Australia Considering New Law Weakening Encryption

News from Australia:

Under the law, internet companies would have the same obligations telephone companies do to help law enforcement agencies, Prime Minister Malcolm Turnbull said. Law enforcement agencies would need warrants to access the communications.

"We've got a real problem in that the law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile rings are up to because of the very high levels of encryption," Turnbull told reporters.

"Where we can compel it, we will, but we will need the cooperation from the tech companies," he added.

Never mind that the law 1) would not achieve the desired results because all the smart "terrorists and drug traffickers and pedophile rings" will simply use a third-party encryption app, and 2) would make everyone else in Australia less secure. But that's all ground I've covered before.

I found this bit amusing:

Asked whether the laws of mathematics behind encryption would trump any new legislation, Mr Turnbull said: "The laws of Australia prevail in Australia, I can assure you of that.

"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia."

Next Turnbull is going to try to legislate that pi = 3.2.

Another article. BoingBoing post.

EDITED TO ADD: More commentary.

Posted on July 17, 2017 at 6:29 AM • 78 Comments

Comments

AndrewJuly 17, 2017 6:37 AM

This comes right after a significant (Australian) Medicare breach. Weakening security is hardly going to improve our situation. We need better, not weaker. If data can't be moved one way, another will be found. They (the bad guys) can simply encrypt an email body, use VPN's or code-words (substitutions). It's simply moving the bad from one place to another.

David RudlingJuly 17, 2017 6:43 AM

SFOEFSFE TQFFDIMFTT

(Try shifting each letter to the preceding letter of the alphabet).
This is based on the new draft standard of the only permitted encryption in Australia in future.

AppeosJuly 17, 2017 6:46 AM

Whenever I see these stories about badly informed politicians I can't help thinking that they are simply playing to their core audience.

"Something must be done about X, Y and Z, and we are going to get tough and do it!"

The fact that it is clearly impossible to do what they assert seems to make no difference to them, as long as the "we are tough" and "we are doing something" messages get across to the voters.

It cannot be that nobody in politics understands this stuff and none of their legions of advisors have mentioned it.

The media doesn't help either, by reporting these politicians making ludicrous pronouncements, based entirely on wishful thinking.

meJuly 17, 2017 6:56 AM

everyone should remember that also if noone can't change math laws or hack good encryption it doesn't mean that a gov can't ban encryption.
they can just pass a law that say "who is found using encryption will be arrested" that is all what they need.

more or less what america is doing now if you want to enter.
i think that all tthe people (shneier included) who find new nice tricks to fool the boarder agents are wrong. you will not solve the problem in this way. the only solution is say "NO" i'm not going to decrypt my phone and allow you to make a full copy of it because is unconstitutional and immoral.

Name (required)July 17, 2017 7:30 AM

This is the same Prime Minister that suggests journalist should use encryption to protect sources from the metadata retention laws his party implemented. He uses Wickr. Suggested other Aussies do the same.

Linky

Jack July 17, 2017 7:31 AM

Waiting for the times when all the "criminals" would.. not use the internet. Try breaking THAT encryption

WhiskersInMenloJuly 17, 2017 7:44 AM

I fear they are forgetting the reason security has been adopted.
Criminals have been stealing individual, state, corporate and national secrets and money.

The same tech to protect power generation, distribution and billing is what they are asking to be gelded and hobbled.

There are problems but bad solutions create worse messes.

One worse outcome is having weak systems where no digital data has value in court but has value to criminals.

I suspect, Most terror acts are claimed and prosecuted by public statements made in the clear without encryption.

Some of this wil get easy with Startrek class quantum computers and satellite life form detectors.

Slightly off topic:
Ponder drug sniffing dogs trained to detect marajuana and other drugs. Some thirty states now have legalized marajuana so a dog "hit" on a bag, person, or vehicle is no longer probable cause. There have been problems with dog handlers and intentional false positives but this expected false positive is a game changer. Chicken and egg warrants for digital data implies none of this will stop crime.

225July 17, 2017 7:49 AM

Turnbull is either just following his copy of 1984 - the guide to governing, or is acting a fool to distract us from the big instant messaging companies which likely already do this for the US gov. We have been taught to think about end to end encryption is a service offered by some gag ordered third party based in the states.

255July 17, 2017 7:55 AM

@ WhiskersInMenlo continuing off topic, in Victoria Australia sniffer dogs were brought in specifically as a response to a type of drug that has no odor (GHB), so an example of Australian law prevailing over physics.

CallMeLateForSupperJuly 17, 2017 8:16 AM

"... law enforcement agencies are increasingly unable to find out what terrorists and drug traffickers and pedophile rings are up to because of the very high levels of encryption."

No, law enforcement don't find out what the bad guys communicate because law enforcement acts as though snarfing up email/phone/text comms while polishing their pants is the only way to gather intel. That modus begs the question: how the heck did law enforcement do their sworn duties before there was internet?

James Comey stepped up to the plate and lobbied to disembowel encryption. No thinking person accepted his argument. GB picked up Comey's ball and ran with it, ultimately squeezing out the execrable Snoopers Charter. Now Roo country, emboldened by the "victory" of its historical tormentor and desiring to demonstrate that, yes, it can indeed continue to run with the big dogs thank-you-very-much, has set out to replicate GB's astoundingly ill-informed feat.

From the article Bruce linked to:
"The Australian Federal Police say the proportion of communication traffic they monitor that was encrypted had grown from 3 percent to more than 55 percent in only a few years."

The very instant that I read that quote yesterday I thought: what encryption accounts for that? If the Roo feds counted HTTPS comms as "traffic they monitor", then the claimed 3-to-55% jump is pretty much meaningless. Also disingenuous and misleading. Have a look at the steep rise in the number of sites that support HTTPS.

PhJuly 17, 2017 8:43 AM

"Next Turnbull is going to try to legislate that pi = 3.2"

Oh man, i couldn't stop laughing for a long time after reading that (still giggling)

It reminds me of those christians that refute quantum theory and are using GPS every day.

Clive RobinsonJuly 17, 2017 8:56 AM

@ Mike, Uh Mike,

I wonder what he thinks of the laws of physics

probably "not a lot" unless somebody points out "they are God Given laws" and implies that ignoring them will bring down the wrath of God on the unfortunate heathen, and all that support them... Then of course he will profess loudly and frequently he is a believer.

Let's all thank Australia for demonstrating stupid.

Err they are just copying the US from a while back when they tried to legoslate Pi to a simple fraction...

Thus "Stupid is as stupid does".

But you might not know the original medical test for a person being respectively Stupid / Moron / Imbecile... The examiner would put a candle on the table and light it, he would then hold a gold coin in the flame and offer it to the person being tested. If the person took it they were atleast stupid. The test was repeated a few moments later if they took it a second time they were a moron, if a third time an imbecile...

As we know quite a few politicos keep their grasping hand out grabbing all the time irrespective of the consequences. You only have to examin the track record of the likes of US Senator Dianne Goldman Berman Feinstein, she's "grasped for hot gold" so often there is not a word with sufficient gravity to describe her mental condition...

WinterJuly 17, 2017 9:25 AM

We now have seen quite a number of examples where weak security caused serious havoc.

The US had the elections of their President compromised by bad security. Many companies have suffered serious damage due to bad security (e.g., the not Petya attack) and even power utilities and hospitals have been brought down. What use is it to design backdoors to catch terrorists and criminals if these same backdoors can be used by terrorists and criminals to steer the elections and bring down law enforcement and the economy.

I am always curious what type of global disaster is needed to get high level politicians to notice they are on the wrong way?

Maybe only a decisive loss in their own elections due to bad cyber security might work? But I do seriously doubt whether even that helps. And they would not be in power anymore to act upon their new understanding anyway.

Ewan MarshallJuly 17, 2017 9:27 AM

I guess if the laws of physics and math don't win in Australia then it is okay to throw someone off a building cause they won't obviously fall to the ground in a parabola... Maybe Mr Turnball will volunteer to help us get this.

Who?July 17, 2017 9:39 AM

@ David Rudling

SFOEFSFE TQFFDIMFTT

(Try shifting each letter to the preceding letter of the alphabet). This is based on the new draft standard of the only permitted encryption in Australia in future.

Shifting letters by hand is too much effort:

$ echo "SFOEFSFE TQFFDIMFTT" | caesar
RENDERED SPEECHLESS

As Bruce says, weakening encryption only makes things harder for people that obey the law. May I add a third point? "3) Makes crime against australian citizens easier for wrongdoers."

TimHJuly 17, 2017 9:59 AM

The encryption backdoor demand uses criminal activity detection issue as a red herring. Most politicians and regretattbly few civilians know that it will help catch the lowest tier offenders. The real reason is to identify legal civilian threats to the state, those effective dissenters that organise civil disobedience etc. These people are the real threat to the state, meaning the official and shadow existing power structures.

Gary WhiteJuly 17, 2017 10:14 AM

Freedom APK is what comes to mind when it comes to surfing and playing the premium game without shelling out a dime for it.
Many users have complained that there are no free lunches in life but this app makes us believe otherwise. Want to know more about the Freedom app? Please visit our Website

ParabarbarianJuly 17, 2017 10:27 AM

No surprise here. Surveillance is part of society now. Australia already categorizes the Internet as a common carrier service which puts it light-years ahead in surveillance opportunities compared to the United States where the Internet is still an "information service".

DanielJuly 17, 2017 11:29 AM

Although Turnbull phrased his retort awkwardly he has a point that too many people in this comment section overlook: we cannot separate math from human values in any practical implementation. Whether you or I like it or not there are many, many people who think that the Four Horseman of the Info Apocalypse are more than significant justification for encryption backdoors. They view the elimination of what they perceive to be scourges as worth any cost. They really hate pedophiles that much, they really fear terrorists that much, they really scorn drug dealers that much. So while mocking Turnbull's seeming arrogance may make us all feel superior it doesn't actually do anything to change such people's opinions.

Snarki, child of LokiJuly 17, 2017 11:30 AM

Clearly the Aussie PM needs to use ROT-13 for his secure communications.

And if that isn't enough, use DOUBLE ROT-13.

RhysJuly 17, 2017 11:47 AM

I don't see the point of paying any attention to the drivel and drool from scientific/technophobic politicians.

These aggrieved alpha primates are phobic beyond clinical treatment. Their phobias are too numerous- not limited to just STEM. Extends to everything they cannot control or influence. Their grievances can never be sated.

What is the real value being fought for? The "right" to encrypt? Or are we all asking for something greater and mathematical complexity was just a tool used to exercise some greater right?

The logic of abrogating social contracts with persistent surveillance, the loss of confidentiality, the loss of privacy, the loss of integrity having no recapitulation has been tested to where the excuse of not knowing better is no longer available.

Mathematical encryption, regardless of the brutes understanding of math, boils down to 'a' secrecy strategy intent on obscuration. "A". Not "THE". One amongst many.

There are many other means and methods of to mask confidential or private intentions. It is in the nature of humanity to adapt, to improvise, to overcome.

And for those of you who didn't emerge when "Ma Bell" was still here ('82)...the enabling legislations of the telecommunications monopoly had requirements in the US. Privacy was one of them. They were detailed in the Systems Instructions. This is what the FCC is trying to dismantle any remaining vestiges of now. It isn't just a "universal" service- it was a service with attributions of privacy.

