Cause the way I read it, if developers find a decryptor (not actually a decryptor) in their software, then the government can't stop them from squashing the security flaw that enables it.
Haven't read the amendments though.
But this whole thing is idiots being informed by techos, so the thing that the idiots want to do isn't being done (though the police appreciate the extra coercive powers to force companies to assist them cracking devices), and then all the idiots are arguing about the thing that isn't happening because it scores then political points.
So we are governed by idiots, but their goals are unacheivable, and you should be no more concerned about your privacy than you already are, which is to say very concerned.
The Attorney-General Christian Porter has just held a candid press conference. He has all but given up on the encryption laws passing Federal Parliament, saying they've been used as a political pawn on the final sitting day of the year.
Just last night, Coalition and Labor agreed to amendments and Mr Porter said he was delighted that they would become law before Christmas, as desired by intelligence agencies. Well, that Christmas gift hasn't eventuated.
Get fucked.
For context, the bill died in the Senate as the government was furiously trying (and in the end succeeded) to keep people from Nauru away from getting medical treatment in Australia. The only reason this even failed was the Liberals limiting the number of sitting days. Poetic irony.
As much as I am appalled at the circus surrounding this 'anti-encryption' bill, I should say the liberals' anti-encryption statements about this bill and also to the international cyber-security meet-up that happened earlier this year are detestable and an embarrassment to us all.
I just wish Labor and the Greens would publicly debate the bill on its merits, rather than continuing to air the Libs' anti-encryption nonsense.
And the tech companies are going to be forced to give up techies as 'fairly compensated' labour to the government under the bill, so they've leaned into the nonsense too.
Normal people don't understand encryption though. Its not sexy, its not exciting, and it doesn't make good headlines. I imagine most people have encryption mentally filed away under "nerd shit"; TL;DR
Normal people don't understand encryption though. Its not sexy, its not exciting, and it doesn't make good headlines. I imagine most people have encryption mentally filed away under "nerd shit"; TL;DR
Working in the fibre networking industry from the NBN's inception to its unceremonial destruction was a fucking journey, I tell you what. I have no idea how I retained my sanity after seeing what happened on both sides of that curtain.
Normal people don't understand encryption though. Its not sexy, its not exciting, and it doesn't make good headlines. I imagine most people have encryption mentally filed away under "nerd shit"; TL;DR
It's not an anti-encryption bill though.
It's a We don't want this guy's iPhone to wipe itself bill
And possibly a We want to see who this guy has been messaging on Steam bill.
Normal people don't understand encryption though. Its not sexy, its not exciting, and it doesn't make good headlines. I imagine most people have encryption mentally filed away under "nerd shit"; TL;DR
Working in the fibre networking industry from the NBN's inception to its unceremonial destruction was a fucking journey, I tell you what. I have no idea how I retained my sanity after seeing what happened on both sides of that curtain.
<_<
>_>
I don't know about you, but we attempt to by cultivating cynicism.
Wheelbarrows of the stuff.
Premium grade.
People who don’t know how technology works are making decisions after speaking to people who don’t know how technology works for political point scoring.
For the children...
Shut up, Mr. Burton! You were not brought upon this world to get it!
Do you remember when a core conservative principle was that the interests of the individual were more important than the interests of the government?
When a nanny-state big brother overreach was the purview of the left?
Good times, good times.
Cause there's no way this shit doesn’t get abused.
+1
Options
FencingsaxIt is difficult to get a man to understand, when his salary depends upon his not understandingGNU Terry PratchettRegistered Userregular
edited December 2018
Do we think Alphabet et al will actually follow through? Have any of them commented on the legislation?
Fencingsax on
0
Options
daveNYCWhy universe hate Waspinator?Registered Userregular
From that SBS article.
“We will pass the encryption laws, unsatisfactory as they are, right now,” Mr Shorten said at a surprise press conference on Thursday evening, while the Senate debate continued elsewhere in the building.
Bill Shorten says he will pass encryption bill as it stands “We are not going to sacrifice the security of Australians.”
