Ever since Edward Snowden's revelations in 2013, I've had zero sympathy for or trust in any intelligence service, even in purportedly democratic countries.
Last year, my own country (Australia) passed a law which allows the government to force companies or even individuals to add backdoors to their products, and makes it a criminal offence to refuse or publicly disclose their requests. I would go to jail before I complied.
For those of you in other five eyes countries, you'll have similar laws soon too. Our intelligence agencies have clearly set themselves up against fundamental principles of human rights, and their efforts to undermine these must be fought.
One of the scariest parts of this to me is that the vast majority of Aussie developers don't seem to even be aware that such a law was proposed, let along already passed.
This all shows what idiots government parliamentarians are in Australia. If the issue is encryption, then there are very simple ways of using unbreakable encryption systems without relying on asymmetric keys (ie one time pad or Vernam cypher). Granted it will not suit all use cases, since a means of identifying what is the key to use needs be agreed outside of the network processes. That is face to face or via messengers, for instance. But since any file can be used as key (ie music, text, video, object program, etc.) and having a key larger that the text encrypted eliminates repetition patterns, this is a totally unbreakable system. Even quantum computing would totally fail in decrypting a message!
It is super simple to implement with a modicum of programming knowledge, it does not require any maths skills!
An example of it can be found here: https://gitlab.com/MidGe48/cryptopad
I can expand on the means of communicating and sharing keys which are simple and untraceable without requiring ongoing communication after an initial, simple, exchange.
> allows the government to force companies or even individuals to add backdoors to their products
I think the tech media and community overstates the impact of this law. The law [0] makes it clear that the backdoor cannot introduce any systematic weakness of vulnerability, which explicitly includes "a new decryption capability in relation to a form of electronic protection".
What it allows is stuff that targets a specific person _and_ is incapable of affecting anybody else. The second part overrides the first part, so if it's not possible to target a specific person without weakening protection for everybody else, you're not required to do anything.
For example asking you to put code into your app that creates a copy of private keys and sends them to ASIO if the user's ID matches a hard-coded value would be legally okay per my reading of the law.
However adding ASIO's key to every single message would not be okay.
I'm not saying I'm in favour of the law (I'm not) but its actual effect isn't at all what people assume (I hear a lot of comments about "Australia banned encryption" and other such nonsense).
Sections 317JC, 317RA and 317ZAA, which require that the decision makers consider the impact on unrelated people and section 317ZH which requires that a warrant is obtained for things that would usually require a warrant.
Last year, my own country (Australia) passed a law which allows the government to force companies or even individuals to add backdoors to their products, and makes it a criminal offence to refuse or publicly disclose their requests. I would go to jail before I complied.
For those of you in other five eyes countries, you'll have similar laws soon too. Our intelligence agencies have clearly set themselves up against fundamental principles of human rights, and their efforts to undermine these must be fought.