorists you're looking for

Re:Srsly? (3)

gargleblast (683147) | about 8 months ago | (#46504379)

You know what? We just about do.

When a Lib/Nat government thinks it has a whiff of a terrorist, it goes crazy apeshit bonkers. The last "terrorist" they caught was Muhamed Haneef [wikipedia.org] . A doctor, born in India. An ordinary, or better than average, guy. His crime? He "recklessly" provided a SIM card to a dimwit second cousin of his, who failed spectacularly at blowing up Glasgow Airport. Haneef was locked up for weeks until a magistrate said "hey police guys, this case is a crock of shit" and the DPP said "Oh my tittyfucking God you're right" and dropped the charges. The government then instantly cancelled his visa and deported him.

Note that, while Haneef was detained, he was cause celebre in Australia. He was the AFP's prize possession. He may as well have been, as you say, an exhibit in a zoo.

And that is the closest thing there is to an Australian terrorist.

Re:Srsly? (1)

sg_oneill (159032) | about 8 months ago | (#46503973)

We had a few arse-backwards white supremacists in the 1980s blow up some chinese resturants and a few things. Somehow doubt those hillbillies are going to be particularly sophisticated about their communication.

Re:Srsly? (0)

Anonymous Coward | about 8 months ago | (#46503515)

I'm sure the number one rule for terrorists is to follow the laws of the land, right? What a joke...

Re:Srsly? (1)

davester666 (731373) | about 8 months ago | (#46503537)

this is just a way to find the terrorists. once encryption is outlawed, only terrorists will use it.

you just get the ip address, go to the house, and do a swat team entrance on it. lather, rinse, repeat until nobody is using encryption in Australia.

Re:Srsly? (1)

johanw (1001493) | about 8 months ago | (#46503829)

What house? Pay as you go mobile has internet too, you don't need any (registered) house address for it.

Re:Srsly? (0)

Anonymous Coward | about 8 months ago | (#46504239)

That will be the next step, outlawing all PAYG phones, or at least forcing them all to be registered and tied to an offline identity (drivers license or passport)

Re:Srsly? (1)

RabidReindeer (2625839) | about 8 months ago | (#46504447)

What house? Pay as you go mobile has internet too, you don't need any (registered) house address for it.

You've got something better. To actually send/receive data, the unit has to be in contact with a tower. Unlesss the perp is so far out in nowhere that you can't get enough towers to trilaterate, you can pinpoint the exact position of the unit for any unit detected sending encrypted traffic (which TFA indicates should be monitored by the phone company). Then you call Obama and he sends in the drones.

Re:Srsly? (2)

Opportunist (166417) | about 8 months ago | (#46503587)

You know, I know, possibly he knows, but it seems to still work on the dimwits keeping him in office.

Re:Srsly? (0)

Anonymous Coward | about 8 months ago | (#46504317)

Went to starbucks once the cashier was a real terrorista...

Gravity (4, Insightful)

scsirob (246572) | about 8 months ago | (#46503241)

The attorney-general can write a law to defy gravity, but putting a signature on such law will not make people fly.

In other words: madness.

Re:Gravity (0)

Anonymous Coward | about 8 months ago | (#46503357)

Thankfully the Attorney General only has the power to enforce laws, not to write laws (that's the job of the elected senators and ministers).

Re:Gravity (3, Insightful)

gweihir (88907) | about 8 months ago | (#46503983)

Actually, he does not have the power to enforce a law defying gravity. He has a mandate to do so and he may be stupid enough to try though.

Re:Gravity (4, Informative)

KeensMustard (655606) | about 8 months ago | (#46504229)

Thankfully the Attorney General only has the power to enforce laws, not to write laws (that's the job of the elected senators and ministers).

Yes. How fortunate that Senator George Brandis isn't you know, a member of the Senate.

But seriously, of all the inner circle of petrified, ideological nincompoops in the new government this guy is up with the best of them. He has no idea about law, how law should be made or enforced, the intent of law and the notion of correct legal practice and judicial ruling. Just the person you want, you know, for the attorney general.

He was an Q & A the other night, arguing for the removal of the racial villification clauses form the Racial Discrimination acts. Why? Because one of his cronies had been found guilty under this section. He said it out loud. Other more apparently learned members of the panel schooled him on the notion of "the rule of law".

No, George. It's not the role of the law to protect your racist buddies when they make false claims against named persons and then publish them, explcitly alleging that their alleged behaviour is typical of their race (or worse, racial mixture)

Re:Gravity (2)

Number42 (3443229) | about 8 months ago | (#46503561)

Madness? THIS! IS! AUSTRALIA!

Re:Gravity (0)

Anonymous Coward | about 8 months ago | (#46503707)

I wouldn't be so certain about that. Observe how people live on Australia, despite it being on the bottom of the globe, by falling up.

Re:Gravity (2)

gweihir (88907) | about 8 months ago | (#46503975)

Many in power that come from the legal profession do not realize that "the law" is just a bad crutch and cannot deliver most things it is supposed to deliver. Instead they think they are shaping reality. It is some specific form of serious mental disability. It is also a threat to society.

Re:Gravity (0)

Anonymous Coward | about 8 months ago | (#46505011)

There was a time when law was a written version of what used to be caslled common sense, for those rare indiviiduals who did not possess their fair share.

That's turned around now so that law has nothing to do with common sense, for those rare indiviuals who actually possess their fair share of it.

How many of you feel like you're sane in an insane world?

For Everyone or Only For Us? (0)

Anonymous Coward | about 8 months ago | (#46503267)

The question is will this law contain provisions that let government officials use services without backdoors?

Plausible deniability (1)

Neo-Rio-101 (700494) | about 8 months ago | (#46503273)

How would one claim plausible deniability?

"Your honor, I was simply transmitting random ASCII to a friend! He replied with random PETSCII!"

Re:Plausible deniability (0)

Anonymous Coward | about 8 months ago | (#46503449)

You could claim whatever you like, it wouldn't stop the police keeping you in a small windowless room until they heard what they wanted to hear.

The rules work very differently in a totalitarian world from what you might be used to. You don't want to stand out from the crowd, be noticed and targeted, period. Sadly, I think lots of people can't wrap their heads around these concepts and will be finding out the hard way.

Re:Plausible deniability (1)

AHuxley (892839) | about 8 months ago | (#46503919)

Re You could claim whatever you like, it wouldn't stop the police keeping you in a small windowless room until they heard what they wanted to hear.
The view of laws like this is to have a paragraph to get anyone without the need for complex key loggers, OS dependant malware, ongoing law enforcement infiltration to recover/enter/decrypt and then build a case.
You will hand over the needed information or face a prison term unconnected to any more information found or not found.
Better to be the first to 'help' vs risking later charges if 'decoded' in later investigations.
Once handed over, law enforcement can become you, your forum, irc, web 2.0, banking - everything you where digitally to build further cases.
Where does this fit in with the role of Australian law enforcement? A rapid need for infiltration on the digital edges of vast crime networks.
Australia hopes to get to the people who make big crime work at an international level by getting to their bankers, lawyers as the cash moves.
The way around this is to trust your family, gang, tribe, faith/cult, city, province and never allow too many outsiders in ;)

Re:Plausible deniability (1)

dkf (304284) | about 8 months ago | (#46503693)

How would one claim plausible deniability?

"Your honor, I was simply transmitting random ASCII to a friend! He replied with random PETSCII!"

Well, that sort of argument by itself will just get you into deep trouble. (Taking the piss with a court is a good way to get into trouble, and your argument is hardly plausible in the first place.) Steganography might work, but then you've got the problem of distributing the baselines so that the other party can decrypt; sending lots of visually-identical-but-not-bit-identical copies of the same image would usually be a dead giveaway that you're using steganography.

Or that you use Google+; I keep seeing the same old shit resent there.

It's far better to ask why the AG Hates Australian Business, given that he's trying to make all online commerce impossible. Or that he hates medical privacy because he's making it impossible to securely transfer patient records between doctors and hospitals. Find things that show why encryption is an important basic part of doing things online that is used for nefariousness only because it is used for masses of other things too. ("Cars are used to commit smash-and-grab raids! Ban them at once!")

Re:Plausible deniability (2)

sg_oneill (159032) | about 8 months ago | (#46503991)

Don't. Just forget the password. They can't prove you haven't. In fact its actually really common for people under duress to forget passwords for real, since memory can get quite impaired by anxiety (Its part of why torture doesnt work. The more people are freaked out, the more the brain reverts to a fight-or-flight baseline with faster reflexes and diminished cognitive skills)

Re:Plausible deniability (1)

Kjella (173770) | about 8 months ago | (#46504467)

(Its part of why torture doesnt work. The more people are freaked out, the more the brain reverts to a fight-or-flight baseline with faster reflexes and diminished cognitive skills)

Spoken like one of the millions that has not cracked under torture throughout history. No, the reason it doesn't work so well is that they don't know if you're just making shit up to avoid being tortured more. And even if you do tell they're likely to torture you some more because they'll assume you're still holding something back, so even if you get some truth it's maybe half-truth or mixed up with lies. If they had a safe and they knew for sure you have the combination and could instantly verify if you told them the truth or not, I bet torture would be 95%+ effective. What they want to achieve during torture is simply to pass the limit of how much pain you can take, whether you're almost passing out or delirious doesn't matter much as long as you don't die on them. Then they give you a break and say talk or we'll do that again.

