Apple Rebukes Australia's 'Dangerously Ambiguous' Anti-Encryption Bill (techcrunch.com) 87
Apple has strongly criticized Australia's anti-encryption bill, calling it "dangerously ambiguous" and "alarming to every Australian." From a report: The Australian government's draft law -- known as the Access and Assistance Bill -- would compel tech companies operating in the country, like Apple, to provide "assistance" to law enforcement and intelligence agencies in accessing electronic data. The government claims that encrypted communications are "increasingly being used by terrorist groups and organized criminals to avoid detection and disruption," without citing evidence. But critics say that the bill's "broad authorities that would undermine cybersecurity and human rights, including the right to privacy" by forcing companies to build backdoors and hand over user data -- even when it's encrypted. Now, Apple is the latest company after Google and Facebook joined civil and digital rights groups -- including Amnesty International -- to oppose the bill, amid fears that the government will rush through the bill before the end of the year. In a seven-page letter to the Australian parliament, Apple said that it "would be wrong to weaken security for millions of law-abiding customers in order to investigate the very few who pose a threat." The company adds, "We appreciate the government's outreach to Apple and other companies during the drafting of this bill. While we are pleased that some of the suggestions incorporated improve the legislation, the unfortunate fact is that the draft legislation remains dangerously ambiguous with respect to encryption and security. This is no time to weaken encryption. Rather than serving the interests of Australian law enforcement, it will just weaken the security and privacy of regular customers while pushing criminals further off the grid."
Encryption is math (Score:5, Insightful)
Either everyone is secure, or nobody is.
Re: (Score:3)
Why youze think youze need dis fire extinguisher when weez'll sell youze dis great insurance?
Cause sure would be a shame if sumthingz was to happen to dis nice shop here.
Re: Encryption is math (Score:5, Insightful)
Anyone and everyone in tech understands the nature of encryption. It's so sad that politicians don't. At some point, some government is going to pass a shitty version of this law, and then, the real show down begins.
Re: Encryption is math (Score:5, Insightful)
Oh, I think they understand it. Easier to get away with certain things when they can claim ignorance, though.
Re: (Score:2)
The goal of politicians is to appeal to the voters, they make a lot of proposals that won't get a majority or that aren't actually feasible to do just for appearances. Saying there's nothing to be done is never appealing, even when it's the truth.
Re: (Score:2)
The goal of politicians is to appeal to the voters
Exactly. They scream this is for the pedophiles and terrorists to appeal to the emotional reaction, then high five each other when the electorate realizes the politicians were talking about the entire population.
Politicians need to be reined in (Score:5, Insightful)
I'll tell you what's sad. It's sad that Apple hasn't got the balls to say "if you do this, we will no longer make or sell any products subject to these insecurities in your country."
If politicians are not prevented by economic and other (legal, not suggesting otherwise) means from destroying liberty, they will do so - because they are, for the most part, powerful and often rich, and this kind of behavior inevitably makes them more so.
Either we prevent that result, or we prevent the action that leads to that result — otherwise our liberties will continue to erode in favor of benefits for the rich and/or powerful.
Re: (Score:2)
They are betting that their customers in the rest of the world won't figure out that if Apple can subvert iPhone security to satisfy one country, they will probably subvert it everywhere to make things easy.
Re: (Score:3)
It's sad that Apple hasn't got the balls to say
Otherwise known as a net win for the government, a net loss for Apple and a net loss for the people. Every time someone suggests some company should "have balls" to completely pull out of a market that person completely ignores the actual impacts and how no government ever calls a bluff, or even gives a shit when it isn't just a bluff.
Re: (Score:2)
I'll tell you what's sad. It's sad that Apple hasn't got the balls to say "if you do this, we will no longer make or sell any products subject to these insecurities in your country."
Who says they won’t? It’s immature to threaten the nuclear option at the first whiff of trouble, particularly when you’d rather be on good terms with the other party. Instead, you call them out for their misdeeds and ask them to fix it on their own first, that way everyone can save face.
Re: (Score:2)
Anyone and everyone in tech understands the nature of encryption. It's so sad that politicians don't.
Like a hammer, the politician's only tool is law.
At some point, some government is going to pass a shitty version of this law, and then, the real show down begins.
