Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Tuesday, 04 December 2018 11:41

Encryption bill: Labor solution will not solve the problem

By
Encryption bill: Labor solution will not solve the problem Pixabay

If the Australian Labor Party thinks the government's encryption bill will magically become good law if it only passes schedule one and only for anti-terror agencies right now, then it is sadly mistaken.

The problem with the bill is its loose language, which lends itself to a myriad interpretations, allowing every Tom, Dick and Harry to poke their fingers in and meddle with encryption. That will not make things any safer, even if it is in the hands of anti-terror agencies.

The bill needs to be junked. It will require such an enormous rewrite to ensure it does not have the reverse of the effect it is intended to have, that throwing it out with the garbage is the least difficult option.

Under the bill, companies will be initially requested to co-operate with law enforcement; if they do not, the pressure will be stepped up to force them to help.

First, there will be a “technical assistance request” that allows voluntary help by a company. The staff of the company will be given civil immunity from prosecution.

Next, an interception agency can issue a “technical assistance notice” to make a communications provider offer assistance.

Finally, a “technical capability notice” can be issued by the attorney-general at the request of an interception agency. This will force a company to help law enforcement, by building functionality.

There are no judges involved in the picture. When one mentions attorney-general, what is the picture that comes to mind? Ah, yes, George Brandis. The man who did not know what metadata is.

Let's step through a possible scenario. Say citizen A is running an e-commerce website and the spooks discover that criminal A and child molester B frequent that site and buy stuff there. The spooks will turn up at the door of citizen A one fine day and hand him a notice, telling him he has to insert a certain script into his site, in order to collect information about the two criminals.

How citizen A does it is of no import. If he refuses, he will have to pay a massive fine. And he cannot talk about it to anyone, else he will go to jail for five years.

Or let's take the case of a big commercial outfit, for argument's sake, Google. One fine day, spooks turn up at the company's offices in Sydney and tell the top brass that they need information from the Pixel phone used by alleged terrorist A. They ask Google to take care of it.

What does the company do? You can't make one Pixel phone vulnerable; code that can exploit one phone, will be able to exploit all. And code of this nature has a funny way of becoming public without any prompting. Just ask the NSA.

Does Google go to court? After how many such requests do the company's top bosses sit down and wonder whether it is worth the trouble to do business in a small market like Australia?

For local companies that sell hardware and software outside the country — or even within — it will be a very hard problem. The moment the bill passes into law, they will get inquiry after inquiry about whether they can guarantee their products are safe and do not have any backdoors.

Their competitors will have a field day – as many US security companies did when the mainstream media in their country spread disinformation about Kaspersky Lab. In the end, all these companies are in business for the money and they have to protect their bottomline.

When some companies raised the issue of Australian companies being put in the same position as Canberra has put the Chinese telecommunications firm Huawei, the tendency of the man heading the Parliamentary Joint Committee on Intelligence and Security, Andrew Hastie, has been to point out that there is no equivalence in the character of the two governments or institutions.

But this reasoning is fallacious as pointed out by Francis Galbally, the chairman of encryption technology firm Senetas. During last Friday's hearing of the PJCIS, he responded to Hastie, saying: "With respect, Chair, you say there's no equivalent, and I agree, it's not equivalent, but I can tell you other countries take a different view. At the moment, as we stand in the world, Australia is regarded as the most trustworthy country in the world for cyber security products, bar none.

"There are countries in the world that don't trust the US. There are countries in the world that don't trust Israel. There are countries that don't trust Singapore. There are countries in the world that don't trust other countries for all sorts of reasons. Australia stands up as the most trustworthy.

"That's why we've been able to sell our products into more than 40 countries around the world. That's why even eastern European countries use our products for their secret service protection; we're trusted. This bill gives a perception of mistrust, and whatever you say, whether it's really going to apply to us or not or whether there's a democracy or not, it gives a perception of mistrust."

That's the one thing Labor needs to understand.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments