Comment by denismi
14 hours ago
Australian law explicitly prohibits requests that have someone "implement or build a systemic weaknesses, or a systemic vulnerability, into a form of electronic protection" - including any request to "implement or build a new decryption capability", anything which would "render systematic methods of authentication or encryption less effective", anything aimed at one person but could "jeopardise the security or any information held by another person", anything which "creates a material risk that otherwise secure information can be accessed by an unauthorised third party".
This UK request as reported would not be legal in Australia.
Since 2018:
> Technical Capability Notices (TCNs): TCNs are orders that require a company to build new capabilities that assist law enforcement agencies in accessing encrypted data. The Attorney-General must approve a TCN by confirming it is reasonable, proportionate, practical, and technically feasible.
> It’s that final one that’s the real problem. The Australian government can force tech companies to build backdoors into their systems.
https://www.schneier.com/blog/archives/2024/09/australia-thr...
Yes. Since the 'Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018' which I was directly quoting from, and explicitly prohibits systemic backdoors.
That blog's own reference points this out:
> Regular use of encryption as electronic protection, such as online banking or shopping, is not of primary concern in the Act. To reinforce this, the Act includes safeguards between government and industry, such as restricting backdoors and decryption capabilities, preventing the creation of systemic weaknesses, and accessing communication without proper jurisdiction, warrants, or authorisations.
So I can only assume that the author is either too lazy to bother reading their own reference in full (let alone researching the topic of their blog), or is being knowingly dishonest.