How the rushed Assistance and Access Bill 2018 risks job losses and could see local investment in technology head offshore. It’s a prime example of a nanny state’s over-reach and may well prove to be unenforceable.
John, you’ve got a feature story for us today relating to a messaging app to signal isn’t yeah so everyone can like look people familiar with Facebook Messenger and WhatsApp. They’re quite popular messaging services even to you know people are very common with basic SMS service that you are having your phone. Yeah and there are lots of different apps and providers that have secure ways to connect connect with people is encryption encryption. So signal is one of these apps. And famously, a few years ago, the former Prime Minister Malcolm Turnbull had talked about using signal and to communicate with some of his cabinet ministry and I think I might have even been sort of shown on his phone when it was tilted toward the camera at one stage and I’m not a user of signal but I’m very familiar with, you know, the role of the planet
form. And you know, you might not lock WhatsApp because it is owned by Facebook. And you don’t know what’s happening with that information. But the way that signal is has been created is that it’s the code is open. So it means that when I wrote it, they show the code to everybody and allow them so open source and they let people say it and and that means that there’s sort of no hidden you know, a nice it is in there, you know, you have to see if there was tracking information or decryption information. Yeah. And the idea is that once the signal app is on your device, and let’s say PS, you had one on your device, and we were communicating to each other than the encryption happens at the phone level, it doesn’t happen back at the servers, which is supplying the app, it actually happens down between the two phones, right? So I would encrypt the message on my phone through the app and send that to you and you would decrypt it and that’s based on sort of this handshake which is what’s the technical term you know between the apps now I know you reported previously on the the upcoming bill which is the
assistance and access bill yes which has been passed you just and changes apparently you’re going to have to be made in the new year but labor did somewhat reluctantly agree with the government which has got a does it’s I think it’s a line boards almost hung parliament in Australia now they have agreed to kind of review it again and there’s a lot of people who have signed their big problems with this it’s not enough oversight overreach or rest of it but what you’re saying about the side of things is that it might be actually quite effective way it’s look it’s impossible Is it possible to break the encryption This is one of the stupidest things that the government has ever voted on and should be voted out voted down the second that the you know there’s an alternate government in this is ridiculous it’s since I’ve listened to a few people talk about it now. And since they will on maths because as sort of suggested with the signal app is that the the mathematics the encryption happens on each device and so what the building system The next is building their law basically says is that companies that create these this software
Need to either provide access to the content that shared between users? Yeah. Or be able to unlock that content by basically creating a backdoor front door side, whatever you want to call the door. I know that the way for law enforcement, so so there’s a terrorist case or there’s a big criminal case and they need to crack into someone’s communications because obviously criminals do use these organized crime criminals. Terrorists use these apps, because they know that they can communicate anonymously and securely and so law enforcement would tap on the shoulder of the people behind signal inside when when access to this dialogue with this communication and signal then turns around and says, We’re sorry, we can’t they this and they can’t and they’re actually just signed that they’re not even going to they’re not even going to, you know, can’t they be banned from selling to Australian phones then? Are there things that the government can do to kind of affect their business in Australia? Well, this is the this is the big unknown at the moment. And a lot of tech community is talking about this is that what does happen
Next because if for example there is a big concern there are let’s assume the worst case scenario there’s a major terrorist cell happening within Australia and they it is known for some reason that they are using signal the government Ico other federal bodies then go to signal and say, We need you to unlock all open or gain access to the messages that are happening here. Now if they say no, then simply that they’re the ones signal are the ones that are going against the law which has been created by the and I think it’s fines, adding to legislation. The moment that got passed, rush through one of the last thing dies of Parliament just within the last week or so in Australia that provides for big fines like finds that are so big that even Apple would not want to pay them for too long it’s on on a daily basis. And this would push the locks of signal and any any other tech company that currently works in Australia has an office in Australia to say, well, we’re out of here on that I’m going to move overseas or go to New Zealand. Oh, go
America go anywhere else except to it means that other companies from overseas would not want to set up an office here, they’d be looking at going well, we can’t allow our software to be compromised by this bill. And therefore we won’t even allow access. We know we know for example, why should we? What about the rest of the world? If we do it for Australia, then that same vulnerability could be explored and that’s the reason why wouldn’t want to do it. And this is an these arguments being made by Apple, by the way. Yeah, I was making submissions to that parliamentary inquiry before you’ve been going on, but rather to that it’s been going on since I think August last year, 2017 was when the parliament start had a special committee looking at how they could change encryption laws or to get access in the case of you know, dire need by law enforcement or federal police or anti terrorism organizations that sort of stuff. Yeah, this is government overreach because they already have the palace to compel you to unlock your device. So that is law that the as you come into the country and
