First they came for Huawei...

Issue 31/2019

Oh no, here we go again:

"Senior Trump administration officials met on Wednesday to discuss whether to seek legislation prohibiting tech companies from using forms of encryption that law enforcement can’t break — a provocative step that would reopen a long-running feud between federal authorities and Silicon Valley.

Sigh, what a horrible idea. The 'bad guys' will encrypt their communication regardless of the legality and any encryption that's breakable by law enforcement is also breakable by the 'bad guys'. Remember when Australia effectively banned encryption by requiring companies to backdoor their software when requested by the government? Well that law has, as predicted, "had a material impact on the Australian market and the ability for Australian companies to compete globally".

It was also what allowed the Australian Federal Police to controversially raid the ABC in June, with this gem buried away in Schedule 3, enabling officers to use:

"...any other computer or a communication in transit to access the relevant data", and "if necessary achieve that purpose -- to add, copy, delete or alter other data", provided that "having regard to other methods (if any) of obtaining access to the relevant data which are likely to be as effective, it is reasonable in all the circumstances to do so".

Unintended or deliberate consequences? This is legislation that was rushed through Parliament - with the full support of the opposition - before Christmas, apparently to thwart some undisclosed threat, and now Australian businesses and journalists are paying the price. While politicians assure us that the bill has resulted in "lives being saved", the Minister of Home Affairs censors the Ombudsman's reports, meaning we will never really know. Not that they would care, anyway, as politicians are the only people exempt from the anti-encryption law.

However, not everyone is as dismissive of cost-benefit analysis as Australia. In the United States, there at least appears to be something resembling debate within government, with various departments unsure as to whether or not banning/weakening encryption would be a good idea (bravo, Commerce and State Departments!).

"The DOJ and the FBI argue that catching criminals and terrorists should be the top priority, even if watered-down encryption creates hacking risks. The Commerce and State Departments disagree, pointing to the economic, security and diplomatic consequences of mandating encryption “backdoors.”

DHS is internally divided. The Cybersecurity and Infrastructure Security Agency knows the importance of encrypting sensitive data, especially in critical infrastructure operations, but ICE and the Secret Service regularly run into encryption roadblocks during their investigations."

Hopefully cooler heads prevail. After all, it was only last week that the United States conceded that banning Huawei in the name of national security... might actually compromise national security (see The bits below for more on that debacle). Now it wants to ban encryption for the same reason, despite ample evidence showing that doing so would actually weaken national security? What a joke.

Enjoy the rest of this week's issue. Cheers,

— Justin


The bits


The real motivation for the Huawei ban

It turns out that the reason the United States is so far behind in the 5G race is because "the broadband spectrum needed to create a successful network was reserved not for commercial purposes but for the military", making it "significantly slower and more expensive to roll out than just about anywhere else".

The Pentagon, which is leading the push against Huawei and other "national security" threats that also happen to be 5G pioneers, is the reason why the US sucks at 5G. You can't make this stuff up.

Learn more:


The future of travel?

Visitors to certain parts of China are having their phones loaded with malware (specifically Xinjiang, where the government is "cracking down" on its minority Muslim Uyghur population):

"The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band."

Not a good precedent. How long until the TSA decide to copy the idea?

Learn more:



Image of the week

View source

How Much Is Data Privacy Worth?

I hate "willingness to pay/accept" economic studies because even without realising it, people's stated preferences are often far different to their revealed preferences (i.e. when they actually have to part with their cash). This paper agrees, "because of a lack of information and behavioural biases, both willingness to pay and willingness to accept measures are highly unreliable guides to the welfare effects of retaining or giving up data privacy".

Interestingly the type of data matter, with people wanting "significantly more money to allow access to personal data when primed that such data includes health-related data than when primed that such data includes demographic data".


This week's data breaches



That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 31/2019: First they came for Huawei... was compiled by Dr Justin Pyvis and delivered on 09 July, 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to his Keybase or Twitter account.