this post was submitted on 04 Nov 2024
43 points (100.0% liked)

Australian Tech

227 readers
1 users here now

For techs and techy stuff.

founded 1 year ago
MODERATORS
lodion@aussie.zone
43
Encrypted messaging app developer moves out of Australia after police visit employee’s home (www.theguardian.com)
submitted 9 months ago* (last edited 9 months ago) by zero_gravitas@aussie.zone to c/austech@aussie.zone
17 comments fedilink hide all child comments
 

The move came after employees working for OPTF were approached by the Victoria police and Australian federal police over several months including via help chat messages, letters and phone calls. Victoria police also visited the apartment of an employee late last year, asking questions about the app and its encrypted messaging, the company says.

Under anti-terrorism laws passed in 2018, law enforcement can issue notices requiring developers to assist with an investigation. This can include technical assistance which could require companies to build capability for law enforcement to break the encryption used in their services.

But the powers have rarely been used. And if they had, neither the AFP or the services targeted can divulge what an organisation has been ordered to do.

The office of the home affairs minister, Tony Burke, was approached for comment.

The Greens digital rights spokesperson, Senator David Shoebridge, said it was a problem if Australia had policies hostile to end-to-end encryption while privacy law was failing to protect people’s personal information.

He said the AFP approaching Session employees was “seriously troubling”.

“Are police now taking the view that just trying to protect your privacy makes you potentially guilty?

“We need a sovereign tech industry that delivers safe and secure products for local users and to make this happen the industry is telling us they urgently need an effective suite of privacy and data laws.”

Good to see this getting some coverage in mainstream outlets, and by the Greens.

Did the image need to be a spooky-scary guy, though?

top 17 comments
sorted by: hot top controversial new old
[–] Gorgritch_umie_killa@aussie.zone 13 points 9 months ago (1 children)

Did the image need to be a spooky-scary guy, though?

Good point, Privacy has PR problem. This choice of image reflects that.

They could have done one of those caricatures, of an AFP Officers peeping over someones shoulder looking at their phone screen.

Or even better,

Have the AFP Officer a couple steps away, clearly having the intention to peep over the persons shoulders, while caricatures of Meta, Google, Microsoft, Apple, etc, are already crowded around the persons shoulder peeping over. The caricature of Meta could be holding out its palm, saying the line, "Don't worry, we've got this one."

[–] PeelerSheila@aussie.zone 4 points 9 months ago

Lol that last idea is a beauty!

[–] maniacalmanicmania@aussie.zone 9 points 9 months ago (4 children)

So what messenger apps are folks using, encrypted or not?

I've stuck with Signal for sharing or discussing sensitive stuff (rare) otherwise everything happens over sms.

Anyone using Session, SimpleX or other?

[–] zero_gravitas@aussie.zone 7 points 9 months ago

Just Signal. Never used Session, but I'm thinking about checking it out now!

[–] DavidDoesLemmy@aussie.zone 3 points 9 months ago

Signal is amazing and fulfills my every need

[–] Nath@aussie.zone 1 points 9 months ago

I have signal, but nobody I know uses it. My last message was so long ago that it doesn't show on my chat history. Perhaps because it pre-dates my 2-year-old phone. I default to Telegram for 90% of my personal chats, but it's not encrypted by default. I have Google Meet, but again nobody uses it. Teams gets regular use for work. Occasionally I remember I have Matrix, but I only use it to talk to Lemmy Admins.

SMS for businesses to communicate with me (confirm appointments, school notifications occasional 2FA thing etc). I don't use SMS to send, often.

[–] brisk@aussie.zone 1 points 9 months ago (1 children)

Beeper to meet people where they are, which is mostly a combination of SMS and Facebook Messenger. If I had a real choice it would be XMPP+OMEMO (via Conversations).

I have one person still on Signal. I have only tech support groups on Matrix (Element)

[–] maniacalmanicmania@aussie.zone 2 points 9 months ago* (last edited 9 months ago)

The fam had xmpp+omemo via Conversations but unfortunately dad blew away the server (email, xmpp, other) by accident and doesn't have the capacity to get back into sysadmin stuff, nor did he have backups. I don't have the time to think about it or make it happen so we've moved to Signal for group chats.

[–] No1@aussie.zone 8 points 9 months ago (1 children)

So, any software that has Australian developers could be compromised.

Government departments definitely, probably banks, a bunch of legal and accounting firms. Open season!

[–] zero_gravitas@aussie.zone 3 points 9 months ago* (last edited 9 months ago) (1 children)

Government departments definitely, probably banks, a bunch of legal and accounting firms.

Well, yeah, definitely all those, and that's always been the case. All those organisations can access the records you have with them, and the cops - and various other government departments - can subpoena them for those records. Any info you provide to any business or government department should never have been considered to be private from the government.

That's all quite different to compelling developers of end-to-end encrypted apps to introduce secret backdoors. If implemented as advertised (i.e. without backdoors), the platform provider cannot access the information you send though an E2EE platform, and you could reasonably expect it to be inaccessible by anyone except you and the intended recipients.

[–] No1@aussie.zone 2 points 9 months ago (1 children)

Except it can eg, bypass lawyer/client privilege

[–] zero_gravitas@aussie.zone 2 points 9 months ago (1 children)

I don't see how - lawyer-client privilege applies no matter the medium of communication, surely?

[–] No1@aussie.zone 2 points 9 months ago (1 children)

My poor sweet summer child....

[–] zero_gravitas@aussie.zone 1 points 9 months ago (1 children)

?

[–] Cypher@lemmy.world 1 points 9 months ago (1 children)

You should look up the Lawyer X scandal that occurred in Australia. Police don’t respect anything.

[–] zero_gravitas@aussie.zone 1 points 9 months ago (1 children)

Yeah, I'm aware of the Gobbo case. But, like, lawyer-client privilege is a legal construct, so if the cops are willing to break the law, then, yeah, of course it doesn't protect you. If they're willing to illegally access your messages through an E2EE messaging app, then they are presumably willing to access it illegally through people you've communicated information to in cleartext. I could be being dense, but I just don't understand what point No1 was making.

[–] Cypher@lemmy.world 1 points 9 months ago

I don't see how - lawyer-client privilege applies no matter the medium of communication, surely?

then they are presumably willing to access it illegally through people you've communicated information to in cleartext.

Cops are always willing to break the law. Cops are more likely to be convicted of a serious offence than any other demographic, and they’re far more likely to be domestic abusers.

E2EE is a vital tool in maintaining our right to privacy. Part of good E2EE communication is automatic and unrecoverable deletion of messages after a period of time.