There are a few people that can withstand torture but it's not because of amnesia, it's because they know that if they talk their friends will die or go to prison. I've never read a war documentary where the person claimed to have cracked and wanted to talk but mind blanked and simply was unable to, they've all either talked or been of the "the pain was out of this world but I'd never tell them anything, they'd have to kill me first" variety. Or for that matter, kill themselves first if they get the opportunity either before or after getting caught. I've read some stories from WWII that makes waterboarding sound very tame, under real not-pretending-to-be-civilized torture you are going to wish you were dead.

Rolls eyes (0)

Anonymous Coward | about 8 months ago | (#46503309)

And technology will roll on with a new encryption method that is secure and prevents MITM attacks and allows for a key to be generated on the fly so nothing is required to be kept at either end that can be used to decrypt the traffic. Key what key? I'm not familiar enough with the field to know for sure if that doesn't already exist.

Perfect Forward Secrecy (4, Informative)

grahammm (9083) | about 8 months ago | (#46503321)

So they would ban the use of Perfect Forward Secrecy. Using PFS it is impossible to decrypt the intercepted content even with the Certificate's private key.

Re:Perfect Forward Secrecy (1)

Anonymous Coward | about 8 months ago | (#46503507)

not impossible, infeasible

Genius (5, Insightful)

pitchpipe (708843) | about 8 months ago | (#46503325)

Yeah! Let's weaken security on networks that most major financial transactions travel over, because we really have no problems with criminals committing fraud over these networks.

Yes Mr. Contractor, for the new ultra-hardened backdoor with super-duper locks I'd like you to leave the key over there under that rock. No, I'm sure only our RSA, NSA, TLA certified guys will be using it. How would anyone else know it's there?

Snowden (3, Insightful)

TubeSteak (669689) | about 8 months ago | (#46503361)

The department argues the obligation on service providers would merely "formalise" existing arrangements.

This is fallout from the Snowden leaks.
What was once done in secret is now being brought into the light.
I guess I was hoping they'd just stop, instead of legalizing the invasive spying programs.

Re:Snowden (5, Insightful)

TapeCutter (624760) | about 8 months ago | (#46503511)

This is fallout from the Snowden leaks.

No, Brandis doesn't need an excuse for this behaviour, he was like this before Snowden was born. His predecessor (and mentor) from the Howard government was Ruddock, Ruddock was the guy who threw out the Magna Carta in order to make a political prisoner out of David Hicks, it was the most shameful act of any Aussie AG I have witnessed in the last 50 odd years. I will be very surprised if Brandis does not sink even lower than Ruddock (assuming that's possible).

People who thirst for the power that comes with the role of AG should somehow be banned from applying for the job.

Re:Snowden (0)

Anonymous Coward | about 8 months ago | (#46503613)

American living in the U.S. here.

What about term limits? Do you guys have that?

Re:Snowden (0)

Anonymous Coward | about 8 months ago | (#46504147)

For politicians? Yes. For public servants? No. (I think you'll find that's the same in every democracy.)

Re:Snowden (1)

AHuxley (892839) | about 8 months ago | (#46504021)

Australia has had a long like for this legal idea. If you cant catch the person, make sure they help catch themselves later.
In the past it was known as verballing - after a long "interview" you where happy to sign "your" confession.
Your lawyer would be up against the trust and charm of the police vs the guilty person who had signed a detailed confession.
This method worked very well in Australia until video and audio recording during interviews was established after law reforms.
This is a return to the easy policing of the 1970's backed by the contractor spying programs of the web 2.0 age.
Demand a lawyer :)

Knee jerk (1)

Macfox (50100) | about 8 months ago | (#46503483)

This is more of a result of the recent hysteria by the Australian Federal Police and Australian Crime Commission over local criminals using Phantom Secure phones to coordinate contract hits allegedly. http://www.abc.net.au/news/201... [abc.net.au] Brandis might have good intentions, but he's about as illiterate as they get in the NLP on such technology matters. These gangs don't rollover. Even rivals will not roll on rivals. This is a naive idea and will fail miserably in practice, if it ever sees the light of day. Given the makeup of the current senate, not any time soon.

