[throwaway9d0291]

> my limited understanding is that Australian law forbids secure-by-design encryption pipelines

This understanding is wrong. Secure encryption is perfectly legal, tech media simply likes to overreact to laws without actually reading them.

The underlying law that lead to this widespread misconception requires Australian companies to assist law enforcement in acquiring communications but only when it can be done in such a way that nobody else is affected [0].

The example I usually use to illustrate what this means is:

- The law could potentially compel WhatsApp to add code to their application that checks for a particular hard-coded user ID (i.e. new IDs have to be pushed through the app signing and update process) and when the user with that ID sends or receives a message, a plaintext copy is sent to law enforcement.

- The law could _not_ compel WhatsApp to add a law enforcement key to every message or to otherwise weaken their encryption or security in anyway.

[0]: http://classic.austlii.edu.au/au/legis/cth/consol_act/ta1997...

[roenxi]

That doesn't sound secure. What that is describing is that third parties can easily intercept my data. It isn't a huge deal because email is by nature quite insecure; but if I cared about other people reading my emails the law is a bit of a problem. At some point these companies will probably leak data onto the public internet (if the Panama papers can leak, anything can).

Secure by design includes ideas like the pipe forgetting what it transmitted after it finishes transmitting it.

[throwaway9d0291]

It isn't secure and I wasn't saying it was secure. What I was saying is that the law gives you no less technical protection than you had before the law.

Importantly, the law doesn't compel you to have any interception capabilities. If you publish open-source code with verified and reproducible builds, the government can't really ask you to do anything, as doing so would either alert the people they're targeting or compromise the security of people unrelated to the investigation.

And I don't think this is any different to anywhere else. The FBI for example has been able to gain access to encryption keys in the past so I see no reason why signing keys would be any different.