Australia’s Security Chief Says It’s Time To Start Forcing Companies To Break Chat Room Encryption

notion image

from the start-reviewing-your-exit-plans,-service-providers dept

More than a half-decade ago, the Australian government gave itself more powers. These new powers allowed the government to compel decryption — something far easier said than done, especially if existing encryption was expected to still protect everyone else but the government’s targets.
Shortly after the law was passed, Australia’s federal law enforcement and national security agencies started wielding it against service providers. The first wave was noticeable, but subsequent efforts have flown under the radar for the most part, whether due to extreme amounts of secrecy or the new powers not being quite as possible as the Australian government hoped.
Three years after the enactment of the law, the powers and their side effects were reviewed by federal overseers. The review came to a couple of unsurprising conclusions. First, the joint committee noted the program suffered from a lack of rigorous oversight, which is pretty ironic when the statement is being made by one of the program’s oversight bodies. Second, it said the law was great and had no downsides, a conclusion it reached by… simply stating there were no downsides.
Really refreshing to see a government body declare an unprecedented expansion of powers to be a net benefit for all mankind. What’s hilarious is that there are actually downsides, but since not every outcome has been negative, the new powers are somehow an unmitigated success. The committee chair did not say “none” of the “worst fears” stated by the industry in opposition to these powers have come to pass. Senator James Patterson says only “some” have “not been realised,” which suggests others have been “realised.”
Apparently, getting its way isn’t sitting right with the current head of the Australian Security Intelligence Organisation (ASIO). Companies must be made to comply more often and more quickly. As Sarah Ferguson reports for Australia’s ABC News, ASIO believes it’s time to fully flex powers that have apparently only been partially flexed previously.
This goes beyond simply breaking encryption to give intelligence and law enforcement agencies access to communications at rest. This is the ASIO amping things up to demand companies provide them access to ongoing communications in the form of message groups of chat rooms.
Obviously, this creates a much larger problem for non-targets of investigations. It’s one thing to give the government access to a single user’s communications. It’s quite another to break encryption on chat rooms or multi-person messaging groups, which means exposing everyone in these conversations to surveillance, even if they’re not actually targets of investigations.
On top of that, this means stripping encryption from entire communications platforms. It’s not like service providers can just bypass the encryption safeguarding one set of communications. To allow ASIO the access its boss is demanding, the entire platform must be deprived of its security.
And, once again, we have a supposed expert in the fields of law enforcement and surveillance completely misunderstanding what’s at stake and what he’s asking for. “Targeted access” is a meaningless term when doing so means depriving every user of these services of the protection encryption provides.
The more Mike Burgess says, the stupider he looks.
Nothing about this statement makes any sense. Encryption is acceptable for people in other countries? The rule of law concept is only present in Australia? Australians aren’t deserving of the security and privacy communication encryption provides?
And please do not give us another helping of this horseshit “nothing wrong/nothing to fear” platitude. If Burgess is given the access he wants, people who are “doing nothing wrong” can still have their privacy invaded if they happen to participate in chats/messages with people the government is targeting. Once the encryption is broken, it’s broken. Everyone’s communications can be seen, even if the government is only interested in a few chat room members. Worse, once the platform itself is compromised, people who aren’t even participating in chats/messages with government targets can be surveilled.
Then there’s this, in which Burgess insists unicorns not only exist, but that tech companies are perfectly capable of generating all the unicorns the Australian government demands.
Wrong! It simply does not work like that. There’s no magic switch that can be built in that the government can flip on and off when it wants to intercept or view communications. Either the encryption is solid or it’s broken. At best, the encryption is compromised, which means anyone with the means or willingness to do so can eavesdrop on communications or intercept/exfiltrate sensitive data. At worst, it means no one is protected from anything because encryption is simply no longer an option.
These are dangerous people. They’re the worst combination of powerful and stupid. And it doesn’t even matter to them that they’re wrong. They’re on the side of the “rule of law” and any incremental gains in law enforcement effectiveness will always outweigh the critical collateral damage these mandates will generate. The theoretical security of the nation is more important than the quantifiable security encryption provides to millions of Australians. No sacrifice is too great… just so long as it’s not the government making the sacrifice.

from the saying-the-quiet-part-outloud dept

It’s no secret that Trump-administration-in-waiting at the Heritage Foundation supports KOSA because it thinks it will be useful in achieving some of the most extreme goals of Project 2025, a project Heritage created. Last year they came out and said that they supported KOSA because “keeping trans content away from children is protecting kids.”
notion image
With KOSA stalled out in the House as many Republicans have rightly realized that it makes no sense and can be used to censor content they might support, as well as content they don’t support, Heritage Foundation has kicked off a new push to flip House Republicans. This comes the same week that supporters of KOSA brought a bunch of misguided parents to the Hill to push for the bill under the false premise that it would protect children. It won’t.
One of the things Heritage is passing around is a “myth vs. fact” sheet that is so batshit crazy that I had four different people in DC send me copies on Friday pointing out how crazy it is. I don’t have the time or patience to go through all of the nonsense in the document, but I want to call out a few things.

