[LINK] Schneier on AA and Cybercon Bans

Roger Clarke Roger.Clarke at xamax.com.au
Wed Oct 16 06:13:16 AEDT 2019 

[Vintage Schneier.  And vintage Stilgherrian as well.]


Schneier slams Australia's encryption laws and CyberCon speaker bans
Governments breaking encryption is bad, and 'will get worse once 
breaking encryption means people can die', says one of the world's 
leading security experts.
Stilgherrian
zdNet
October 9, 2019
https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/

"Australia has some pretty draconian laws about forcing tech companies 
to break security," says cryptographer and computer security 
professional Bruce Schneier.

Australia now has world-first encryption laws. This guide explains what 
the laws can do, what they cannot do, and how Australia ended up here.

He's referring to the controversial Telecommunications and Other 
Legislation Amendment (Assistance and Access) Act 2018, which came into 
force in December.

"I actually don't like that, because stuff that you do flows downhill to 
the US. So stop doing that," he told the Australian Cybersecurity 
Conference, or CyberCon, in Melbourne on Wednesday.

Schneier's argument against breaking encrypted communications is simple.

"You have to make a choice. Either everyone gets to spy, or no one gets 
to spy. You can't have 'We get to spy, you don't.' That's not the way 
the tech works," he said.

"As this tech becomes more critical to life, we simply have to believe, 
accept, that securing it is more important than leaving it insecure so 
you can eavesdrop on the bad guys."

Schneier cited the so-called CIA triad model of cybersecurity: 
Confidentiality, integrity, and availability.

Most data breaches have been about confidentiality failures. But as more 
and more critical systems rely on connectivity and the Internet of 
Things, data integrity and availability become critical to safety.

Publishing your medical records may cause embarrassment or 
discrimination, for example, but if data on your blood type is altered 
it could kill you.

How we got here: Australia now has encryption-busting laws as Labor 
capitulates

A car is now a networked system of a hundred computers with wheels and a 
propulsion system. If that network isn't available, or is transmitting 
false data, a fatal crash could result.

"We need to maintain security as computers infiltrate the rest of the 
world," Schneier said.

"We are now living in a world where governments -- your government and 
my government -- are desperately trying to break encryption. This is 
bad, and this will get worse once breaking encryption means people can 
die," he said.

"The way to think of it is as one world, one network, and one answer."

Schneier placed the government urge to weaken encryption onto an 
historical context dating back to the 1950s and the founding of the US 
National Security Agency (NSA). It had two missions.

"One of them was to defend US military communications from 
eavesdropping, and the other was to eavesdrop on foreign military 
communications," Schneier said.

"The reason that worked is that our stuff and their stuff were 
different. Everything about them was different. And that's no longer 
true," he said.

"Today, everyone uses the same stuff. Everyone uses TCP/IP and Cisco 
routers and PDF files and iPhones, and either you build them to be 
secure for everybody, or you build them to be secure for nobody."

There's a real debate here, Schneier said, but it's not about security 
versus privacy. It's about security versus security.

One side is the security of everybody who carries a smart device, he 
said, "which is every world leader, and nuclear power plant operator, 
and CEO, and judge, and police officer".

On the other side is "the security that you get if you can listen to bad 
guys who are carrying one of these".

"You kind of get to pick one. You can pick one or the other, but you 
can't pretend to pick both."

Schneier also slammed CyberCon for dumping two speakers just days before 
the conference started. They were Thomas Drake, a whistleblower formerly 
with the NSA, and Dr Suelette Dreyfus from the the Department of 
Computing and Information Systems at the University of Melbourne.

See also: Boomers and Coalition voters least worried by metadata and 
encryption laws

CyberCon is organised by the Australian Information Security Association 
(AISA) and the government's Australian Cyber Security Centre (ACSC), and 
Schneier's finger is pointed directly at the ACSC.

"[Drake] was going to talk about basically surveillance, the kind of 
talk I would give. Government and corporate surveillance, and how 
everybody's spying on all of us. I mean, nothing we don't know," 
Schneier said.

"[Dreyfus] was going to give a talk on work she did for the EU on 
building whistleblower platforms to reduce corruption in third world 
countries. Kind of mundane," he said.

"My guess is that someone at the ACSC saw the word 'whistleblower', and 
because that's kind of sensitive here, sort of freaked."

"I would say you're morally obligated to go read the two talks," 
Schneier said.

"Actually if you do want to read them, censorcon.net is where you'll 
find the slides and the abstracts."

The audience applauded.

-- 
Roger Clarke                            mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916   http://www.xamax.com.au  http://www.rogerclarke.com

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list