ITP Techblog

Brought to you by IT Professionals NZ
« Back to Security & Privacy

Brislen on Tech

Paul Brislen, Editor. 07 December 2018, 5:15 pm

Stupid is as stupid does

Currently I'm watching the #aabill twitter posts and it's a horrible, messy trainwreck. At best, it will be an astonishing breach of Australians' privacy and rights not to be monitored by their government. At worst it will be all that and will crash Australian tech companies' ability to innovate, destroy any chance Australian developers have of producing products that are trusted in the rest of the world and may force large operations like Amazon, Facebook and Google to retrench from the Australian market.

All told it's a pig's ear.

The AA Bill is actually the Assistance and Access Bill and it's designed to give Australian law enforcement (and others) access to secure communications around Australia. Forget asking nicely, under the AA Bill anyone offering encrypted message services will be required to decrypt those messages for agencies that ask nicely (and those who have a warrant).

If, for example, you were to send a message across Australia that was encrypted, as almost all messaging apps are, then the authorities can't tell whether you're saying "here's that photo you asked for" or "commence operations against our overlords, the uprising has begun" and so they're somewhat nervous about it.

But since none of the Australian members of parliament, senate, judiciary or any of their advisors (apparently) have ever used a computer or a phone or sent a message or bought a product online, they've decided the best way forward is to introduce a bill into the house requiring all providers of such services to provide a back-door through all this technology nonsense for the authorities to access that content.

This has not gone down well.

Amazon is unlikely to introduce such capability into its Amazon Web Services suite of products just for the Australian market. The same can be said for Google, or Apple with their various document sharing and messaging platforms. Facebook and WhatsApp are unlikely to be willing to produce an Aussie version of their apps either because while we're minute, the Aussie market isn't that big either.

But on top of that, anyone travelling through Australia or doing business with an Australian operation must consider whether the data they're carrying is secure in such a situation.

Take me, for instance. I have a range of clients, some of whom demand that I store and care for their intellectual property as if it were my first born. Actually, all of them do. They assume I'm not going to allow some random third party to access that information, and I'm required not to share it without express permission.

So what would I do at the Aussie border? Could I email an Australian with information that is confidential to my clients? How will I know whether or not my Australian-owned bank is sharing my data with the police and other authorities without waiting for a court order (oh, good news there for Westpac customers: you don't have to wonder as that's already happening in New Zealand).

And what of my telco? Will it be sharing my very location and who I meet with?

The bill allows for all of that and more.

So what of Australian software developers? Well, sadly they're probably stuffed as well. Nobody is going to buy Aussie Certified Software (Motto: it's fair dinkum and we'll know if you say otherwise because we can listen in on everything you do) or store their data in Australia or do business with Australian software companies that might have to install backdoors into their encryption capability but won't be able to tell you because that also is a crime under the new law. Yes, even telling your boss that you've put this in is a no-no, let alone telling anyone else.

All that aside, the very process by which the bill is being introduced is also totally bogus. No time for a normal process, the bill is being passed under urgency so there's no select committee review, no fine tweaking of the wording, no option for public consultation or feedback from the industry. There's not even time for the MPs and senators to read the Parliamentary Joint Committee on Intelligence and Security's report into the bill which is less of a problem than you'd think because the committee has basically swallowed the whole thing and said it'll all be fixed later on, once it's introduced.

This is even stupid on all sides of the house because while the Opposition says the law is dumb, they're voting for it anyway. Erm… Have you thought this through?

If ever there was an example of politicians meddling in affairs about which they really do no understand, this is it. Building backdoors in to encryption just means you've introduced more ways for the bad guys to access the data, and while I don't care about my cat videos, I do care very much about my bank records, about my credit card information, about my health records and about my client's intellectual property.

And if this madness can happen in Australia, we should be very worried about calls for increased capability in New Zealand because that won't be far away.

TechRadar - Australian anti-encryption laws will be in place by Christmas

The Guardian - Why we are governed by idiots and you should be worried

ZDNet - Hasty PJCIS examination of encryption Bill produces rushed and contemptuous report

ZDNet - Australian encryption Bill raises bar for outrageous legislation: Comms Alliance

Kudelka Cartoon - Enigmatic

Buzzfeed - Labor: This Encryption Law Is Flawed. Also Labor: We Voted For It!

TenDaily - If encryption laws go through, Australia may lose Apple


AA Bill.jpg


Huawei CFO arrested

Speaking of poking the bear, the US has demanded Canadian authorities detain the CFO of Chinese equipment maker Huawei as she travelled across Canada in transit.

Canada has complied and Meng Wanzhou has been arrest. Meng is also deputy chairman of Huawei's board and just happens to be the daughter of the company's founder, Ren Zhengfei, so that's going to go well for all concerned.

Huawei has been the political football in the ongoing contest between Washington and Beijing over who gets to spy on the world around them. Washington suggests it should only be them, and is encouraging/requiring its allies to circle the wagons and refuse to allow Chinese companies, of which Huawei is the lead, to build critical telecommunications infrastructure in their countries.

Meng is being held because apparently Huawei violated international sanctions over Iran. Details are sketchy because that's how we do things these days, but Meng faces being extradited to the US to face charges in the coming days.

This isn't Meng's first brush with the law over Iranian sanctions, however. In 2013, Meng was on the board of Skycom Tech when it offered to sell Hewlett-Packard equipment to Iran. The deal didn't go through but the US will claim she has form in this area.

Meanwhile in the UK, former telco monopoly BT is in the process of pulling all Huawei kit from its networks. Apparently the only reason it has any is because it bought network operator EE and it had installed Huawei gear in its 3G and 4G networks, and the decision to remove it has nothing to do with the political climate no no.

Is this the start of the US and its allies providing the public with evidence of Huawei's nefarious deeds or is it just more posturing? It's hard to tell from here but I suspect this is a story that is far from over.

NZ Herald - Auckland academic sees serious fallout as Huawei CFO arrested at US request

Stuff - Huawei's woes deepen with arrest of CFO and British snub

The Register - Huawei CFO poutine cuffs by Canadian cops after allegedly busting sanctions on Iran

The Register - UK's BT: It's not unusual to pull Huawei from our core mobile networks

Engadget - DOJ is reportedly investigating Huawei for violating Iran sanctions


Per ardua ad astra

I watched the SpaceX launch live the other day and marvelled at the way the boosters are brought back down to earth. Well, in this case it was the landing ship but you know what I mean.

The way they line up and make it look so easy.

I read somewhere that they deliberately stepped out the dual landing from earlier in the year because having two boosters land simultaneously just looked weird, so they delayed one to make it more aesthetically pleasing.

As I write this I'm watching footage of the main booster fail to land terribly well. One of the stabilising fins appears not to have deployed fully so the craft got into trouble, took itself out over water and proceeded to bring itself back under control and land on a soft surface. There's hope the craft can be retrieved.

All of this is glorious and fills my space nerd heart with glee, because I don't care at all about low earth satellites but I do want to see us journey to another world and these early baby steps are exactly what are needed to get us there.

Never mind the booster fell over - the way it controlled itself and the way it worked are exactly what you'd need to land on a distant world. Even the "hey, let's put them down on a barge out to sea" shouts out that they want to try to teach these rockets how to land on unstable, unforeseen surfaces - what better than to practice on water.

So, for all his faults (and boy, he has a few) my hat is off to Elon Musk and to his team. Putting up that many satellites in one go isn't easy and they made it look routine, even if Rocket Lab did beat them to putting art into orbit by several months.

My hope is that one day soon we'll have so many launches it'll just be second nature and won't even get reported in the news. Then we'll know we've truly arrived in the space age.

Wired - SpaceX's failed landing still ended with a clean plop

Washington Post - SpaceX's rocket crash lands in water after spinning wildly

YouTube - SpaceX suffers 'bummer' landing as rocket's first-stage booster crashes on re-entry

NZ Herald - Disco ball in space (January 2018)

Wired - SpaceX is launching a piece of art into orbit



You must be logged in in order to post comments. Log In

Web Development by The Logic Studio