And I thought the UK had a weaksauce opposition.
Shut up, Mr. Burton! You were not brought upon this world to get it!
Do we think Alphabet et al will actually follow through? Have any of them commented on the legislation?
They will either not comply, citing their home country legislation, or if the government tries to force the issue at the end of the day safe and secure encryption is worth more to these companies than the Australian market.
The victims will ultimately be the Aus tech sector. Any Australian companies are hobbled by this versus international competitors and I have to wonder about the job security of Aussies working here for international companies given now the government has laws that can force them to secretly compromise their employer's security. Hiring Australian workers in the tech industry for anyone that works in encryption is now a potential threat to the integrity of their services.
What does Chris Pyne mean? Is he against it and is saying that Labor voting for it allows terrorists and pedophiles to continue their evil work? Is he for it and was expecting Labor to vote against it?
0
Options
daveNYCWhy universe hate Waspinator?Registered Userregular
What does Chris Pyne mean? Is he against it and is saying that Labor voting for it allows terrorists and pedophiles to continue their evil work? Is he for it and was expecting Labor to vote against it?
The latter.
Shut up, Mr. Burton! You were not brought upon this world to get it!
What does Chris Pyne mean? Is he against it and is saying that Labor voting for it allows terrorists and pedophiles to continue their evil work? Is he for it and was expecting Labor to vote against it?
He was following the party line that Labor were supporting the Bad Guys by not passing the bill (to be more technical, pushing the Nauru issue at the expense of the other bill's time for debate). When Shorten <infraction worthy terms here> and agreed to the bill, Pyne deleted it.
Do we think Alphabet et al will actually follow through? Have any of them commented on the legislation?
They've leaned into the anti-encryption bit where complying will destroy the internet.
But I think they also said 'We don't want you stealing our tech workers for your anti-crime units' and that a non-tech judge is going to have a hard time determining what constitutes a reasonable request.
In any case, I think they'll both work with authorities where a reasonable request is made (help disable the hard drive wipe on this phone) and also provide a lot of not much if called upon to downgrade security or provide data that they don't already have.
The secrecy around this works both ways I think, where law enforcement obviously benefits but tech companies also don't lose control of any proprietary tech that they share with agencies.
Do we think Alphabet et al will actually follow through? Have any of them commented on the legislation?
They've leaned into the anti-encryption bit where complying will destroy the internet.
But I think they also said 'We don't want you stealing our tech workers for your anti-crime units' and that a non-tech judge is going to have a hard time determining what constitutes a reasonable request.
In any case, I think they'll both work with authorities where a reasonable request is made (help disable the hard drive wipe on this phone) and also provide a lot of not much if called upon to downgrade security or provide data that they don't already have.
The secrecy around this works both ways I think, where law enforcement obviously benefits but tech companies also don't lose control of any proprietary tech that they share with agencies.
Unless the law is changed, eventually you'll get a politician pushing on this in order to score points, or even worse, there's a case involving some terrorism, an attractive missing woman and/or kids. Pyne's tweet made it pretty clear what will eventually happen to a tech company dealing with this law. Inevitably they'll be on the receiving end of a "Why are you pro-(terrorism/pedophile)?" attack, and then they're stuck in a no-win situation.
Shut up, Mr. Burton! You were not brought upon this world to get it!
So running down why I'm not overly concerned about this bill:
The bill prevents the government from requesting systemic weaknesses being built into programs. So they can't force companies to serve a malicious app to everyone.
They could force companies to serve a malicious app to one target person though.
But... Then you just look at the MD5 hash (or other has signature) of the app. This is the signature of the app that verifies it is legitimate and from the website that you just downloaded it from.
Whilst the company could duplicate everything else, the benign app would have a different MD5 hash to the benign app with added backdoor.
So as long as everyone is aware of what the right hash should be, you can just calculate what the hash of the file in front of you is before you install it.
You could keep going deeper, and have a fake store page that only serves to the target the malicious app and has the wrong hash on it, but now you're hoping they don't compare notes with other people, and that you can identify them.