As Australia does not have a bill of human rights this law is being trialed here to see if it can be passed in the UK,US,NZ and Canada, so the real showdown is now. If you are in one of these countries then this law will be heading your way next if it is passed in Australia.
My advice to you, if you are in one of these countries is to examine the law for yourself. It seems to be crafted well enough to avoid constitutional objections of the US and UK.
Re: (Score:2)
Re: (Score:1)
Nice cherry picking there. Us Whites take the lead in almost every other category (go us!). Using the statistics you provided, there were about 5k murders attributed to Black people, and literally over a million other violent crimes committed by White people. Sounds like we're actually safer with Black people!
Try correlating with economic level or other relevant factors if you want accurate answers- if you just want data that supports your conclusions, keep doing what you're doing so well.
Australia has terrorists? (Score:1)
Or just an aspiring police state like everywhere else?
Re: (Score:2)
I thought Australia was colonized by 164000 convicts because they wanted to get away from the authorities?
Re: (Score:2)
If a guy holding people hostage in a Cafe, waiving terrorist flags around and making claims about ties to Islamic State counts as a terrorist attack, Australia absolutely does have terrorists.
Sure apple (Score:3, Insightful)
yet you will roll over for China. I guess the market there is bigger.
Tie my encryption down mate, tie my privacy down (Score:2)
Re: (Score:2, Informative)
Key escrow would result in each device having 2 keys: 1 unique key for you, and 1 unique key held by the device manufacturer (e.g., Apple). Apple's key is different for each device, it's not some "master" key that decrypts all devices. Apple keeps the key in escrow.
If Apple is served with a lawful court order, Apple would provide its key for your device to law enforcement, who would then decrypt your device. Or law enforcement could turn the device over to Apple and Apple could perform the decryption. That'
Re: (Score:2)
How long do you really think it will take before someone with access to the escrow store decides to sell a bunch of keys?
No doubt China would have a list of all the keys they wanted inside a year - and probably not illegally, either.
This is precisely the point that government miss. Fraud committed against ordinary citizens in pursuit of their intelligence objective. Fraud has no impact on the government and they don't care if you are defrauded.
Breaking the Key escrow paradigm (Score:2)
I'm sure that Apple, like Google, has more than one set of master keys. However under this law Apple would be compelled to comply which would then result in law enforcement is all five eyes countries having access to that "key group" under the Echelon agreement. Over time, intelligence agencies would continue to gather and share those keys.
Under this law if an American comes to Australia, the US can request an investigation of that individual and secure keys for key groups in the states. An American cit
Re: (Score:2)
So instead of having to break into 1 million devices most of which contain nothing of value to get a million keys, just break one extremely high value target (Apple's keystore) and get millions of keys.
Re: (Score:2)
Keep in mind, apple got law enforcement requests for data from 500,000 devices [apple.com] just last year, even without the ability to get into many of their devices. And would then have to keep track of, and keep secure the device keys for the 200 million iphones it sells each year.
The more access they have, you would then expect even more requests.
Re: (Score:3)
Actually, there is a third option: unbreakable and useless. And that is the one the Australian Government is going for. They don't want Apple to break encryption. The bill allows the government to force Apple to download spyware to the phone via the autoupgrades, so said spyware can send the data back while it's unencrypted.
The only mystery is why Apple says the bill is ambiguous. It outright says the expect to be able to silently download the app, they e
Cast it in Isildur! (Score:2)
I have a general concern or worry that the existing powerful institutions in our nation aren't accepting the democratic decisions of the nation when we tell them that their plan to break encryption is butt-fucking stupid. That they're simply take another approach and get it in passed elsewhere, so they can utalize Parrallel Construction [wikipedia.org] with their allies to effectively violate the 4th admendment. Case point, both Australia and the USA are part of the 5 eyes [wikipedia.org] intelligence community alliance. This sort of
Re: Cast it in Isildur! (Score:2)
Not really. There are many other pleasant forms of having sex that don't involve a lot of direct contact with feces.
Re: (Score:3)
Exactly! Though you might be interested to know that all of the five eyes countries have had their anti-terrorism acts (like patriot and homeland security) lifted from the Soviet criminal code but go far further than the soviets ever could because our technology is more capable and ubiquitous.
