MENU

Reason.com

Free Minds & Free Markets

Congratulations, Australian Government! You've Just Destroyed the World's Data Privacy!

Parliament passes a bill at the last possible moment to give officials the power to weaken encryption.

Australia snoopingAlexlmx / Dreamstime.comPretty much every single person in the tech industry, human rights circles, and academia warned the Australian government that forcing online platforms to weaken encryption would lead to disastrous results. Nonetheless, lawmakers are pushing forward—and it's not just Australians who will suffer as a result.

Last night, Australia's parliament rushed through the Assistance and Access Bill of 2018 right as their session was coming to a close. The bill gives various government agencies the authority to demand that tech and communication platforms provide them secret bypass routes around encrypted messages.

This is what is known as an encryption "backdoor," and it's a bad idea. Governments insist such tools are needed to fight crime and terrorism. The problem is that an encryption backdoor doesn't care who uses it: If there's a mechanism to bypass privacy security on a communication system, it can be exploited by anybody who knows how. That includes hackers, thieves, officials from authoritarian governments, and all sorts of dangerous people (including, of course, the very government people who insist they're trying to protect us). That's why tech companies have spent years fighting against the idea.

Weak encryption is a threat to the health of any tech platform that involves transferring data, and governments know that. So they insist they're not demanding encryption backdoors while attempting to enact policies that pretty much demand them.

The Assistance and Access Bill won't just grant the Australian government the power to demand that everybody from Facebook to Whatsapp help them bypass security to access private communications. The bill will let officials order companies, through "technical capability notices," to alter their programming to facilitate snooping. And it gives the government the authority to force the tech employees who implement the changes to keep them secret. Break that secrecy, and the employees can face up to five years in jail.

The legislation does state that tech companies cannot be forced to introduce "systemic weaknesses" into a platform's security, but initially the bill didn't even define what that means. Backdoors by their very nature introduce a system weakness. A definition was eventually added but it is less than clear—and given the secrecy involved, how would any outsider know whether these changes introduce a weakness? How could the public possibly trust that officials would back down when a tech company explains that a demand would create a security vulnerability?

The bill presents a worldwide threat to all of our data security. We shouldn't assume that secret surveillance tools forced into an app or online platform will be functional only in Australia. And because of the gag order, companies won't be allowed to tell the public whether it is or not.

For citizens in the U.S., the United Kingdom, New Zealand, and Canada, there's even more to worry about. These five countries have intelligence-sharing agreements. So whatever the Australian government picks up in this secret snooping can be shared with other governments as well, even if those countries themselves forbid such unwarranted surveillance.

Digital Rights Watch has absolutely blasted lawmakers for rushing through the bill at the last moment without considering most of the amendments (173 of them!) that had been proposed:

"The fundamental fact remains that the powers being handed out to law enforcement are ill-informed, badly drafted and a gross overreach," said Digital Rights Watch Chair Tim Singleton Norton.

"This Bill is still deeply flawed, and has the likely impact of weakening Australia's overall cybersecurity, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections. In its very design, it is antithetical to human rights and core democratic principles. Lawmakers are on notice that they will be responsible for the consequences of introducing weaknesses into our digital infrastructure—including adverse consequences borne by everyday people who rely on encryption to go about their daily lives in a digital society."

Despite the complaints about terrorists "going dark," one MP noted that Australia has foiled 11 terror plots since 2014 without this additional authority. Libertarian Australian Sen. David Leyonhjelm (a member of the country's Liberal Democrat Party) critiqued the bill's intrusiveness and the authorities' insistence that legislators needed to rush the bill through by Christmas as though there were some sort of threat looming if they didn't:

Photo Credit: Alexlmx | Dreamstime.com

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  • Fist of Etiquette||

    I thought a long time ago we walled Australia off into the isolated island penal colony it was always meant to be. Let them develop their own proprietary, hole-ridden apps for Down Under to use.

  • Chipper Morning Baculum||

    Does a kangaroo pouch include backdoor access to the joey? Just sayin'.

  • AlmightyJB||

    No one wants to hear about your weird fetishes.

  • Still Curmudgeoned (Nunya)||

    Ignore this. Continue.

  • BambiB||

    Seems simple enough to address. Simply stop doing any sort of digital communication with Australia. No more banking, trade, email...

    Let's see how long their new "law" lasts.

  • steve sturm||

    How do countries such as Australia enforce these laws? How do/can they force a company that's based elsewhere to comply? Is it like China, where the government has the ability to shut down Internet access to sites that don't comply? Levy a fine against the company, but how would that work if the company doesn't have real assets or accounts in the prosecuting country?