Clive RobinsonJuly 17, 2017 12:07 PM

@ Daniel,

They view the elimination of what they perceive to be scourges as worth any cost. They really hate pedophiles that much, they really fear terrorists that much, they really scorn drug dealers that much.

Actually they don't, plain and simple, there are considerably more than average sexual deviants and drug users in politics than there is in tje general population. Likewise you only have to glance at the foreign policy of the US and some of the rest of the western world to realise that they are truleu the original meaning of terrorsit.

All they care about is the accumulation of power/wealth and will pay lip service to what ever will get them the power/wealth be it via the voters or via the likes of the MIC, IC, Finance industry etc etc.

The few politicians that acrually care about anything are easy meat for those that care only for themselves. That is what they care about becomes a tool of control wielded by those who care not how they get power/wealth.

Have a read of Machiavelli's the Prince, it's one of the more original thus honest descriptions of state craft.

RachelJuly 17, 2017 12:25 PM

@ Clive

indeed, I was thinking perhaps many commenters here would enjoy seeing Linus and Turnbull hooking up over a candle lit dinner, soft spanish guitar in the background. Perfect

NinjaJuly 17, 2017 12:51 PM

"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia."

In Soviet Australia... Wait.

EtienneJuly 17, 2017 1:30 PM

There's a simple solution. If you are a criminal, you need to do hard labor, and you need to be put to sleep if the crime involves killing people.

You can't have a society in which plea bargains keep everyone out of jail.

Ergo, if crimes are prosecuted, and criminals do hard labor for years, then society benefits with freedoms intact.

Ross SniderJuly 17, 2017 1:55 PM

Politicians being stupid is not the point here.

This is several decades into a well greased debate about encryption law.

The politicians know exactly what they are doing. They made a simultaneous bet on surveillance society and free society. They are now realizing they are at odds.

Their choice of which of the society models to actively contest is revealing.

xyzJuly 17, 2017 2:25 PM

"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia."

So why not outlaw the law of gravity with respect to criminals so they'll just float away into space?

DanielJuly 17, 2017 2:29 PM

@Clive

Let's accept everything you say as true (I don't but I'll do so for the sake of argument). Where does that leave us? Nowhere useful. My point is that politicians are not stupid, they merely seek to represent people who hold different values than you or I. Your response to me is, in essence, fair enough they are not stupid, just evil. Labeling politicians as Machiavellian doesn't advance the conversation nor does it propose any effective response...it is vapid complaining.

Clive RobinsonJuly 17, 2017 3:31 PM

@ Moderator,

"Rufo Guerreschi" appears to be making an unsolicited advertisement.

Clive RobinsonJuly 17, 2017 4:31 PM

@ Daniel,

Where does that leave us? Nowhere useful.

As the old saying has it you have to know the beast before you fight the beast. Often said these daus as "Know your enemy".

And before you ask if they are the enemy just remember they are putting out all the signs that they think you are the enemy.

So contrary to what you say we are further forward by knowing their motivations for what they are rather than how they chose to hide them.

With regards,

Labeling politicians as Machiavellian doesn't advance the conversation nor does it propose any effective response

The fact that I established a point to start from but have not made further suggestions does not in any way mean I don't have an "effective response". But I find it odd that you fail to see what is fairly obvious.

There are a couple of ways you can move forward, two being "unmask them" the second "ridicule them". In the US the latter is still covered by "Free Speech".

However the usual way political upheaval fails is that when you remove a leader you have a power vacuum arising. If you don't have an appropriate candidate in place waiting to step forward to fill the vacuum then the chances are better than even that somebody inappropriate will step forward. If that happens you have to go through the whole process again.

It's becoming obvious to people out side of the US that the Republicans are planning to get rid of Trump by impeachment, probably some time after the mid-terms. Untill then they are smoking him whilst they push ahead with their own agenda.

It's fairly obvious that the Democrats are nowhere near ready to field a replacment and if the Republicans have a likely candidate they are keeping them under wraps for now.

Thus the problem you have is if the mid terms do not give the Republicans a firm base then it's unlikely there will be an acceptable candidate to step forward if they do impeach Trump. The upset in the snap elections in the UK and the way the French vote went will be making those with a conservative view nervous. Thus if they feel they may not get a good midterm result they may decide impeachment will actually not be a good idea. But by then half the presedential term will be over with little or nothing achived, and the US voters will know that comming into the re-election phase. Thus the question of how will the voters see that? Who will they blaim/punish? The RNC will be acutely aware that the odds are it will be their face that gets the target painted on it, which is most certainly not what they want. Thus for apperences sake they may will play cosey up to Trump in a way that will make it look like he, not the Republicans failed the Anerican People.

Either way it leaves the Republicans quite exposed to any attack on their current politicians by unmasking or ridicule. The one thing Trump has shown is that there are alternatives to the Republican dominated MSM thus the MSM can be out flanked.

It will be interesting to see what will happen at the midterms. There is a distinct posibility the voters will "punish the party" as has happened in Europe.

From a European perspective neither the Democrats or Republicans are seen as being "leaders" thus there may well be a hardening of relations towards the US, which will please the likes of China, India, Iran, Russia and South America. In years to come will historians look at the Trump years as the begining of the fall of the USA? I guess we will have to wait and see, but to be honest the signs are not good, due to perceived instability and weak leadership, that the economy generaly hates.

JardaJuly 17, 2017 4:47 PM

Everybody knows that Turnbull is a genius, right? And the terrorists will certainly comply with the law and use only methods of cryptography and steganography allowed by the law. Besides, this law is the way to go! We don't want all the Russian, North Korean and Chinese cyber criminals to sweat of hard work trying to break into things.

