Danny O’Brien :
With indecent speed, and after the barest nod to debate, the Australian Parliament has now passed the Assistance and Access Act, unopposed and unamended. The bill is a cousin to the United Kingdom’s Investigatory Powers Act , passed in 2016. The two laws vary in their details, but both now deliver a panoptic new power to their nation’s governments. Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.[…]
Levy explained that GCHQ wants secure messaging services, like WhatsApp, Signal, Wire, and iMessage, to create deceitful user interfaces that hide who private messages are being sent to.
In the case of Apple’s iMessage, Apple would be compelled to silently add new devices to the list apps think you own: when someone sends you a message, it will no longer just go to, say, your iPhone, your iPad, and your MacBook it will go to those devices, and a new addition, a spying device owned by the government.
Via Jeffrey Goldberg :
One of the most disturbing things about the Assistance and Access Act is that it apparently authorizes the Australian government to compel someone subject to its laws to surreptitiously take actions that harm our customers’ privacy and security without revealing that to us. Would an Australian employee of 1Password be forced to lie to us and do something that we would definitely object to? We do not, at this point, know whether it will be necessary or useful to place extra monitoring on people working for 1Password who may be subject to Australian laws. Our existing security and privacy design and internal controls may well be sufficient without adding additional controls on our people in Australia. Nor do we yet know to what extent we should consider Australian nationality in hiring decisions. It may be a long time before any such internal policies and practices go into place, if they ever do, but these are discussions we have been forced to have.