EconByte

 By Dr Justin Pyvis

Issue 13/2019

Australia: Just ban it

Last week I wrote about how a number of Western governments around the world feared the possibility of being compromised by the Chinese government. Namely, they worried that if they allowed China's Huawei to install components in their respective 5G networks, they would be taking an unnecessary risk. That fear was so great that the Australian government went as far as banning the company from supplying its 5G network entirely, despite the fact that it would in all likelihood reduce outcomes for consumers.

The technical grounds on which Huawei was banned are shaky at best. Just about every "hack" you hear about in the news - they are occurring on far too regular a basis, I might add - usually involves one of two methods. One, the data were stored unencrypted, i.e. in plain text, on a server somewhere; and/or two, access was gained through so-called social hacking, i.e. finding a weak human link in the chain and exploiting them.

From a security perspective the least concerning part of a system is the network infrastructure itself. It's a given these days that routers, 5G nodes and everything in between should be considered insecure. Even if Huawei were planning to install sophisticated, hardware backdoors in its Australia-bound 5G components, just about every threat model out there already takes that as a given. As long as you properly encrypt data at rest and in transit, problem (mostly) solved.

Which leads me to Australia's decision late last year - with the support of the opposition - to rush through anti-encryption legislation that I described at the time as "at best useless and at worst downright dangerous".

Essentially, a country so paranoid about being hacked by foreign entities that it would ban an entire company with no track record of spying decided to weaken the best method of defending against such attacks: encryption. Properly encrypting data in transit means that even if it is intercepted at some point along the way, it won't be of any use.

But Australia's Assistance and Access Bill (AAB) requires companies, on request, to implement backdoors (which the bad guys will eventually also discover), preventing Australian companies from being able to guarantee such a service (the AAB only applies to products used or sold in Australia).

As Apple wrote in its statement submitted to the Australian Parliament's Joint Committee on Intelligence and Security on 12 October 2018:

"Encryption is simply math... Any process that weakens the mathematical models that protect user data for anyone will by extension weaken the protections for everyone."

The motto of the Australian government seems to be if you don't understand something, just ban it.

Don't understand encryption and its importance for millions of people, but worry that a couple of malicious individuals might use it to organise an attack? Just ban it.

Don't understand risk models or how to properly secure communications, but worry about China spying through one of its multinational 5G suppliers? Just ban it.

But weakening encryption creates unintended consequences. As I predicted at the time:

"The Australian technology sector will suffer, but it will be largely unseen. Just the existence of the AAB means clients outside of Australia cannot be sure their data are secure. Australian coders and tech entrepreneurs will increasingly have to move overseas."

Unfortunately, three months since the bill passed it seems I was spot on:

"Hosted email provider FastMail says it has lost customers and faces "regular” requests to shift its operations outside Australia following the passage of anti-encryption laws.

The Victorian company, which offers ad-free email services to users in 150 countries, told a senate committee that the now-passed laws were starting to bite."

Australian companies are losing customers because of the possibility of encryption backdoors, regardless of whether or not that is the case in practice (and we'll never know). No one can be sure which companies have been requested to undermine their clients' data security, so all of them get tarred with the same brush. The AAB has created what economists call an adverse selection problem, the end result of which may be the exit of companies unwilling to weaken their data security practices, or the collapse of related industries entirely.

Thankfully my other predictions haven't come to fruition - yet (although as far as I'm aware no criminal apprehensions as a direct result of the AAB have occurred).

But as the recent hack of Parliament and all of the major parties highlights, uncompromised encryption is as important as ever both at home and at work.

The number of connected devices ("internet of things" or IoT) is only going to grow, and they are going to vary enormously in terms of how secure they are. The more devices, the more opportunities for malicious actors to compromise them. The best way to ensure that data are secure is to encrypt it at rest and in transit, so if there were a compromised device or 5G node somewhere along the chain it wouldn't matter.

If the government were truly worried about Chinese spying, it would encourage more encryption, not less.

But alas the politicians who, during the recent breach of their own servers, were very likely saved by the same encryption technology they just undermined, refuse to notice the potentially devastating unintended consequences of their actions. And why would they? If something bad happens as a result, they can always just ban it.

Enjoy the rest of this week's issue. Cheers,

— Justin

The bits

The "bits" are an assortment of articles that caught my eye this week, categorised by subject, with some brief comments from yours truly.


New frontiers

Every phone with 5G capabilities today, e.g. the new Samsung and Huawei folding phones, use a separate chipset and modem combination. That drains a phone's battery a bit more than if they were combined - which is exactly the direction in which manufacturers are moving. As I said last week, wait for the third-generation 5G folding phones; the first and second gen are expensive and will have constant issues that need ironing out.

5G is coming in 2019, although the exact details are still a closely guarded secret. Don't rush into a 5G device; as with manufacturers, it will take the telecoms at least a couple of years to get the stability and reliability needed to supplant 4G (note that Sprint are already getting speeds ~10x faster than 4G, or about 430Mbps).


News aggregation

People like aggregation (e.g. Facebook) as it makes their lives easier. Mozilla wants to work with Scroll not to change that but to potentially find a way to offer an ad-free, subscription-based funding model. Mozilla says it's frustrated with “terrible experiences and pervasive tracking” that today's architecture breeds.

Facebook is doubling down on its network effect advantage, asking for a 30% cut of fan subscriptions (people who subscribe to 'influencers' either to support them or to acquire special access to content). The biggest difference, other than the cut it's taking, is Facebook also demands "non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use creators’ content and the license survives even if you stop using Fan Subscriptions". Yikes.


Blockchain

Home loans within 5 days, wealth management, unsecured consumer loans and checking accounts. It's still small scale stuff but real world use-cases for blockchain are being discovered every day.


Rideshare

The title of the article says it all. Google's Waymo is far and away the leader in the autonomous vehicle race, with its miles per "disengagement" - when the car’s software detects a problem or the driver has to take control - leaving everyone else in its dust at 11,154 in 2018. Apple and Uber had a paltry 1.1 and 0.4, respectively.


Mobile devices

Remember the old Razr clamshell phone? Motorola might be about to reintroduce it, except the inside will be a foldable smartphone rather than a keypad. I like the idea more than Samsung and Huawei's foldables as the clamshell makes the phone far sturdier and less prone to scratches. But an idea is just and idea; let's see how well Motorola actually execute it.


Retail

Following its decision to walk away from a planned campus in Queens following relentless harassment from a small but vocal minority of local politicians, New York City is practically begging Amazon to come back. An open letter ran as a full-page ad in The New York Times on Friday, signed by more than 70 supportive unions, local businesses and business leaders, community groups and even representatives Hakeem Jeffries of Brooklyn, a top Democrat, Max Rose, a first-term Democrat from Staten Island and Carolyn Maloney, whose district encompasses the Amazon site.

Image of the week

View source
The 5 stages of automation

Not all self-driving vehicles are the same. There are 5 levels of automation, from level 1 (assisted) all the way to level 5 (full automation). Things like Tesla's Autopilot are only at level 2 (partial automation) and it will probably be at least a few years before we see anything approaching level 5, then several more years before that goes mainstream.

That's all for now. If you enjoyed this issue, feel free to share it.

Australia: Just ban it was compiled by Dr Justin Pyvis. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to his Keybase chat.