There is a government consultation process open RIGHT NOW for this bill. You have to get your submissions in by the end of today (6 hours time). Every Australian here needs to make a submission (please).
A submission only has to be a few lines, so just bang out a few words. Whilst a well researched submission is the gold standard, even a rudimentary email will send the message that people care about this issue and counter whoever is whispering in politicians' ears. Anything is better than nothing.
Less time critically, you also need to write to or call your federal MP.
--- Edit:
The committee might also be swayed by submissions from non-Australian experts? Australia first, your country next.
It's very entertaining, and explains it in a way that everyday people can understand how bad it will be. I highly urge all Australians to either send this video out to your circles.
(No affiliation, it came up in a previous thread about this topic)
Absolutely, specifically if you're living in a country that is a member of the Five Eyes.
They've actually been surprisingly transparent that this is a coordinated effort. The Official Communiqué opens with:
> We, the Homeland Security, Public Safety, and Immigration Ministers of Australia, Canada, New Zealand, the United Kingdom, and the United States met on the Gold Coast, Australia, on August 28-29 2018, to discuss how we can better collaborate to meet our common security challenges.
Additionally, it doesn't seem that there's anything in the bill that would prevent any of the information gained by a TCN/TAN from being shared with Five Eyes or other governments. While this might seem reasonable in the face of an international criminal/terrorist adversary, it is fundamentally security-breaking if private root signing keys that are requested as part of a TCN/TAN can just be shared with every Five Eyes government.
That means that the Australian government could just order a company to hand over their PKI/signing infrastructure (which is generally a global system) and then forward all of this information to the US or whoever else, completely outside of any judicial oversight.
I'm sure that the governments in question will deny this, and likely state that this is not their policy, but it doesn't seem to be specifically prohibited by the law and the intelligence community doesn't have a great reputation when it comes to respecting traditional legal values and due process (e.g. the FISA court in the US)
The 5 eyes nations are a true New World Order. This is terrifying, and we should not be allowing our sovereignty to be so easily usurped for the purpose of building this new order.
Australia is kind of an entire continent, with big territorial national security concerns, so they might be a bit more independently interested than Canada.
UK and Australia are the test beds. US is the target. From there it flows onwards and outwards. Like raw sewage over the Niagara Falls.
The AU my.health opt-out debacle[1] is similar. UK got in first, promised they wouldn’t sell the data then did so. AU then started by copying the UK’s best practice. So... fun times ahead.
They’re still trying to get the gun laws fit for size in the US but the political climate and history is too different. And the attempt on the health system via Obamacare didn’t quite take either. More time needed apparently.
Putting this bill in the same basket as gun control seems a bit rich. However, comparing it to public health care is well off the mark. Medicare was first introduced in Australia way back in 1975, 35 years before the US. Access to affordable health-care is widely considered a basic human right, and Medicare in Australia widely considered a smashing success.
Actually, so are our gun control laws, and they were motivated by mass shootings on our own soil, namely the Port Arthur massacre, https://en.wikipedia.org/wiki/Port_Arthur_massacre_(Australi..., this wasn't some ploy by the US or the Five Eyes. The Australian public wanted this, and absolutely still do, myself very much included.
> So by omission you’re saying that the US won’t be getting these encryption laws.
Wait... what? Do you always structure your arguments by putting words in other people's mouths then argue against things they never said. In doing so you're wasting your's and everyone else's time.
Not only are you wrong in you assertion. If you'd paid even the smallest amount of attention to the context in which you're posting you'd realise this. I'm the OP for this sub-thread, I suggest you read what I wrote.
Now that we've got that aside...
> And that Australian style gun laws won’t arrive in the US either.
Just stop.
We're talking about the Assistance and Access Bill. Stop trying to validate some totally unrelated belief you hold by loosely latching on to valid arguments that myself and others have made here. The reason I responded to you is that I want to make it perfectly clear to anybody reading this...
I do not hold your views. These are not related issues.
I'm not sure where the "worship war" idea comes from. I've never heard anyone state something like that before. What are you referring to specifically?
However, Australians are far from perfect. In particular being isolated geographical means lack of exposure to other cultures and leads to a significant portion of society being "casually racist", which sucks. All our modern political parties are a joke as well, and due to our small economy we are in many ways a puppet of the US i.e. this bill.