Re:Knee jerk (1)

Opportunist (166417) | about 8 months ago | (#46503607)

Who'd have thought you'd ever be happy about a deadlocked legislative, hmm?

Re:Knee jerk (1)

AHuxley (892839) | about 8 months ago | (#46504061)

They hope to get another aspect to rollover - the needed clean people that can move funds around the world who never asked real questions about amounts, origin, destination.
Will it work? It has been tried in the UK and the justice system leaked before many big cases could gain traction. The top police then spend more time hunting in their own ranks, the press and within the legal system for who leaked. Then the funding runs out or investigations just stop :)

Just making it easier for China. (1)

andy_spoo (2653245) | about 8 months ago | (#46503493)

Every time a government forces a company to make or create a back door or hand over keys to them, it makes it easier for countries like China to hack the hell out of our companies. Utter stupidity.

The Meat of It (1)

SJ2000 (1128057) | about 8 months ago | (#46503523)

The article is rubbish so, with that in mind, here are some excerpts:

The Department is also advised that sophisticated criminals and terrorists are exploiting encryption and related counter-interception techniques to frustrate law enforcement and security investigations, either by taking advantage of default-encrypted communications services or by adopting advanced encryption solutions. The Department’s current view is that law enforcement, anti-corruption and national security agencies should be permitted to apply to an independent issuing authority for a warrant authorising the agency to issue ‘intelligibility assistance notices’ to service providers or other persons. The issuing authority should be permitted to impose conditions or restrictions on the scope of this authority.

Where issued to a service provider, such notices would formalise existing arrangements....

When issued to a person other than a service provider, such as the subject of a warrant, the Department’s preliminary view is that a notice would operate in a similar fashion to orders made under section 3LA of the Crimes Act 1914. Section 3LA permits agencies that have seized physical hardware, such as a computer or an external hard drive, under a search warrant to apply for a further warrant requiring a person to ‘provide any information or assistance that is reasonable and necessary’ to allow information held on the device to be converted into an intelligible form.

...issuing authorities should be able to authorise an agency to issue ‘intelligibility assistance notices’, requiring a person to provide information or assistance to place previously lawfully accessed communications into an intelligible form, as discussed by the PJCIS at Recommendation 16...

Recommendation 16
The Committee recommends that, should the Government decide to develop an offence for failure to assist in decrypting communications, the offence be developed in consultation with the telecommunications industry, the Department of Broadband Communications and the Digital Economy, and the Australian Communications and Media Authority. It is important that any such offence be expressed with sufficient specificity so that telecommunications providers are left with a clear understanding of their obligations. ...
The Department’s preliminary view is to support recommendation 16 in principle.

- Comprehensive revision of the Telecommunications (Interception and Access) Act 1979, Submission 26 [aph.gov.au]

Re:The Meat of It (1)

SJ2000 (1128057) | about 8 months ago | (#46503535)

With the rise of deniability [truecrypt.org] features [jetico.com] in data-at-rest encryption products, I'm not sure how this is going to work in the real world. Wouldn't be hard to use these technologies for communications too.

Re:The Meat of It (2)

Opportunist (166417) | about 8 months ago | (#46503631)

Steganography is neither limited to data at rest nor to pictures. As long as you can transmit data that need not have a certain format to be considered "normal", you can transmit data hidden inside other data. If everything fails, transmit a lolcat pic that contains the data you want to transmit as a mail attachment.

What's harder to hide is source and destination of your traffic, though with a bit of creativity and the use of international providers even that's not completely out of the question.

Use international politics to your benefit. If you want to evade the government of country A, find out what countries would rather not aid them and try to use resources in those countries.

Re:The Meat of It (2)

grahamm (8844) | about 8 months ago | (#46503923)

Hiding the destination need not be difficult. You just do the electronic equivalent of putting a coded small ad in a newspaper. Everyone can read it, but only the intemded recipient can decode it and there is no indication as to whom the message is intended for.

Re:The Meat of It (2)

Opportunist (166417) | about 8 months ago | (#46504083)

Well, in theory, yes, but it's not very practical. Not only do you and your recepient have to agree on a code, it can also be pretty suspicious if the person trying to eavesdrop on you knows a fair lot about you (e.g. that you'd probably not usually do a birth announcement in a newspaper because you're living alone).

