{"id":42194,"date":"2018-09-21T11:03:56","date_gmt":"2018-09-21T01:03:56","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=42194"},"modified":"2018-09-21T11:03:56","modified_gmt":"2018-09-21T01:03:56","slug":"turning-our-technology-against-us","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/","title":{"rendered":"Turning our technology against us"},"content":{"rendered":"
<\/figure>\n

Every day we carry our lives on digital devices tucked in our pockets. But public trust in those devices has reached an all-time<\/a> low<\/a> thanks to scandals ranging from election interference by Russian hackers to the weaponisation of social media by governments<\/a> and extremists<\/a>. Last month, the Australian government proposed legislation that could make things worse.<\/p>\n

Imagine if a law enforcement official could secretly force Apple to hack into your phone to access your encrypted data. Or compel Google to trick you into installing spyware on your phone by sending you a fake software update. Or require Facebook to covertly rewrite Messenger or WhatsApp so authorities can access your encrypted conversations.<\/p>\n

The Australian government\u2019s draft Telecommunications and Other Legislation Amendment (Assistance and Access) Bill<\/a> opens the door to just that, and more. The bill, which was introduced into parliament<\/a> by Home Affairs Minister Peter Dutton on 20 September (just 10 days<\/a> after submissions closed), would allow Australian law enforcement and security agencies to order technology companies and even individuals to do vaguely described \u2018acts or things\u2019 to facilitate access to your encrypted data and devices through newly created \u2018technical assistance\u2019 and \u2018technical capability\u2019 notices. Although officials would still need a warrant to obtain private communications and data, the bill requires no prior judicial authorisation before the attorney-general could compel your phone maker or app provider to undermine their security features.<\/p>\n

The bill states that Australian courts will retain their powers of judicial review to ensure officials are acting lawfully. However, the proposal doesn\u2019t provide sufficient transparency, oversight or accountability mechanisms to ensure its broad powers aren\u2019t abused. Agencies would impose notices in secret, and the bill makes it an offence for companies to tell the targeted person about it. While secrecy may often be necessary in an investigation, the bill doesn\u2019t allow disclosure even when it would no longer pose a threat to security or jeopardise an investigation. It is also difficult to envision how an individual could seek judicial review if they never find out that their device was deliberately compromised.<\/p>\n

In all, the proposed law leaves too much discretion to officials to decide whether an order is justified as necessary and proportionate, and doesn\u2019t impose sufficient safeguards to prevent abuse.<\/p>\n

The proposal does forbid<\/a> the creation of \u2018systemic\u2019 weaknesses or vulnerabilities in technology. But the broadly drawn bill doesn\u2019t define \u2018systemic\u2019, and other key terms, and provides too much room to agencies to determine their contours. The result is that many of the actions companies might be forced to take could introduce vulnerabilities that cause widespread harm to cybersecurity and human rights, despite the bill\u2019s intent.<\/p>\n

Agencies could, for example, require a company to use its software update system to trick users into installing government code or spyware, a move that would undermine trust in routine software update channels. If users fear that updates may be compromised, they may be more reluctant to install them. Phones and other devices would then be less secure over time because they wouldn\u2019t have necessary software fixes, which would undermine cybersecurity for users beyond the targets of an investigation.<\/p>\n

Because of the ambiguities in the bill, some of the capabilities it may compel could be interpreted by security experts (including those working for service providers) as creating security \u2018backdoors\u2019 or as preventing the use of strong, end-to-end encryption.<\/p>\n

Australia\u2019s proposal emulates<\/a> the approach in the UK\u2019s Investigatory Powers Act. It also follows a joint statement<\/a> from the Five Eyes countries\u2014the consortium of Australia, the US, the UK, Canada and New Zealand for joint cooperation in signals intelligence\u2014demanding greater \u2018voluntary\u2019 cooperation from technology companies to access encrypted data or else face new laws or other \u2018technological\u2019 measures<\/a>. In the US, the government is already trying to compel Facebook to circumvent security features in the Messenger app<\/a>, much like it tried to do to Apple<\/a> in 2016.<\/p>\n

If adopted, the Australian bill would pose considerable threats to cybersecurity and human rights. And its effects wouldn\u2019t be limited to Australia. Once Apple, Facebook or Google has to disclose the source code behind its products or to trick you into installing spyware posed as a software update for Australia, other governments will demand the same. And once a company rewrites code to access information held on your device, it could be forced to use that compromised code again and again, by Australian or other authorities. Such an outcome creates additional risks that the compromised code could be breached, stolen and disseminated<\/a>, affecting users around the world.<\/p>\n

