SoylentNews is people
SoylentNews
Australia's promised “not-a-backdoor” crypto-busting bill is out and the government has kept its word - it doesn't want a backdoor, just the keys to your front one.
The draft of The Assistance and Access Bill 2018 calls for anyone using or selling communications services in Australia will be subject to police orders for access to private data.
That includes all vendors of computers, phones, apps, social media and cloud services in the Lucky Country, and anyone within national borders using them. These data-tapping orders will be enforced with fines of up to AU$10m (US$7.3m) for companies or $50,000 ($36,368) for individuals
The draft legislation also wants five years in prison for anyone who reveals a data-slurping investigation is going on. And while there's no explicit encryption backdoor requirements in the 110 page draft bill, our first look suggests there doesn't need to be.
(Score: 5, Interesting) by edIII on Tuesday August 14 2018, @09:22PM (29 children)
You forgot that pesky little $50k for individuals caught using end-to-end encryption. The corporations aren't exactly absolved of liability either. Since they chose end-to-end encryption, it will still be on them to provide the cops access. Saying they don't have the keys will not be a defense.
The police are technology agnostic here. All they care about is access. Whatever way that happens, at the point of a sword so to speak. This may not be the 5-pound hammer version of cryptanalysis, but it might as well be for normal people.
Of course, this raises the biggest question for me, just what fucking level of crime is going in Australia that they need this at all?
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by JoeMerchant on Tuesday August 14 2018, @09:46PM (11 children)
So, they can:
but can they prove that, when you give them access to "private data" under orders, that you have in-fact given them access to ALL of the private data?
Seems like a great application for multi-level data interleaving / steganography. First layer is an album of 100,000 cute cat pictures, next layer (easily broken by brute force) reveals a famous Rick Astley video. Then you give them the "real" password that reveals your daily "I'm leaving the office now" and shopping list conversations with your significant other, possibly including some embarrassing details about your 9 year old's bedwetting episodes. Honest, officers, that's all that's in there, I have complied with you twice.
🌻🌻 [google.com]
(Score: 2) by Mykl on Tuesday August 14 2018, @11:32PM
Can we call this 'Turtle encryption'?
(Score: 3, Insightful) by legont on Wednesday August 15 2018, @03:48AM (9 children)
In real life cases like this officers continue to interrogate you even if you opened everything as there is no poof that you did it.
Using an encryption system where one can not prove that he gave up all the layers may become very unpleasant.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Informative) by maxwell demon on Wednesday August 15 2018, @07:04AM (4 children)
You can never prove it. Even if you don't actually use encryption or steganography at all. Prove that there's no secret data hidden in your photo collection.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by legont on Wednesday August 15 2018, @10:52PM (3 children)
I would not go as far as to call it impossible. We definitely need one and perhaps should work on it.
Outside of high tech life this system definitely exists. One just gives the data to an attorney and refuses to give it to the authorities. At some point the data can be obtained from the attorney and this closes the case (no more torture).
It is probably not very difficult to come up with a similar strategy. In fact it probably already exists, but I am not an expert.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by legont on Wednesday August 15 2018, @10:58PM (2 children)
Come to think about it, perhaps it is exactly what authorities want when they ask for so called back doors. They want an ability to get to the data given a due legal process. Looks like a reasonable wish and our job is to provide a reasonable solution. Otherwise we'll end up in dark ages of investigations.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Insightful) by edIII on Thursday August 16 2018, @08:32PM (1 child)
Fuck that noise. I want to go back to the "dark ages" of investigations. Where they did actual work again. Generated enough evidence to convince the judicial branch to allow them to probe for more. None of this fishing shit.
The feature you allude to is called Deniable encryption, and is a very valuable feature when supported correctly. I want extremely strong encryption in use, everywhere. Zero mass surveillance, distributed social media systems (Diaspora), and in general, extremely strong privacy for all communications between citizens. If we can construct a network that provides anonymity too, all the better.
Here's the catch though, and why I have zero fucking sympathy for the cops (or pigs): Extremely effective side-channel attacks. If the police are doing their jobs, and collecting enough evidence of your crimes to judicially warrant more extreme measures, it's already possible to monitor them in such ways that make it all but impossible to defeat the cops. We have NSA tech that can read shit going across USB from thousands of feet in the air. Stringray drones that hijack and intercept smartphone signals. Audio surveillance sophisticated enough to listen to whole buildings. Cheap tools ($1,000 USD) to read encryption keys in use, and only requires being in proximity to the target. Side channel attacks against various communication systems are developed all the time. Security is so weak right now, that it is almost funny that they think they must compromise encryption to get the job done, when compromising shoddy implementations is so much easier.
In other words, there are plenty of tools beyond weak encryption that allow cops to do their jobs. It does require them to actually get up and move their asses though, instead of sifting through citizens activity looking for crimes and other "low hanging fruit". Which is fucking stupid and offensive anyways, and will miss the more sophisticated groups that will still communicate silently regardless of how totalitarian the government becomes.