If that's what you plan to do, in this day and age it's probably less suspicious if you start a Facebook page, recruit a few thousand "friends" via some FB game that rewards you for having a lot of friends and post things that sound like they're part of your dull, boring life while actually being the code for your target audience.

Brandis is a moron (1)

Anonymous Coward | about 8 months ago | (#46503553)

No more need be siad.

How is that supposed to work (1)

aepervius (535155) | about 8 months ago | (#46503795)

What about firm which communicate using VPN ? No entities are in Australia , just maybe a worker or two communicating with a german firm for example.

Re:How is that supposed to work (2)

SuricouRaven (1897204) | about 8 months ago | (#46503951)

I've been pondering if a VPN could be encrypted using a one-time pad. Obviously the amount of data transfered would be limited by the size of the pad, but with modern storage that might not be such an issue. A remote worker or someone going on a business trip could easily fill up on two hundred gig or so of random data at company headquarters - enough to last them through a couple of weeks of typical usage while they are traveling. So long as no-one can get access to their laptop long enough to copy it off (And if they can do that, any other form of VPN could be compromised just as easily), it'll be quite impossible to break.

Re:How is that supposed to work (0)

Anonymous Coward | about 8 months ago | (#46504037)

Unfortunately, this
  #tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
doesn't work with openvpn yet (they include it with the next release), but .. as you can read (I guess so), they will include ecdhe etc. as encryption scheme.
If the Aussies intercept traffic .. here are the decryption keys. What? You still can't decrypt it? Sorry we can't either, except if you put up a mitm proxy, so we will warn the people out there anyway to not trust the server cert anymore/ we will just put it on a cert revocation list. Have a nice day $3letteragency.

You do know.. (0)

Anonymous Coward | about 8 months ago | (#46504363)

..that this is basically whats happening already? Only you don't share the common secret before the trip, but use some other form of encryption to do so remotely. Just cut this phase out, share the key beforehand, no need to be 2 terabytes, 256 bits is well enough, that's what block ciphers basically do anyways; generate random data that's messed up with the data. The random data is generated from the key.

You do know.. (0)

Anonymous Coward | about 8 months ago | (#46504651)

... that 256-bit block ciphers are not equivalent to one-time pads, right? 256-bit block ciphers are merely difficult to attack. One-time pads are impossible to attack, if the pad is not physically compromised. SHA-256 etc. do not generate random data, they generate pseudo-random data. Random data is something like the LSB of a live microphone sent through arithmetic coding, and cannot be reverse engineered by anyone ever.

If you're prepared to go to the expense of meeting the other party and exchanging physical material, you can swap a USB keydrive full of random bits just as easily as you can swap a 256-bit PRNG seed. The only issue then is, do you trust the other party hasn't been compromised?

Re:You do know.. (2)

Ly4 (2353328) | about 8 months ago | (#46505123)

256-bit block ciphers are merely difficult to attack.

That is incorrect. It is impossible to brute-force a cipher like that, and it is extremely unlikely that someone has found a cryptanalytic break for modern ciphers like AES.

Unlike a block cipher, you can prove that a one-time pad is unbreakable, but that proof depends on the assumption that the random bits of the pad are completely unpredictable. Turns out that's a non-trivial problem to solve, and an especially difficult one to test.

Re:How is that supposed to work (1)

AHuxley (892839) | about 8 months ago | (#46504175)

It would depend where and how the VPN is found in the wild.
10 people using IRC, 5 on VPN, 5 on TOR.
Police can get someone suggesting the others use VPN based in EU?US?UK to stay a member... i.e. that one firm of a list of VPN providers is the only way to be secure.
Overtime Australian police can get to any Western VPN firm and get evidence on more people as they use their real details/ip or become comfortable and let more trackable aspects slip.
A firm which communicates with VPN (any Australian connections) would be a plaything of the NSA, Australian Signals Directorate (ASD) and their international crypto friends - crypto and IP changing is useless, expensive and giving a false feeling of security.
If your firm becomes more interesting to Australia you face the Australian Secret Intelligence Service (~BND/CIA) and SAS like teams (special forces) - they will sneak into your firm- digitally or physically if really needed.
Australia has a lot of people moving around the world - tourists, people visiting the home country, students or smart people wanting to earn more-friendly, happy, boring and harmless. Australia kept the human side of its clandestine services intact and they blend in perfectly unlike a few other nations efforts.

