It’s Christmas come early this week for hackers, organised crime and terrorists, with Labor caving in and agreeing to pass the government’s encryption backdoor bill, with some modifications. It’s the same story that we’ve seen repeatedly in the last five years: the government demands the passage of outrageous abuses of basic rights and common sense that even the Howard government, in the wake of 9/11, never tried to introduce, and Labor, after an initial pretence of judicious consideration, agrees.
The result — if the legislation works the way the major parties want it to work — will be government-approved malware being released into the wild by IT companies, to be harvested by criminals, foreign governments and anyone looking to circumvent the encryption that safeguards our privacy and ability to undertake commerce online, and which protects companies from commercial espionage. All in the cause of identifying terrorists — all of whom, as we keep seeing time and time again, are already known to security agencies.
Smart crime gangs and hacking teams are probably already working on ways to attract the attention of Australian intelligence and law enforcement agencies with the hope of having some malware uploaded onto a target device, which they can then repurpose for their own activities. And the people who devote their professional lives to fighting hackers have realised just how much more difficult this will make their jobs. Well done, major parties.
How did Australia come to be the village idiot of the internet? Earlier in the year I outlined several reasons why there’d been so little resistance to the adoption of the mechanisms of a police state in Australia over the last five years. In this case, there have been some additional factors:
The ignorance of politicians and journalists about basic cybersecurity issues
Few journalists, and fewer politicians, lack even an informed layperson’s understanding of either the basics of cybersecurity or its history. The journalists that do tend to write for specialist publications. Mainstream media journalists — in addition to pushing the agenda of their executives, as News Corp journalists do — have almost zero understanding of cybersecurity, and would be unaware, despite how easy it is to google it, of the history of government-sanctioned malware being used by malign actors to undermine cybersecurity. It’s why a journalist like Peter Hartcher can cut and paste intelligence agency talking points without criticism.
The lack of a homegrown tech industry and the tattered reputation of foreign giants
Australia’s IT market is dominated by foreign companies across hardware, software and media platforms. While the local tech sector has been vocal in opposing the encryption backdoor bill, ultimately it is aimed at major players — phone manufacturers, operating system designers, app makers and social media platforms. Few of these command untrammelled respect, and Facebook and Google are both regarded — rightly — with mistrust over privacy and their malign impact on the markets they operate in. The company of Cambridge Analytica, fake news and the wholesale monetisation of its users’ personal information brings no moral authority to a debate about privacy and cybersecurity. The likes of Apple and Facebook, while opposed to the bill — the global damage from users knowing they might insert malware at the request of governments would be massive — can also afford to take the view that Australia can legislate how it likes — good luck enforcing it, because both have very deep pockets with which to protect their brands in endless litigation.
Australians can’t discuss abstract rights issues
One of the structural flaws in our rancid political culture is that we’re unable to discuss abstract issues around rights, because we don’t have the language or mental framework for it. The Americans have a clear language and framework for considering the real-world application of abstract rights, and have been doing it for two centuries. Debates about free speech, surveillance and a free press can be discussed, legislated and litigated without participants being damned as soft on terrorism or encouraging pedophilia. The UK has traditionally lacked a formal framework for rights discussions but been much more capable of arguing the balance between individual rights and state responsibilities, and in recent decades has had the European Convention of Human Rights to guide policy in areas like privacy and surveillance. In Australia, there’s literally nothing in terms of rights protections beyond a right to political communication invented by the High Court to protect the revenues of TV networks. And because we lack either the language or the framework for such discussions, we end up with lowest-common denominator stuff. Want to protect privacy? You’re soft on terrorism. Spot a major problem in a bill? Deal with it via a special exemption, not a coherent policy. Debates on free speech default to whether you agree with the person whose speech is contested. Want to check the powers of law enforcement? You want to help pedophiles.
Consistent with that, the entire “debate” over encryption backdoors has been the stuff of idiots.
You could also add the overwhelming stupidity-generated arrogance of people like Mutton, who I think when he looks in the mirror sees God Almighty looking back at him. Mutton spoke and, lo, it was so.
That he is a total irrelevance on the global stage where all the significant tech players operate is something entirely beyond his comprehension.
Oh and let’s not forget that under the disastrous #TPP foreign companies will be able to sue the Australian government for any action that causes them a loss in current or potential future profits – dealing with a hacking scandal will be paid for by the Australian Taxpayer
3Stoopid #stoopid #stoopid
I agree, what repercussions will come from a legal battle where it is proven that the Aus government backdoor has caused commercial losses or data thief?
They don’t care about individuals being compromised but a multinational will siphon off huge sums of tax payer money.
“Australia” doesn’t. Its too many of the imbeciles we elect – too open to persuasion by vested interests, that think they can do whatever they like (hopefully, while hoping for the best – if they’re doing it to further their own ends, God help us) – that do.
And the thing that moist are missing is the potential for new crypto-systems from the open-source community. The history of “Pretty Good Privacy” is instructive. The USA refused to allow it to be exported and threatened to jail Phil Zimmerman. It didn’t work – eventually the source code was legally “exported” as a hard-copy book, then scanned outside the US and turned back into computer code. If somehow the government does manage to get companies to set up backdoors, I’d bet the farm that, even if it looks like they are getting a backdoor to PGP, the code will “fork” and one version without a backdoor will continue to exist. And what will the “evil people” use for encryption? Well maybe not quite all of them, but those with any brains will use the backdoor-free version of PGP, as many of these people are doing at present.
It is complete “security theatre” (a Bruce Schneirer term” — it seems like the government is “doing something” to make us safer, but in this case all that is happening is that every Australian will be less secure online, and the “evil peope” will carry on using PGP. Thanks heaps, not!
I was about to mention PGP when I saw your post. I can get a copy of PGP and start using it. How will govt. “force” a backdoor onto my copy of it? Who will they “force”?
It is opensource code. I can modify it at will. If I want to encrypt all my communications with my friends I can do it and no law will work to break that except torturing me to reveal my private pass-phrase.
Well, this law will make it easier to catch paedophiles, criminals, and wanna-be terrorists who are not computer savvy. But the smart guys will get away and the “intelligence agencies” (oxymoron there) will think they have everything covered(NOT). OK. I give up. Let’s see where this leads. We already know that the ATO thinks that 800K las year was scammed from people by phone calls purporting to be from the ATO. I wonder what this will make possible.
As an IT guy for a large Australian company, I can tell you that this will work in the following ways;
Step 1. One of our staff clicks on a dumb link in a phishing email and gets some commodity malware.
Step 2. Some hacker uses that malware to connect to spurious sites flagged by ASIO.
Step 3. The government uses this new law to load Malware throughout all of our company systems.
Step 4. Hackers have full access and send flowers to the Australian government by way of thanks.
Well done government. You’ve just legislated the door to IT hell.