We don't owe them jack shit, and we certainly don't owe them our willing abrogation of our human and civil rights for purported safety.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by legont on Friday August 17 2018, @01:45AM
I accept your arguments and I actually moderated you up; thank you. I do agree with it.
Perhaps, the issue is that the US wants 100% success period, which is not reasonable. The whole airplane security nightmare started with one successful hijacking. Before that folks would hijack airplanes at gun point legally brought on-board and ask for money. FBI would give them money and then hunt and catch them; case closed. Nobody gave a shit except some fun flying. Then one guy got away using parachute and the whole system is downhill since then.
We all need to relax a little, do our jobs, and not try to be the fucking world leaders.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by JoeMerchant on Wednesday August 15 2018, @01:46PM (3 children)
There is no encryption system which can "prove" that you haven't hidden another message in it.
🌻🌻 [google.com]
(Score: 2) by edIII on Thursday August 16 2018, @08:19PM (2 children)
Depends on what you mean by "prove". Technically, the feature you alluded to previously is called Deniable encryption [wikipedia.org]. Encryption that supports that feature allows you to never be able to prove that you had hidden another message. You're asking for the opposite, to prove that no other message exists.
Not all encryption supports deniability. In those methods, it's not difficult to more or less prove that the encryption method isn't hiding additional data. At least not facilitated by that encryption. However, nothing prevents you from performing multiple passes, with each pass differently encrypted. If the final plaintext that is produced has no datatype signatures, conforms to no standards we know, contains no known data structures, and essentially looks like random noise, then yes, it will be very difficult to prove that another message was NOT hidden in it. That's because deniable encryption looks just like noise. The high entropy of that noise, the better.
Many traditional encryption methods leave identifiable signatures too. Deniable encryption is about removing all such signatures and leaving you with "unprovable" noise that resists all analysis.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by JoeMerchant on Thursday August 16 2018, @08:35PM (1 child)
Some story I recently consumed about WWII African mail back home included a bit about the code that the corresponding couple used to communicate through the censors. They basically blathered on about inane stuff like the recent cricket match, the weather, somebody's scorpion bite, whatever, and the real message was encoded in the second letter of each first word on each line. The messages were still somewhat cryptic, such as "bowlerhatsoon", but that's enough for one to tell the other that they are being discharged (only civilians wear bowler hats) and rotating home soon, which is big/important news that the censors would have struck out (simply discarded the letter, most likely). The censors were free to read the entire message, but unable to decipher the true meaning and of course let it pass.
No information theory will ever manage to prove or disprove the existence of such messages, as long as you're allowed to send enough crap along, and with people sharing 16MP color photos of their meals every day, plus cat videos, I think there's plenty of bandwidth in which to cleverly hide just about any text you might ever want to communicate.
🌻🌻 [google.com]
(Score: 2) by edIII on Thursday August 16 2018, @10:30PM
That's reminiscent of the Japanese code book encryption, and to the Navajo communications, both in WWII as well.
It's worth noting that the reason why code books are secure, is that nobody understands the meaning of the individual words. However, the more they are used, and the more you can perform analysis of subsequent events associated with the coded conversations, the more you can deduce their meaning.
Code books not invulnerable precisely because they reuse the codes, and the opposite is the reason why one-time-pad encryption is the only provably unbreakable encryption around. One of the reasons why the Navajo were so secure is noted in bold above. That would not have protected them though over time, if the Japanese or Germans had enough transmissions and activity to analyze.
What you refer to at the end is Steganography, which can be combined with deniable encryption to encode messages in the random noise found in pretty much all pictures. Especially pictures in a night time setting produced by equipment not suited to low-light conditions.
WWII is indeed a very fascinating time period for the study of encryption.
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 14 2018, @10:09PM (2 children)
Nonsense. It's trivial to setup an encryption relay overseas that returns a one-time key pair that makes user keys useless to decrypt past messages:
1. You write message.
2. You request server for a one time key using your own key.
3. The server provides it.
4. Other party receives a suitable decryption key in a message encrypted exclusively for them.
5. You sign, encrypt and send.
6. Other party decrypts and reads.
7. Clients never retain keys.
If the government asks for the keys, you give it to them. They can't use them to read past messages they intercepted and no local company ever stored those keys. If they read old copies of messages off your phone/computer, all they have is plain text messages you can claim someone planted. Only you know what's real and what's fake.
(Score: 2) by jasassin on Tuesday August 14 2018, @10:28PM (1 child)
That doesn't make sense to me. Send a decryption key in an encrypted message? It just sounds redundant, but maybe I'm missing something?
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 4, Informative) by RamiK on Tuesday August 14 2018, @11:25PM
These sort of schemes fall under mutual authentication. Best known example is kerberos. Some blockchain designs are there explicitly to further decentralize such ticketing servers. Most self-destructing messages are implemented in a similar way.
compiling...
