In the wake of recent changes to NZ law to allow the NZ government to demand traveller's pass codes to their devices when they cross NZ borders, the Australian government is stepping up its plan to snoop on user communications by introducing a systematic weakness or vulnerability to products and systems including ISPs. While being very loose on details and unclear exactly how this would work the so called 'decryption bill' while claiming that "The protections provided in this bill are actually greater than what presently exists in the physical world.” Meanwhile, not one single person has provided concrete information about the practical real world implications of this bill.
(Score: 3, Interesting) by VLM on Wednesday October 24 2018, @09:34PM (16 children)
How does this even work with 2FA? I would assume this is evidence that all 2FA hardware dongles have backdoors built in, otherwise there wouldn't be a point.
Why does any government need access to a device if all the data the device can access is on servers the .gov already has total access to? I'm kinda missing that point. Maybe its to support industrial espionage, not attack individual citizens who already have zero privacy.
Could just be security theater, if you make travelers uncomfortable via sexual molestation searches or this password BS, given that good security can be a PITA therefore any PITA "must" be good security...
(Score: 2) by PartTimeZombie on Wednesday October 24 2018, @09:52PM (3 children)
This is entirely possible, if you consider all of the hoops we jump through at the airport security theatre, which I do.
I have stated that the next time I travel outside New Zealand I intend to refuse handing over my phone's unlock code, and take my chances in court.
It is extremely unlikely I will need to do that, but fortunately we have a politically neutral, ferociously independent judiciary (for the most part) and I for one would love to see this law tested in court.
(Score: 2) by VLM on Wednesday October 24 2018, @10:19PM
Might be easier to just leave the phone at home. I've started doing that on vacations, its relaxing.
(Score: 0) by Anonymous Coward on Wednesday October 24 2018, @10:24PM (1 child)
I intend to refuse handing over my phone's unlock code
You'll just lose your phone. Save yourself the trouble and carry a burner. It's just not worth the hassle as long as people keep voting for psychopaths.
(Score: 0) by Anonymous Coward on Thursday October 25 2018, @04:18PM
Carry a suitcase full of dead cellphones.
(Score: 2) by MostCynical on Wednesday October 24 2018, @10:06PM (8 children)
You will now need a separate password for vpn access to your company's share drives, or somehow ensure they aren't even visible when logged on at the airport.
Maybe a special wipe is now needed before travelling to any country, making the device bootable with a few TPS reports saved, and one open as a "working" document, and with a thumb drive or sd card to load the rest of the OS and VPN and mount all the share drives..with the sd or thumb drive encrypted and couriered to the destination ahead of time..
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 2) by VLM on Wednesday October 24 2018, @10:24PM (2 children)
Not having a pr0n collection will be evidence you're hiding something; just to be a jerk I would D/L the grossest (legal) stuff I can find for the border agents to examine.
(Score: 1, Informative) by Anonymous Coward on Thursday October 25 2018, @12:09AM (1 child)
Pr0n might be equally dangerous if you happen to visit an Arab state or just meet an inspector with a mission. Install several Bible/Quran texts or some classical literature from gutenberg.org (as appropriate for your trip and your preferences) and a reader, make sure it opens within a book when launched. Absolutely do not alienate the agents, it's their playing field and they write the rules, you simply cannot win.
(Score: 0) by Anonymous Coward on Thursday October 25 2018, @11:00AM
Or Canada? Or plenty of other nations?
You may believe it's legal, but as soon as you bring it through customs, it becomes quite illegal indeed.
(Score: 2) by Runaway1956 on Thursday October 25 2018, @12:51AM (2 children)
That thumb drive had better not be in your possession at the time they are asking for passwords. "Citizen, why do you have an encrypted file on your thumb drive? We need the key. Ohhhh - so you have a backup file for something? For a phone, it seems. Hmmmm. Is it THIS phone? Thank you very much - now give us the real password for the phone - we'll be keeping the phone and the thumb drive. We may also be keeping you."
(Score: 0) by Anonymous Coward on Thursday October 25 2018, @12:25PM (1 child)
Hide it up your ass along with your father's gold watch
(Score: 0) by Anonymous Coward on Saturday October 27 2018, @08:22AM
With the both arms of that large TSA goon.
(Score: 0) by Anonymous Coward on Thursday October 25 2018, @12:20PM (1 child)
Is it time for hidden OS duel boot mobile phones?
(Score: 0) by Anonymous Coward on Saturday October 27 2018, @08:31AM
Pistols or swords?
(Score: 1) by mrkaos on Thursday October 25 2018, @03:58AM
Ten years jail and $60,000 fine if you don't hand your 2FA over. They're not bothering with the decryption, they just straight up threaten to send you to jail. All foreign data requests are then handled through Australia under intelligence sharing arrangements that by-pass that countries constitution.
So this law fucks you up no matter where in the world you are. You're welcome.
My ism, it's full of beliefs.
(Score: 0) by Anonymous Coward on Friday October 26 2018, @03:03AM (1 child)
2FA is dead.
Maybe get an unlock screen that looks and acts like a normal unlock screen but just shows a parody of the OS?
(Score: 2) by hendrikboom on Friday October 26 2018, @02:21PM
That's called a honeypot. A well-known technique. Likely the snoops know of it too, if they're competent.