Jump to content
Not connected, Your IP: 3.23.92.64
dejavu37

Australian encryption laws

Recommended Posts

According to:

 

https://airvpn.org/status/

 

AirVPN has no public servers in Australia (just one internal server).  So, I assume they can tell Australia to pound sand.

 

I wonder if Australia will demand backdoors into bank transfers and military communications.

Share this post


Link to post

Hi there. The new laws are not encryption laws. They are ANTI encryption laws. They were passed shortly 19:00 AEST, 06 Dec and were signed into law the next day. As has been noted on other sites, the speecd with which this occurred indicates the authorities had a list of people/services and so forth they wanted to target.

The laws provide a basis for mass surveillance and any type of internet cervice is subject to them. Not only encrypted apps such as telegram and signal, but ISPs, VPNs, data centres, and possibly (likely) software makers. The extent of the law is not yet known. But certainly VPNs and ISPs are within its range.

Air does hot have a server in Australia, as many have noted. But Airvpn and a couple of others will be prime targets because of their uncompromising approach to security and anonymity.

If an internet business has operations in Australia, and say other countries, it is say a data centre - and air has servers in that businesses data centre in another country, the intent of the law is to force that internet business to compromise servers in its data centres elsewhere. So, theoretically, air could be targeted. BUT:

Several things may happen. The internet service might withdraw from Australia (and some have indicated privately they will spin off their Australian operations and seem to be doing so); or they will simply tell the Australian government to get stuffed. Protonmail has said as much. Or both will happen. Already a couple of internet startups have begun to move operations offshore.

It is also illegal to tell people how to protect themselves against this law - i.e. beef up their cyber security to thwart it. It goes even further: even if you are not specifically telling people how to evade this law but are just telling them how to increase their security and anonymity generally, that is a breach of the law.

The law, according to some technical experts, provides a legislative basis for mass surveillance. Two things we know it can do is facilitate MITM attacks and also the injection of malicious code via updates.

One result and a clear aim, according to technical experts, is to harvest private keys and do so on an industrial scale, and so decrypt all communications. And it is indiscriminate.

There has been a bit of discussion on redit, but also a lot on twitter. People are not happy but that does not really come into it.

Share this post


Link to post

At least this is not a threat to non-AU companies.

You have to understand however where does it come from. US has the NSA. UK has the GCHQ.

AU has...Telstra

I wrote a post nearly 4 years ago about the sadly unfortunate internet "condition" in AU:

https://airvpn.org/topic/14538-aussie-and-nz-server-request/?p=28991

 

Which Dailymail rewrote in even better terms in 2016 (not my original post but same idea):

https://www.dailymail.co.uk/news/article-3748287/Security-company-claims-Australian-bandwidth-costs-17-times-Europe-thanks-Telstra-Optus.html

 

Maybe finally the peering and bandwidth costs in AU will be cheaper, or at least reasonable.

This is a "known issue" on the Asian peering market that peering with NZ, which transits via AU,

is cheaper, although it physically goes via longer distance via AU. Something we don't need in 2019.

There should be no changes to any company not operating in AU however.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.

Share this post


Link to post

I will refrain from comment on the pathetic politics and sinister backroom power agendas peculiar to Australia.

Of greater relevance for Air and all Internet users, especially in the "5 eyes", is this:

"Five Eyes governments get even tougher on encryption"

https://www.zdnet.com/article/five-eyes-governments-get-even-tougher-on-encryption/

Also more general analysis:

https://arstechnica.com/tech-policy/2018/12/australia-passes-new-law-to-thwart-strong-encryption

Share this post


Link to post

Hi there. The new laws are not encryption laws. They are ANTI encryption laws. They were passed shortly 19:00 AEST, 06 Dec and were signed into law the next day. As has been noted on other sites, the speecd with which this occurred indicates the authorities had a list of people/services and so forth they wanted to target.

The laws provide a basis for mass surveillance and any type of internet cervice is subject to them. Not only encrypted apps such as telegram and signal, but ISPs, VPNs, data centres, and possibly (likely) software makers. The extent of the law is not yet known. But certainly VPNs and ISPs are within its range.

Air does hot have a server in Australia, as many have noted. But Airvpn and a couple of others will be prime targets because of their uncompromising approach to security and anonymity.

If an internet business has operations in Australia, and say other countries, it is say a data centre - and air has servers in that businesses data centre in another country, the intent of the law is to force that internet business to compromise servers in its data centres elsewhere. So, theoretically, air could be targeted. BUT:

Several things may happen. The internet service might withdraw from Australia (and some have indicated privately they will spin off their Australian operations and seem to be doing so); or they will simply tell the Australian government to get stuffed. Protonmail has said as much. Or both will happen. Already a couple of internet startups have begun to move operations offshore.

It is also illegal to tell people how to protect themselves against this law - i.e. beef up their cyber security to thwart it. It goes even further: even if you are not specifically telling people how to evade this law but are just telling them how to increase their security and anonymity generally, that is a breach of the law.

The law, according to some technical experts, provides a legislative basis for mass surveillance. Two things we know it can do is facilitate MITM attacks and also the injection of malicious code via updates.

One result and a clear aim, according to technical experts, is to harvest private keys and do so on an industrial scale, and so decrypt all communications. And it is indiscriminate.

There has been a bit of discussion on redit, but also a lot on twitter. People are not happy but that does not really come into it.

Welcome to the digital banana republic 

Share this post


Link to post

Well, if anything, the internet has become more absurd in Australia. Apart from the attacks on encryption in Australia - which continues unabated, but with no appreciable benefit being announced, the national broadband network, as the joke is called just continues to slip in world rankings.
In January, 2018, Australia was 55th in the world in terms of speed: https://finance.nine.com.au/2018/01/08/10/17/australias-fixed-internet-speed-ranking-falls-two-places-to-55th
In April, 2019, the country had slipped to 63rd - https://www.smh.com.au/federal-election-2019/australia-drops-to-62nd-in-global-broadband-speed-rankings-20190428-p51hz2.html
This placed the country far behind many other advanced economies and a handful of developing nations.
In 2016, Australians were among the least satisfied users of broadband in the world, being 23rd out of 26: https://www.smh.com.au/business/consumer-affairs/australia-ranked-23rd-out-of-26-countries-when-it-comes-to-broadband-satisfaction-20161022-gs89nu.html. It has not improved.
Many users report unexplained dropouts, service interruptions and so on. The antiencryption have only made matters more absurd.
As wintermude1912 said: welcome to the digital banana republic. Well, it's no longer confined to the digital world. 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...