  • ||

    Is it like China, where the government has the ability to shut down Internet access to sites that don't comply? Levy a fine against the company, but how would that work if the company doesn't have real assets or accounts in the prosecuting country?

    The means are varied and depend on the visibility of the target site or business. China isn't the only country capable of doing something like this, they're just the one that does it consistently as policy. It's widely known that Joe Lieberman's, the Homeland Security Chair, staff contacted Amazon, Paypal, Visa, and Mastercard shortly before those platforms 'chose' to boot Wikileaks off their client list.

    Torrent sites of all kinds are subject to domain seizures, blocking from search indexes, and filtering by ISPs at the behest of any number of governments.

  • BYODB||


    It's widely known that Joe Lieberman's, the Homeland Security Chair, staff contacted Amazon, Paypal, Visa, and Mastercard shortly before those platforms 'chose' to boot Wikileaks off their client list.


    Haha, remember when it was discovered that the government had direct links into all telecommunications? Haha. Remember how nothing happened as a result of that discovery? Ha.

    Room 641A

    Please, tell me more about how anything anywhere is 'safe' from government snooping. Keep in mind, this is just one of the examples we actually know about.

  • Diane Reynolds (Paul.)||

    How do countries such as Australia enforce these laws? How do/can they force a company that's based elsewhere to comply? Is it like China, where the government has the ability to shut down Internet access to sites that don't comply?

    Yes.

  • steve sturm||

    How do countries such as Australia enforce these laws? How do/can they force a company that's based elsewhere to comply? Is it like China, where the government has the ability to shut down Internet access to sites that don't comply? Levy a fine against the company, but how would that work if the company doesn't have real assets or accounts in the prosecuting country?

  • SQRLSY One||

    They will take hostage, the CEOs and CFOs and other employees of other nations' tech companies, just as the USA is now doing to the CFO of a Chinese tech company.

    http://www.foxnews.com/world/c.....xpert-says

    Huawei CFO Meng Wanzhou's arrest may prompt China to retaliate, 'take hostages,' expert says

    All nations are soon going to want to be economic and tech dictators of the whole world! And Trump led the way!!!

  • BYODB||

    Trump didn't lead the way to shit on that front, for that we should probably thank the Bush administration and 9/11.

  • SQRLSY One||

    Bush and 9-11 are doubtlessly partly to blame, IMHO... However, Trump is to be blamed fair and square for a huge chunk of this. USA and others agreed with Iran that Iran was doing enough (de-nuking-wise) to be cut a trade break. Trump violated that unilaterally (shit on our international partners to the deal). Exactly that, trade with Iran, is at the root of the USA taking Huawei CFO Meng Wanzhou hostage. USA pushing and shoving others around is NOT going to end well! We are becoming the Evil Empire, and others will gang up and push back.

  • BYODB||

    The USA agreed to nothing, the executive decided unilaterally that was what he was going to do in violation of actual treaties. The Senate, last I checked, signed off on nothing therefore no treaty existed and therefore no agreement.

    If you think pushing and shoving Iran is a bad thing, I must wonder what you think they would have done in the region absent American interference.

  • BYODB||

    And, just as an aside, I'm no fan of intervening in the Middle East but notably not getting involved wasn't on the table under a supposedly anti-war Democrat either so that option was a fantasy.

    Trump, for all his shitty idea's, hasn't even begun to approach Bush or Obama in feckless foreign intervention. Recall, for example, that it was Obama that wanted to 'reset' relations with Russia. How'd that work out again? Oh, right, they're back as the boogieman of Hollywood if you've watched any television recently. The cold war is back on! And no, that has nothing to do with Trump and everything to do with Democrats.

    So, sure, I guess if you consider the possibility of another cold war a good thing that Obama has nothing to answer for and it's all Trump's fault.

  • SQRLSY One||

    As we turn non-American (overseas) businesses (and banks and bank employees especially) into USA criminals, threatening to take them hostage if they travel to the USA or an allied nation like Canada, we can expect more and more push-back.

    http://www.scmp.com/news/china.....eas-office
    Moscow and Beijing join forces to bypass US dollar in world money market
    Move seen as small step towards monetary alliance to bypass US dollar in the global monetary system

    "international banks bypassing US regulations news" makes a good search string. There's tons of this stuff out there... Everything has a price, and Trump trying to be the Big Bully on the Block will bite us in the ass, good and hard, one of these days.

