Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Friday December 07 2018, @12:28PM   Printer-friendly
from the 1984-is-not-a-howto-guide dept.

In the aftermath of the Australian government passing laws that allows the government to force companies and individuals to work with officials to bypass encryption, scary implications of the new laws are being discovered. One very concerning effect is that officials can now force Australians to unlock their phone — granting the government full access to anyone's email history, personal files, pictures and other files on their phone. Senator Steele-John was quoted as saying "Far from being a 'national security measure' this bill will have the unintended consequence of diminishing the online safety, security and privacy of every single Australian,". With fines of up to $50,000 for individuals who refuse to hand over an unlocked device or cooperate with authorities, new devices and software are expected to enter the market including dual OS devices, hidden partitions, encrypted files and partitions similar to TrueCrypt, cloud only applications, device wipe pins, secondary hidden OS functions and other security measures which so far have largely only been implemented on desktop computers. This latest bungle by the Australian government may very well propel mobile device security forward decades in the same way RIAA and MPAA advanced P2P.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Insightful) by Phoenix666 on Friday December 07 2018, @02:02PM (1 child)

    by Phoenix666 (552) on Friday December 07 2018, @02:02PM (#771135) Journal

    Australians with the chops should endeavor to make sure that the first phones that are opened to scrutiny this way are those owned by their politicians and wealthy.

    --
    Washington DC delenda est.
    • (Score: 1, Touché) by Anonymous Coward on Saturday December 08 2018, @11:34AM

      by Anonymous Coward on Saturday December 08 2018, @11:34AM (#771491)

      Very few of them are muslim

  • (Score: 2, Interesting) by Anonymous Coward on Friday December 07 2018, @02:07PM (3 children)

    by Anonymous Coward on Friday December 07 2018, @02:07PM (#771138)

    They will never find my porn collection of illegally flat chested ladies.

    • (Score: 2) by DannyB on Friday December 07 2018, @02:36PM (2 children)

      by DannyB (5839) Subscriber Badge on Friday December 07 2018, @02:36PM (#771148) Journal

      Officer, I don't know my password. So I wrote it on this yellow sticky note. But unknown to me, it has somehow become illegible due to a build up of some unknown white sticky substance.

      --
      People today are educated enough to repeat what they are taught but not to question what they are taught.
      • (Score: 2) by edIII on Friday December 07 2018, @09:23PM

        by edIII (791) on Friday December 07 2018, @09:23PM (#771309)

        Pretty sure that you cannot hand a cop that substance, or in any other way "give it" to them. Ask Pee Wee Herman :)

        --
        Technically, lunchtime is at any moment. It's just a wave function.
      • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @11:46AM

        by Anonymous Coward on Saturday December 08 2018, @11:46AM (#771497)

        My password was: IKilledMikeDon18021982

        I can't give you my password, orificer.

  • (Score: 2) by DannyB on Friday December 07 2018, @02:35PM (10 children)

    by DannyB (5839) Subscriber Badge on Friday December 07 2018, @02:35PM (#771146) Journal

    Isn't the law targeting the companies that produce products to have some way to respond to a secret warrant allowing the police state to rummage through people's lives without oversight?

    It's not directed at an individual to give up their password, is it? It requires a company, say Apple or Google, to have some way to secretly allow the police state to arbitrarily rummage through everyone's private and personal information and communications.

    --
    People today are educated enough to repeat what they are taught but not to question what they are taught.
    • (Score: 2) by opinionated_science on Friday December 07 2018, @03:33PM

      by opinionated_science (4031) on Friday December 07 2018, @03:33PM (#771170)

      to Apple's credit (and maybe Google , I'm not sure), the US companies have *put* the keys out of their control on purpose.

      Having said that, it's not past "stupid govt" to try and make a law that's impossible...

    • (Score: 5, Informative) by deimtee on Friday December 07 2018, @03:55PM (8 children)

      by deimtee (3272) on Friday December 07 2018, @03:55PM (#771174) Journal

      It's both. Mostly at companies, and they have much higher penalties, but there is a provision in there for an 'intelligence officer'* to direct you to unlock your devices, Page 224, Section 34AAA. It's worse than just unlock the phone though, "access data held in, or accessible from, a computer or data storage device", it requires you to provide access to online accounts as well.
      Up to 5 years in prison and 300 penalty units if you refuse. A penalty unit is currently $161.19 so $48357.00

      *it lists 'intelligence officer' as ASIO, ASIS, or DSD. There are many sections that refer to criminal acts as well as national security, so I think AFP will be right in there too.

