1. 8
  1.  

  2. 2

    What I think people are missing in this debate are the tech companies are salivating.

    What a marvellous unending revenue stream…

    …sure they are being forced to hand over their users data…

    …and they will howl and cry about that to the press…

    …all the way to the bank.

    Each search request will be done… for a fee.

    At a neat profit.

    What a scam!

    Charge the user to hold their private data…. and then sell it to the highest bidder (boohoo we didn’t want to they forced us boohoo weeheeeheehee).

    And guess what, I bet the government won’t always be the highest bidder.

    1. 4

      I don’t see how that’s the case. It sounds like the Australian government wants to force companies to give them data. They’re not paying for it.

      1. 3

        The US government does something similar. Yet, the telecoms charge the LEO’s a fee for some kinds of access. cryptome published them at one point. It was several, hundred dollars leaning toward a thousand for cellphone companies if I’m remembering right. They even had a web portal for it. Comcast also billed for the pen register taps.

        1. 2

          Want a bet?

          Yes, they will be forced to cough up the data… but I bet they can impose a fee for each search.

          I believe they already do so, for example, on all cell phone record requests.

          And even if it the fee isn’t line item on the bill just passed, I will bet you a six pack of something cold that a court challenge would succeed.

          Not to dismiss the bill, that won’t happen, but to force the government to re-imburse the tech companies for the, cough, “costs” incurred.

          Infrastructure manufacturers are also salivating… these “back doors” are a Premium Feature which command Premium Prices.

          And they will get it.

          Paid for by the taxpayer.

          I would love to see the treasurer advice on this bill… I suspect they will have already budgeted for these costs.

        2. 2

          I also don’t like that law but I think you’re unnecessarily outraged by that (potential) fee. I’d assume the demand for data access is a decreasing function of the price. The more expensive they are the less likely the government is to ask for them. So the no-fee scenario is one with the maximum number of requests. I doubt that’s your intended goal.

          Regarding the regulation, please have a look at the official document. I haven’t read the whole thing but here are some highlights (emphasis mine):

          Schedule 1 of the Bill will provide for industry assistance, which can be voluntary (a technical assistance request) or ordered (a technical assistance notice or technical capability notice). […] The assistance provided by a designated communications provider would be in the form of technological assistance and include, but not be limited to: removing electronic protection; providing technical information; formatting information; and facilitating access to devices and other things.

          The key amendments in Schedule 2 of the Bill relate to computer access warrants. These warrants permit covert access to data held in a target computer (which is broadly defined and may include more than one computer networks or systems). The amendments will:

          • expand the powers available under computer access warrants and authorisations executed by the Australian Security Intelligence Organisation (ASIO), including by allowing ASIO to intercept a communication for the purpose of executing a computer access warrant and undertake activities to conceal access after the expiry of a warrant
          • introduce equivalent computer access warrants for law enforcement agencies under the SD Act and
          • make related amendments to the Mutual Assistance in Criminal Matters Act 1987 and the Telecommunications (Interception and Access) Act 1979.

          Schedule 3 of the Bill will clarify and enhance the ability to collect evidence from electronic devices under warrant, by allowing the collection to occur remotely. Amendments will enable law enforcement to access information associated with an online or web-based account.

          Schedule 4 of the Bill will bring the search warrant powers available to Australian Border Force (ABF) officers under the Customs Act 1901 into closer alignment with those available to police under the Crimes Act 1914.

          Both Schedules 3 and 4 will expand the situations in which law enforcement officers may obtain an order requiring a person to provide assistance (such as authentication on a device), or risk a custodial sentence and/or a significant financial penalty.

          1. 2

            I’m outraged by the perverse incentives at work and the dishonest two facedness.

            With one face displayed to their customers they moan and wring their hands…

            …with the other face they are lobbying for the business.

            Your highlighted sentences miss the point.

            Yes they are required by law to expose the customers data, this gives them “plausible deniability”, “it’s not our fault”.

            But I think you will find another law elsewhere that says the government must pay for services rendered.

            Because of the controversial nature of this law, they have kept the two sides at arms length.

            If we had any real journalists left, that is what they would be looking for… who in the business community is (quietly) lobbying for and championing this law.

            I think you will find the “no fee” scenario is best…. it will be fought tooth and nail and dragged through court and delayed because the telco’s will lose money on every request.

            But the history of military budgets shows the price is remarkably poor at effecting demand. ie. It all comes out of some big bucket of other peoples money.

            1. 1

              Regarding my highlights: I wanted to emphasize other aspects of this law that seem to be eclipsed by encryption regulation. For example, if my understanding is correct, the last highlight means the law will require you to provide the password to your device or risk penalty.

              It seems by “demand” you mean “total amount spent” but I mean “total number of services rendered”. If military suppliers slashed the prices of equipment in half would the government react by reducing the budget in half or ordering twice as much? I’d say their response would be closer to the latter option. I think the same principle applies to the fee you mentioned.

              It doesn’t matter that it’s other people’s money. If the budget is 10M and one unit costs $100k then you can buy 100 units. That’s maths. If you slash the price in half then the same 10M can buy 200 units.

              Also, I’m not sure whether my reading of the document I linked is correct but it seems their intent is to go after all companies in the world even if not present in Australia. Relevant passage:

              A failure by a designated communications provider (other than a carrier or carriage service provider) to comply with TAN or TCN requirements will attract a maximum penalty of 47,619 penalty units (currently $9,999,990) if it is a body corporate; for other providers it will be 238 penalty units (currently $49,980).

              […]

              Issue: conflict of laws

              The DIGI submission noted that the Bill ‘makes explicit its intended reach beyond the borders of Australia to any technology provider with a connection to Australia’. It considered that this ‘causes major problems for businesses and it could ultimately put Australians at risk’:

              […]

              Additionally, Apple’s comment seems to interesting. I haven’t read the law itself but if that comment is accurate then the law is written in extremely broad terms (emphasis mine):

              We encourage the government to stand by their stated intention not to weaken encryption or compel providers to build systemic weaknesses into their products. Due to the breadth and vagueness of the Bill’s authorities, coupled with ill-defined restrictions, that commitment is not currently being met. For instance, the Bill could allow the government to order the makers of smart home speakers to install persistent eavesdropping capabilities into a person’s home, require a provider to monitor health data of its customers for indications of drug use, or require the development of tool that can unlock a particular user’s device regardless of whether such [a] tool could be used to unlock every other user’s device as well… While we share the goal of protecting the public and communities, we believe more work needs to be done on the Bill to iron out the ambiguities on encryption and security to ensure that Australian are protected to the greatest extent possible in the digital world.