These laws are a complete betrayal of any notion of democracy that our grandfathers fought for in the world wars. This is the stuff they fought against. Our governments don't have to ask for our "Papers Please" b
Terrorists can code too (Score:1)
The encryption libraries are easy to get and just a pinky swear will get you unlimited key length libraries.
Stop selling in Australia (Score:2)
Re: Stop selling in Australia (Score:2)
Apple can then more than make up for the lost sales in Australia with increased sales in China. The PR angle in this is awesome.
Does this really need evidence? (Score:2)
> The government claims that encrypted communications are "increasingly being used by terrorist groups and organized criminals to avoid detection and disruption," without citing evidence
I know it isn't popular to say that a claim should be accepted without evidence, but I think it would be ignorant to assume that more and more terrorist groups and organized criminals are not using encrypted communications.
Re:Does this really need evidence? (Score:5, Insightful)
The government claims that encrypted communications are "increasingly being used by terrorist groups and organized criminals to avoid detection and disruption," without citing evidence
I know it isn't popular to say that a claim should be accepted without evidence, but I think it would be ignorant to assume that more and more terrorist groups and organized criminals are not using encrypted communications.
Isn't it also ignorant to assume that terrorist groups and organized criminals are going to stop using encrypted communications just because somebody passed a law? And that they won't jailbreak their phones, install encryption software that circumvents "back doors", and then the tech companies will still be helpless to assist in any case? It doesn't take a genius to see that one coming.
Re:Does this really need evidence? (Score:4, Insightful)
This is the problem criminals don't follow the laws so yes they could get a phone and install encryption on it that doesn't have a back door but even worse they will absolutely use any weakness in encryption to take advantage of the rest of us.
Same with guns the bad guys don't go to a sporting goods store and buy and register a gun that can be traced they get illegal guns.
Re: Does this really need evidence? (Score:2)
However, it then becomes a no-brainer to find the criminals. Simply search the data stream for encrypted content.
Re: (Score:2)
Everyone will have encrypted traffic. You'd have to search everyonme for encrypted traffic that doesn't decrypt with the escrowed keys. But then you'd have to break the law since there's no way they would be able to get a warrant for everyone all the time.
Add to that, If I understand correctly, the law doesn't cover additional crypto the end user adds, so it wouldn't be illegal.
Re: (Score:2)
Are you saying that online banking and shopping isn't encrypted?
We don't need to fund a study to let us know that a lot of people bank online and shop on amazon and that if the encryption on all of that data was suddenly broken it would be a very bad thing. Laws that intend to weaken encryption make that a very scary possibility.
Re: (Score:2)
Or they'll go back to the good old, reliable, Code Book. "Jean has a long mustache" can mean anything from "Get me some hummus while you're out casing the joint" to "kill the President's Analyst".
Even better, it can mean different things to different people, since not every member of your terrorist organization has to have exactly the same codeb
Re: (Score:3)
Yep, it would be ignorant to assume that. Which is why they aren't assuming it.
The bill doesn't allow them to ask Apple to break encryption. It allows them to force Apple to write some spyware for them, download via auto upgrades to any device they nominate, force Apple to make said spyware undetectable to the user or virus scanners, and says th
Re: (Score:2)
> The government claims that encrypted communications are "increasingly being used by terrorist groups and organized criminals to avoid detection and disruption," without citing evidence
I know it isn't popular to say that a claim should be accepted without evidence, but I think it would be ignorant to assume that more and more terrorist groups and organized criminals are not using encrypted communications.
The point is that the law won't stop those groups as they will simply write their own software and use their own encryption methods. It is the ordinary citizen trying to manage their life that is the target for these laws despite the government's claims to the contrary.
Re: Does this really need evidence? (Score:2)
Actually it will become trivial to find the crooks. They will be the only ones trafficking encrypted messages. Remember, Al Capone was busted for tax evasion.
Re: (Score:2)
And even more ignorant to assume they won't just layer another actually secure crypto system over the tissue paper provided by a compliant phone.
Go back to using banks (Score:2)
We should organise a mass boycott of banking apps in protest.
To pay for anything turn up at you bank and use up the bank's employee's time to make payments.
That should get the message across by proxy.
Governments (five eyes anyway) don't listen to tech companies or the public. They do listen to the money men though.
