LCA2019 - The AABill
I spent most of today in the Security Miniconf stream LCA2019... I don't know if I should be happy or sad about the fact that nearly 40 years after I started my IT career we are still struggling with security as a concept... On the happy side my skills and experience are still valid but on the sad side, really? 40 years on and we are still can't get it right??
The latest bee in the bonnet of the software world is the "Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018" recently passed under questionable circumstances in Australia. The short name is the AABill and it is widely regarded as a Bad Thing(tm).
Essentially it seems to require any developer served with an appropriate warrant to assist the relevant agency in breaking into any application by secretly inserting code to allow undetected remote surveillance... and they could be prosecuted and fined if they tell anyone they've done it.
Now I'm not a developer by any stretch of the imagination but I do know how the development process works and I can't see how any of it can be enforced under current best practice... surely as soon as the developer served by the 'secret' warrant makes a commit then they've effectively broken the law by publishing the code and thereby telling the world+dog what they've done... it just defeats the entire purpose of the exercise.
An absolutely pointless law that deserves every bit of the derision that it has received so far.