Encryption Bill

Why would the Australian Government pass a law the world laughs at?  Is it surveillance gone too far? Is this being forced upon us by a greater power?
The Metadata Law was the Trojan Horse we all expected(pun intended).

‘Five Eyes’ nations quietly demand government access to encrypted data
The Trump administration and its closest intelligence partners have quietly warned technology firms that they will demand “lawful access” to all encrypted emails, text messages and voice communications, threatening to compel compliance if the private companies refuse to voluntarily provide the information to the governments. The threat was issued last week by the United States, Britain, Australia, New Zealand and Canada, the so-called Five Eyes nations that broadly share intelligence. – https://www.smh.com.au/world/north-america/five-eyes-nations-quietly-demand-government-access-to-encrypted-data-20180905-p501vo.html

You can read the full Five Eyes Statement here – https://cryptome.org/2018/11/5-Eyes-Crypto.pdf

How the ‘Five Eyes’ cooked up the campaign to kill Huawei
“We need to decide the extent to which we are going to be comfortable with Chinese ownership of these technologies and these platforms in an environment where some of our allies have taken a very definite position,” he said. On the same day the BT Group announced it was stripping Huawei’s equipment out of the core of its existing 3G and 4G mobile operations and would not use its technology in the 5G network.

But no country has been more aggressive than the United States, represented at the Canadian meetings by Gina Haspel.  US prosecutors have filed charges against Chinese hackers and, in an audacious sting in April, American agents lured Chinese Ministry of State Security deputy director Yanjun Xu to Belgium, where he was arrested for orchestrating the theft of military secrets.

There is also speculation further indictments are imminent over a concerted Chinese hacking campaign known as “Operation Cloud Hopper”, which is believed to have penetrated networks across the globe, including Australia. – https://www.smh.com.au/business/companies/how-the-five-eyes-cooked-up-the-campaign-to-kill-huawei-20181213-p50m24.html

Australia Outlaws Warrant Canaries
In the US, certain types of warrants can come with gag orders preventing the recipient from disclosing the existence of warrant to anyone else. A warrant canary is basically a legal hack of that prohibition. Instead of saying “I just received a warrant with a gag order,” the potential recipient keeps repeating “I have not received any warrants.” If the recipient stops saying that, the rest of us are supposed to assume that he has been served one. – https://www.schneier.com/blog/archives/2015/03/australia_outla.html

The new data retention law seriously invades our privacy
In April 2017, the government’s data retention law came into effect. The law requires telecommunications companies to store customer metadata for at least two years. Metadata from our phone calls, text messages, emails, and internet activity is now tracked by the government and accessible by intelligence and law enforcement agencies.

Ironically, the law came into effect only a few weeks before Australia marked Privacy Awareness Week. Alarmingly, it is part of a broad trend of eroding civil rights in Western democracies, most noticeably evident by the passage of the Investigatory Powers Act in the UK, and the decision to repeal the Internet Privacy Law in the US. – https://theconversation.com/the-new-data-retention-law-seriously-invades-our-privacy-and-its-time-we-took-action-78991

Wikipedia: Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015
The Telecommunications (Interception and Access) Amendment (Data Retention) Act 2015 is an Australian law that amends the Telecommunications (Interception and Access) Act 1979 (TIA Act) and the Telecommunications Act 1997 to introduce a statutory obligation for Australian telecommunication service providers to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the TIA Act.[1]

The Act is the third tranche of national security legislation passed by the Australian Parliament since September 2014.[2] Pursuant to s 187AA, the following types of information need to be retained by telecommunication service providers:

Incoming and outgoing telephone caller identification
Date, time and duration of a phone call
Location of the device from which phone call was made
Unique identifier number assigned to a particular mobile phone of the phones involved in each particular phone call
The email address from which an email is sent
The time, date and recipients of emails
The size of any attachment sent with emails and their file formats
Account details held by the internet service provider (ISP) such as whether or not the account is active or suspended.[3]
The content or substance of a communication is not considered to be metadata and will not be stored. Twenty-two agencies including the Australian Security Intelligence Organisation (ASIO), state police forces, Australian Crime Commission, Australian Taxation Office and NSW Independent Commission Against Corruption (ICAC) are able to view stored metadata without a warrant.[4] The only exception is the metadata of those defined under the Act as journalists. Under a concession driven by the Australian Labor Party, agencies need to seek a warrant before a judicial officer before they are able to view the metadata of journalists, whilst ASIO will need to seek permission of the Attorney-General. – https://en.wikipedia.org/wiki/Telecommunications_(Interception_and_Access)_Amendment_(Data_Retention)_Act_2015

Australia’s rate of Chinese refugee applicants has risen by 311%
When compared with the 2,269 who claimed in 2016-2017 it’s clear that things have taken a turn in the world’s biggest country (population and economically speaking). It puts China well ahead of Indonesia, Iran and Bangladesh as the biggest ethnic group seeking asylum in the country.

One woman reportedly applied for asylum due to being refused access from healthcare and education, a punishment served to her family after she was born outside of China’s strict family planning laws, which aim to limit families to one or two children in an effort to curb population growth. It should be noted in that case, she was refused. – https://thebrag.com/australias-rate-of-chinese-refugee-applicants-has-risen-by-311/

Julie Bishop and the Australia-China relationship
Australia’s greatest foreign policy challenge – how to deal with a powerful China threatening to eclipse the US in the region – has morphed into a full-blown crisis.

There are warnings that China expects a “full throated apology” over claims of Chinese interference in Australia as Chinese authorities apply the screws on surging Australian wine exports to China, and calls by a former Australian ambassador to Beijing, Geoff Raby, for Foreign Minister Julie Bishop to be replaced. –

Hillary Clinton is warning Australia to resist China’s creeping influence before it spreads to the rest of the world
“What we’re seeing now is a desire by China to extend its influence and project its power. First throughout Asia — then, throughout the world,” Clinton said.

“I would hope that Australia would stand up against efforts under the radar, as we say, to influence Australian politics and policy,” she told former prime minister Julia Gillard, who moderated the event. China has also been heavily investing in Pacific Islands. According to data from the Lowy Institute, China spent $1.7 billion in aid and concessional loans to fund 218 projects in the Pacific Islands between 2006-2016. – https://www.businessinsider.com.au/hillary-clinton-is-warning-australia-to-resist-chinas-creeping-influence-before-it-spreads-to-the-rest-of-the-world-2018-5

Australia’s former foreign minister let slip how casually easy it is for China to tell another country what to do
The startling concession highlights how Beijing is apparently comfortable exerting pressures at the very highest corridors of power to secure its interests.

Bishop, who served as foreign minister from 2013 to 2018, told Fairfax Media on Thursdaythat for two years, her Chinese counterpart Wang Yi “made it clear” that any official flirtations with the island state that China considers a rogue province would ensure that Beijing “would not look favourably on Australia.”

Those are words not to be taken lightly when the resource-rich Australian economy is beeping away on China’s life-support.

China is far and away Australia’s key economic partner. China is its largest two-way trading partner, its top export market and its biggest import source, last year generating $US129 billion USD in revenue – up 16% on 2016 – and now accounting for 24% of the country’s total trade. – https://www.businessinsider.com.au/china-soft-power-in-australia-examples-taiwan-trade-deal-2018-10?r=US&IR=T

China’s Orwellian social credit system is expanding overseas
A report from the Australian Strategic Policy Institute says China’s social credit system will begin expanding past China’s borders to monitor Chinese citizens wherever they are globally. The system will also start applying to international companies that do business in China. As a result, the social credit system is not just shaping the behaviors of Chinese citizens beyond their border but international companies as well. – https://www.fastcompany.com/90177771/chinas-orwellian-social-credit-system-is-expanding-overseas