Re: Go back to using banks (Score:2)
I am definitely in on this 'protest,' I already have no banking apps whatsoever. Every few months I buy another booklet of stamps, and use checks to pay my bills. Why would I carry around a gadget that can be broken into to steal my money?
Australia? LOLzzzz! (Score:1)
As much grandstanding and high handedness they try to do the fact of the matter is that Australia is the bitch of the United States. It's been a known and open fact since the US bent Whitlam over their knee and gave him a spanking.
Australians take it up the ass from the US and their holier than thou attitude is just another shit-scam to try to comfort themselves.
Re: (Score:2)
As much grandstanding and high handedness they try to do the fact of the matter is that Australia is the bitch of the United States. It's been a known and open fact since the US bent Whitlam over their knee and gave him a spanking.
I hate to agree with your trolling truth, but you are right. Whitlam was Australia's Washington and still managed to pass over 200 peices of legislation in the time he had.
The question is what the US uses Australia for? and the answer is to trial methods and laws to subvert US citizens. So whilst you are right to criticise Austalian's many of them aren't willing participants to the US finding ways to rape them and US citizens as a result. So you maybe watching Australian's getting raped now, but your n
Re: Australia? LOLzzzz! (Score:2)
but your next.
What about my next? It's unclear what you meant.
Re: (Score:2)
but your next.
What about my next? It's unclear what you meant.
Fair call. You're next!
apple does not do the same in china (Score:2)
apple does not do the same in china
Re: apple does not do the same in china (Score:2)
Australia is an English speaking country where Apple's virtue signaling measures can be transmitted back to the US without even needing translation. China? Not so much.
Talking points for people who need them (Score:2)
After my initial submission to parliament [slashdot.org] I've continued to analyze this Bill. My friends are interested in this however many of them didn't know what they could do, so I wrote this for them, detailing progress so far. I hope this helps anyone else trying to fight this really bad law.
Greetings Friends,
Thank you all for your good will and support in replying to my first email. Thank you for tolerating a mass email. Considering some of the question I got back I thought I would update you all about
Re: (Score:1)
It's full title is "Telecommunications and Other Legislation Amendment (Assistance and Access) Bill". The "other legislation" bit means that, in the future, other online services can be forced to install a back-door.
I've read most of the legislation draft, and if you read division 7 it says:
Division 7 — Limitations 317ZG Designated communications provider must not be required to implement or build a systemic weakness or systemic vulnerability etc.
(1) A technical assistance notice or technical capability notice must not have the effect of:
a requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or
b preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection.
(2) The reference in paragraph 1 a to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to implement or build a new decryption capability in relation to a form of electronic protection.
(3) The reference in paragraph 1 a to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to one or more actions that would render systemic methods of authentication or encryption less effective.
(4) Subsections (2) and (3) are enacted for the avoidance of doubt.
(5) A technical assistance notice or technical capability notice has no effect to the extent (if any) to which it would have an effect covered by paragraph
Wouldn't that mean that they cannot ask companies to build backdoors as that would weaken their systems?
Please use fewer 'junk' characters?? I've had to remove a lot of parenthesis from the legislation, so that's why it looks a little "off".
Re: (Score:2)
Wouldn't that mean that they cannot ask companies to build backdoors as that would weaken their systems?
No. First of all they don't want back door access through flaws, the law is essentially demand individuals and business to give them front door access designed into the hardware and software stack. It is blatant stupidity because it will be impossible for them to protect their systems from being compromised by black hats and eventually organised crime. The Government is proposing powers of such gargantuan scope it will be impossible for them to keep it under control, how imposing and intrusive it is, how
Australia's intelligence overseer frets decryption (Score:2)
Even the government appointed overseer of the government is concerned.
https://www.itnews.com.au/news... [itnews.com.au]
Re: (Score:2)
Even the government appointed overseer of the government is concerned. https://www.itnews.com.au/news... [itnews.com.au]
Thank you!
The bigger picture (Score:1)
Here is mine... pity I sent it before Krebs wrote https://krebsonsecurity.com/20... [krebsonsecurity.com]
This is a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) review of the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018 [0].
Chinese surveillance society [1] offers a chilling vision of a society I never want to live in.
Just as Apple differentiates itself [2] clearly from Google and Facebook by saying we will never sell your data (you aren't the pro
Re: (Score:2)
Thank you!