  • BYODB||

    I think the last thing we need to worry about in terms of a Russian/Chinese economic merger is our economic situation.

  • Progressives||

    Let's be more like Australia!

  • Ken Shultz||

    "We shouldn't assume that secret surveillance tools forced into an app or online platform will be functional only in Australia. And because of the gag order, companies won't be allowed to tell the public whether it is or not."

    This is where open source comes into play.

    I suspect some of my fellow libertarians are suspicious of open source because proprietary sounds more property rights centered and capitalist. Whatever else open source means to you, it should also mean that anybody and everybody can look at the code to see what's in it. If the code is hidden, people will see that part of the code is hidden. If it's got a backdoor out in the open, people will jump all over each other to be the first to alert the rest of the sane world.

    As part of your libertarian responsibility to protect your own privacy (like saving for your own retirement or paying for your own kids), you should be migrating to open source software for anything privacy related anyway.

  • Diane Reynolds (Paul.)||

    I suspect some of my fellow libertarians are suspicious of open source because proprietary sounds more property rights centered and capitalist

    Maybe. I suspect open, federated systems are going to come back into vogue because of the two-pronged attack web users are suffering: Governments that want access to your data, and censor/ban-happy corporations that can deplatform and unperson you if you don't comply with their impossibly vague and broad terms-of-service.

  • Overt||

    While I agree, Open Source has long remained difficult to work with for your average consumer.

    I have no problem downloading a bunch of source and compiling it, but how many people can say that? The natural equilibrium is for people to rely on service providers as an intermediary.

    My company relies a lot on OS software- including Node.JS, kubernetes, docker, apache, and others. But once we have installed it, we could be modifying it for any reason including government mandate. Heck, android is open source, and yet nearly no one runs a mobile device running their own build. The vast majority are running some build provided by the maker which could be modified under the authority of this law. Even under a federated system, it would be almost impossible to guarantee that another site you are visiting is running an un-modified version of some OS platform- indeed, it is often these modifications that make one provider more desirable than others.

    Maybe there is some room for Open Source here. Certainly, if there were an open source initiative made to make everything from OS all the way up to package and application management super simple for consumers, it would be a game changer. But then, what about the hardware? The government can demand back doors in the hardware. What about data centers? Unless we are all running our super federated service stack- from social media to accounting- on open source servers under our desk, these laws are still a problem.

  • Ken Shultz||

    "The Assistance and Access Bill won't just grant the Australian government the power to demand that everybody from Facebook to Whatsapp help them bypass security to access private communications.

    I know this wasn't Shackford's point, but anybody who expects privacy from Facebook is ignorant. Anybody who expects privacy from Whatsapp is being hoodwinked.

    Whatsapp founders resigned from Facebook and left in disgust because Zuckerberg wanted to mine Whatsapp users' data. If you're using Whatsapp for privacy reasons, the question you should ask yourself is: "What do I know about privacy in Whatsapp that the founders of Whatsapp don't know?" The second Facebook bought Whatsapp, you should have run for the hills.

    I recommend Signal. It's open source. Does SMS, too.

    http://en.wikipedia.org/wiki/Signal_(software)

  • mtrueman||

    Ken, you surprise me. I never took you to be anything but a windose user. But I second your opinions expressed here.

  • Diane Reynolds (Paul.)||

    but a windose user.

    Wow, you just gave me a drug flashback to the 90s.

  • mtrueman||

    I was always a blotter man.

  • BYODB||

    I took acid hoping that the flashbacks would be like a free future dose. Boy, was I disappointed. Still haven't had one.

  • mtrueman||

    An internet search revealed the following tidbit from the microsoft.com website:

    Q: Does Windose 10 have a backdoor?

    A: It's not a backdoor because by installing it you are agreeing to the privacy policy.

  • Diane Reynolds (Paul.)||

    Assume all microsoft products (and many others including Apple) employ a back door.

  • ||

    A: It's not a backdoor because by installing it you are agreeing to the privacy policy.

    This occurred to me with a 'mandatory' backdoor. The term backdoor implied surreptitiousness. Not everyplace has them, only trusted people really use them, and the general idea is that there's security there in place to make sure only the right people are there using it.

    If it's ubiquitous by mandate for safety then everybody knows about it and if no security is necessarily watching it, it's more like a fire escape.

  • Dillinger||

    sad Australia's leading the charge to authority-state ...

  • BYODB||

    They'll do what they did in China, parallel but separate systems with this system being basically under government control.

