The headline is a little misleading. It's much more terrifying than that. It isn't just Australia. It is the US, Australia, Canada, UK, and New Zealand all together (known as the "Five Eyes")[1]. Australia is just the country that put the memo together.

> The "Five Eyes", often abbreviated as "FVEY", refer to an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. [1]

[1] https://en.wikipedia.org/wiki/UKUSA_Agreement

The article mentions that Australia has no bill of rights which, whilst technically true, doesn't mean we don't have equivalent protections. Some are enshrined in our constitution whilst others are parts of common law and other legislation.

The conclusion they draw from that is right however; a lot of laws can be introduced to our parliament that might not get off the ground elsewhere. It's why we've fervently fought against many other, similar laws that would impinge on our rights and freedoms in the past. I spent a good part of my youth fighting against the Clean Feed legislation (it was a great big Internet filter for Australia, a terrible idea) which was thankfully defeated before it got off the ground.

We'll have to do the same for this.

> The government has been quick to claim that this is not a back door, and the bill prohibits requests to companies to create “systemic” weaknesses.

Claiming that you're not backdooring something doesn't stop it from being a backdoor.

Digital Rights Watch has more information and a submission system to help people write their feedback to the government: https://digitalrightswatch.org.au/2018/08/19/defend-encrypti...

I feel like the linked article on ABC has a much more detailed and balanced description of the bill [1].

The Government says that "systemic" weaknesses cannot be demanded. That said, the third part of the demands that can be made, the "technical capability notice", seems ripe for abuse.

At the very least, the acceptance of a bill like this will erode trust in app stores. I would expect to see some sort of checksum verification by users becoming commonplace as people become wary of potential targeted attacks.

[1] http://www.abc.net.au/news/science/2018-08-20/tech-surveilla...

Its interesting to think back when Saudi Arabia and the UAE tried to force Blackberry to fall in line there was global outrage including here about the 'backwardness' of these countries and values of democracy and freedom.

Now just a decade later this 'backward' behavior is now 'normalized'.

This is evidence things are moving too fast for us to fully comprehend or contemplate how far down the slippery slope we may be at the current time and how 'values' and definitions change in just a decade.

I don't know why the Five Eyes countries issued a joint statement the other day (tellingly, via the Aussie government's web site). Modus Operandi for each Five Eyes country since forever is to ship their secrets to another partner so they could claim not to be spying on their own people. All they need is for AUS to have the backdoor and then all data could be channeled that way.

I appreciate that the author mentioned the gross incompetence of our intelligence operation which I presume doesn't get much mention outside the country.

PS: nice original Mac illustration for that article!

40 years ago my parents emigrated from an authoritarian South-East Asian country with a dubious human rights record to come to Australia where their kids could enjoy freedom and opportunity away from all that.

Today, I see this announcement in the news and I am wondering which country I can emigrate to with my own kids because I am disgusted with the increasing authoritarian bent of our government, as well as our plummeting human rights record...

This method won't work for most 'after the event' scenarios, such as the San Bernadino case, because the subjects are often deceased, and so unlikely to be updating the software on their phones or computers, so it can only possibly apply "upon suspicion". ie. pre-crime...

This opens up questions as to how someone becomes 'suspicious' if their communication is already encrypted. And if they're already a person of interest, how many myriad other ways do they have of surveilling them or checking out their activities? Terrorist attacks require non-electronic items that have to be purchased, stored, and constructed in non-electronic places. There are existing ways to surveil people, under warrant. GPS trackers, phone records, bank statements, listening devices, watching devices, IMSI catchers, metadata (which Australia has legislated must be kept by ISP's for a couple of years).

This new legislation feels like a LOT of effort for a very small percentage return over and above those things I've already listed, especially considering:

- How long would it take to develop and deploy a targetted version of a program?

- What's the likelihood of the target updating their program during the useful window of time?

- Is this timeframe going to be of use to law enforcement?

- If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?

- At what point does warranted surveillance become government harassment?

What this looks like from the outside is more psychology than technology:

- Hey Terrorists, we can do these things so, you know, re-think your life's direction

- Chilling effects: encourage paranoia, discourage dissent, even discourage disagreement

It seems like they are just making it more explicit that companies must cooperate with the police. Isn't it already the case anyway if there is an appropriate court order?

At least they are not suggesting to compromise or limit encryption in any way.

What I fail to understand is how all this would help fighting crime. Criminals and terrorists can easily use end-to-end encryption for the communication. There is plenty of software for that and it's really easy to do nowadays.

I came across this video that shows the potential issues with this bill https://youtu.be/eW-OMR-iWOE

What is concerning is I am building a information management system that focuses on privacy and this sort of bill makes a mockery of the entire concept.

Is anyone actively organising against this bill? I feel that ever since the Iraq war protests failed ever time some thing like this happens, people complain a little bit, but don't actually manage to change anything. I was wondering if there are any groups out there that are actively protesting this that I could join, or if not, if any one is interested in forming one? It seems to be an issue that will affect the majority of the readers of HN in a negative way, regardless of your usual political affiliation.

This is mostly about "terrorism", right?

And for Australia, about immigration from flooding areas in Southeast Asia, right? Which arguably has follow-on roles in "terrorism". [I use scare quotes because the definition of "terrorism" is so politicized.]

There are many things to admire about Australia and many reasons that I am grateful that I grew up in Australia.

But the ongoing ritual humiliation of Australian technologists over the past several decades is really tiresome.

I found the Assistance Bill to be relatively palatable although still disagreeable and I have emailed in to the forum saying I think it should not pass.

I was just surprised that it had so much awareness of the concerns around what it was doing.

The most worrying part for me was the enabling of remotely serving a warrant. In other words, if they had a warrant for your device they could hack your device instead of physically recovering it. This would mean their cybersecurity team will be broadening it's capabilities and weaponry in that area.

That is worrying. Much in the same way I don't want police cruising town in armoured vehicles with a small arsenal, I am not too hot on investigators being able to sick the hounds on an unsuspecting network. Collateral is a real issue in the digital world too. What if my org network goes down because a warrant was being served remotely on an employee and their exploits were not precision enough?

The message is to entrepreneurs: don't build companies - build protocols.

Do they think that is this law is introduced that criminals will be using Facebook and Australian hosted communications providers to communicate with one another?

I cannot read that article in Firefox. Ironic

It’s interesting these are all common law Anglosphere countries which declared independence from Great Britain. The UK still has a lot of soft power.

For those that would like more reading here is the explanatory bill: https://bit.ly/2NR4tTh

Three important things to note technical assistance requests, technical assistance notice and technical capability notice.