1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Australia just passed a bill that forces tech companies to give up encrypted data

By Greg S · 15 replies
Dec 6, 2018
Post New Reply
  1. Debate over how law enforcement and government agencies should combat encryption on modern devices has been ongoing for years now. In a surprise move, Australia's parliament passed a bill that requires technology firms to provide access to encrypted data.

    Any business failing to hand over data within a specified time period can face fines of up to $7.3 million. Prison sentences can also be given to any individual that refuses to hand over data that is believed to be connected with illegal activities.

    As part of the Five Eyes intelligence alliance, Australia is the first to take action after all alliance members have made statements indicating that malicious actors are finding ways to communicate privately. Parliament members have attempted to justify the new legislation by saying it is necessary to fight organized crime and prevent militant attacks.

    Google, Facebook, Apple, Microsoft, Amazon, Twitter, and many more renowned tech companies have all voice intense opposition to the newly passed bill. A statement made by Digital Industry Group Inc., a coalition where many of the top tech businesses are members, reads "Several critical issues remain unaddressed in this legislation, most significantly the prospect of introducing systemic weaknesses that could put Australians’ data security at risk."

    Even though Australia is not requiring that firms provide decrypted data, a feat that should not ever be possible, there is no safeguard in place to prevent an amendment from adding such a troubling clause. As cloud computing services continue to grow, it only becomes that much easier for an organization with plenty of money available to try and circumvent encryption measures in place. On the flip side, mobile devices that are often a target for governments are being packed with native hardware encryption and stronger algorithms.

    In reality though, mobile devices still are not very secure when physical access is available. This is demonstrated time and time again at pentesting events that offer bug bounties and also by data recovery firms that will unlock mobile devices for relatively low cost.

    Permalink to story.

     
  2. xxLCxx

    xxLCxx TS Enthusiast Posts: 44   +38

    "As part of the Five Eyes intelligence alliance, Australia is the first to take action after all alliance members have made statements indicating that malicious actors are finding ways to communicate privately."

    Imagine that, those malicious actors are regarding private communications a crime. :p
     
  3. Uncle Al

    Uncle Al TS Evangelist Posts: 4,433   +2,891

    As long as their process includes presentation of a request and issuance of a warrant from a judge there should be no question BUT if their government is simply submitting a surrender upon demand notice there is a very strong smell of illegality and the trampling upon individual rights and privacy .....
     
  4. Plutoisaplanet

    Plutoisaplanet TS Enthusiast Posts: 19   +27

    If it’s well encrypted, the government shouldn’t be able to get anything out of it in the end. In a way, this will force companies to use best encryption practices.
     
  5. ShagnWagn

    ShagnWagn TS Guru Posts: 447   +297

    Want it? Decrypt it yourself.

    By forcing a company to keep a way to decrypt people's person information on a whim, it is very easy for the same tool to get put out on the dark web.
     
    Reehahs, wiyosaya, Clamyboy74 and 2 others like this.
  6. Capaill

    Capaill TS Evangelist Posts: 693   +344

    I hope the companies encrypt the encrypted data a few times before handing it over.
     
  7. antiproduct

    antiproduct TS Booster Posts: 75   +55

    I'd hope that tech companies just counter that by saying "okay, we just won't sell any software or hardware to you then, since we don't want to be fined" then see how long it takes for that law to get reversed.
     
  8. MonsterZero

    MonsterZero TS Evangelist Posts: 534   +293

    Well, sounds like no more tech in Australia, let's see how they like that.
     
    xxLCxx and Clamyboy74 like this.
  9. CybaGirl

    CybaGirl TS Member

    Been like that since the NBN was taken over by the liberals. The backbone of this country is broken and simply put. We are going backwards! They are too busy fighting over "gay rights" in schools now and the amount of women in parliament. The country is in a complete mess and I personally believe they have no idea how to fix it. So instead they squabble over petty things and avoid the real issues that need fixing!

    It's a disgrace and a complete joke!
     
  10. quadibloc

    quadibloc TS Enthusiast Posts: 29   +14

    A law states that encrypted data must be handed over, but doesn't actually require that the decrypted form of the data be handed over, just the encrypted form? I don't think the courts are going to interpret the law to mean that, even if that seems to be what it says.
     
  11. Bullwinkle M

    Bullwinkle M TS Member Posts: 33   +17

    If you offer encrypted communications of any type you will be required to provide a means of decrypted access to the Authoritahs'

    However, I already have encryption up and running that can provide the Authoritah a master key that will decrypt what I want them to see as well as multiple keys they know nothing about, and which provide a completely different set of different communications to myself or others

    The encryption is currently unbreakable and there is no possibility of knowing how many keys are associated with a single encrypted container, thus, there is no way you, or anyone else can prove in ANY Court whether there even "IS" a second key

    The containers are labelled: ILLEGAL CONTENTS: PROPERTY OF DONALD TRUMP!
    and, ILLEGAL CONTENTS: PROPERTY OF ROBERT MUELLER!

    So, if you REALLY believe there IS a second key associated with the encrypted containers, PLEASE, feel free to lock them up until they provide a valid key for you

    The problem here is that even if you have the REAL Key, you can never prove it because there is this thing called "plausible deniability"

    Ever heard of it?

    -----------------------------------------------------
    By the way, I was serious and I really do have this encryption up and running if anyone is interested in making complete fools of these dipsticks

    Providing access to the encrypted data is required under this new legislation

    However, proving there is more than one key is currently impossible as it is so far unbreakable

    I just backdoored your backdoors!
     
    Last edited: Dec 7, 2018
    xxLCxx and Reehahs like this.
  12. Theinsanegamer

    Theinsanegamer TS Evangelist Posts: 1,372   +1,504

    Well, if it takes 10^3 years to break encryption via brute force, and apple offers to rent computer time at $10/s to break the encryption, then they technically are offering the government a way to break the encryption. Payment up front, of course.
     
  13. Knot Schure

    Knot Schure TS Enthusiast Posts: 92   +32

    And so the madness really begins...
     
    xxLCxx likes this.
  14. Raytrace3D

    Raytrace3D TS Booster Posts: 73   +66

    I thought that myself. How many times would it take being fined for the tech giants to back out of that offending country... imagine say, Microsoft or Google no longer offered or blocked all service/support for that country. Overnight laws would change.
     
    xxLCxx likes this.
  15. treetops

    treetops TS Evangelist Posts: 2,261   +361

    "Even though Australia is not requiring that firms provide decrypted data, a feat that should not ever be possible, there is no safeguard in place to prevent an amendment from adding such a troubling clause."

    Basically stick with companies that claim they can't break their own encryption. Like VPNS that do not keep logs.
     
  16. Bullwinkle M

    Bullwinkle M TS Member Posts: 33   +17

     

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...