“When you use Signal, your data is stored in encrypted form on your devices. The only information that is stored on the Signal servers for each account is the phone number you registered with, the date and time you joined the service, and the date you last logged on.”

This isn’t an ad, I wasn’t paid for this post. Just to clear the air: fuck facebook, fuck elon musk and twitter, fuck anyone who thinks this is a paid advertisement. I wish I was paid for this shit, I just wanted to spread the word. Thank you. 😀 👍

  • pallas@lemmy.world
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I think you’re referring to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, also described in this Verge article.

    My understanding is that this doesn’t actually require a backdoor be pre-built. It does require that, upon notice, a company or individual provide access to encrypted data (eg, via a backdoor) or assist in obtaining that access in some way, up to introducing a backdoor into their own software or compromising it. There is however a “systemic weakness” limitation, such that no one should be required to introduce a somewhat vaguely defined “systemic weakness” in their software in order to comply with demands. There’s also no requirement that a backdoor be added before requests.

    I expect that this means Signal would just stop offering software in Australia if they received a request, or make an argument about systemic weakness, though what Australia would likely ask for would be targeted replacement of the app with a signed but malicious version, to avoid that argument. There is also a question of enforceability against foreign companies: Australia is not the US, with the ability to extradite people who have no real connection to them, so Signal could quite possibly just ignore the Australian law.

    If I recall correctly, the law also applies to individuals, and could compel them to maliciously act against other organizations; I remember there being the argument that the law meant that security-minded companies and projects should not allow Australians to contribute to their software at all.