<div dir="auto"><div><br><br><div class="gmail_quote"><div dir="ltr">On Fri., 23 Nov. 2018, 16:46 Robert Hudson <<a href="mailto:hudrob@gmail.com" target="_blank" rel="noreferrer">hudrob@gmail.com</a> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><br><br><div class="gmail_quote"><div dir="ltr">On Fri, 23 Nov 2018 at 14:47, Paul Brooks <<a href="mailto:pbrooks-ausnog@layer10.com.au" rel="noreferrer noreferrer" target="_blank">pbrooks-ausnog@layer10.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 23/11/2018 11:37 AM, Alex Samad wrote:<br>
> Wondering what the implications of this bill and the recent China was stealing our<br>
> traffic....<br>
><br>
> So in theory could china steal / sniff our traffic and because of these weakening of<br>
> encryption allow china to snope on our stuff <br>
><br>
> A<br>
In theory no - this bill doesn't weaken encryption, and explicitly doesn't allow any<br>
changes that would weaken encryption.<br></blockquote><div><br></div><div>They say that - but I don't believe them. I don't think they even understand what they're suggesting (or if they do understand, they're relying on others not understanding, or not caring). </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
This bill seeks to bypass encryption entirely by giving the agencies easier access to<br>
get into devices and the back-end databases of apps and websites, to see what is<br>
stored in there -bypassing unlock codes, PINS, thumbprint readers etc on devices for<br>
example. So for traffic being sniffed 'in the middle' the information is still<br>
sent/received as fully encrypted - and man-in-the-middle snooper won't see anything.<br>
But if the authorities get hold of your phone or PC, they'll have easier access to<br>
look into your sent/received message stores and read whats in there, which is stored<br>
in your device un-encrypted.<br></blockquote><div><br></div><div>The tools the authorities have access to will invariably fall into the hands of others.</div></div></div></blockquote></div></div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Or be abused by those who have official access to them.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><h1 style="margin:0px;font-size:1.75rem;line-height:2rem;font-family:"guardian egyptian web",georgia,serif;font-weight:400;padding:0.1875rem 0.625rem 1.5rem;color:rgb(18,18,18);background-color:rgb(255,255,255)">"Queensland in court fight with domestic violence victim whose details leaked by policeman"</h1><div dir="auto"><a href="https://www.theguardian.com/australia-news/2018/aug/21/queensland-in-court-fight-with-domestic-violence-victim-whose-details-leaked-by-policeman">https://www.theguardian.com/australia-news/2018/aug/21/queensland-in-court-fight-with-domestic-violence-victim-whose-details-leaked-by-policeman</a><br></div><div dir="auto"><br></div><div dir="auto"><br></div></div><div dir="auto"><h1 style="font-family:"news cycle",arial,helvetica,sans-serif;text-transform:uppercase;font-weight:normal;color:rgb(85,92,86);line-height:1.1em;margin-top:0px;font-size:40px;padding:15px 0px;margin-bottom:18px;border-bottom:1px solid rgb(236,232,225);background-color:rgb(255,255,255)">"NSA SEXINT IS THE ABUSE YOU’VE ALL BEEN WAITING FOR"</h1><div dir="auto"><br></div><div dir="auto"><a href="http://cyberlaw.stanford.edu/blog/2013/11/nsa-sexint-abuse-you">http://cyberlaw.stanford.edu/blog/2013/11/nsa-sexint-abuse-you</a>’ve-all-been-waiting<br></div><div dir="auto"><br></div><div dir="auto"><br></div></div><div dir="auto"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
In practice, if they balls-up the change request given to the device manufacturer or<br>
app/website developer, anything could happen.<br></blockquote><div><br></div><div>Yep. Aside from the direct ramifications, it's the indirect and unintended consequences that REALLY have the potential to be damaging. </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
P.<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" rel="noreferrer noreferrer" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div></div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" rel="noreferrer noreferrer" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer noreferrer noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div></div></div>