Huawei 5G Has Been Banned From Australia Due to Security Concerns
The Australian government has also banned another Chinese firm named ZTE corporation. The chairman of Huawei Australia said that banning Huawei will set back the economic growth of the government for generations. The Chinese government is also concerned about the nation’s decision. – https://latesthackingnews.com/2018/08/26/huawei-5g-has-been-banned-from-australia-due-to-security-concerns/

Australian government passes controversial world-first anti-encryption law amid broad criticism
The Australian legislation has been brewing for more than a year now, with constant calls from governments around the world reiterating concerns over an inability for law enforcement agencies to access encrypted communications. The legislation, called The Assistance and Access Bill 2018, can compel a private company to create new interception capabilities so no communications data is completely inaccessible to the government. Even more controversial is the fact that this security vulnerability must be deployed in secret, without public knowledge. – https://newatlas.com/australia-encryption-law-passes-controversy/57560/

Labor backdown allows Federal Government to pass controversial encryption laws
Labor had planned to amend the legislation, which it has repeatedly described as flawed. Labor then pulled its amendments in the Senate and the bill was passed before Prime Minister Scott Morrison had even responded to Mr Shorten’s request. – https://www.abc.net.au/news/2018-12-06/labor-backdown-federal-government-to-pass-greater-surveillance/10591944

Mozilla brands Assistance and Access Bill as “intentionally vague”
Mozilla, the developers of the Firefox browser, has called the Assistance and Access Bill intentionally vague on the “form and extent of what might be compelled by a TCN”.

The key provision seeking to limit the widespread security risks of this bill is a prohibition on forcing companies to build a “systemic vulnerability” into their systems or to prevent them from rectifying a systemic vulnerability,” the submission read.

“However, the term ‘systemic’ is not defined in the bill, leaving dangerous ambiguity that could be exploited by the government. – https://www.arnnet.com.au/article/648216/mozilla-brands-assistance-access-bill-intentionally-vague/

Spyware merchants: the risks of outsourcing government hacking
The documents, which have since been removed, indicate that the ATO has access to Universal Forensic Extraction software made by the Israeli company Cellebrite. This technology is part of a commercial industry that profits from bypassing the security features of devices to gain access to private data.

The ATO later stated that while it does use these methods to aid criminal investigations, it “does not monitor taxpayers’ mobile phones or remotely access their mobile devices”. Nevertheless, the distribution of commercial spyware to government agencies appears to be common practice in Australia. This is generally considered to be lawful surveillance. But without proper oversight, there are serious risks to the proliferation of these tools, here and around the world. – https://theconversation.com/spyware-merchants-the-risks-of-outsourcing-government-hacking-80891

WikiLeaks: Here’s how the CIA hacks your phones, TVs and PCs
If the documents are the real deal, the leaks provide a glimpse into just how much access the CIA has into your life — thanks to the gadgets you carry around all day. The magnitude of the hacking tools is jaw-dropping; the documents suggest the agency was able to break into the underlying operating systems running iPhones, Android phones and Windows and Linux computers.

That means it had access to data stored on the device and even to encrypted messages sent through popular services like WhatsApp, Signal and Telegram. In other cases, the hacks can turn gadgets like a Samsung Smart TV into listening devices, WikiLeaks said. – https://www.cnet.com/news/wikileaks-cia-hacking-tools-phones-apple-samsung-microsoft-google/

THE NSA’S ROLE IN A CLIMATE-CHANGED WORLD: SPYING ON NONPROFITS, FISHING BOATS, AND THE NORTH POLE
Previously unreleased documents leaked by former NSA contractor Edward Snowden show how the agency has gathered intelligence meant to support U.S. interests related to environmental disasters, conflicts, and resources. In the coming years, greenhouse gas pollution caused by the burning of fossil fuels will increase the frequency of ecological crises and conflicts over natural resources. The documents provide a window into the role the United States’s most sprawling international surveillance agency will play in an altered world. – https://theintercept.com/2018/08/15/nsa-snowden-documents-climate-change/