      --
      If you cough while drinking cheap red wine it really cleans out your sinuses.
      • (Score: 3, Insightful) by fyngyrz on Friday December 07 2018, @05:03PM (5 children)

        by fyngyrz (6567) on Friday December 07 2018, @05:03PM (#771206) Journal

        A penalty unit is currently $161.19

        Oh hey, look, Australia fines target the poor, just as US fines do.

        If you're going to use "penalty units", it should be (at least) in terms of percentage of yearly gross income, and perhaps incorporate a percentage of net worth as well. Not base units of currency.

        As it stands, 100 "penalty units" is nothing to rich person A, but crushing to poor person B. It's fundamentally the same thing as doing it in currency, and just as discriminatory.

        --
        All those moments will be lost in time, like tears in rain.

        • (Score: 2) by pipedwho on Friday December 07 2018, @07:02PM (4 children)

          by pipedwho (2032) on Friday December 07 2018, @07:02PM (#771265)

          They do penalty units so they can keep indexing the fines every year without having to rewrite the laws. For example, a parking fine that was $66 ten years ago is now $112. Not sure how they decide what CPI is, but penalty units are tracking much faster.

          • (Score: 3, Insightful) by fyngyrz on Friday December 07 2018, @07:17PM (1 child)

            by fyngyrz (6567) on Friday December 07 2018, @07:17PM (#771267) Journal

            They do penalty units so they can keep indexing the fines every year without having to rewrite the laws.

            Yes, I understand. Abstracting the fine one level is a good idea, so that fines can keep up with inflation, deflation, etc. Otherwise every law has to be re-examined (and we know legislators won't do that.)

            However, abstracting these units from the fundamental currency is a truly awful idea. Unless you're rich. And people keep electing the rich, so who could possibly imagine they'd set it up this way?

            --
            Democracy: Where any two idiots outvote a genius.

            • (Score: 1) by easyTree on Saturday December 08 2018, @01:34AM

              by easyTree (6882) on Saturday December 08 2018, @01:34AM (#771383)

              Yes, I understand. Abstracting the fine one level is a good idea, so that fines can keep up with inflation, deflation, etc.

              They should just abstract away the whole thing:
                * X is punishable by Y and update X and Y every nano-second in a super-secret filing cabinet underground.

          • (Score: 3, Interesting) by bob_super on Friday December 07 2018, @07:19PM (1 child)

            by bob_super (1357) on Friday December 07 2018, @07:19PM (#771268)

            Fixed fines is "screw the poor, but the richer will feel it less and less over time"
            Inflation adjustment is "screw the poor progressively more, while keeping the pain constant for the richer", where "pain" varies based on your income, from mild suffering to mere light rash.
            Income-based fines can be two ways too. In one version, it's linear with income, which still hurts the poor a lot more than the rich, and isn't nightmarish to implement.
            The other version scales up in percentage as income grows, like income taxes, which is the only way the rich actually start hurting for their misdeeds, while the poor only pay what they can afford. Setting that up without massive new infrastructure would essentially require paying your fines at tax return time...

            • (Score: 3, Interesting) by deimtee on Saturday December 08 2018, @11:26AM

              by deimtee (3272) on Saturday December 08 2018, @11:26AM (#771488) Journal

              I like the idea of progressive fines, and it occurs to me a way to implement on top of the current system would be to keep the penalty unit system in regard to fines, but make the actual unit value a variable based on income/wealth. This would only require modifying the law that sets the value of a penalty unit.
              I also lean towards basing it much more heavily on the side of wealth rather than income. Entitled trust fund brats should not offend with impunity just because they have zero "income", while hard workers pay more just because they did a lot of overtime.

              --
              If you cough while drinking cheap red wine it really cleans out your sinuses.
      • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @11:37AM (1 child)

        by Anonymous Coward on Saturday December 08 2018, @11:37AM (#771493)

        Run away very fast?
        Have a kill switch in the device that melts the phone?
        Have a pin that opens a vanilla clean OS instead of the standard OS?

        • (Score: 0) by Anonymous Coward on Sunday December 09 2018, @08:07PM

          by Anonymous Coward on Sunday December 09 2018, @08:07PM (#772074)

          Don't carry a smartphone?

  • (Score: 1, Offtopic) by Runaway1956 on Friday December 07 2018, @04:14PM (5 children)

    by Runaway1956 (2926) Subscriber Badge on Friday December 07 2018, @04:14PM (#771179) Journal

    If the 'Stryans submit, then it's their own fault. One of the first rules of leadership is, you never give an order that you know will not be obeyed. Either the politicos know their constituents will puss out, OR, they have underestimated their constituents.