Dirk PraetJuly 17, 2017 5:13 PM

@ Daniel

My point is that politicians are not stupid, they merely seek to represent people who hold different values than you or I.

Stupidity is as common among politicians as it is across the rest of the population (look up "political gaffes"). What is different is their inclination to make or keep their electorate as stupid as possible in order to further nothing but their own agendas and those of their corporate overlords. And that's exactly what this fearmongering by Turnbull and others about terrorists, pedophiles and drug dealers is really all about.

No one even remotely knowledgeable about the subject matter will attest to mandatory backdoors being a good, or even properly feasible idea. Which means that anyone claiming it is, indeed is either a moron or on an entirely different mission. Reading up on "Il Principe" may help on differentiating between those two.

@ Rachel

I was thinking perhaps many commenters here would enjoy seeing Linus and Turnbull hooking up over a candle lit dinner, soft spanish guitar in the background.

I would rather enjoy myself talking to Linus over a couple of burgers, a bottle of Jack Daniel's and Motorhead or The Ramones in the background. To settle this thing with grsecurity once and for all, incorporate their patches into the mainstream kernel and offer them a commensurate sum of money out of the grants fund.

GrahamcJuly 17, 2017 5:22 PM

We in Australia are world class - our politicians are every bit as short-sighted and stupid as anywhere in the world!

TatütataJuly 17, 2017 7:43 PM

There were actually US state laws on the books mandating that pi be equal to 22/7 (source: "A History of Pi
Book" by Petr Beckmann), so mind your pot before you throw names at that kettle.

The_TruthJuly 17, 2017 10:10 PM

....

Australia Considering New Law Weakening Encryption

This has nothing to do with crime.

This has everything to do with population control.

The New World Order is coming.

Australia will be honored with a prime seat at the next Bilderberg Group convention.

DaveJuly 17, 2017 10:16 PM

"terrorists and drug traffickers and pedophile rings"

He missed out kidnappers. Sheesh, he can't even stay on script, missing out an entire horseman when he presents his argument. How hard can it be to remember four? Four Malcolm, four. Not three, not two, not five, just the standard four.

ab praeceptisJuly 18, 2017 12:30 AM

Grahamc

"We in Australia are world class - our politicians are every bit as short-sighted and stupid as anywhere in the world!"

World-class? Well, I'm not so sure about that (which may in part be due to hardly being able to understand you "english").

But short-sighted and stupid you are not. That I know for sure. I've seen some really good profs as well as some really nice work (no, not only sel4. down-underlings did quite a lot more nice stuff).

Are your politicians plain stupid? Mr. turn-bullfrog quite probably could easily prove that IQ can be below zero.
But generally - and not only in australia! - I perceive politicians not so much as stupid but rather as clinically egomaniac, ruthless without limits, utterly corrupt, and generally jerks (with rather few exceptions).

ExadiosJuly 18, 2017 12:48 AM

Interestingly, I have heard similar regarding math or physics laws in business contexts. Usually from company CEOs or similar whose qualifications are MBA / accounting.

So, the person in question asks why we cannot solve a problem in a particular manner to which I or another respond that their favorite solution would violate laws of math / physics. A typical response is that we will have to change the laws (and they're not kidding!). The problem is that non scientific trained people have almost no concept that the universe is ruled by certain laws.

BaffledJuly 18, 2017 6:35 AM

Tatütata: do you think Bruce does not know about such silly proposed pi-related legislation? He explicitly linked to an article about it!

But the legislation was not actually passed. (The linked article has more detail than Beckmann's book.)

Snarki, child of LokiJuly 18, 2017 6:52 AM

@xyz: "So why not outlaw the law of gravity with respect to criminals so they'll just float away into space?"

England already tried that, by shipping their criminals to Australia!

But those damned tricky Aussie cons invented magnetic boots, and here we are.

Despicable, really.

JoeJuly 18, 2017 6:59 AM

@ Clive Robinson

The Democrats cannot have a candidate ready in the event of Trump's impeachment. Bill Clinton was impeached and remained in office. Impeachment is only the first step in removing a President from office. Even if the President is impeached by the House and removed by the Senate, there would be no election to replace him. Vice president Pence would automatically become the President and he would appoint a new Vice President, who would have to be approved by Congress. The 25th Amendment spells that process out. Nowhere in that process would the Democratic Party have an option to present their own candidate. I do not think the Democrats fully understand that.

SKJuly 18, 2017 7:19 AM

As an Australian, this makes me want to bang my head on the table repeatedly. No no no. This will not stand. I will decide what level of encryption I use. Makes my blood boil. You are way too charitable Bruce. This is beyond stupid.

albertJuly 18, 2017 9:04 AM

What's the deal with Australia? Is it the water? Or being upside down all the time?

What kind of terrorism problems are they having? 17 deaths since 1970?

Simple solutions for simple minds:

1. Dis-associate yourselves from US policies, and don't worry about terrorism.

2. Legalize drugs.

3. Infiltrate pedophile rings and bring them down hard.

4. Reform policies that result in inequalities.

"Do something, even if it's wrong" isn't good policy.

It's stupid.

. .. . .. --- ....

xJuly 18, 2017 2:09 PM

While the comment about the laws of mathematics not valid in Australia is amusing by its sheer stupidity, we should not forget that the only law is the law of the strongest.
The state organs are the strongest, so they make/interpret the law as the seem fit.

This is what will happen:

- Australia will pass a law making backdoors mandatory

- Facebook & Co. will comply voluntarily or they will be offered incentives to make them comply.

