Sunday, 16 December 2018 15:43

Encryption law not smart politics, says Signal developer Featured

By
Encryption law not smart politics, says Signal developer Pixabay

The Federal Government's encryption law does not seem like smart politics, but then nothing about it seems particularly smart, according to developer Joshua Lund who works for the project developing the encrypted messaging app Signal.

In a blog post about the encryption law, which was passed by Parliament on 6 December, Lund said through the entire eight-year development of Signal, a project run by Open Whisper Systems which is the brainchild of well-known cryptographer Moxie Marlinspike, resistance had been encountered from people who struggled to understand end-to-end encryption or those who sought to weaken its effects, adding that this was not a new dynamic.

"We can’t include a backdoor in Signal, but that isn’t a new dynamic either," wrote Lund. "By design, Signal does not have a record of your contacts, social graph, conversation list, location, user avatar, user profile name, group memberships, group titles, or group avatars.

"The end-to-end encrypted contents of every message and voice/video call are protected by keys that are entirely inaccessible to us. In most cases now we don’t even have access to who is messaging whom."

The Labor Party and the government struck a deal on 5 December to pass the bill, officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, on Thursday, the last sitting day of Parliament for the year.

Some 50 pages of amendments were handed to the various parties early on 6 December before debate on the bill began. But the bill was finally passed without any amendments due to there being a lack of time for Labor to add any amendments in the Senate.

Labor leader Bill Shorten agreed to this compromise on the proviso that the amendments would be passed during the first sitting of 2019. The government has said it will consider the amendments, but made no commitment that it would accept all of them.

Lund said everything that was developed for Signal was open source and anyone could verify or examine the code from each release. Reproducible builds and other means of binary comparison made it possible to ensure that the code which was distributed was the same as that running on users' systems.

"Everyone benefits from these design decisions – including Australian politicians. For instance, it has been widely reported that Malcolm Turnbull, the 29th Prime Minister of Australia, is a Signal user. He isn’t alone," Lund said.

"Members of government everywhere use Signal. Even if we disagree with [Attorney-General] Christian Porter, we would never be able to access his Signal messages, regardless of whether the request comes from his own government or any other government."

However, he pointed out, though Signal developers could not include a backdoor, Australia could attempt to block the service or restrict access to the app.

"Historically, this strategy hasn’t worked very well. Whenever services get blocked, users quickly adopt VPNs or other network obfuscation techniques to route around the restrictions," said Lund.

"If a country decided to apply pressure on Apple or Google to remove certain apps from their stores, switching to a different region is extremely trivial on both Android and iOS. Popular apps are widely mirrored across the Internet. Some of them can even be downloaded directly from their official website."

Lund said one effect of many that the law would have was to isolate Australians from services they depended on and used daily.

"Over time, users may find that a growing number of apps no longer behave as expected. New apps might never launch in Australia at all.

"Technology organisations that want to open offices in a new country could decide that AEST isn’t such a great timezone after all. Foreign engineers may choose to watch the Australia episode of Planet Earth in 4K rather than spending $4K at an Australian programming conference."

His final poser was: "As remote work continues to become more prevalent, will companies start saying 'goodbye' instead of 'g’day' to applicants from Australia?"

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has high potential to be exposed to risk.

It only takes one awry email to expose an accounts payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 steps to improve your Business Cyber Security’ you will learn some simple steps you should be taking to prevent devastating malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you will learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments