Issue 40

First they came for Huawei...

Oh no, here we go again:

"Senior  Trump administration officials met on Wednesday to discuss whether to  seek legislation prohibiting tech companies from using forms of  encryption that law enforcement can’t break — a provocative step that  would reopen a long-running feud between federal authorities and Silicon  Valley.

Sigh, what a horrible idea. The 'bad  guys' will encrypt their communication regardless of the legality and  any encryption that's breakable by law enforcement is also breakable by  the 'bad guys'. Remember when Australia effectively banned encryption by  requiring companies to backdoor their software when requested by the  government? Well that law has, as predicted, "had a material impact on the Australian market and the ability for Australian companies to compete globally".

It was also what allowed the Australian Federal Police to controversially raid the ABC in June, with this gem buried away in Schedule 3, enabling officers to use:

"...any  other computer or a communication in transit to access the relevant  data", and "if necessary achieve that purpose -- to add, copy, delete or  alter other data", provided that "having regard to other methods (if  any) of obtaining access to the relevant data which are likely to be as  effective, it is reasonable in all the circumstances to do so".

Unintended  or deliberate consequences? This is legislation that was rushed through  Parliament - with the full support of the opposition - before  Christmas, apparently to thwart some undisclosed threat, and now  Australian businesses and journalists are paying the price. While  politicians assure us that the bill has resulted in "lives being saved",  the Minister of Home Affairs censors the Ombudsman's reports, meaning we will never really know. Not that they would care, anyway, as politicians are the only people exempt from the anti-encryption law.

However,  not everyone is as dismissive of cost-benefit analysis as Australia. In  the United States, there at least appears to be something resembling  debate within government, with various departments unsure as to whether  or not banning/weakening encryption would be a good idea (bravo,  Commerce and State Departments!).

"The DOJ and  the FBI argue that catching criminals and terrorists should be the top  priority, even if watered-down encryption creates hacking risks. The  Commerce and State Departments disagree, pointing to the economic,  security and diplomatic consequences of mandating encryption  “backdoors.”

DHS is internally divided. The Cybersecurity and  Infrastructure Security Agency knows the importance of encrypting  sensitive data, especially in critical infrastructure operations, but  ICE and the Secret Service regularly run into encryption roadblocks  during their investigations."

Hopefully cooler heads prevail. After all, it was only last week that the United States conceded that banning Huawei in the name of national security... might actually compromise national security (see The bits below for more on that debacle). Now it wants to ban encryption for the  same reason, despite ample evidence showing that doing so would  actually weaken national security? What a joke.

Enjoy the rest of this week's issue. Cheers,

— Justin


The bits

The real motivation for the Huawei ban.

It  turns out that the reason the United States is so far behind in the 5G  race is because "the broadband spectrum needed to create a successful  network was reserved not for commercial purposes but for the military",  making it "significantly slower and more expensive to roll out than just  about anywhere else".

The  Pentagon, which is leading the push against Huawei and other "national  security" threats that also happen to be 5G pioneers, is the reason why  the US sucks at 5G. You can't make this stuff up.

Learn more:

The future of travel?

Visitors  to certain parts of China are having their phones loaded with malware  (specifically Xinjiang, where the government is "cracking down" on its  minority Muslim Uyghur population):

"The  Android malware, which is installed by a border guard when they  physically seize the phone, also scans the tourist or traveller's device  for a specific set of files, according to multiple expert analyses of  the software. The files authorities are looking for include Islamic  extremist content, but also innocuous Islamic material, academic books  on Islam by leading researchers, and even music from a Japanese metal  band."

Not a good precedent. How long until the TSA decide to copy the idea?

Learn more:


Other bits of interest


Image of the week

I hate "willingness to pay/accept" economic studies because even without  realising it, people's stated preferences are often far different to  their revealed preferences (i.e. when they actually have to part with  their cash). This paper agrees, "because of a lack of information and  behavioural biases, both willingness to pay and willingness to accept  measures are highly unreliable guides to the welfare effects of  retaining or giving up data privacy".

Interestingly  the type of data matter, with people wanting "significantly more money  to allow access to personal data when primed that such data includes  health-related data than when primed that such data includes demographic  data".


This week's data breaches

An unusually quiet week in terms of data breaches. Perhaps the NSA was too busy celebrating Independence Day?

The breaches:

That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 40: First they came for Huawei... was compiled by Justin Pyvis and delivered on 09 July 2019. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to their Keybase or Riot.im account.