Just look at Germany, which just passed a law that mandates all social media platforms to remove 'hate speech', when requested so not by a court order, but by a private entity (a foundation run by party hacks with no judicial oversight).
Facebook had no problem with this, because they obviously care more about access to the German market than about freedom of speech.

Another case is Singapore, which adopted Facebook Workplace for the entire public service. I wonder what concessions Facebook made in return.

- We techies will congratulate ourselves how smart we are using open source and that the government will never decrypt our messages.

- Of course, open source systems will never play a role, because they are basically unusable for any normal person.

Sometimes I wonder if the intelligence community deliberately subverts the open source community, because many programs are so difficult to use that it is hard to get them that way without intent.
Just look at PGP (still holding back encryption), Signal (can't install it on a PC, needs a valid *phone number* as an identifier), or Jitsi (impossible to install compared to Skype)


- None of that matters anyway, because 99.999% of all communications are open via Facebook & Co.

- If they want to get you, they'll send you a court order to decrypt your messages, if you can't do so, SOL.

- Good luck explaining perfect forward secrecy to a judge. "So you did not use Facebook like everyone else, but you deliberately used a program that was designed to destroy messages immediately?"
Now they have proven criminal intent and destruction of evidence, enjoy your stay in jail.
Even if they find you not guilty, you will be ruined by the trial.

- The end result of the law: All Facebook messages can be intercepted, anyone else can be sent to jail at will.

I am pretty sure Turnbull can live with these restrictions.

tyrJuly 18, 2017 5:30 PM


@Clive

Aren't they part of the five Is (Idiots)?
The mad scheme to run the world from a
cubicle set manned by minor apparatchiks.

I never found Machiavelli to be particularly
evil since all he did was tell unvarnished
truth about what he had seen in his own
government service.

If Australia wants to be a boon to the human
race get them to repeal the law of unintended
consequences before this rag-tag civilization
drives itself off the edge of the cliff in
front of it.

Check out boing boing today lots of ctypto
and my favourite the Chinese anti-pervert
flamer. That should be captioned "You'll
never take me alive Obi Wan Kenobi !!"

Physics is a lot easier once you set the
harder numbers = 1 showing that politicos
have nothing on the average boffin at work.

Lawrence D’OliveiroJuly 18, 2017 5:42 PM

If the Government is so keen on a workable back-doored encryption system, why don’t they come up with one? The US Government employs the NSA, which (allegedly) has the largest and brightest pool of crypto talent on the planet. If anybody has the necessary hashtags to come up with such a scheme, wouldn’t it be them?

Maybe President Trump can issue an Executive Order to that effect—could that be the missing sprinkling of magic pixie dust that is needed to kick-start the process?

DroneJuly 18, 2017 7:41 PM

"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia."

Government Idiots. 2+2=5

Here in Indonesia the Government just banned and blocked the Telegraph App. Another one bites the dust. Step-by-step they're censoring the whole Internet here.

AnonJuly 18, 2017 7:50 PM

@Lawrence D'Oliveiro: Instead of backdoors in crypto that weaken security, why not just encrypt everything twice - one copy to the legitimate recipient, and a copy for the Government mass surveillance program?

That way, security is maintained, and proper accountability can be had regarding data.

I'm in no way in favor of mass surveillance. It however appears to be the only real solution without weakening security.

Of course, who is going to trust that the Government master-key doesn't get copied by a rogue actor?

Gin BeamJuly 18, 2017 10:57 PM

You buried the lead!

THE LAWS OF MATHEMATICS NO LONGER APPLY IN AUSTRALIA, according to Australian boffins!

I knew ever since I'd seen their backwards toilets.

Dirk PraetJuly 19, 2017 3:56 AM

@ Lawrence D’Oliveiro

If the Government is so keen on a workable back-doored encryption system, why don’t they come up with one?

The idea has been suggested before. In 2015, one Hillary Clinton - showcasing the utter ignorance of the average politician on the subject matter - also called for a new Manhattan Project to "improve collaboration between tech firms and authorities". So far, only He Who Must Not Be Named, his Italian counterpart @Rufo Guerreschi of the Trustless Computing Initiative and some half-wit TLA figureheads in search of new funding have signed on. Pretty much everyone else answered the call with an ominous "DUH".

What does not seem to sink through with Turnbull & co. is that the "modern presidential" way of swaying voters is no longer by proposing legislation that defies the laws of physics - people will eventually catch on - but by appearing on TV reality shows and lashing out on Twitter at everything that breathes.

ThothJuly 19, 2017 4:52 AM

@x

Fingers pointing and blaming OSS devs is not going to work. How many are willing to code ? You ?

ThothJuly 19, 2017 5:49 AM

@all

To be fair, OSS and it's operational model is perhaps driving itself into it's own grave in a sort if way.

Human ego and desires get in the way and people bang heads and spill out all sorts of tribal style flame wars. One faction or distro hates the other faction or distro and the fanbois all going crazy with flaming each other than to sit down and settle their differences and improve the codes.

Most OSS exist for free and when some are asked to pay for a small sum just to fill the devs rice bowl and to maintain the development cost, it becomes misunderstood and accused of hiding backdoors. This turns into a habit of leeching someone of their efforts and not giving back some in return and becomes an unsustainable cycle.

When the devs decide to provide source codes in good faith, these codes get ripped and become someone else where the others get paid in some cases (i.e. GRSecurity case) for the hardwork of others.

The ICs, LEAs, Corps and so on simply sit from afar to watch the meltdown and as they simply swoop down at what they perceive as weakest links to benefit themselves and they have benefitted greatly as the OSS and the open security community have so much issues including those mentioned above.

I think my latest recommended approach would be to use crowd funding. Open source codes with features selected by which feature reaches it's funding marks. No funds, no OSS :) . This forces everyone to contribute whatever they can to improve the situation.

