Jump to content


Photo
- - - - -

Australian encryption laws


  • Please log in to reply
5 replies to this topic

#1 dejavu37

dejavu37

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 07 December 2018 - 04:24 AM

Hi,

 

I'm curious as to whether the new Australian encryption laws coming later in the month will affect the service, and legal use of airVPN in Australia?

 

https://www.abc.net.au/news/science/2018-12-07/encryption-bill-australian-technology-industry-fuming-mad/10589962



#2 ableounceony

ableounceony

    Advanced Member

  • Members2
  • PipPipPip
  • 93 posts

Posted 07 December 2018 - 03:35 PM

According to:

 

https://airvpn.org/status/

 

AirVPN has no public servers in Australia (just one internal server).  So, I assume they can tell Australia to pound sand.

 

I wonder if Australia will demand backdoors into bank transfers and military communications.



#3 telemus

telemus

    Advanced Member

  • Members2
  • PipPipPip
  • 61 posts

Posted 09 December 2018 - 02:11 AM

Hi there. The new laws are not encryption laws. They are ANTI encryption laws. They were passed shortly 19:00 AEST, 06 Dec and were signed into law the next day. As has been noted on other sites, the speecd with which this occurred indicates the authorities had a list of people/services and so forth they wanted to target.

The laws provide a basis for mass surveillance and any type of internet cervice is subject to them. Not only encrypted apps such as telegram and signal, but ISPs, VPNs, data centres, and possibly (likely) software makers. The extent of the law is not yet known. But certainly VPNs and ISPs are within its range.

Air does hot have a server in Australia, as many have noted. But Airvpn and a couple of others will be prime targets because of their uncompromising approach to security and anonymity.

If an internet business has operations in Australia, and say other countries, it is say a data centre - and air has servers in that businesses data centre in another country, the intent of the law is to force that internet business to compromise servers in its data centres elsewhere. So, theoretically, air could be targeted. BUT:

Several things may happen. The internet service might withdraw from Australia (and some have indicated privately they will spin off their Australian operations and seem to be doing so); or they will simply tell the Australian government to get stuffed. Protonmail has said as much. Or both will happen. Already a couple of internet startups have begun to move operations offshore.

It is also illegal to tell people how to protect themselves against this law - i.e. beef up their cyber security to thwart it. It goes even further: even if you are not specifically telling people how to evade this law but are just telling them how to increase their security and anonymity generally, that is a breach of the law.

The law, according to some technical experts, provides a legislative basis for mass surveillance. Two things we know it can do is facilitate MITM attacks and also the injection of malicious code via updates.

One result and a clear aim, according to technical experts, is to harvest private keys and do so on an industrial scale, and so decrypt all communications. And it is indiscriminate.

There has been a bit of discussion on redit, but also a lot on twitter. People are not happy but that does not really come into it.



#4 zhang888

zhang888

    Donald Trump of IT/Security

  • Moderators
  • 2219 posts

Posted 09 December 2018 - 03:37 AM

At least this is not a threat to non-AU companies.

You have to understand however where does it come from. US has the NSA. UK has the GCHQ.

AU has...Telstra :)

I wrote a post nearly 4 years ago about the sadly unfortunate internet "condition" in AU:

https://airvpn.org/topic/14538-aussie-and-nz-server-request/?p=28991

 

Which Dailymail rewrote in even better terms in 2016 (not my original post but same idea):

https://www.dailymail.co.uk/news/article-3748287/Security-company-claims-Australian-bandwidth-costs-17-times-Europe-thanks-Telstra-Optus.html

 

Maybe finally the peering and bandwidth costs in AU will be cheaper, or at least reasonable.

This is a "known issue" on the Asian peering market that peering with NZ, which transits via AU,

is cheaper, although it physically goes via longer distance via AU. Something we don't need in 2019.

There should be no changes to any company not operating in AU however.


Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees.


#5 serenacat

serenacat

    Advanced Member

  • Members2
  • PipPipPip
  • 239 posts

Posted 09 December 2018 - 08:52 AM

I will refrain from comment on the pathetic politics and sinister backroom power agendas peculiar to Australia.

Of greater relevance for Air and all Internet users, especially in the "5 eyes", is this:

"Five Eyes governments get even tougher on encryption"

https://www.zdnet.com/article/five-eyes-governments-get-even-tougher-on-encryption/

Also more general analysis:

https://arstechnica.com/tech-policy/2018/12/australia-passes-new-law-to-thwart-strong-encryption



#6 wintermute1912

wintermute1912

    Member

  • Members2
  • PipPip
  • 23 posts

Posted 11 December 2018 - 02:50 AM

Hi there. The new laws are not encryption laws. They are ANTI encryption laws. They were passed shortly 19:00 AEST, 06 Dec and were signed into law the next day. As has been noted on other sites, the speecd with which this occurred indicates the authorities had a list of people/services and so forth they wanted to target.

The laws provide a basis for mass surveillance and any type of internet cervice is subject to them. Not only encrypted apps such as telegram and signal, but ISPs, VPNs, data centres, and possibly (likely) software makers. The extent of the law is not yet known. But certainly VPNs and ISPs are within its range.

Air does hot have a server in Australia, as many have noted. But Airvpn and a couple of others will be prime targets because of their uncompromising approach to security and anonymity.

If an internet business has operations in Australia, and say other countries, it is say a data centre - and air has servers in that businesses data centre in another country, the intent of the law is to force that internet business to compromise servers in its data centres elsewhere. So, theoretically, air could be targeted. BUT:

Several things may happen. The internet service might withdraw from Australia (and some have indicated privately they will spin off their Australian operations and seem to be doing so); or they will simply tell the Australian government to get stuffed. Protonmail has said as much. Or both will happen. Already a couple of internet startups have begun to move operations offshore.

It is also illegal to tell people how to protect themselves against this law - i.e. beef up their cyber security to thwart it. It goes even further: even if you are not specifically telling people how to evade this law but are just telling them how to increase their security and anonymity generally, that is a breach of the law.

The law, according to some technical experts, provides a legislative basis for mass surveillance. Two things we know it can do is facilitate MITM attacks and also the injection of malicious code via updates.

One result and a clear aim, according to technical experts, is to harvest private keys and do so on an industrial scale, and so decrypt all communications. And it is indiscriminate.

There has been a bit of discussion on redit, but also a lot on twitter. People are not happy but that does not really come into it.

Welcome to the digital banana republic 


VG8gZXJyIGlzIGh1bWFuLCB0byByZWFsbHkgZnVjayB1cCB0YWtlcyBhIGNvbXB1dGVyIQ==





Similar Topics Collapse

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Servers online. Online Sessions: 12851 - BW: 41737 Mbit/sYour IP: 52.91.90.122Guest Access.