Stories
Slash Boxes
Comments

SoylentNews is people

When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't

posted by Fnord666 on Tuesday August 14 2018, @07:45PM   Printer-friendly
from the just-use-the-front-door dept.

Arthur T Knackerbracket has found the following story:

Australia's promised “not-a-backdoor” crypto-busting bill is out and the government has kept its word - it doesn't want a backdoor, just the keys to your front one.

The draft of The Assistance and Access Bill 2018 calls for anyone using or selling communications services in Australia will be subject to police orders for access to private data.

That includes all vendors of computers, phones, apps, social media and cloud services in the Lucky Country, and anyone within national borders using them. These data-tapping orders will be enforced with fines of up to AU$10m (US$7.3m) for companies or $50,000 ($36,368) for individuals

The draft legislation also wants five years in prison for anyone who reveals a data-slurping investigation is going on. And while there's no explicit encryption backdoor requirements in the 110 page draft bill, our first look suggests there doesn't need to be.

Original Submission

 
This discussion has been archived. No new comments can be posted.
When's A Backdoor Not A Backdoor? When The Oz Government Says It Isn't | Log In/Create an Account | Top | 57 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Tuesday August 14 2018, @10:09PM (2 children)

    by Anonymous Coward on Tuesday August 14 2018, @10:09PM (#721561)

    You forgot that pesky little $50k for individuals caught using end-to-end encryption.

    Nonsense. It's trivial to setup an encryption relay overseas that returns a one-time key pair that makes user keys useless to decrypt past messages:

    1. You write message.
    2. You request server for a one time key using your own key.
    3. The server provides it.
    4. Other party receives a suitable decryption key in a message encrypted exclusively for them.
    5. You sign, encrypt and send.
    6. Other party decrypts and reads.
    7. Clients never retain keys.

    If the government asks for the keys, you give it to them. They can't use them to read past messages they intercepted and no local company ever stored those keys. If they read old copies of messages off your phone/computer, all they have is plain text messages you can claim someone planted. Only you know what's real and what's fake.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 2) by jasassin on Tuesday August 14 2018, @10:28PM (1 child)

    by jasassin (3566) <jasassin@gmail.com> on Tuesday August 14 2018, @10:28PM (#721571) Homepage Journal

    4. Other party receives a suitable decryption key in a message encrypted exclusively for them.

    That doesn't make sense to me. Send a decryption key in an encrypted message? It just sounds redundant, but maybe I'm missing something?

    --
    jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A

    • (Score: 4, Informative) by RamiK on Tuesday August 14 2018, @11:25PM

      by RamiK (1813) on Tuesday August 14 2018, @11:25PM (#721600)

      These sort of schemes fall under mutual authentication. Best known example is kerberos. Some blockchain designs are there explicitly to further decentralize such ticketing servers. Most self-destructing messages are implemented in a similar way.

      --
      compiling...