And if you are identifying people on a non-case-by-case basis, what happens if someone puts a non-target into the target list and then listens into the government's info collection channel?
All this machinery for specifically targeting limited individuals on a warrant basis seems infeasible, and should also be ruled out as impractical by the bill and judge overseeing the secret warrants.
So I don't think this will ever be done, especially as benign app + backdoor has to be kept updated in line with the actual app to be effective. May as well just serve actual malware instead of, or as well as, the app itself. And get detected by Antivirus etc.
This also doesn't acheive the objective of cracking into a phone, which is the stated example provided with the bill.
So all I think will be asked to be provided by tech companies is first, designs relating to hardware security mechanisms, which could be bypassed physically, granting repeated easier attempts at brute forcing the encrypted data, and second, any data the companies already have or should have, like metadata about who is sending messages to whom, even if the messages are encrypted and the company doesn't usually store that data after its use.
It should be noted, passwords or password hashes can already be requested from companies through another, already passed, bill. And presumably other non-encrypted data.
So running down why I'm not overly concerned about this bill:
The bill prevents the government from requesting systemic weaknesses being built into programs. So they can't force companies to serve a malicious app to everyone.
They could force companies to serve a malicious app to one target person though.
But... Then you just look at the MD5 hash (or other has signature) of the app. This is the signature of the app that verifies it is legitimate and from the website that you just downloaded it from.
Whilst the company could duplicate everything else, the benign app would have a different MD5 hash to the benign app with added backdoor.
So as long as everyone is aware of what the right hash should be, you can just calculate what the hash of the file in front of you is before you install it.
You could keep going deeper, and have a fake store page that only serves to the target the malicious app and has the wrong hash on it, but now you're hoping they don't compare notes with other people, and that you can identify them.
And if you are identifying people on a non-case-by-case basis, what happens if someone puts a non-target into the target list and then listens into the government's info collection channel?
All this machinery for specifically targeting limited individuals on a warrant basis seems infeasible, and should also be ruled out as impractical by the bill and judge overseeing the secret warrants.
So I don't think this will ever be done, especially as benign app + backdoor has to be kept updated in line with the actual app to be effective. May as well just serve actual malware instead of, or as well as, the app itself. And get detected by Antivirus etc.
This also doesn't acheive the objective of cracking into a phone, which is the stated example provided with the bill.
So all I think will be asked to be provided by tech companies is first, designs relating to hardware security mechanisms, which could be bypassed physically, granting repeated easier attempts at brute forcing the encrypted data, and second, any data the companies already have or should have, like metadata about who is sending messages to whom, even if the messages are encrypted and the company doesn't usually store that data after its use.
It should be noted, passwords or password hashes can already be requested from companies through another, already passed, bill. And presumably other non-encrypted data.
You really don't want to be using MD5 to make your point there. Generating MD5 collisions is trivially easy these days.
...
(Super Ultra) Border Force only just got their 2014? 2013? Enterprise Bargaining Agreement through arbitration earlier this year too.
One would think you wouldn't need to slash staff after putting them all on a pay freeze for 4+ years, but here we are.
(You would also think the amalgamation may cut down on administration costs and administrative jobs, but assuming HR system 1 can be merged into HR system 2 without a major project seems flawed)
"If the Labor Party and the Greens want to have more women in the Liberal Party, what they should have done is not defeated them, that would have been a very good thing if they hadn't run against our women," Mr Finn said.
Watching ABC Insiders on Sunday, with the talking heads reviewing the (non) votes before adjourning for the hols.
Don't know who the lady was they had on the panel, but during the Religious Schools/anti-discrimination discussion she started waffling on about how "if religious schools aren't allowed to teach the tenets of marriage being only between a man and a woman, then what will be the difference between a religious school and a non-religious school?"
To which I reply:
1) 99.99% of the bible isn't about marriage, how about teaching some of those values instead? If the only tenet of any worth in your faith is the definition of marriage, then I would question the values your faith is teaching.
2) Why are these schools teaching such a narrow-minded definition of marriage in the first place? What life education does it give to students?