(Score: -1, Flamebait) by Anonymous Coward on Tuesday August 14 2018, @10:23PM (6 children)
Two somewhat recent things have caused crime to shoot way up:
1. guns are pretty much banned, along with the right to fight back when being attacked
2. some parts are now overrun with Muslims; they will never accept western values
(Score: 3, Touché) by Mykl on Tuesday August 14 2018, @11:46PM (5 children)
Great story - pity it isn't supported by the facts:
Homicide has steadily declined over the past 25 years [aic.gov.au] (also includes a chart showing % use of firearms in homicide has been dropping too)
Robberies are down by 1/3 over a 4 year period [aic.gov.au]
Counterpoint: Sexual assaults are up [abs.gov.au], though this could potentially be through increased reporting
(Score: 2) by mhajicek on Wednesday August 15 2018, @02:39AM (4 children)
On the other hand, child rape is way up.
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 2) by Mykl on Wednesday August 15 2018, @02:46AM (3 children)
Citation?
(Score: 0) by Anonymous Coward on Wednesday August 15 2018, @03:18PM (1 child)
The people who can't kick us out or secure the country if we left: https://www.theguardian.com/australia-news/2018/jun/20/turnbull-ministers-but-not-pm-to-visit-tennant-creek-to-discuss-child-protection [theguardian.com]
They don't report on the muzzies much here if it can be helped
Elsewhere, not so much
https://www.jihadwatch.org/2018/06/pakistan-three-muslim-seminarians-gang-rape-five-year-old-boy [jihadwatch.org]
https://gellerreport.com/2018/06/child-rape-schoolgirl.html/ [gellerreport.com]
https://www.jihadwatch.org/2018/03/muslim-rape-gang-attacks-soar-in-sadiq-khans-london [jihadwatch.org]
https://gellerreport.com/2017/09/australia-rape-park.html/ [gellerreport.com]
but they can get away with shit no one else can!
http://barenakedislam.com/2018/07/08/australia-teenage-muslim-girl-in-a-hijab-carrying-an-assault-rifle-terrorizes-people-in-a-sydney-hospital/ [barenakedislam.com]
You should read this https://www.gatestoneinstitute.org/5386/british-girls-raped-oxford [gatestoneinstitute.org]
and https://www.bbc.com/news/uk-england-south-yorkshire-28939089 [bbc.com] "Rotherham child abuse scandal: 1,400 children exploited, report finds" They are still finding victims
(Score: 2) by Mykl on Thursday August 16 2018, @05:16AM
These are individual cases - not worthwhile in terms of discussing trends. The poster below provides a better link that shows homicide and theft decreasing, but assault increasing.
(Score: 2) by mhajicek on Thursday August 16 2018, @03:48AM
https://aic.gov.au/publications/tandi/tandi359 [aic.gov.au]
The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
(Score: 4, Informative) by PartTimeZombie on Tuesday August 14 2018, @11:21PM (5 children)
There's very little chance of this passing, as the Australian Senate is not controlled by the current government.
This is pretty much just the current ruling coalition pandering to a weird, authoritarian wing of their own base.
I work for a massive US-owned multinational with extensive manufacturing all over Australia, and I can tell you that we use end-to-end encryption. The chances of us handing keys over to the Australian Federal Police or whoever are slim to none.
I would not be at all surprised if companies like ours use the threat of job losses to lobby these idiots.
(Score: 3, Insightful) by HiThere on Tuesday August 14 2018, @11:57PM (3 children)
Yeah. And Trump never had a chance, and neither did BREXIT.
Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
(Score: 1, Redundant) by PartTimeZombie on Wednesday August 15 2018, @12:24AM (1 child)
Neither of which happened in Australia.
(Score: 1, Interesting) by Anonymous Coward on Wednesday August 15 2018, @03:46AM
USA got Trump after multiple "will not win there", "will not win here" and the final "will not win against Hilary" or "electoral college was created to avoid clowns like this".
Great Britain got Brexit from a consultive referendum that was pretty close and with fuzzy conditions (and lies, we learnt later), and multiple reaffirmations by those that really have the sovereignty (judges were asked about who really decides), even when conditions are starting to point pretty damaging or useless (= just stay in EU and keep the pros too, morons).
Australia can do join the club of retarded political choices with this law.
And remember, even if it looks completly nonsense, keep on digging once the hole is deep enough.
Never stop. Politicians of the world, your job is to put all comendians out of work, specially the absurd kind.
(Score: 0) by Anonymous Coward on Wednesday August 15 2018, @06:33AM
So what you're saying is that it'll happen if Putin wants it to happen?
(Score: 3, Informative) by c0lo on Wednesday August 15 2018, @04:31AM
You reckon? Wanna bet it will pass?
Labor party is an equal sell-out when it comes to internet freedom.
Remember Stephen Conroy?
http://www.abc.net.au/news/stories/2007/12/31/2129471.htm [abc.net.au]
https://www.smh.com.au/technology/senators-red-undie-remarks-fall-flat-in-new-york-20120928-26pqt.html [smh.com.au]
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Nerdfest on Wednesday August 15 2018, @02:49AM
Crime? As I keep saying, Authoritarianism is the new black. Governments and the media are spreading the fear that makes a large percentage of the populace want it.