Being discussed today in the House of Representatives is something called the Assistance and Access Bill, which is a new piece of legislation that aims to make us more secure by (amongst other things) requiring technology companies to include a way for law enforcement to be able to access encrypted information - for example, they want to legislate a system that compels (say) Facebook to allow the government to eavesdrop/intercept messages in (say) Whatsapp. The argument from law enforcement is that they can basically not spy on people because the current system of crypto is too good and terrorists are using it to do stuff.
You can listen/watch the live stream of this right now; as I am writing this someone from Digital Rights Watch is currently explaining their reservations with the system.
The general consensus of the technical community is that this bill is terrible because it will weaken encryption, making us all less safe online. Further, most of the solid crypto-based messaging systems are open source and any criminal will be able to trivially avoid this by using easily available open source software.
It is an interesting discussion; I'd encourage anyone interested in preserving their ability to maintain privacy to read more about it and you can help fight it by becoming an EFA member or donating to Digital Rights Watch.
In case anyone is not sure, encryption:
- keeps messages sent between you and someone else secure from eavesdroppers
- means if you lose your [modern] phone, people can't pick it up and pull all your data off it
- ensures your personal information can be stored safely in data centres so people can't just copy it off the disks and know everything about you
- makes sure you can bank online over wifi without having to worry about people intercepting and stealing all your money
- literally underpins almost every single thing you do on a computer, mobile phone, tablet, or anything that carries electricity these days
It's kind of a big deal.
Here is a Juice video:
It is concerning but I am not sure how it is going to affect other things that use encryption. If whatsap and google build a backdoor into their encryption for their apps, how does that weaken my banks online banking? Is encryption all the same of is there many different types for many different purposes?
This is a difficult question, liberty vs security.
It is concerning but I am not sure how it is going to affect other things that use encryption. If whatsap and google build a backdoor into their encryption for their apps, how does that weaken my banks online banking? Is encryption all the same of is there many different types for many different purposes?Very good question! There are many different types. And you're right: the system used for whatsapp and other messaging applications is generally different to that used by online banking (although there are some shared elements), so a compromise in one doesn't /necessarily/ mean a compromise in others.
One concern about the legislation is that being rushed through it's broad enough to require /any/ cryptosystem to be necessarily compromised so that law enforcement can eavesdrop. It seems inevitable that this will encroach on things like web-based crypto at some point.
One thing that noone has really figured out how to do yet is to create a good cryptosystem that weakens it enough to allow law enforcement access to it but keeps is strong enough to stop attackers - i.e., short of key escrow (giving the government the actual password as well) or simply CCing them on every message or something, there just are no good technical solutions that allow us to preserve most security while giving up just enough of it for the feds to monitor.
Good news though, Labor have stepped up to the plate for a change and pushed back after yesterday's testimony
In case anyone is not sure, encryption:- Ensures the data has not been manipulated in transit.
Which is something state sponsored hackers and Govt. agencies (also just general malicious actors) have been doing for years, manipulating unencrypted data for tracking and identification purposes or to insert malicious code into site code in transit, etc.
to allow law enforcement access to it but keeps is strong enough to stop attackersPretty sure they're one in the same these days?
Not just governments, but ISPs. What, you think major ISPs haven't been using transparent proxies for decades to inject things like advertising and tracking over HTTP traffic?
What, you think major ISPs haven't been using transparent proxies for decades to inject things like advertising and tracking over HTTP traffic?They sure have and this shouldn't be news to anyone. It has been in practice for over a decade. People should be very concerned about the Internet, but they never are.
well s***. i guess we deserve it for electing such morons.
i look forward to tech companies pulling out of australia and the first major hacking scandal.
it's all bulls***, and it's bad for ya
I guess this will cover a certain class of popular messaging apps, but won't it just drive the development of even more 'peer to peer' solutions? (or the adoption of those that exist)
While the dramatic version is "Australian companies stock prices will tank, noone will employ Australians", I think the more likely scenario will be that Australian companies will release their self-hosted software as Open-Source, enabling customers to compile and deploy that software themselves. Patches removing any malicious code will then be readily available allowing companies to remove or disable those sections of code.
Software as a Service and hosting will certainly die in Australia, however.