Do not steal - good advice.
Do not bear false witness - also pretty solid for keeping out of trouble.
Love thy neighbour - I wish some of these religious schools would pay more attention to this one.
Marriage is between a man and woman only? Right up there with memorising last election's liberal party manifesto for how much value it's going to give to students.
Fortunately the segment redeemed itself by concluding with an excellent Doctor Who satire: https://youtu.be/8_oyQl-nyqc
For those not following. The vote counting in Victoria isn't quiet done but things seem fairly well locked down.
Out of 88 seats, Labor has 55 compared to Lib/Nats 27/28 (ABC says 27, The Age 28). 3 for the Greens and 3/2 independents (Again ABC and The Age)
Liberals held Ripon by a grand total of 15 Votes. But they did lose Hawthorn meaning John Pesutto (The guy who found out he was losing on live tv) is officially gone. Guy has quit and the new Opposition leader is Michael O'Brien a guy I know nothing about but there is this gem from his Wikipedia page.
In 2011 the Victorian Government proposed changing the Gaming Regulation Act to make it an offence to insult the Minister. The Opposition responded by calling him "Windscreens O'Brien - because this proves he's got a glass jaw"
As for the Legislative council. The Reason party seems to have just scrapped in. So out of 40 seats we now have.
Labor 18 (Up from 14)
Liberals + Nats 11 (down from 16)
Greens 1 (down from 5)
Derryn Hinch's Justice Party 3
Shooters, Fishers and Farmers 1
Animal Justice Party 1
Liberal Democrats 2
Reason Party 1
Sustainable Australia 1
Transport Matters 1
Due to the shenanigans of the "preference whisperer" (long story short a guy basically organised a bunch of preference deals that got the minor parties far more traction then they would usually get. Hence why the Greens have been destroyed) we now have a pretty huge cross bench. The downside is there are a bunch of kooks in there. The upside is they are diverse enough that the kooks shouldn't have much power. I just hope Labor doesn't take the easy route and give Hinch a bunch of stuff to get that 3 vote block on side.
Probably best that we not reveal this person's name in this thread either since the point of the gag order is that the individual is facing another trial in March, and if their identity were widely known it could prejudice the jury and cause a mistrial.
Details also came out today about that Iranian soccer player we gave refuge to.
He applied for a visa to go to Thailand on holiday, then the same day it was approved the Foreign Affairs ministry/AFP sent a notice to Thailand saying that he would be heading their way and had an international arrest warrant out for him by Iran.
The crime he was convicted of (after he became a refugee here) in Iran was committed at a time when he was on live television playing soccer.
Posts
Did they even read it?
Cause the way I read it, if developers find a decryptor (not actually a decryptor) in their software, then the government can't stop them from squashing the security flaw that enables it.
Haven't read the amendments though.
But this whole thing is idiots being informed by techos, so the thing that the idiots want to do isn't being done (though the police appreciate the extra coercive powers to force companies to assist them cracking devices), and then all the idiots are arguing about the thing that isn't happening because it scores then political points.
So we are governed by idiots, but their goals are unacheivable, and you should be no more concerned about your privacy than you already are, which is to say very concerned.
Get fucked.
For context, the bill died in the Senate as the government was furiously trying (and in the end succeeded) to keep people from Nauru away from getting medical treatment in Australia. The only reason this even failed was the Liberals limiting the number of sitting days. Poetic irony.
Old PA forum lookalike style for the new forums | My ko-fi donation thing.
Then they themselves decided to pack up and go home for the day rather than pass a motion to extend the sitting. Have some goddamn shame.
Old PA forum lookalike style for the new forums | My ko-fi donation thing.
I just wish Labor and the Greens would publicly debate the bill on its merits, rather than continuing to air the Libs' anti-encryption nonsense.
And the tech companies are going to be forced to give up techies as 'fairly compensated' labour to the government under the bill, so they've leaned into the nonsense too.
Working in the fibre networking industry from the NBN's inception to its unceremonial destruction was a fucking journey, I tell you what. I have no idea how I retained my sanity after seeing what happened on both sides of that curtain.