Heritage knows that KOSA can be used to suppress abortion info

Last year we wrote about the potential for KOSA to be used to suppress abortion info, and received some angry emails from Democrats who insisted that the bill was carefully written to avoid that. Heritage, though, makes it clear in this document that they fully expect if President Trump wins, that they can twist KOSA to silence pro-abortion content.
In a section pushing back on a claim that Democrats could use the “Kids Online Safety Council” created in the bill to push for pro-choice messaging, they say that this is “the status quo,” but as long as Trump wins, they’ll get to use this same mechanism to get anti-abortion people to control the council:
In other words, they know that whichever party is in the White House gets to control the council that will determine what content is considered safe for kids and which is not. That should automatically raise concerns for everyone, as it means whichever party they dislike, if in power, will have tremendous sway over what content will be allowed online.

Heritage knows that “online bullying and harassment” are too broadly defined, but want you to ignore that

Responding to the very real concern that KOSA doesn’t clearly define “online bullying” and “harassment of a minor” meaning that it would lead to “subjective interpretation and dubious claims,” Heritage jumps into a word salad that never actually responds to that concern beyond saying “but bullying is, like, really bad.”
Except, um, they’re not clearly defined, not clearly scoped, and are wide open to abuse.
Furthermore, if you actually look at the Pew Survey from 2022, it’s not quite as horrifying as Heritage makes it out to be. That 46% of kids who experienced “bullying” is actually… mostly kids who experienced “name calling.” To be honest, I’m kind of surprised the number is not higher. Kids in school get called names all the time and did so prior to the internet as well. We don’t need a law to deal with that.
Indeed, more serious forms of bullying, such as stuff having to do with explicit images, is way further down the list:
notion image
Indeed, this study kinda makes the point that Heritage is trying to deny. That “cyberbullying” is vague and not well-defined, and people use it to include all sorts of things from “name calling” to sharing of explicit imagery or threats. Name-calling can be an issue, but it’s not one that the federal government needs to be involved in. It’s the type of issue for parents and schools to deal with locally.
Later in the document, Heritage offers up its own definitions of “online bullying” and “harassment” that it hopes the House will add. Notably, those definitions, which included that the activity must happen “consistently and pervasively” does not at all match up with what the Pew study found and reported. They present no evidence about how widespread the activity is that would meet Heritage’s definition.

Heritage knows that KOSA will lead to protected speech being removed, but claims it’s okay because platforms already moderate

This part is Heritage (1) not understanding the First Amendment, and (2) telling on themselves. Responding to the claim that KOSA will have a chilling effect on free speech, encouraging platforms to remove certain disfavored content, they admit:
So, first of all, no, “Big Tech platforms” do not “already censor and suppress conservative views on a massive scale.” That’s a myth. It has been debunked so many times. Indeed, over and over what has been found is that the platforms bend over backwards to allow conservatives to break the rules without punishment to avoid the false claim of censoring conservative viewpoints.
But more to the point, this talking point does not actually respond to the claim. The fact that social media sites already have their own moderation rules and policies and enforcement is an entirely different thing than having to craft policies to comply with a law to “protect the children.”
This is, in effect, Heritage admitting that KOSA violates the First Amendment, but saying “it’s fine because social media already moderates.” That’s a very confused understanding of the First Amendment. The First Amendment allows social media companies to moderate how they see fit. If they are moderating to comply with the law, then that violates the First Amendment. So here you have Heritage saying “it’s okay to violate the First Amendment, because of this other thing which isn’t even happening, and wouldn’t violate the First Amendment if it did happen.”
Either the people at Heritage who wrote this don’t understand anything about the First Amendment or they’re just hoping the people they send this to are too dumb to understand the First Amendment.

Heritage thinks age verification for social media is fine, because of the MPAA rating system

Just to make it doubly clear that Heritage has no fucking clue about the First Amendment, in a section defending age verification (hilariously right after they claim KOSA doesn’t require age verification), they say that age verification is totally constitutional. That’s wrong. The Supreme Court ruled on this 20 years ago Ashcroft v. ACLU.
Then they claim that the MPAA rating system proves its legal:
Of course, only one of those is really about speech: movies. And, notably, the MPAA rating system is totally voluntary and not backed up by law. That’s because everyone knows if it was backed up by law, it would be unconstitutional.
There’s another big Supreme Court case on that question. California tried to pass a law mandating similar age ratings for video games, and the Supreme Court threw it out as unconstitutional in Brown v. Entertainment Merchants Association fourteen years ago.
You’d think Heritage would be familiar with that case, given that it was written by their hero Justice Scalia. Justice Alito wrote a concurrence in that case, in which he went on one of his preferred “history trips” insisting that you can’t regulate access to violence because there is no long history of the US censoring violent content.
The same would be true of basically every category of content KOSA looks to restrict.
In the end, Heritage here is trying to walk a very fine line. They’re trying to signal to the GOP that this bill is still useful for the kinds of culture war nonsense they want to propagate, silencing LGBTQ+ and pro-abortion content. But they can’t say that part out loud. So instead this document makes it clear that “wink-wink, nudge-nudge, if Trump wins, we get our people in their to define this stuff.”
All this document really shows is why no Democrat should ever be seen to support KOSA. And, any Republican who can read between the lines should see why they should be equally worried about this bill in the hands of a Democratic administration.
No matter who is in power, KOSA is a dangerous, likely unconstitutional attack on free expression.