| ▲ | Youden 4 hours ago | |
No legal mechanism with such breadth exists in Australia. There was a great deal of overblown media reporting but the law [0] makes it explicitly clear that any request that requires a "systemic weakness", "systemic vulnerability" or anything of the like is null and void. Those terms are defined [1]. Note that it doesn't say the government can't request such a thing, it says that such a request "has no effect". It's simply dead on arrival. My understanding is that the government could compel Facebook to publish a version of WhatsApp with a special mode that sends all messages to the police if the user ID is 1234567. This introduces a vulnerability but it is limited to one specific person. If your user ID is not 1234567, you're completely unaffected. However my understanding is that the government cannot compel Facebook to compel a version of WhatsApp that, when it receives a special message, silently starts sending plaintext copies of every other message it receives to the police. Such a mechanism would be a systematic weakness that affects people other than those for which a warrant has been issued, so the notice would "have no effect". The government could also not compel a source-available app with verifiable builds to stop distributing them so that it can add a secret user ID branch like the one I mentioned above for WhatsApp. [0]: https://classic.austlii.edu.au/au/legis/cth/consol_act/ta199... [1]: https://classic.austlii.edu.au/au/legis/cth/consol_act/ta199... | ||
| ▲ | Ms-J 2 hours ago | parent [-] | |
"No legal mechanism with such breadth exists in Australia." No. See: https://lowendbox.com/blog/australian-police-will-soon-have-... "These new warrant powers include: 1. Data disruption 2. Expansion of targeted devices to include all devices a suspect uses or might use 3. Account takeovers" Australia is extremely draconian. | ||