Re:How is that supposed to work (0)

Anonymous Coward | about 8 months ago | (#46504399)

they will sneak into your firm- digitally or physically if really needed.

If it's a big enough firm they will usually have state of the art security complete with 24/7 armed guards and guard dogs anyway.

Good luck expecting them to honor any gagging orders (even with threats of prison) they'd probably tell the CEO about it on condition that he doesn't report it as he shouldn't know about it anyway.

Pretty stupid (1)

gweihir (88907) | about 8 months ago | (#46503953)

This is pretty stupid, for two reasons: First, there are enough cases where keys exist temporarily and cannot be reconstructed (e.g. all DH-established keys) and second, it allows users to find out what exactly was intercepted, by using a new key for every unit of data.

That it is also completely unethical and only worthy of a totalitarian regime (where the "sophisticated criminals and terrorists" have taken over the government) is just the icing.

Australia (1)

MitchDev (2526834) | about 8 months ago | (#46503967)

Land of the seriously fucked.

Your wildlife all wants to kill you, your government wants to turn you back into one big penal colony.

Viva la revolution!

fascist regime (1)

bigtreeman (565428) | about 8 months ago | (#46504069)

God save the Queen and the fascist regime.
Tony Abbott and his strong arm tactics.
He uses secrecy for the governments actions
and is pushing his conservative, fascist agenda.

Good luck with that (1)

shirro (17185) | about 8 months ago | (#46504087)

Abbott and his mates can legislate Pi to be 22/7 for all I care though they will have to convince the senate. Anyone who depends on modern technology to conduct business will just move elsewhere just as manufacturing has. The poor bastards like me who are too tied down to consider moving will just work around their stupidity as we always have. Fortunately unless my fellow Australians have gone completely insane he will be out after one term and the Libs can take a broom to the arsehole conservatives who have poisoned their party and get back to their core values of individual liberty, free from the tyranny of government interference.

Re:Good luck with that (0)

Anonymous Coward | about 8 months ago | (#46504189)

So you want the Labor party back in so Stephen Conroy can force internet censorship through for the sake of God and children? Unfortunately Liberal and Labor are just as bad as each other nowdays. I suspect the only thing that could be slightly worse would be the Palmer United Party getting in.

New Australian flag (1)

12WTF$ (979066) | about 8 months ago | (#46504211)

New Zealand is going (maybe) to get a new flag (new FLAG, I said, oh what this isnt 4chan, nevermind) well anyway the Enzedders are planning a nice black flag with a silver fern leaf. Like the logo of their football team, the All Blacks. Classy.Very nice.
I would like to see as new Australian flag which replaces the English cross (the combination of wales england and scotland crosses) (oh there's a thought... what if Scotland _does_ leave the United Kingdom. Does this mean all the ex-commonwealth countries have to remove the scottish part of the english cross that would make it a standard double cross rather than the superb triple cross that says 'UK - once we had an empire but we still own all the banks').
So lets put a red kangaroo up there instead, makes it very friendly a la Qantas (Tony, if you are on slashdot tonight for policy ideas, how about licensing the red roo logo from Qantas say $250m per year. Joycey is awaiting your call...)
Yes a nice friendly welcoming kangaroo (unless you're trying to sneak passed the Abbot drones. Refugees: "Nobody wants us, because we didn't come by Qantas")....
OK where were we? that flag idea? The way this mob of sheeple here are so insipid, probably they'll go for a upgrade on the Southern Cross to the Southern Swastika (subtle eh?). Rupert would LOVE it.

No Mandate (0)

Anonymous Coward | about 8 months ago | (#46504225)

He never said anything about this before the election. This isn't about terrorism. Its about finding whistleblowers and critics of his government. Fascist.

Do they open snail mails too? (0)

Anonymous Coward | about 8 months ago | (#46504413)

I mean at least it would be consistent.
I find both equally appalling.

One of the penalties (1)

rvw (755107) | about 8 months ago | (#46504427)

"One of the penalties for refusing to participate in politics is that you end up being governed by your inferiors." ~ Plato

This is proof (0)

Anonymous Coward | about 8 months ago | (#46504631)

Before any jackass says the NSA can decrypt anything, this is proof that they can't.

L2L (1)

Impy the Impiuos Imp (442658) | about 8 months ago | (#46504921)

> "Because, 'sophisticated criminals and terrorists.'"

When speaking in post-l33tspeak, one wouldn't put a comma between "because" and the unqualified phrase because stupid.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?