  • ||

    "For citizens in the U.S., the United Kingdom, New Zealand, and Canada, there's even more to worry about. These five countries have intelligence-sharing agreements. So whatever the Australian government picks up in this secret snooping can be shared with other governments as well, even if those countries themselves forbid such unwarranted surveillance."

    If we care what they did is over reach and just a bad idea, then kick them out of the agreement, no?

    "And it gives the government the authority to force the tech employees who implement the changes to keep them secret. Break that secrecy, and the employees can face up to five years in jail."

    Of course, what's a coercive law without the threat of ruining lives for their own nefarious stupidity?

  • Juice||

    I never understood the 5 Eyes thing. It's as if the US never actually became an independent country.

  • mtrueman||

    With Diffie Hellman key exchange or RSA encryption the starting point, for professional level encryption, is a prime number as much as 300 digits in length. Anybody know how does one come up with such a number? With a guarantee of privacy as well? I assume there are books published with lists of prime number candidates that code breakers could consult. My own experience with encryption is limited to mucking about with pedagogical examples using 2 digit primes.

  • Diane Reynolds (Paul.)||

    There's not much encryption being cracked-- except for older, faulty systems. That's why governments want back doors, they're essentially admitting they're being beaten by encryption. Most hackers and malicious actors don't break encryption either, they attack the edges. Always keep your eye on the edges.

  • ||

    That's why governments want back doors, they're essentially admitting they're being beaten by encryption.

    Competitively beaten by encryption.

  • Still Curmudgeoned (Nunya)||

    Also why it isn't a shock that the last new encryption I heard about from the NSA was found to be not entirely unreversible.

  • The Last American Hero||

    It would be nice if some of the leading tech companies that claim to care about privacy would simply shut down any of their sites with the .au at the end of it. A week long boycott would probably be enough to slap some sense into these people.

    Alternatively, they could just effectively banhammer any politician that voted for this nonsense. Deplatform them all and watch them run back to the capitol to repeal the bill.

  • AlmightyJB||

    Or if all of the users boycotted all sites that comply.

  • Sevo||

    "...officials from authoritarian governments,..."

    And there are no other sorts.

  • esteve7||

    just ignore the bloody convicts

  • DaveSs||

    Considering that there are multiple open source encryption programs, the budding Australian terrorist or criminal need only download one of said programs, encrypt their messages, files, etc then transmit them via the now compromised corporate systems.

  • a ab abc abcd abcde abcdef ahf||

    I believe one of their prime ministers thundered something to the effect that mathematical laws did not apply in Australia.

  • DamnDirtyApe||

    Gag order, schmag order. Hackers will quickly tell us what is vulnerable.

  • Juice||

    Quantum computing will render all this moot within a decade anyway.

  • Still Curmudgeoned (Nunya)||

    We said this a decade ago. Also still waiting for my crystal and DNA based storage. And where is my ATM to the desktop!

  • Carter Mitchell||

    How would the morons in Australia get jurisdiction over a Facebook employee working in San Fransisco? They could certainly block those platforms in Australia, and they're not such a big market that FB or anyone else would even notice.

    Tell 'em to fold their asinine law until it's all corners then stick it where the sun don't shine.

  • mr siegel||

    Thank you for your timely comment on our rather weird goings on down under. We need to bear in mind that Australia has an election due within 6 months and the government is around 10 points down. The governing party believes it has an advantage in 'security' matters and the opposition is trying to prevent them obtaining any electoral leverage. I suspect that when confronted with the realities of enforcement after the election it will fade away.

    I would caution you however about granting Sen Leyonhjelm libertarian status without a little more research (you could start by googling 'Leyonhjelm - young brown men'). Also the use of 'liberal democratic' in his party name is on a par with 'people's democratic' in that of a nation.

  • mulp||

    Conservatives have proved that having no plan that can be written into law is the only winning political strategy.

    Obama took the GOP plan Mitt Romney made law in Massachusetts and turned it into Federal law and now the GOP rejscts their own plan because iits law, and the only plans conservatives and the GOP supports are those that can never be written into law, which is what it means to actually have a plan.

  • ||

    I essentially started three weeks past and that i makes $385 benefit $135 to $a hundred and fifty consistently simply by working at the internet from domestic. I made ina long term! "a great deal obliged to you for giving American explicit this remarkable opportunity to earn more money from domestic. This in addition coins has adjusted my lifestyles in such quite a few manners by which, supply you!". go to this website online domestic media tech tab for extra element thank you .
    www.geosalary.com

GET REASON MAGAZINE

Get Reason's print or digital edition before it’s posted online