What (we think) you should know about Australia’s new encryption bill
The audience for this post is anyone who is aware of the policy issues related to encryption and what governments call “going dark,” and who is interested in what the Australian government has proposed.
This is not a complete analysis of the very detailed bill, but of key issues that seem pertinent. Access Now will participate in the public comment process with a more thorough analysis. (Update: This analysis is available here.)
The first section of this post will provide an overview of what the bill would do. The second section will provide more of a narrative of what the bill means.
To stay updated on this issue as it develops, you should follow Australian organizations like Digital Rights Watch, Electronic Frontiers Australia, Australia Privacy Foundation, Future Wise, and Internet Australia.
If you’d like to make your voice heard, you can take action at SecureAustralia.org.au.
+ https://www.accessnow.org/what-we-think-you-should-know-about-australias-new-encryption-bill/

Australia’s anti-encryption law is so unpopular, there was only 1 comment in support and 342 against — and now the head of its spy agency is defending the law
The Australian government has passed a law that forces tech companies to give law enforcement access to encrypted messages.
The law is widely disliked by the technology industry, especially Apple, because security experts believe that so-called “backdoors” weaken security for everyone, not just criminals.
The Economist highlights that of 343 comments Australian parliament received about the law, only one was in favour.
An Australian spy official issued a comment to “correct the record” on Wednesday.
+ https://www.businessinsider.com.au/australia-spy-chief-is-defending-tola-act-an-unpopular-anti-encryption-law-2018-12

In the New Fight for Online Privacy and Security, Australia Falls: What Happens Next?
With indecent speed, and after the barest nod to debate, the Australian Parliament has now passed the Assistance and Access Act, unopposed and unamended. The bill is a cousin to the United Kingdom’s Investigatory Powers Act, passed in 2016. The two laws vary in their details, but both now deliver a panoptic new power to their nation’s governments. Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.

Somewhat more quietly than the passage of the AA bill, the Australian Internet Parliament this month also voted for an expansion of the country’s already wide-ranging website blocking powers. Australia continues to work to establish another precedent: that even supposedly open and democratic states should be able to censor and filter the Internet. If the country continues to walk down this road, then it’s only a matter of time before only back-doored communication tools run by compliant multinational tech companies are permitted in Australia; and all other services and protocols will face government-mandated blocking and filtering. – https://www.eff.org/deeplinks/2018/12/new-fight-online-privacy-and-security-australia-falls-what-happens-next

Fears Coalition’s encryption cracking laws could expand metadata retention
The Coalition’s encryption cracking legislation could expand the reach of metadata retention laws, the peak communications industry body has warned.

The Communications Alliance has told a parliamentary inquiry that the bill appears to give law enforcement agencies the power to require tech giants like Facebook and Google’s Gmail to retain users’ metadata, including browsing histories. The Communications Alliance has revealed that at least 80 government agencies including several local governments have requested metadata from its members, using a backdoor in legislation despite an apparent limitation in Australia’s metadata laws nominating just 20 agencies with that power. – https://www.theguardian.com/australia-news/2018/nov/16/fears-coalitions-encryption-cracking-laws-could-expand-metadata-retention

I don’t think it’s going to end well: Bruce Schneier on encryption law
Australian law enforcement agencies have pushed for the encryption law which passed on 6 December because they don’t know that there is no need for access to encrypted content in order to solve crimes, world-renowned security technologist Bruce Schneier says.

He told iTWire that the reason why these agencies were continuously asking for access to encrypted content was, “because I think they don’t know better. I think they are not trained in computer forensics. I think they’ve gotten soft and they need to be taught how to investigate crimes in the computer age. They’ve just gotten sloppy”. –