    Where's Crocodile Dundee when you need him? "Sir, we need you to give us the password to your cell phone." "Not happenin, Mate!" "Sir, we really need to pilfer the data on your phone." "Well, Mate, first you'll have to pilfer the data on the blade of this knife." "Oh, well, very well Sir. May I be of service to you? No? Well, have a nice day Sir!"

    Alright, so Croc Dundee is fictional. Still - where are the revolutionaries? Inda had Mahatma - what do the Ozzies have?

    • (Score: 2) by Dr Spin on Friday December 07 2018, @04:42PM

      by Dr Spin (5239) on Friday December 07 2018, @04:42PM (#771187)

      Inda had Mahatma - what do the Ozzies have?
      Kangaroos?

      --
      Warning: Opening your mouth may invalidate your brain!
    • (Score: 3, Insightful) by takyon on Friday December 07 2018, @04:46PM (2 children)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Friday December 07 2018, @04:46PM (#771192) Journal

      Inda had Mahatma - what do the Ozzies have?

      They have a comfortable first world lifestyle.

      France has the yellow vest protests. The police response this weekend is said to be the biggest since the 60s. Are those protests likely to topple the government? No, maybe just a change of political party in power at most. Were they sparked by an arcane technology issue? No, a fuel tax.

      It's surprising that it has taken this long for a country to pass an encryption law this bad. But now we'll get to see just how effective it is. What will probably happen here is that life will go on, many techies will still use strong encryption, but the Aussie prosecutors will have an extra charge to slap on people when they are throwing the book at them. For some suspects, maybe the price of violating the encryption law is better than having their hard drive contents revealed.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 1) by anubi on Saturday December 08 2018, @07:06AM (1 child)

        by anubi (2828) on Saturday December 08 2018, @07:06AM (#771455) Journal

        I get the idea this will just spawn off a new kind of stealth technology for concealing even the existence of data storage. Likely using steganograpic means of storing hidden files in things like home movies of the family vacation.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    • (Score: 3, Interesting) by nobu_the_bard on Friday December 07 2018, @05:50PM

      by nobu_the_bard (6373) on Friday December 07 2018, @05:50PM (#771240)

      Alright, so Croc Dundee is fictional. Still - where are the revolutionaries? Inda had Mahatma - what do the Ozzies have?

      Ned Kelly?

      Though he's more of a Robin Hood type legacy...

  • (Score: 1) by fustakrakich on Friday December 07 2018, @06:20PM

    by fustakrakich (6150) on Friday December 07 2018, @06:20PM (#771255) Journal

    Bah, they've doing that for years...

    Oh you mean legally, with full voter approval and consent. Well, then it's okay, right? I mean, after all, nobody's lifting a finger to vote for a different class of politician so this kind of thing can't happen, so where's the beef?

    --
    La politica e i criminali sono la stessa cosa..
  • (Score: 4, Interesting) by Anonymous Coward on Friday December 07 2018, @07:59PM (1 child)

    by Anonymous Coward on Friday December 07 2018, @07:59PM (#771282)

    These laws only affect typical users. Anyone with something to hide, can still use an App on their phone or external service that effective hides/encrypts anything they are doing. Criminals are most likely to be part of second group, so this sort of law are pretty much useless.

    Here's to hoping that all the phones/password managers implement panic/duress code systems that lets the user enter a different 'unlock' password/code that automatically wipes the local key information, or does a true crypt style multi-partition decryption.

    With an optional encryption key backup system that lets the user save the key elsewhere (or not) should they want to recover at a later time. That saved key could be kept anywhere, by anyone, or not at all. Double bonus for automatic removal of 'no longer accessible data' from the UI and file system of the phone. Phones should also keep unused/erased areas of file systems wiped with cryptographically random data to make it plausibly deniable that there was/is any actual encrypted data there at all.

    At a minimum, I expect Apps to become available that do this for the App's data/communications. For example, a simple App that does remote end-to-end encrypted messaging and VOIP could implement the above strategy.

    Apps (ie. password managers and secure communication apps) that are run on the phone could be compromised by 'imaging' the phone file system to work around the Apps ability to wipe its keys, followed by an offline dictionary attack - or multiple applications of this law until some sort of data is exposed. This is why any App that saves data/config/logs should save them in its own 'true crypt' style storage blob. Since this sort of App doesn't necessarily keep huge amounts of data around, they could partition data by security level and the more sensitive data could be rendered invisible when the duress code is used to unlock it. This means that the user should use a strong password/phrase for secure data to avoid offline dictionary attacks on a compromised 'storage blob'.

    Voip/messaging apps that display incoming 'callers/senders' should do so by displaying a digital ID or 'insecure' alias of the caller, as the caller information should not be available to the phone /UI without entering the secure password information. The incoming caller comms meta data headers should also be steganographically encrypted so they can be opened with multiple keys, one (or none) being the secure key, and another being the insecure key. Since meta data is usually small, it wouldn't hurt to double/triple/etc its size to allow this sort of system to operate with full plausible deniability. Since a secure key may not even be configured for every contact the user expects to use the App, then it is more than likely that any given 'intercept' will truly only be encrypted with a single 'insecure' key.

    With bullshit laws like this, I expect the above sort of App to become much more common than it has before.

    • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @12:03PM

      by Anonymous Coward on Saturday December 08 2018, @12:03PM (#771502)

      Next they will make duress keys/boss function/manual wipe keys illegal

  • (Score: 0) by Anonymous Coward on Friday December 07 2018, @09:57PM (2 children)

    by Anonymous Coward on Friday December 07 2018, @09:57PM (#771316)

    Not saying just roll over as it should be fought, but in the meantime, can you have 2 codes, one to unlock, and one to nuke?

    • (Score: 1) by The Vocal Minority on Saturday December 08 2018, @04:18AM (1 child)

      by The Vocal Minority (2765) on Saturday December 08 2018, @04:18AM (#771434) Journal

      Pretty sure standard practice is to image the storage device before attempting to decrypt. Nuke would just result in restore from backup and try again, or do you want to go to jail for 5 years.

      • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @11:48AM

        by Anonymous Coward on Saturday December 08 2018, @11:48AM (#771499)

        In the street? When will they ask for a password? Or is this 'arrest first, ask questions later'?

  • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @12:12AM (1 child)

    by Anonymous Coward on Saturday December 08 2018, @12:12AM (#771350)

    I'm probably just being pedantic about the wording, but does the law apply to Australian Citizens, or anybody - i.e. foreigners too - within Australia?

    • (Score: 2) by deimtee on Saturday December 08 2018, @11:30AM

      by deimtee (3272) on Saturday December 08 2018, @11:30AM (#771490) Journal

      Any Australian law applies to everybody in Australia. If there are exceptions they are written into the specific laws. So tourists are covered too.

      --
      If you cough while drinking cheap red wine it really cleans out your sinuses.
  • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @01:06AM (1 child)

    by Anonymous Coward on Saturday December 08 2018, @01:06AM (#771368)

    Not if I don't have a phone, cobber!

    • (Score: 2) by qzm on Saturday December 08 2018, @07:09AM

      by qzm (3260) on Saturday December 08 2018, @07:09AM (#771456)

      Everyone needs a phone these days, this isnt the 80s you know!

      And I am perfectly happy to unlock my nokia 8810 for them.. I think it even has a list of contact numbers, and perhaps some call history.
      Could be a few text messages also...

      I still somehow feel they could be disappointed.

      I could give them my facegram and instabook accounts also I guess - would have to make some to give to them, but hey..

  • (Score: 2) by MichaelDavidCrawford on Saturday December 08 2018, @04:16AM (5 children)

    by MichaelDavidCrawford (2339) Subscriber Badge <mdcrawford@gmail.com> on Saturday December 08 2018, @04:16AM (#771433) Homepage Journal

    That's one of the reasons I _support_ patents, including software patents: they motivate others to improve on the patented inventions.

    With no patents we would have settled on MP3. Ogg Vorbis would have never been invented.

    I have other reasons.

    --
    Yes I Have No Bananas. [gofundme.com]
    • (Score: 2, Interesting) by Sabriel on Saturday December 08 2018, @07:19AM (1 child)

      by Sabriel (6522) on Saturday December 08 2018, @07:19AM (#771458)

      "With no patents we would have settled on MP3."

      How do you know?

    • (Score: 0) by Anonymous Coward on Saturday December 08 2018, @12:05PM (1 child)

      by Anonymous Coward on Saturday December 08 2018, @12:05PM (#771504)

      Dude, don't ever contract a cancer that requires a patent protected medicine

    • (Score: 0) by Anonymous Coward on Sunday December 09 2018, @08:12PM

      by Anonymous Coward on Sunday December 09 2018, @08:12PM (#772076)

      It seems to me we waste a lot of time working around patents instead of improving upon existing tech.

(1)