Encrypted Messenger Backdoor Laws

I'm a tech-ignoramus, but probably not as ignorant as your average Liberal Party politician. Can someone please explain to me how the pollies and spooks expect their laws on breaking end-to-end encrypted messages to work? Is it by forcing companies to build backdoors? But aren't there open source encrypted messengers out there? The terrorists and crims could build their own end-to-end encrypted messenger app couldn't they?

Comments

  • +3

    I don't really know much on it but first google search seems to be an article from 2017 https://www.theguardian.com/technology/2017/jul/14/forcing-f…

    Which basically says what you say, there are open source companies out there who can make messenger apps that are encrypted that the law can't do anything about. Plus most of these companies are in the US, I'd assume that most they'd do is have a back door on your device specifically. Now the question is whether the company would play ball, iPhone refuses to allow a backdoor on their device in the US, doubt they'd care about Aus law.

    Then again like a lot of laws, I'm not surprised that someone thought this would be a good idea for some reason, and no politician bothered to think about what will realistically happen (or that anyone bad would obviously use a more secure app).

    Though most likely this will turn into one of those "slippery slope argument" situations where it starts off "only to stop terrorists" to put fear into people to agree. Then the laws relax more and more giving access to federal police, state, then who knows.

    I still question what the point of keeping out metadata was.

  • +13

    It is the State wanting to know what ordinary citizens are up to.
    The real criminals would just go to an extra layer of encryption. End result: we have no privacy, and the crooks still don’t get detected.

    Also, don’t think the labor party are any better. They also fully support this atrocity of legislation.

  • No firm decision has been made yet as to exactly what is going to be done, but there have been suggestions ranging from forced sharing of private keys to building specialized back doors to taking secret screenshots of people's phone screens.

    I think the main reason the govt is pushing down this path is because there are a lot of publicly available encrypted services out there and it's making it rather easy for people to do their dirty work out in the open (so to speak).

    No doubt there are already private encrypted messaging apps out there that the govt doesn't have a chance of breaking, but they wouldn't have the user base of something like WhatsApp…

    • There was a big deal made about encryption with the bombings in Europe… and then it came out that the bombers were using normal SMS for their communications.

      Government policies about encryption won't stop them - do you think the criminals will care that using encrypted communications is against the law?

      Anti-encryption policy is much the same as metadata policy - it's there to give an excuse to look further. If they think you're breaking the law, they can say "Look, they're using encryption! That's against the law! Let us arrest them / investigate further".

      Will it work? Possibly. Has the metadata worked?

      The better question is - will it be abused?

      Much like the eHealth Record concerns - it's not just the government of the day you have to be concerned about. And then not just the government themselves. Once you build a back door, it's only a matter of time until someone else discovers it and makes use of it.

      Edit: Some good (IMO) videos that talk about encryption:

      CGPGrey's Should all locks have keys? Phones, Castles, Encryption, and You. (and the related, Footnote *: I, Phone)

  • +2

    The bigger question is, why is Diji1 asleep at the wheel over this?

    • +1

      Do you think I was one of the fools that voted in the Liberal or Labour Parties so they could attack my rights like this?

      • It's a bit late to whinge about it, when Peter Dutton it is trying force it through Parliament.

        Which political party did you vote "in" to protect your rights?

  • +3

    ha-ha 'terrorists and crims' has been the government's mantra for anything that gets in the way of their grubby agenda for decades. Need to get rid of cash and the free speech it engenders? "Cash is used by 'terrists and criminals", want to keep a decentralised crypto market from upsetting the banking cartel? "Bitcoin is used by druggies and 'terrists." What's even more pathetic is that a lot of people fall for it every single time and don't object when the goulish paw of big bother creeps into their lives even more.

    Further reading on this global(ist) phenomena.

    https://en.wikipedia.org/wiki/Key_disclosure_law
    https://www.loc.gov/law/help/encrypted-communications/austra…

    And this one is a doozy, I felt Orwell turn over in his grave yet again after reading it.

    https://www.loc.gov/law/help/encrypted-communications/austra…

    Even Learning About Encryption In Australia Will Soon Be Illegal.

    "You might not think that an academic computer science course could be classified as an export of military technology. But under the Defence Trade Controls Act — which passed into law in April, and will come into force next year — there is a real possibility that even seemingly innocuous educational and research activities could fall foul of Australian defence export control laws.
    Handcuffs picture from Shutterstock

    Under these laws, such "supplies of technology" come under a censorship regime involving criminal penalties of up to ten years imprisonment. How could this be?

    The story begins with the Australian government's Defence and Strategic Goods List (DSGL). This list specifies goods considered important to national defence and security, and which are therefore tightly controlled.

    Regulation of military weapons is not a particularly controversial idea. But the DSGL covers much more than munitions. It also includes many "dual-use" goods, which are goods with both military and civilian uses. This includes substantial sections on chemicals, electronics and telecommunications, among other things.

    Disturbingly, the DSGL risks veering wildly in the direction of over-classification, covering activities that are completely unrelated to military or intelligence applications.

    To illustrate, I will focus on the university sector and one area of interest to mathematicians like myself: encryption. But similar considerations apply to a wide range of subject material, and commerce, industry and government."

    More at the link.

    • This is some of the more interesting stuff I read in a bit. Cheers

    • You left out pedos.

      • Yeah sometimes it's hard to keep up with Big Bother's enemy du jour.

        • Don't forget that it's OK to be involved in terrorism and illicit drug supply - as long as you're a bank.

          You just get a fine that was less money than you made carrying out the widescale organised criminal operations and no one goes to jail while the government guarantees that you never go out of business.