Old PA forum lookalike style for the new forums | My ko-fi donation thing.
It's not an anti-encryption bill though.
It's a We don't want this guy's iPhone to wipe itself bill
And possibly a We want to see who this guy has been messaging on Steam bill.
<_<
>_>
I don't know about you, but we attempt to by cultivating cynicism.
Wheelbarrows of the stuff.
Premium grade.
For the children...
Labor signed the paperwork. None of the late amendments were in it. Pyne tweeted this just beforehand
God, fuck everything.
Old PA forum lookalike style for the new forums | My ko-fi donation thing.
That's one hell of a URL.
When a nanny-state big brother overreach was the purview of the left?
Good times, good times.
Cause there's no way this shit doesn’t get abused.
And I thought the UK had a weaksauce opposition.
They will either not comply, citing their home country legislation, or if the government tries to force the issue at the end of the day safe and secure encryption is worth more to these companies than the Australian market.
The victims will ultimately be the Aus tech sector. Any Australian companies are hobbled by this versus international competitors and I have to wonder about the job security of Aussies working here for international companies given now the government has laws that can force them to secretly compromise their employer's security. Hiring Australian workers in the tech industry for anyone that works in encryption is now a potential threat to the integrity of their services.
Bravely Default / 3DS Friend Code = 3394-3571-1609
The latter.
He was following the party line that Labor were supporting the Bad Guys by not passing the bill (to be more technical, pushing the Nauru issue at the expense of the other bill's time for debate). When Shorten <infraction worthy terms here> and agreed to the bill, Pyne deleted it.
Old PA forum lookalike style for the new forums | My ko-fi donation thing.
They've leaned into the anti-encryption bit where complying will destroy the internet.
But I think they also said 'We don't want you stealing our tech workers for your anti-crime units' and that a non-tech judge is going to have a hard time determining what constitutes a reasonable request.
In any case, I think they'll both work with authorities where a reasonable request is made (help disable the hard drive wipe on this phone) and also provide a lot of not much if called upon to downgrade security or provide data that they don't already have.
The secrecy around this works both ways I think, where law enforcement obviously benefits but tech companies also don't lose control of any proprietary tech that they share with agencies.
Unless the law is changed, eventually you'll get a politician pushing on this in order to score points, or even worse, there's a case involving some terrorism, an attractive missing woman and/or kids. Pyne's tweet made it pretty clear what will eventually happen to a tech company dealing with this law. Inevitably they'll be on the receiving end of a "Why are you pro-(terrorism/pedophile)?" attack, and then they're stuck in a no-win situation.
The bill prevents the government from requesting systemic weaknesses being built into programs. So they can't force companies to serve a malicious app to everyone.
They could force companies to serve a malicious app to one target person though.
But... Then you just look at the MD5 hash (or other has signature) of the app. This is the signature of the app that verifies it is legitimate and from the website that you just downloaded it from.
Whilst the company could duplicate everything else, the benign app would have a different MD5 hash to the benign app with added backdoor.
So as long as everyone is aware of what the right hash should be, you can just calculate what the hash of the file in front of you is before you install it.
You could keep going deeper, and have a fake store page that only serves to the target the malicious app and has the wrong hash on it, but now you're hoping they don't compare notes with other people, and that you can identify them.
And if you are identifying people on a non-case-by-case basis, what happens if someone puts a non-target into the target list and then listens into the government's info collection channel?
All this machinery for specifically targeting limited individuals on a warrant basis seems infeasible, and should also be ruled out as impractical by the bill and judge overseeing the secret warrants.
So I don't think this will ever be done, especially as benign app + backdoor has to be kept updated in line with the actual app to be effective. May as well just serve actual malware instead of, or as well as, the app itself. And get detected by Antivirus etc.
This also doesn't acheive the objective of cracking into a phone, which is the stated example provided with the bill.
