[LINK] Schneier on AA and Cybercon Bans
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Oct 16 06:13:16 AEDT 2019
[Vintage Schneier. And vintage Stilgherrian as well.]
Schneier slams Australia's encryption laws and CyberCon speaker bans
Governments breaking encryption is bad, and 'will get worse once
breaking encryption means people can die', says one of the world's
leading security experts.
Stilgherrian
zdNet
October 9, 2019
https://www.zdnet.com/article/schneier-slams-australias-encryption-laws-cybercon-speaker-bans/
"Australia has some pretty draconian laws about forcing tech companies
to break security," says cryptographer and computer security
professional Bruce Schneier.
Australia now has world-first encryption laws. This guide explains what
the laws can do, what they cannot do, and how Australia ended up here.
He's referring to the controversial Telecommunications and Other
Legislation Amendment (Assistance and Access) Act 2018, which came into
force in December.
"I actually don't like that, because stuff that you do flows downhill to
the US. So stop doing that," he told the Australian Cybersecurity
Conference, or CyberCon, in Melbourne on Wednesday.
Schneier's argument against breaking encrypted communications is simple.
"You have to make a choice. Either everyone gets to spy, or no one gets
to spy. You can't have 'We get to spy, you don't.' That's not the way
the tech works," he said.
"As this tech becomes more critical to life, we simply have to believe,
accept, that securing it is more important than leaving it insecure so
you can eavesdrop on the bad guys."
Schneier cited the so-called CIA triad model of cybersecurity:
Confidentiality, integrity, and availability.
Most data breaches have been about confidentiality failures. But as more
and more critical systems rely on connectivity and the Internet of
Things, data integrity and availability become critical to safety.
Publishing your medical records may cause embarrassment or
discrimination, for example, but if data on your blood type is altered
it could kill you.
How we got here: Australia now has encryption-busting laws as Labor
capitulates
A car is now a networked system of a hundred computers with wheels and a
propulsion system. If that network isn't available, or is transmitting
false data, a fatal crash could result.
"We need to maintain security as computers infiltrate the rest of the
world," Schneier said.
"We are now living in a world where governments -- your government and
my government -- are desperately trying to break encryption. This is
bad, and this will get worse once breaking encryption means people can
die," he said.
"The way to think of it is as one world, one network, and one answer."
Schneier placed the government urge to weaken encryption onto an
historical context dating back to the 1950s and the founding of the US
National Security Agency (NSA). It had two missions.
"One of them was to defend US military communications from
eavesdropping, and the other was to eavesdrop on foreign military
communications," Schneier said.
"The reason that worked is that our stuff and their stuff were
different. Everything about them was different. And that's no longer
true," he said.
"Today, everyone uses the same stuff. Everyone uses TCP/IP and Cisco
routers and PDF files and iPhones, and either you build them to be
secure for everybody, or you build them to be secure for nobody."
There's a real debate here, Schneier said, but it's not about security
versus privacy. It's about security versus security.
One side is the security of everybody who carries a smart device, he
said, "which is every world leader, and nuclear power plant operator,
and CEO, and judge, and police officer".
On the other side is "the security that you get if you can listen to bad
guys who are carrying one of these".
"You kind of get to pick one. You can pick one or the other, but you
can't pretend to pick both."
Schneier also slammed CyberCon for dumping two speakers just days before
the conference started. They were Thomas Drake, a whistleblower formerly
with the NSA, and Dr Suelette Dreyfus from the the Department of
Computing and Information Systems at the University of Melbourne.
See also: Boomers and Coalition voters least worried by metadata and
encryption laws
CyberCon is organised by the Australian Information Security Association
(AISA) and the government's Australian Cyber Security Centre (ACSC), and
Schneier's finger is pointed directly at the ACSC.
"[Drake] was going to talk about basically surveillance, the kind of
talk I would give. Government and corporate surveillance, and how
everybody's spying on all of us. I mean, nothing we don't know,"
Schneier said.
"[Dreyfus] was going to give a talk on work she did for the EU on
building whistleblower platforms to reduce corruption in third world
countries. Kind of mundane," he said.
"My guess is that someone at the ACSC saw the word 'whistleblower', and
because that's kind of sensitive here, sort of freaked."
"I would say you're morally obligated to go read the two talks,"
Schneier said.
"Actually if you do want to read them, censorcon.net is where you'll
find the slides and the abstracts."
The audience applauded.
--
Roger Clarke mailto:Roger.Clarke at xamax.com.au
T: +61 2 6288 6916 http://www.xamax.com.au http://www.rogerclarke.com
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Visiting Professor in the Faculty of Law University of N.S.W.
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list