So no, I don't think we're a metric for how it should be. But the really depressing part is that with all the negativity I've just listed (and there's certainly more), we still have our shit together more than a lot of other countries. That's far from being a reflection on Australia being "good", rather it's a reflection on how bad a significant portion of the world is.
P.S. One positive thing about Australians is that the majority of us aren't particularly patriotic. So we will happily admit to how big of a disgrace our country can be!
Count the war memorials in your city. Now count the memorials to the Stolen Generation, and try to find anything that acknowledges Australias own ethnic cleansing history.
Our Prime Minister issued an official apology for the abhorrent acts that took place and led to the term "the Stolen Generation". That doesn't even remotely make those acts okay, but to suggest that it's not even acknowledged by the Australian people is just outright ludicrous.
EDIT: By the way, there's also something called "National Sorry Day", which is kind of a big deal in Australia, I suggest you Google it.
I had meant to compare Australian Medicare to when something equivalent was introduced in the USA. However, I really don't know much about the US system. I had very much incorrectly assumed that the Affordable Care Act had introduced legislation bringing in changes making it fairly comparable to Australian Medicare. Alas, that doesn't seem to be the case, they're still extremely different systems.
Also, a little extra research tells me that what I consider to be "Australian Medicare", wasn't actually introduced until 1984, which is when our healthcare became universal.
I'm writing to oppose the 2018 Assistance & Access Bill. Although I recognize the difficulties encryption poses to law enforcement & counter-terrorism, it is not a strong enough reason to compromise the safety, security & privacy of 24 million Australian citizens.
Every Australian has a right to reliable, mathematically guaranteed privacy & security, not compromised/undermined by oppressive legislature.
Neither domestic nor international companies should be required to assist anyone in breaking privacy protections, nor should warrants allow access to protected devices, and nor should existing legislature be strengthened.
Would these changes help law enforcement catch a few criminals? Probably. Will it weaken the safety, security & privacy of millions of respectable, law-abiding Australians? Definitely.
I have already sent my reaponse in, I definitely implore everyone to read the bill and write an appropriate response. This isn't an anit-encryption bill specifically, it's a framework for strong-arming companies into undermining all consumer security measures no matter what they are.
I will say, I found the bill palatable and sympathetic to the concerns of industry. I am impressed at the delicacy of the bill. I still disagree with it fundamentally and emailed to that effect. But I am impressed by our government's ability to read the situation.
I am a business owner, an employer, a technologist, a programmer and a company director.
I oppose this proposed bill on the basis of it weakening the effective security of Australian Internet service providers, which would be bad for national security. I would like to raise the following points:
1) The proposed bill will inevitably lead to the creation of systemic weaknesses in the security of Australian companies that provide Internet services or products.
The burden of complying with voluntary requests will lead to new, exploitable "backdoors", despite what the home affairs department asserts.
Whether these backdoors are electronic, or process based (i.e. responding to a fraudulent request), the bill would mandate companies to effectively create new attack surfaces; weaknesses in operational security introduced to comply with the bill.
2) The Internet can only facilitate services like payments, banking and communication because of encryption. Encryption is based on mathematics.
You do not need to understand the mathematics to understand that if you provide an alternative to the encryption, you provide a weaker level of security.
As a result, Australian financial, communication or payment services are less secure than international counterparts not burdened by this backdoor.
3) Any crime under investigation can be investigated by existing legal procedures. It is proper for a warrant to be required to access any secure or private information.
4) Providing a "back door" for law enforcement is not necessary. This bill is akin to providing a backdoor for law enforcement to enter a persons home or business without seeking a warrant from a court.
5) Encryption is good. Encryption makes the Internet work.
Australia has critical infrastructure that can only function with proper encryption. Encryption is easily invalidated by inadequate process or procedure. This bill would encourage (or require) Australian companies to compromise their security practices.
Please don't assume that the laws of mathematics can be overruled by the laws of Australia. This would be foolhardy, and not in the interest of Australia's national security.
I've sent my submission - my approach for this particular submission, and I'm not sure whether it's the best approach, was to indicate that I agree with the general arguments that this bill is bad for privacy, but also that if a scheme like this is going to be introduced anyway, that the oversight and transparency regime is not tough enough to allow the public to have confidence that the new powers are being used appropriately, or for researchers to be able to accurately measure the impact of the new regime on privacy and security.