So all I think will be asked to be provided by tech companies is first, designs relating to hardware security mechanisms, which could be bypassed physically, granting repeated easier attempts at brute forcing the encrypted data, and second, any data the companies already have or should have, like metadata about who is sending messages to whom, even if the messages are encrypted and the company doesn't usually store that data after its use.
It should be noted, passwords or password hashes can already be requested from companies through another, already passed, bill. And presumably other non-encrypted data.
You really don't want to be using MD5 to make your point there. Generating MD5 collisions is trivially easy these days.
(Super Ultra) Border Force only just got their 2014? 2013? Enterprise Bargaining Agreement through arbitration earlier this year too.
One would think you wouldn't need to slash staff after putting them all on a pay freeze for 4+ years, but here we are.
(You would also think the amalgamation may cut down on administration costs and administrative jobs, but assuming HR system 1 can be merged into HR system 2 without a major project seems flawed)
Don't know who the lady was they had on the panel, but during the Religious Schools/anti-discrimination discussion she started waffling on about how "if religious schools aren't allowed to teach the tenets of marriage being only between a man and a woman, then what will be the difference between a religious school and a non-religious school?"
To which I reply:
1) 99.99% of the bible isn't about marriage, how about teaching some of those values instead? If the only tenet of any worth in your faith is the definition of marriage, then I would question the values your faith is teaching.
2) Why are these schools teaching such a narrow-minded definition of marriage in the first place? What life education does it give to students?
Do not steal - good advice.
Do not bear false witness - also pretty solid for keeping out of trouble.
Love thy neighbour - I wish some of these religious schools would pay more attention to this one.
Marriage is between a man and woman only? Right up there with memorising last election's liberal party manifesto for how much value it's going to give to students.
Fortunately the segment redeemed itself by concluding with an excellent Doctor Who satire:
Out of 88 seats, Labor has 55 compared to Lib/Nats 27/28 (ABC says 27, The Age 28). 3 for the Greens and 3/2 independents (Again ABC and The Age)
Liberals held Ripon by a grand total of 15 Votes. But they did lose Hawthorn meaning John Pesutto (The guy who found out he was losing on live tv) is officially gone. Guy has quit and the new Opposition leader is Michael O'Brien a guy I know nothing about but there is this gem from his Wikipedia page.
As for the Legislative council. The Reason party seems to have just scrapped in. So out of 40 seats we now have.
Labor 18 (Up from 14)
Liberals + Nats 11 (down from 16)
Greens 1 (down from 5)
Derryn Hinch's Justice Party 3
Shooters, Fishers and Farmers 1
Animal Justice Party 1
Liberal Democrats 2
Reason Party 1
Sustainable Australia 1
Transport Matters 1
Due to the shenanigans of the "preference whisperer" (long story short a guy basically organised a bunch of preference deals that got the minor parties far more traction then they would usually get. Hence why the Greens have been destroyed) we now have a pretty huge cross bench. The downside is there are a bunch of kooks in there. The upside is they are diverse enough that the kooks shouldn't have much power. I just hope Labor doesn't take the easy route and give Hinch a bunch of stuff to get that 3 vote block on side.
So Scomo is pretty much fishing for a tampa crisis he thinks will work to wedge labor as an election issue.
https://www.smh.com.au/business/companies/i-don-t-see-any-evidence-minister-rejects-ceos-carbon-price-push-20181212-p50lo9.html
Even mining companies are pushing for a carbon price, but the Liberal Party knows better
https://www.smh.com.au/national/victoria/why-the-media-is-unable-to-report-on-a-case-that-has-generated-huge-interest-online-20181212-p50lta.html
Probably best that we not reveal this person's name in this thread either since the point of the gag order is that the individual is facing another trial in March, and if their identity were widely known it could prejudice the jury and cause a mistrial.
Its totally who you think it is though.
He applied for a visa to go to Thailand on holiday, then the same day it was approved the Foreign Affairs ministry/AFP sent a notice to Thailand saying that he would be heading their way and had an international arrest warrant out for him by Iran.
The crime he was convicted of (after he became a refugee here) in Iran was committed at a time when he was on live television playing soccer.