As you come to 10 years jail or big font yet they already have How is to monitor your communications if it’s an encrypted so that it will data retention that’s been around for a while. And Kp dot all the telcos and is please go to keep the data for two years, I believe. So there is a lot of methods that they already have at their disposal. My understanding of this bill was a law now is it was about consolidation and adding new things into it. And this is probably the worst component of it. And it’s, you know, for the people at this at all, you know, it’s good that we’re able to catch these terrorists but the problem is, and as we’ve seen, particularly with the NSA that happened, you know, there was it wouldn’t start in and had exposed what had occurred use violence here. And so the NSA had built in these back doors and they kept them secret and they use this technology to gain access to systems even even things like hardware being influenced you know like that that the the the backbone of the internet you know, Intel devices and and other networking devices Yeah, we’re actually but
You know, before they got solved the hood going to the CIA and the CIO is potentially altering the hardware firmware on before and even hardware I believe, and then sending it off. So it has been rumors about back doors being built into systems for a long time. And it what it means is it means that you either have no security because as soon as these keys as these programs get out, because there is no question in my mind that it will happen if, if anything of this nature can be created, it will be exposed and that means that the whole internet becomes vulnerable because and the idea is that you can compel an Australian citizen that works for a foreign company to, you know, create or expose the way to unlock this encryption. I don’t know how far that would go. Maybe if the case was compelling enough. We could go that far that some of the scare tactics but the big concern is what the future of techies in Australia because if people think
Well, if I create this software that I want for the public, then the government will lean on me to make sure that they have the keys to decrypt it. Therefore, it’s not secure. Why would I bother setting up shop here? So signal have basically said, we’re not going to comply, we’re not going to do this. And even if they chose to do that, if they turn around and said, Okay, well, we have to then the people that are trying to do the illegal things are going to find a different platform, another way to communicate, so it’s the whack a mole game, but everybody else loses their security and privacy because of this
terrible idea. Yeah, it’s true
is that is the bottom line that they can’t get can’t provide law enforcement with access to one person’s secure communications without making everyone’s communications vulnerable, who chooses to use the same platform and don’t forget they’re not just talking signal to me is a reasonably you know, it’s not a very particularly well known piece of software. I mean, people use it What’s that?
fama widely used as these I’m messaging fruit from iPhone to iPhone, which is also encrypted. And and use the same technology that’s been used its end to end encryption, the even the organizations that design these things, as you said earlier, they don’t have the ability to break it. And that’s part of the design is that they they saying to the users, this is so secure that even we don’t have the keys so so unless we deliberately engineering a back door and then we give that to you in an update which basically makes your software unsecured there is no way to get into it. There’s no way to comply with these new Australian laws and lists. The actual software itself is all I’m looking for. For example, I use and promote and talked about many times on this show last pass as a way to store your passwords. Now they’re a foreign company that work in the US but let’s assume because they’re available in Australia that the Australian Government is somehow able to put pressure on last pass and so you have to give us a message to unlock anybody’s last pass and for me this
That’s got the keys to my life that’s got everything in there. It’s, it’s, it’s got every single login that you can think of because I don’t want to think of the the password. Now you said you got 1000 possible lives in over the last part here. And so if the government has access to that, then they can log into anything they want. So they only need to have the decryption. Okay, have for one to then access everything about the banking industry. I mean, well, it’s realized the same sort of secure communications SSL, isn’t that the same sort of exactly. So this look, this is the concern because the concern is when it gets out because let’s not say it when it happens when the encryption keys if they created when they created they actually get exposed because the government can’t control them. Or dark web. Yep, they’ve they’ve contracted out to a third party to keep the security that’s security lapses. This case get asked then it’s things like identity theft, it’s gain access to your bank accounts, you’re secure communications go back to sending letters bypass.
It is steaming the envelope open to read the letter any state that’d be a hassle phone would not. It is a scary time for Australia in the tech industry at the moment. it to me is the stupidest thing that I’ve ever heard and I cannot believe it is law. It’s been rammed through unfortunately but they’re going to review it early next year. Thanks a lot, John.