<div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Fri, 23 Nov 2018 at 14:47, Paul Brooks <<a href="mailto:pbrooks-ausnog@layer10.com.au">pbrooks-ausnog@layer10.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 23/11/2018 11:37 AM, Alex Samad wrote:<br>
> Wondering what the implications of this bill and the recent China was stealing our<br>
> traffic....<br>
><br>
> So in theory could china steal / sniff our traffic and because of these weakening of<br>
> encryption allow china to snope on our stuff <br>
><br>
> A<br>
In theory no - this bill doesn't weaken encryption, and explicitly doesn't allow any<br>
changes that would weaken encryption.<br></blockquote><div><br></div><div>They say that - but I don't believe them. I don't think they even understand what they're suggesting (or if they do understand, they're relying on others not understanding, or not caring). </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
This bill seeks to bypass encryption entirely by giving the agencies easier access to<br>
get into devices and the back-end databases of apps and websites, to see what is<br>
stored in there -bypassing unlock codes, PINS, thumbprint readers etc on devices for<br>
example. So for traffic being sniffed 'in the middle' the information is still<br>
sent/received as fully encrypted - and man-in-the-middle snooper won't see anything.<br>
But if the authorities get hold of your phone or PC, they'll have easier access to<br>
look into your sent/received message stores and read whats in there, which is stored<br>
in your device un-encrypted.<br></blockquote><div><br></div><div>The tools the authorities have access to will invariably fall into the hands of others.</div><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
In practice, if they balls-up the change request given to the device manufacturer or<br>
app/website developer, anything could happen.<br></blockquote><div><br></div><div>Yep. Aside from the direct ramifications, it's the indirect and unintended consequences that REALLY have the potential to be damaging. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
P.<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div></div>