    • Terrorist are just the current target of right wing politics. They use the same play book for decades, create fear about something eg terrorism, meth, pedophiles, etc; provide the solution for that fear whilst make the other side appear soft on it.

  • +1

    I've seen the movie "Lord of War" probably more than 2 times

  • +1

    I don't want backdoors in my encrypted messages, otherwise I can see an increase of people carrying encrypted messages in their backdoors

  • Out of interest, if you are arrested, they take your phone and you have a fingerprint login, can they just swipe your finger to access your whatsapp or other e2e messages? Or if they have your computer, they can just pull the hard drive, but you don't have to give up your passwords? Dumb questions but I am interested if anyone cares to share.

    • Just read a few of the articles, so a bit clearer.

    • I'm not too sure about the legality of those actions, but the government and police both have the capabilities to do that.

      With the fingerprint logins, the FBI was able to crack those even without the co-operation from Apple, meaning that they can easily browse through your messages. I really don't know about the security of Whatsapp since a large number of Chinese mainlanders use it and that government would be pretty interested in that system.

      The hard drive's files can be easily accessed if there is no encryption on the files, even if Windows requires you to enter your password to log into the computer. TrueCrypt was widely used for encrypting partitions on the hard drive but I've heard that there are backdoors in the latest versions. Only versions from around 2009 are probably safe.
      If you have some encryption on the hard drive, a determined individual/organisation could still access your files through brute force or dictionary attacks. These tools are freely available online so many people would probably know about it.

      • +3

        Truecrypt is no longer safe because development ceased. Using old versions is not secure.

        You should be using Veracrypt which is a fork of Truecrypt that is still being developed.

        If you have some encryption on the hard drive, a determined individual/organisation could still access your files through brute force or dictionary attacks.

        No they couldn't assuming you followed instructions. Why do you think the intelligence services are so intent on making encryption illegal?

        • Thanks for clearing things up :D

  • +2

    I don't want no-one touching my backdoor!

    • +2

      Peter Dutton can be very seductive and he promises to be gentle.

  • +1

    Realistically intelligence agenies probably aren't following this anyway…so I don't know why they'd feel the need to make this legal of they weren't just trying to soften people up for when there's apparently a need for the police and other lesser services to have access to these as well.

    Besides that, only excuse I can see is to make it easier for the intelligence agencies, but Apple have proved that's unlikely to be the case…

  • idea is simple, gov make a request to "any" tech firm to surrender or come up with ideas (not Gov, but Tech company), if they refuse, they can be fined upto $200k.

    You CANNOT break encryption, but these tech company can create a hidden storage/side tracker/parallel processor, and decided to store messages, communications on the device or anywhere else.
    and hand over them to a Gov.

    So imagine a hacker you think you can "turn on" the message tapping feature and download from the target, god knows what information that can contain, birthday, private messages, password, bank details, one time token message from paypal, etc etc. tech company also can stuff up and turn on this "hidden" feature by mistake and end-user may not realised that everything they do can be extracted remotely.

    It is NOT hard to implement this, but if public finds out about the app is doing these, they will refuse to use them. But some app (like imessages in iphone) users dont have much a choice to avoid them. Of course, the issue here is that targeted criminals would know the side doors existence and start to use their own app/tool/encryption on top. if you encrypt each message with your own privatekey/publickey everytime, its going to quite difficult for law enforcement to decrypt them.

    • +1

      It's even more scary than that. Govt makes demand to developer employee of tech company that they put backdoor in. Employee says to company he thinks it's not right. Employee goes to jail for 10 years for treason.
      https://www.eff.org/deeplinks/2018/09/australian-government-…
      https://www.accessnow.org/what-we-think-you-should-know-abou…

      Edit: This is also not just about Australia, the big push for this is because the US govt got slapped for spying on their own citizens so they're making us do it as part of the five eyes.

      https://parlinfo.aph.gov.au/parlInfo/search/display/display.…
      Point 13
      "The offshore storage of information and offshore location of many service providers, makes Australia’s mutual assistance framework critical in enabling Australian and foreign authorities access to information to inform investigations and provide admissible evidence for criminal proceedings. Via that framework, foreign authorities will be able to make a request to the Attorney-General to authorise an eligible domestic law enforcement officer to apply for, and execute, a computer access warrant for the purposes of obtaining evidence to assist in a foreign investigation or investigative proceeding. Broadly speaking, this improves the ability of Australian and foreign authorities to work cooperatively, as required, to investigate crimes and acts of terrorism given the international nature of many of these offences."

  • "The key argument made to support this legislation was that it would make it easier for law enforcement to monitor and thwart terrorist cells, child pornographers and other highly organised criminal networks. This assumes that these types of criminals use the apps that would be subject to the legislation.

    In reality, the real bad guys will not be stopped — nor even slightly inconvenienced — by this poorly researched, uninformed thought-bubble legislation.

    Having worked in deep and dark web intelligence gathering for years, it is true to say that only the stupidest and most small-fry of the criminal world use WhatsApp, Facebook and other widely-used social media platforms to communicate.

    Most criminal networks are highly organised and have extremely professional communications infrastructure. Generally, communication takes place through the deep and dark web, every message cloaked with non-common and proprietary encryption applications.

    In other words, this law is like turning off the lights to blind the nocturnal, drowning a fish or throwing an eagle off a cliff."

    Carlo Minassian
    Founder and CEO of LMNTRIX
    

    https://www.huffingtonpost.com.au/carlo-minassian/the-new-en…

Login or Join to leave a comment