I will also be writing to (and maybe phoning!) my MPs and Senators, and I anticipate this bill will go to a Senate committee for inquiry at which point there will be a further opportunity for submissions.
edit: and oh yeah, don't forget to contact your senators, not just your local MP. I only have 2, those of you who have 12 may have a few crossbench senators who will be crucial if, somehow, Labor can be persuaded to vote against, and in any case could have an outsized impact on proposing amendments to make the new powers less-bad.
A bunch of us at Atlassian are sending a group letter (not an official one from the company, just a bunch of us who think the bill is dangerous). Thanks for the info femto.
Edit - Here's the letter we wrote:
Hello, we are a collection of employees who work for Atlassian (a major Sydney based tech company) and we’d like to give our view of why we think this bill is dangerous.
First and foremost, it will damage the view of Australian tech companies. If a foreign company is deciding between our products or a non-Australian company, but knows that Australia may have required Atlassian to build a backdoor into their encryption, the objectively better choice would be to choose the non-Australian company. This isn't just Atlassian losing because of this; the entire Australian tech scene will be damaged.
Secondly, a master key to unlock encryption is a master key that’s available to steal. Time and time again in the tech world we’ve seen “security that can’t be beat” get beat. Equifax lost nearly every American Social Security number. Bitcoin gets stolen every day because someone’s private key gets compromised. Even as far back as World War II, we saw encryption get beat because a master key (the enigma machine) got stolen. History has shown us countless times that a master key leads to a non-secure product. Even if the this bill is only requiring companies to provide the capability to decrypt information, that only changes who controls the master key. It doesn’t remove the damage to security.
Thirdly, requiring companies to be able to break their own encryption will never be a game you can win. Even if every company in the world were compliant with this bill, the tools to make your unbreakable encryption are trivial to find and use. Any agent that was an actual threat to national security would have the resources available to them to create a non-breakable encrypted communication method. The only people who would be affected by this law would be petty criminals, but the dragnet of its implications would affect every Australian citizen in its wake.
Fourthly, this will damage the Australian startup scene. When choosing where to fund a company, the laws and world view of a country come heavily into play. If someone is creating the next messaging app but the public opinion of Australia is that their products are legally required to be insecure, that person will choose a more tech-friendly company to start their company in. Not only that, but if a company knows there are more requirements for compliance in Australia, then it makes a startup’s job harder to release a product. Startups are difficult enough as it is, and lowering the barrier to entry (not raising it) is how you make a tech industry blossom.
Lastly, even if one agrees that the damage to security is worth the tradeoff, the lack of judicial oversight in this bill is extremely worrying. Giving multiple people the ability to issue notices without judicial oversight is a power no person should be able to exercise alone. Overall we feel this bill will harm not only the tech industry, but Australia as a whole.
For what it's worth, our CEO has been outspoken against this.
This isn't a, "we're doing this because our company is for the bill" type of thing. It's a "we're doing this because me and my buddies who are working late tonight found out about this so we drafted up a letter to the government". I just don't want to say that I'm representing Atlassian's stance without running things through legal.
I suspected as much, I just felt that if it was a stance worth making it was probably a stance worth running past legal (even if it meant a quick phone call out of hours.)
Whether that call is met with abstantiation or otherwise is what I was wanting to infer.
Because at this point, abstantiation or sitting on the fence is as good as supporting the bill.
I imagine it's because they aren't authorised to speak for the company on topics like what government policies the company is against (and I imagine this is why you got down-voted).
But yes, I also would have expected Atlassian and other Australian-based technology companies to vocally oppose this bill because it will actually result in their customers moving away in the long run (this bill will only affect companies incorporated in Australia or other 5-Eyes countries) -- because this bill explicitly requires companies to architect security systems to be insecure. Unfortunately this doesn't appear to be the case, which is incredibly disappointing.
The page for the inquiry is:
https://www.homeaffairs.gov.au/about/consultations/assistanc...
The email address for submissions is:
AssistanceBill.Consultation@homeaffairs.gov.au
A submission only has to be a few lines, so just bang out a few words. Whilst a well researched submission is the gold standard, even a rudimentary email will send the message that people care about this issue and counter whoever is whispering in politicians' ears. Anything is better than nothing.
Less time critically, you also need to write to or call your federal MP.
--- Edit:
The committee might also be swayed by submissions from non-Australian experts? Australia first, your country next.