New Australia data encryption laws passed

BBC News on significant new laws in Australia regarding encryption:

The Labor opposition said it had reluctantly supported the laws to help protect Australians during the Christmas period, but on Friday it said that “legitimate concerns” about them remained.

Remember kids, weakening security is for life, not just for Christmas.

Seriously, though, this seems like a well-intentioned effort to help law enforcement, but as ever, there’s little practical detail on how to make the idea work rather than just demanding Silicon Valley figures it out.

From the BBC piece:

Cyber-security experts say it’s not possible to create a “back door” decryption that would safely target just one person.

“Any vulnerability would just weaken the existing encryption scheme, affecting security overall for innocent people,” said Dr Chris Culnane from the University of Melbourne.

Such a “security hole” could then be abused or exploited by criminals, he said.

In a bid to address these concerns, Australia’s law offers a safeguard which says decryptions won’t go ahead if they create a “systemic weakness”.

However critics say the definition of “systemic weakness” is vague, meaning it is unclear how it may be applied.

Good laws are meant to be specific…