Let's start with making OpenPGP card management usable as OpenPGP card management is a head with the buggy GnuPG's scdaemon and using OpenPGP card to do crypto is a headache. I would suggest Java based GUI as I have some skeleton codes sitting around and BouncyCastle has a working OpenPGP library and also Java natively have the smartcard access library interface built in.

C/C++ is not used because it has weak out of the box integration with smartcard and libgcrypt for crypto is a very bad idea.

Rust, Haskell, Ada ... all faces the problem of weak smartcard access as well.

So to enable the Java OpenPGP Gui Manager, let's start a crowdfunding.

The crowdfunding would address:
- Java GUI for handling multiple OoenPGP cards
-Java GUI for key management of OpenPGP cards
- Java GUI for encrypt/decrypt/sign/verify of notepad text and files with the use of OpenPGP card

To support the creation of the crowdfunding page on Kickstarter, reply with the words 'Supporting jPGPManager'. Once there is more than 15 individuals supported, I will open the Kickstarter page to begin crowdfunding of development of jPGPManager.

It will use standard 3 Clause BSD license for the project.


Dan HJuly 19, 2017 7:54 AM

@Clive Robinson
"the US and some of the rest of the western world to realise that they are truleu the original meaning of terrorsit."

ROFLMAO

You're a loon.

Dan HJuly 19, 2017 8:01 AM

@Clive Robinson

I'll buy you a one-way ticket to Afghanistan, Iran, Syria, North Korea, Yemen, Somalia, Libya, Mexico, El Salvador, Venezuela, Iraq, Nigeria, Honduras, or Guatemala.

There are plenty to choose from in the list since you're in such discontent with the terrorists of the Western world.

Go. Be free.

WaelJuly 19, 2017 8:28 AM

@Dan H,

from in the list since you're in such discontent with the terrorists of the Western world.

There's a difference between righting what's wrong and preferring one country over another.

I'll buy you a one-way ticket to Afghanistan, Iran, Syria, North Korea, Yemen, Somalia, Libya,...

He wants his privacy but most of all, 
he wants a one way ticket to the moon ... But I know you can't get nothing for free

Clive RobinsonJuly 19, 2017 8:59 AM

@ Dan H,

You're a loon

A suggestion, before you say anything more, I suggest you go and look up the original definition of "terrorist". You will find it aptly describes US Foreign Policy for over a life time now. Even US Generals and President's have in the past made less than veiled comments in the past.

Thus get a history book and an education and stop listening to the --illegal-- propaganda the likes of the neo-cons[1] have being vomiting out in all directions as though it's some ultimate truth. It's not, it has two purposes,

1, Disguse the truth of their intentions.
2, Hide the theft of your money and lives of your children to make them wealthy.

[1] Before anyone starts a diatribe about party politics, you will find that neo-cons infest both sides of the political spectrum when it comes to pumping cash into campaign funds. Thus they are "ideological" not "Political" in orientation, or as has been said by others "Purple Payolas".

RachelJuly 19, 2017 9:02 AM

@ Wael
love your work all these years. Habibi!
but here you are building the garden path and you didn't stop to read the sign:
Trolls must keep off the grass
and
Don't feed the trolls
(even lower class volunteer ones that don't have a comeback when challenged)

ab praeceptisJuly 19, 2017 9:43 AM

Dan H

Are you sure that you do a service to your country and its reputation (let alone to any reputation you might have here) by demonstrating what many consider to be its default, if not only, way of responding by *attacking* (in this case Clive Robinson)

But O.K., as you provided that list, let's look at it...

Afghanistan, Iran, Syria, North Korea, Yemen, Somalia, Libya, Mexico, El Salvador, Venezuela, Iraq, Nigeria, Honduras, or Guatemala.

14 countries - of which 11 have either been attacked militarily - and illegaly, one might add - by a certain country and of the remaining 3 countries from one a large mass of land has been taken away in a war and 2 haven been attacked by "friends" (read: vassals) of said country which also supported those attacks.

14 out of 14 victims of a certain country. Quite an "accomplishment".

But attacking and/or plundering those countries wasn't bad enough. No, afterwards they get smeared and are put on a list of (allegedly) somehow "terrorist" countries. "Exceptional", indeed.

I fully concur with Clive Robinson.

The terrorist is the one which terrorized (i.a. those) 14 countries and not the victims. I'll leave it at that and not look at what nsa, cia, and fbi have done and are doing.

ab praeceptisJuly 19, 2017 9:48 AM

Correction:

The 4th paragraph should be

14 countries - of which 11 have either been attacked militarily *or regime changed* - and illegaly, one might add - by a certain country ...
(correction/completion emphasized)

Dan HJuly 19, 2017 1:54 PM

@ab praeceptis

I served my country and I couldn't care less what you think of my reputation here. Like I'm really going to lose sleep because of what you think of me? LMAO

I think you're a lunatic too.

I've noticed that neither you nor Clive have accepted the offer of being free in one of those utopia hotspots I listed. If the West is so bad, as I said, go, be free.

In fact, the comments on this site generally are nothing more than a honeypot of anti-America diatribe.

vas pupJuly 19, 2017 3:02 PM

"The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia."
I'd say that regardless of law adopted by any legislature or dictator/king you name it, e.g. sun rise staring tomorrow is on the West, and sunset on the East, SUN does NOT give a (bleep), but following pattern of 1984 ideas, they could change by the Law definition where is East and where is West starting tomorrow and get the same result (in their mind). I see other disturbing angle of that. When Laws adopted by legislation contradict objective laws of social life, then as result, huge resources of enforcement required for their implementation.

