| It seems that the bill [1] is intended to make it possible for ASIO/ASIS/ASD/whoever to force Apple, etc. to share their most powerful private keys (I.E. likely the keys burnt into the ROM bootloader of iOS devices), their source code and build processes. [2] It might appear from a cursory glance at the bill and the "Industry Assistance Factsheet" [3] that the bill would not allow for this sort of behavior (introducing backdoors), but the relevant section 317ZG of the bill only prohibits government agencies from requesting that companies build weaknesses or backdoors into their software but says nothing of the government doing the same. This is extraordinarily deceptive. So, Apple's response (and the response of other multinationals) is likely going to be to ensure that all devices that are sold on the Australian market are sold with an Australia-only root certificate/key which they'll be forced to share with the Australian government agencies but whose compromise won't affect business in other countries. It seems that doing business in Australia (as a multinational) is going to be like doing business in China, and no doubt there will be other countries that decide to not purchase Australian communications technology for fear of backdoors... [5] What a fucking farce this is. EDIT: I forgot to add that by writing the bill to allow for the above behavior, the total amount of TCNs and TANs that are required (for dragnet surveillance) is reduced substancially, and given that the only public reporting seems to be a rough yearly count, this is great for PR of a police-state as it means that only a handful of approvals have to be recorded. Also it's punishable by up to 5 years in jail if you reveal the existence of a TCN/TAN (except where required to in legal proceedings and to provide a total count of the number of TCNs/TANs received over the last >6 months). [1] https://www.homeaffairs.gov.au/consultations/Documents/the-a... [2] See section 317E, subparagraph (f) of the bill which states that a "communications provider must [...] assist with the testing, modification, development or maintenance of a technology or capability." [3] https://www.homeaffairs.gov.au/consultations/Documents/indus... [4] Section 317ZG of the bill: "a [request/notice] must not have the effect of requiring a _designated communications provider_ to implement or build a systemic weakness, or a systemic vulnerability, into form of electronic protection" [5] https://www.cnet.com/news/australia-to-ban-huawei-from-5g-ro... |
To help eliminate any doubt whatsoever: as part of my job, I will absolutely, 100% veto any tech purchases from countries that mandate government encryption backdoors.