[Cryptography] Assistance and Access Bill 2018 FAQ (Australia)

Sun Dec 9 10:19:36 EST 2018

At 11:16 PM 12/7/2018, Alfie John wrote:
>Hi everyone, I've been asked to compile a list of questions that will hopefully be answered by lawyers, in order to assist IT workers within Australia due to the recent Assistance and Access Bill 2018 (aka encryption-busting bill):
>
>https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf;fileType=application/pdf
>
>While compiling this list, I thought to turn it into an FAQ.
>
>Any questions (or even answers) would be most appreciated:
>
>https://github.com/alfiedotwtf/AABillFAQ
>
>There are many ways to contribute (outlined in the above link), but if the moderators allow, questions here would be great so they can create group discussion not thought of elsewhere (then I'll sweep them up into the FAQ).
>
>Thanks everyone.
>
>Alfie
>--
>Alfie John
>https://www.alfie.wtf

Here are some questions:

1.  Is there a problem?

Yes, there are law enforcement professionals who *say* there is a problem, but where is the evidence that there actually *is* a problem?

Answering this question should have an extremely high bar, as *every proposed "solution" causes immense damage to everything a free society holds dear*:
* civil liberties
* free speech
* free association
* permissionless action
* federalism/decentralization

2.  If there is a problem, is this an important problem relative to other problems you face?

Every society faces an overwhelming number of problems crying for attention and resources.  Not every problem can be addressed with the same level of urgency, the same level of resources, or the same level of attention.  Therefore, everyone must prioritize which problems to solve, based upon urgency and expected ease/cost of solution.

For example, cyber hacking, phishing, identity theft, etc., are extraordinarily urgent problems, causing immense damage to *every person*, *every day*, *every device*.  IMHO this urgency is many orders of magnitude more severe than the inability of law enforcement to read the contents of a handful of cellphones.

Once again, the answer to this question must be a very high bar, else society wastes huge resources -- including *opportunity costs* -- chasing the wrong problems.

3.  If there is a problem, have you characterized the problem correctly?

Any potential solution will be seen in the lens of this characterization, so it is critical that this characterization be accurate.  Which is the right question: "Is the house too cold?" or "Is the clothing too warm?" or "Do you have a thyroid disorder?".

4.  If there is a problem, do you have any idea what the causal relationships in the environment/system are?

You can't possibly propose a "solution" to a problem, if you don't understand the causal relationships.  For example, changing the thermostat setting in one room may have *zero effect* on the temperature in another room -- and may even have a *negative effect* if the proposed solution means that the heat must be diverted from one room to another.

5.  If there is a problem, and someone proposes a solution, does it actually work without killing the patient?

The Hippocratic Oath admonishes: "First, do no harm!!".  The politician's oath is: "First, DO something [who cares whether or not it works, and whether or not it does more harm than doing nothing]".  A doctor who followed the politician's oath would quickly find his patients all dead, himself/herself without liability insurance, and himself/herself behind bars.

President Obama often cautioned: "Don't do stupid stuff" -- advice he should have listened to himself more often, and advice that never penetrated the skulls of his own partisans.  The overwhelming desire to "DO something" completely destroyed any sanity: "we have to pass the bill so you can find out what's in it".