Dirk PraetJuly 19, 2017 3:55 PM

@ Dan H

I suggest you go and look up the original definition of "terrorist". You will find it aptly describes US Foreign Policy for over a life time now.

Any analysis of previous and current century history shows that no country has invaded, destabilized and overthrown more "unfriendly" nations than the USA. Not only is that an objective fact, the practice itself when perpetrated by others is generally referred to as "foreign aggression" or "state sponsored terrorism" by US administrations and MSM.

If you think that I'm a loon too, I'll take the ticket to Iran. I've always wanted to visit Persepolis and all Persian women I know are absolutely gorgeous. The fare from Brussels to Tehran is about $280.

Clive RobinsonJuly 19, 2017 5:24 PM

@ Dan H,

I've noticed that neither you nor Clive have accepted the offer of being free in one of those utopia hotspots I listed. If the West is so bad, as I said, go, be free.

It is becoming clearer that you can not in any way have a rational discussion about what you chose not to believe.

After all what you are saying is less credible than the old "My Country Right or Wrong" mantra that was treated as moraly and ethicaly wrong more than a century ago.

If you can not comprehend that you either haveva serious cognative issue or a personality failing.

Finaly has it crossed that lump of poridge between your ears, that maybe those countries you list don't actually want to alow us to enter their countries, for fairly reasonable reasons?

ab praeceptisJuly 20, 2017 4:36 AM

Clive Robinson

You are way too generous with your attention. While it might be entertaining to watch aunti Getrude talking to her plants (or to dan h and the likes) we should focus on conversation with people of whom we can reasonably assume that they have an adequate intellectual capacity and the capability to grasp reality.

From what I see that dan h simply tried to tell us that he doesn't care a f*ck about security and is mainly here to start political wars.

People, and certainly I, are here because of discussions with (or even just reading) knowledgable people like yourself, Thoth, Nick P., etc. I think we shouldn't be too distracted by occasional barking outside.

controversial- who's more dangerousJuly 20, 2017 1:59 PM

@Dan H, @Clive Robinson, @Ratio, @Dirk Praet

Some stuff to chat about. The way of the USA, it appears, for better or worse.

David Cay Johnston: Trump is "App.allingly Ignorant" on Healthcare & Puts Greed Above Human Lives
https://www.democracynow.org/2017/7/20/david_cay_johnston_trump_is_appallingly

David Cay Johnston: GOP Budget Redistributes Money to the Rich & Helps Make U.S. a "Police State"
https://www.democracynow.org/2017/7/20/david_cay_johnston_gop_budget_redistributes

"Trump and the Russian Money Trail": Trump's Ties to Oligarchs Go Back Decades
https://www.democracynow.org/2017/7/20/trump_and_the_russian_money_trail

Married to the Mob: Investigative Journalist Craig Unger on What Trump Owes the Russian Mafia
https://www.democracynow.org/2017/7/20/married_to_the_mob_investigative_journalist

regarding wiretapping, fourth amendment, supreme court stuff, etc. more current events:
from the Washington Post 19 July 2017, but here non https links after searching at duckduckgo.com:
"in district, warrantless tracking requests surge in past 3 years"

http://www.mysanantonio.com/news/article/In-District-warrantless-tracking-requests-surge-11298164.php
http://newsbout.com/id/17357152630
http://www.readingeagle.com/ap/article/in-district-warrantless-tracking-requests-surge-in-past-3-years

Finally, perhaps former FBI Director Comey might come out against backdoors now. That might get peoples attention. After all Hayden came out against backdoors and pro secure communications, sort-of, I think, after leaving government office.

RatioJuly 20, 2017 4:02 PM

@controversial- who's more dangerous,

@Dan H, @Clive Robinson, @Ratio, @Dirk Praet

Forgot @ab praeceptis?

Some stuff to chat about.

Yeah?

CassandraJuly 21, 2017 7:30 AM

Rather than laughing and pointing, it would be better to consider that Malcolm Turnbull is correct. There is an important difference between natural laws and human made law.

Natural laws are an approximate description of how the Universe operates, as perceived by humans. Humans have no influence on their operation.

Human made laws are a set of rules imposed by more powerful people on less powerful people.

A government in Australia could certainly make illegal the use of effective encryption without a licence. It is pretty easy to determine if encryption has been used in a communication, unless you are using extremely advanced/subtle steganography, and so it would be easy to detect the use of unlicensed encryption and block it, and prosecute the users.

We should not be laughing at Malcolm Turnbull, but instead work out how to make use of effective encryption an inalienable human right (which doesn't stop governments passing laws making it illegal, but at least sends a message that this is not a good thing).

I fear it may be too late.

Cassie.

Clive RobinsonJuly 21, 2017 8:02 AM

@ Cassie,

It is pretty easy to determine if encryption has been used in a communication, unless you are using extremely advanced/subtle steganography, and so it would be easy to detect the use of unlicensed encryption and block it, and prosecute the users.

Not true, One Time Phrases are very simple and in effect unbreakable, prior to any action.

I could text you,

"Fancy a drink?"

You might reply,

"How about Tuseday?"

I say,

"what do you fancy?"

You reply

"Oh a beer after work"

In effect you have told me that the "bomb" (beer) will go of Tue around 6PM.

As long as you and I do meetup around six for a beer in a pub it all looks like just another of millions of social arrangements made every day. It does not even link me as a co-conspiritor as long as I have a trail of previous social contact with you that started via a night club or similar...

ThothJuly 21, 2017 8:14 AM

@Cassandra, Clive Robinson

"We should not be laughing at Malcolm Turnbull, but instead work out how to make use of effective encryption an inalienable human right (which doesn't stop governments passing laws making it illegal, but at least sends a message that this is not a good thing)."

We have touched on this topic many times and @Clive Robinson initially suggested the Fleet Broadcast method and I have supported his suggestions for a long time.

