Australia passes encryption breaking laws

[demonyaa]

https://www.bbc.com/news/world-australia-46463029

Cyber-security experts have warned the laws could now create a "global weak point" for companies such as Facebook and Apple.

It differs from laws in China, Russia and Turkey, where services offering end-to-end encryption are banned.

Under Australia's legislation, police can force companies to create a technical function that would give them access to encrypted messages without the user's knowledge.

However, cyber-security experts say it's not possible to create a "back door" decryption that would safely target just one person.

"Any vulnerability would just weaken the existing encryption scheme, affecting security overall for innocent people," said Dr Chris Culnane from the University of Melbourne.

Such a "security hole" could then be abused or exploited by criminals, he said.

In a bid to address these concerns, Australia's law offers a safeguard which says decryptions won't go ahead if they create a "systemic weakness".

However critics say the definition of "systemic weakness" is vague, meaning it is unclear how it may be applied.

Are you concerned with possible spillover effects from this law in other countries? What sort of unintended consequences could this law bring about?

[Coombs]

Get off social media and do illegal activities in person. You'll be fine.

[Ryme]

Tech illiterate people making tech laws, what could go wrong!

[demonyaa]

Tech illiterate people making tech laws, what could go wrong!

My thoughts exactly! Personally I think this could have huge negative unintended consequences!

[Freighter]

I can't wait until it's exploited by people with malicious intent.

[ellieg]

Tech illiterate people making tech laws, what could go wrong!

Exactly. It's like non gun owners making gun control laws lol.

[demonyaa]

Exactly. It's like non gun owners making gun control laws lol.

Please don't derail the thread, its about tech and encryption, not about guns.

[Naiattavain]

My thoughts exactly! Personally I think this could have huge negative unintended consequences!

why do people constantly want to violate people(s) privacy when there is no justification to bring attention to anything illegal happening. if there is no evidence to any malicious doing then it must be alright. look the world is having a problem with malicious people-hackers constantly breaking laws. and most of all scammers. give cyber security encryption a break. encryption is there as added defense against hackers.

[andrewjoy]

Whats funny is that its not even possible for backdoors to be created for some services due to the way the keys are generated and shared.

Whatsapp for example has a user to user shared key, that key was shared via a sysmentric key pair that the server also does not have.

So what they have done is bring in a law for something thats not in the majority of cases possible to even do.

In cases where the key is on the server, they can share that key for sure, and honestly if they have a warrant i don't have an issue with that.

What they hope for is a "magic key" that can decrypt something thats encrypted without any of the original keys. That is possible if you design it into the protocol but its not something that is in any of the major packages thats are currently in use ( for bloody good reason).

If this key is created it will be brute forced or leaked or left on a USB stick someone loses on the train .... or all three. And that will let almost anyone in.

Another thing they dont realise is that encryption protects them too, so i hope someone uses the backdoor to drain ministers bank accounts and give it to charity and post all there internal emails on the web......totally dont do this tho, its highly illegal even if it would be funny.

Again please dont do it, never do it

[Mormolyce]

All of those encryption services are likely already compromised by at least one state agency.

Far be it from me to defend our idiotic politicians particularly when it comes to technology more recent than the phonograph though.

- - - Updated - - -

why do people constantly want to violate people(s) privacy when there is no justification to bring attention to anything illegal happening. if there is no evidence to any malicious doing then it must be alright. look the world is having a problem with malicious people-hackers constantly breaking laws. and most of all scammers. give cyber security encryption a break. encryption is there as added defense against hackers.

They just say "terrorists are using the encryption services to keep their plans secret" and poof, people approve of the law.

[Sunseeker]

So, the law says you gotta make a back door for the pooo-leese because they suck at code-breaking.

But the law also says that if the back door is too obvious a problem for your encryption, you don't gotta.

Lawmakers, never change.

[Machismo]

This is very concerning for anyone who values privacy. This may end up being even bigger than the NSA compromising SSL and RSA, and getting NIST to go along with it.

[zenkai]

https://www.bbc.com/news/world-australia-46463029

Cyber-security experts have warned the laws could now create a "global weak point" for companies such as Facebook and Apple.

It differs from laws in China, Russia and Turkey, where services offering end-to-end encryption are banned.

Under Australia's legislation, police can force companies to create a technical function that would give them access to encrypted messages without the user's knowledge.

However, cyber-security experts say it's not possible to create a "back door" decryption that would safely target just one person.

"Any vulnerability would just weaken the existing encryption scheme, affecting security overall for innocent people," said Dr Chris Culnane from the University of Melbourne.

Such a "security hole" could then be abused or exploited by criminals, he said.

In a bid to address these concerns, Australia's law offers a safeguard which says decryptions won't go ahead if they create a "systemic weakness".

However critics say the definition of "systemic weakness" is vague, meaning it is unclear how it may be applied.

Are you concerned with possible spillover effects from this law in other countries? What sort of unintended consequences could this law bring about?

Tired of all these dumbass people making dumbass laws when it comes to technology.

- - - Updated - - -

Not even remotely similar.

Actually it is, you have people wanting to restrict certain options for guns because they don't understand how they work.

Still I agree that this thread doesn't need to evolve into a gun control argument.

[Aeula]

People who know nothing about technology making laws about technology. Ugh.

[shadowmatrix]

People who know nothing about technology making laws about technology. Ugh.

Then perhaps the people who know about tech should get off their asses and deal with the issue themselves. How many times do we need to have passwords be an issue in criminal cases before we learn our lessons?

But on the other hand I don't trust the government not to fuck with people just cause they can so it is a hard issue to deal with.

[kasuke06]

Wow, another push for nationally segmented internet.

So now we'll have the great firewall of china, the EU Meme-nazis, and the "australian" botnet when this backdoor goes public about 35 seconds after it's implemented.

[Templar 331]

The tech companies need to do it. Then have "someone" break into those government official's personal apps/devices and put the info out into public.

[Powerogue]

If you create a backdoor for anyone, you create it for everyone and ruin the entire point of the encryption.

Wow, another push for nationally segmented internet.

So now we'll have the great firewall of china, the EU Meme-nazis, and the "australian" botnet when this backdoor goes public about 35 seconds after it's implemented.

The more we do this the more we destroy the largest singular benefit of the internet existing: connecting everyone.

[Independent voter]

There was this guy in the US, the cops suspected him of having child porn on his PC. The hard drive was encrypted.

The judge ordered the guy to unlock it. The guy said no, the judge put him in jail for contempt of court. I don't know if the guy ever unlocked his hard drive, but I know judges will usually keep charging you with contempt until you obey the law.

Not sure what Australia can't do the same unless they want to spy on people, like Muslim extremists for example.

[zenkai]

Whatever you say zenkai. Guns are so complicated. I bow to your expertise.

Aw sweetie, I said gun options, reading is hard for you I know. *pat* *pat*