extremetech.com
Australia is now the first Western nation to ban security, following a decision by its parliament to pass a bill forcing companies to hand over encrypted data to police upon demand. The government will be allowed to demand this without judicial review or oversight of any kind, beyond the requirement to get a warrant in the first place. Furthermore, the law requires corporations to build tools to give them the ability to intercept data sought by police when such tools do not already exist.
While the bill has only passed Australia’s lower chamber, the upper chamber has indicated it will pass the legislation provided there are later votes on unspecified amendments to the current bill.
Australia has become the first nation to enact into legislation what both the UK and US governments very much want — government-mandated backdoors into encryption systems that require corporations to hand over data on demand. The response of the tech industry has been straightforward: There is no way to perform this task that does not fundamentally weaken security.
And for all that journalism is often the process of laying out multiple sides to an argument or debate, there’s no actual debate to be had, here — not, at least, as far as the security principles are concerned. We can certainly debate whether people should be entitled to privacy, or if the governments of nominally free countries should have access to this information in the first place. But as to whether it’s actually possible to build secret backdoors into security systems without fundamentally weakening them, the evidence is simple: No.
As Cindy Cohn wrote in a recent post on Lawfare Blog:
Even without compromising the cryptography, there is no way to allow access for only the good guys (for instance, law enforcement with a Title III warrant) and not for the bad guys (hostile governments, commercial spies, thieves, harassers, bad cops and more). The NSA has had several incidents in just the past few years where it lost control of its bag of tricks, so the old government idea called NOBUS—that “nobody but us” could use these attacks—isn’t grounded in reality. Putting the keys in the hands of technology companies instead of governments just moves the target for hostile actors. And it’s unrealistic to expect companies to both protect the keys and get it right each time in their responses to hundreds of thousands of law enforcement and national security requests per year from local, state, federal and foreign jurisdictions. History has shown that it’s only a matter of time before bad actors figure out how to co-opt the same mechanisms that good guys use—whether corporate or governmental—and become “stalkers” themselves.
Read More
No comments:
Post a Comment