| > allows the government to force companies or even individuals to add backdoors to their products I think the tech media and community overstates the impact of this law. The law [0] makes it clear that the backdoor cannot introduce any systematic weakness of vulnerability, which explicitly includes "a new decryption capability in relation to a form of electronic protection". What it allows is stuff that targets a specific person _and_ is incapable of affecting anybody else. The second part overrides the first part, so if it's not possible to target a specific person without weakening protection for everybody else, you're not required to do anything. For example asking you to put code into your app that creates a copy of private keys and sends them to ASIO if the user's ID matches a hard-coded value would be legally okay per my reading of the law. However adding ASIO's key to every single message would not be okay. I'm not saying I'm in favour of the law (I'm not) but its actual effect isn't at all what people assume (I hear a lot of comments about "Australia banned encryption" and other such nonsense). [0]: http://www5.austlii.edu.au/au/legis/cth/consol_act/ta1997214... |