You can think of Fleet Broadcast as some sort of communication mesh technology in a way and all communications are broadcasted instead of a 1-to-1 TCP packet source-to-destination.

Use the sidebar Search to find our topic on Fleet Broadcast.

The downside with Fleet Broadcast is probably latency and as per the usual - people prefer speed and low latency over security. People always choose the convenient way out and unlikely anyone bother to do Fleet Broadcast.

"I fear it may be too late."

We are already very late and it seems nobody is willing to progress and we have the constant problems with TOR network being attacked by ICs and LEAs and killing off of Dark Web 'safe havens' ...

The world revolves around those with the most power, ability and resources (i.e. survival of the fittest). The Governments, although they are technically made up of small number of people, have the most power, resource and ability collected together into some sort of structured 'Mind' of it's own.

The rest of us at the lower levels of the Pyramid of Power are many but we are neither able to put all our resources, minds, technology, power, ability and heart together to ensure the accountability and responsibility of the Governments and it's organs which were created with the intention to look after and account to the people but instead, the tables are turned and we are pretty much sort of "slaves" to them and our taxes encrich their pocket linings where they get to enjoy and crush their "slaves" whereas we have to listen, obey and do their biddings ....

Many of us are trying very hard to change things but individual efforts are typically a very very steep uphill battle.

Also, as @Clive Robinson loves to point out "The road to Hell is paved with good intentions" which is pretty true. There are too many examples and it wouldn't be possible to go into them. Once someone attempts to open a security business, one will see the multiple endless layers of concrete ceilings above one's heads when one tries to create something unique and secure for the masses.

controversial- who's more dangerousJuly 21, 2017 1:49 PM

@Ratio
As a matter of fact 'aamof' I did remember ab praeceptis was omitted before I read your post. Perhaps Freudian. Perhaps helping a 'red card' holder from possibly putting his foot in his mouth; measure twice cut once. Perhaps sloppy or non-existent proof reading. ... Did I neglect anyone else?

CassandraJuly 21, 2017 2:22 PM

@Clive

You are, as ever, correct. I think, however, you would agree that One Time Phrases are pretty cumbersome in use, and probably not appropriate for general encryption of communications: for example, with ones bank; or all voice telephony calls.

@Thoth

Fleet Broadcast is an interesting approach. The question is, can individual broadcasters (originators) be identified by people with sufficient technical methods at their disposal?

+++

Digital samizdat is likely in our future. Being caught with material encrypted by unlicensed methods will, in all probability, be punished severely - the content of the material will be unimportant.

ThothJuly 21, 2017 8:00 PM

@Cassandra

Whatever decisions have been made by the people to elect certain politicians and the fact that these elected politicians do not see the importance of personal security is already a reality.

The citizenry who do not care about personal security or support anti-personal security in effect have caused the entire population to bear responsibility and also is in effect the population's responsibility as they did not push hard enough to change such an outcome.

Whether it be written in Law or not, their minds and intentions have already been set in stone and what we can do now as security engineers and cryptographers is to ensure that higher assurance personal security should always be available in whatever means that is I don't know.

What I can suggest which is similar to many others is to ensure that personal security via E2E encryption ,higher assurance and quality of security implementations and secure execution environments are to be spread to the masses so that it becomes THE NORM to communicate securely with as little possible ways of backdoors as possible and also to make it THE STANDARD way of communication for the future.

To put it simply, the main issue is not about worrying that one has in possession effective means and methods to protect one's personal security but to make it as wipe spread as possible.

This is the same logic with bullying and intimidation where if you simply shrivel up and hide, they will continue to press on .....

I am wondering how many jail cells they can spare or how many citizens they can put them to death for the use of E2E encryption and for implementing effective personal security ?

Masking of the protocols and using broadcasting methods whenever method to blend into a pool of users to reduce metadata signatures for secure communications would be a better choice since it is only sooner or later that the suspicion of using some sort of secure communications would fall on the user and the masking of protocols serve to delay the attacker from knowing what protocols are being used so that they would take longer to study the protocols and find a way to defeat it. The use of broadcast method is for metadata signature reduction. It does not effectively cancel out the ability to hone in on a single target via isolating the target and then observing the communication as the use of isolation of a single target would defeat the purpose of broadcast method since the broadcast method or even non-broadcast methods thrive in noisy environments as a means of blending in.

If you look at how obfuscation and stenography works, the plaintext is mixed with the surrounding data and if a Government is highly suspicious of a particular data object of file, they will put every resource they have online to attack the suspected object or file and it would only be a matter or time that a certain odd pattern would start to emerge.

Encryption only makes the discovery of the plaintext harder by but the plaintext is still existing via the form of the encrypted ciphertext. It would not take long to realize that the random looking data bytes is a bunch of ciphertext under the circumstance where the data have been encrypted and then hidden with some steganographic algorithms. All it requires is the suspicion of a data object to allow attackers to put their efforts revealing whether it is encrypted or not and even if they were to pass the verdict that the data is encrypted, they would still not have the key to decrypt it unless the key somehow leaks out and that is another topic the rest of us have discussed extensively on key management.

If you are to submerse them in a pool of encrypted data, it will make their job much harder to pin point on which file or data object to target and this is a much better solution than worrying about being discovered with encrypted data.

The other problem about key management and the use of torture and coercion to reveal keymats have been touched on in earlier post and a search via the sidebar would reveal existing techniques we have discussed.

What I conclude is as above, mask the traffic to make it harder to discern the protocol in use and also as a means to evade censorship and filtering and to use an effective transmission method that reduces metadata signatures and for now broadcasting seems to be the only one that handles the issue of metadata signature reduction.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.