I applaud the technical community rallying against the bill like this, but I fear that technical solutions are ultimately useless for this issue.
If the political climate stays the course, all the technical solutions for overcoming surveillance will eventually become marginalised and labelled as terrorist materials. Access will be blocked, anyone in possession may eventually face jail time.
AU customs is already searching the phones of people entering the country, it's not hard to imagine they might start denying entry to people with strong crypto capable apps like Signal.
I think this is a losing battle if it can't be fought at the legislation level...
There are two levels where ultimately tech wins:
1: end to end cryptography is easier to make than break
When what you're describing happens and it's banned, there's a level two technical solution:
2: put the software onto your machine in such a way that it's not possible to know that the software is on the machine without entering a specific code. Basically an at-rest encrypted volume, which looks like unwritten blocks. I'm not a crypto guy but that seems in principle impossible to detect or ban in the long run.
While you may hide it in the way you described, normally apps spread their usage all over the place. As for example all OS have a list of last used apps. I think for this to work not only the app has to be crafted carefully but also the OS has to cooperate.
Yes, like most bills passed in the technology space in Australia, the politicians have no idea what they're asking for and its implications, and neither do the ones voting on it.
In application, it may be half-assed anyway. The worst part is that it set precedent for the world to follow.
It's true. There were over 15,000 submissions from the public and industry, most of which weren't published (the few hundred that were were overwhelmingly negative). In the hearings of the Parliamentary Joint Committee for Intelligence and Security, there was testimony provided by technical experts, industry groups, human rights groups, legal experts, and digital rights groups, all saying that the bill was flawed, needed to be significantly overhauled, and shouldn't be passed. Apparently the offices of MPs and senators all over the country were inundated with phone calls, letters and emails in opposition of the bill too.
Even Labor (opposition, who had the numbers with the cross bench to block the bill in the Senate) the week before it was passed basically said they wouldn't support it, and even earlier in the day they rolled over were still saying how terribly flawed it is.
After it was passed, in email correspondence with the office of my federal MP, basically all they said was "The intelligence services say they really need this to keep us safe over Christmas from terrorists and paedophiles." A clear example of post-truth politics - let's ignore all the experts and instead use an emotional argument!
The worst bit was that it was patently false. The Secretary-General of Security at ASIO had actually admitted in a PJCIS hearing two weeks prior (with the potential to be charged with contempt of the Senate if he was found to be lying) that they didn't actually have any specific threats that they needed this for over Christmas! Not to mention that the bill had a 28 day response window for most of the notices and then implementation would take at least weeks, so there is no way anything could be put into action for months! One of the only things they got that they could actually use immediately was a much harsher penalty for not giving up your phone passcode to police or the intelligence services if they ask you for it...
I'm not into conspiracy theories, but the BS is so strong and this bill being passed so anti-democratic that it really makes you wonder if the intelligence services are pulling strings in the background behind this.
Labour does not want to give the Libs any reason to point any fingers should 'something' happen open Christmas. That can be the only half-arsed reason for this farce. The rest are all full-arsed horseshit as everybody, including Labour, knows.
Facts just don't matter anymore, if they ever did.
One could hope the whole thing gets canned after Labour wins in May.
Which, unfortunately, our secret intelligence services are legally able to do. Unlike in the US where it would likely be against the 4th amendment, ours are allowed to hack any computers/network equipment and enter premises to plant listening devices, alter computer equipment, etc.
The most problematic bit is that they are allowed to do things like alter timestamps in files if required to conceal their hacking, which could potentially be destroying exonerating evidence if the target is innocent!
If James Bond is after me, the government is putting a lot of resources into me. I do not like that current message platforms make snooping so easy. Getting back to a situation where non-trivial effort is required to snoop puts me back into a realm I'm used to thinking about.
While the government can't crack Signal or put a backdoor in its official code, it could force your favorite appstore to send its own backdoored Signal to your phone as a push update.
Same goes for any apps, people will probably start turning off auto update now, makes for a much more secure world doesn't it?
You don't need to crack signal. You just need to log what the user enters on the keyboard. On android any third party keyboard (SwiftKey, Swype etc.) is already collecting this data and probably just a warrant is needed to get to it.
I was under the impression that Google Play Store apps were cryptographically signed by the developer/publisher (not by Google), and the phone would refuse to update the app if the key behind the signature had changed. Am I wrong on this?
Google does implement the apk signing verification (shipped as a binary in their ROMs), and they could easily make exceptions for applications if they wanted to. Don't assume that what you see in AOSP is the source form of what google ships.
This is correct. The nominally center-left party in Australia, the ALP, voted with the center-right Coalition to get this passed. On the edges of the left and the right there were voices against this, but the center (where the most people are) went with backdoors.
Unfortunately New Zealand is a vassal client of the US, like Australia, Canada and UK. John Key rushed through the ISP spying laws for them, and if it weren't for Trump the TPP would be all over NZ as well. There is nothing that can be done.
Tangential, but when even avowedly privacy-conscious entities like Signal cannot see fit to serve a simple web-page without realtime reporting all user access to assorted third parties (including divisions of the Google and Microsoft empires), it actually saps my hope more thoroughly than the unsurprising idiocy an malevolence of some Aussie politicians.
If the political climate stays the course, all the technical solutions for overcoming surveillance will eventually become marginalised and labelled as terrorist materials. Access will be blocked, anyone in possession may eventually face jail time.
AU customs is already searching the phones of people entering the country, it's not hard to imagine they might start denying entry to people with strong crypto capable apps like Signal.
I think this is a losing battle if it can't be fought at the legislation level...