On 10 September, Human Rights Watch submitted comments<\/a> to the Department of Home Affairs urging the withdrawal of the draft bill and the crafting of an approach that meets the needs of law enforcement while also protecting cybersecurity and human rights. For example, any legislation creating new surveillance capabilities should require agencies to use the least intrusive measure to access private communications to ensure that any limit on privacy and security is proportionate. It should specifically affirm that it doesn\u2019t prevent companies from employing end-to-end encryption. And it should require prior authorisation from a judicial authority that is independent of the agency seeking to compel action by a company, while also creating meaningful avenues to challenge overreaching orders.<\/p>\n

Given the extraordinarily intrusive nature of the actions agencies could compel, any proposed law requires far more robust oversight and accountability mechanisms than the bill currently provides to check executive power and ensure people\u2019s rights are preserved.<\/p>\n

The technology companies we rely on to keep our data safe already face an escalating arms race to protect us from cybercriminals and other security threats. Encryption is a key part of their arsenal, and so is their ability to fix security problems through regular software updates. Ordinary users should be able to trust that their technology hasn\u2019t been deliberately compromised by their own government. Australia, the US and the other Five Eyes governments should be promoting strong cybersecurity, not turning our own devices against us.<\/p>\n","protected":false},"excerpt":{"rendered":"

Every day we carry our lives on digital devices tucked in our pockets. But public trust in those devices has reached an all-time low thanks to scandals ranging from election interference by Russian hackers to …<\/p>\n","protected":false},"author":858,"featured_media":42205,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[2138,1570,249,215],"class_list":["post-42194","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cybersecurity","tag-encryption","tag-human-rights","tag-privacy"],"acf":[],"yoast_head":"\nTurning our technology against us | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Turning our technology against us | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Every day we carry our lives on digital devices tucked in our pockets. But public trust in those devices has reached an all-time low thanks to scandals ranging from election interference by Russian hackers to ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-21T01:03:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/gilles-lambert-8649-unsplash-e1537491777889.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"3000\" \/>\n\t<meta property=\"og:image:height\" content=\"2000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cynthia Wong\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cynthia Wong\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI's analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/gilles-lambert-8649-unsplash-e1537491777889.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/gilles-lambert-8649-unsplash-e1537491777889.jpg\",\"width\":3000,\"height\":2000},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/\",\"name\":\"Turning our technology against us | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#primaryimage\"},\"datePublished\":\"2018-09-21T01:03:56+00:00\",\"dateModified\":\"2018-09-21T01:03:56+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/2cbf1ed4a6fbdedfa9596ff5d2a33eba\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Turning our technology against us\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/2cbf1ed4a6fbdedfa9596ff5d2a33eba\",\"name\":\"Cynthia Wong\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/25d7dede22edc9c3ecf4b358da159960?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/25d7dede22edc9c3ecf4b358da159960?s=96&d=mm&r=g\",\"caption\":\"Cynthia Wong\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/cynthia-wong\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Turning our technology against us | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/","og_locale":"en_US","og_type":"article","og_title":"Turning our technology against us | The Strategist","og_description":"Every day we carry our lives on digital devices tucked in our pockets. But public trust in those devices has reached an all-time low thanks to scandals ranging from election interference by Russian hackers to ...","og_url":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2018-09-21T01:03:56+00:00","og_image":[{"width":3000,"height":2000,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/gilles-lambert-8649-unsplash-e1537491777889.jpg","type":"image\/jpeg"}],"author":"Cynthia Wong","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Cynthia Wong","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI's analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/gilles-lambert-8649-unsplash-e1537491777889.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2018\/09\/gilles-lambert-8649-unsplash-e1537491777889.jpg","width":3000,"height":2000},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/","url":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/","name":"Turning our technology against us | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#primaryimage"},"datePublished":"2018-09-21T01:03:56+00:00","dateModified":"2018-09-21T01:03:56+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/2cbf1ed4a6fbdedfa9596ff5d2a33eba"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/turning-our-technology-against-us\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Turning our technology against us"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/2cbf1ed4a6fbdedfa9596ff5d2a33eba","name":"Cynthia Wong","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/25d7dede22edc9c3ecf4b358da159960?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/25d7dede22edc9c3ecf4b358da159960?s=96&d=mm&r=g","caption":"Cynthia Wong"},"url":"https:\/\/www.aspistrategist.ru\/author\/cynthia-wong\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/42194"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/858"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=42194"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/42194\/revisions"}],"predecessor-version":[{"id":42206,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/42194\/revisions\/42206"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/42205"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=42194"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=42194"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=42194"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}