Yes, the #AABill is about encryption


I wrote this update to my #AAbill post last week:

Update, Monday 10th December: The Twitters are awash with hot-takers claiming the bill isn’t about breaking encryption. How technological measures can be implemented without back doors or weakened encryption eludes me, but it does highlight further absurdity with how ambiguous and unworkable this hurried legislation is. And can we all please just agree this is a horrid idea without the government dividing and conquering us for your social media karma… again?

Privacy advocate and all around wonderful person @Aral had the best takedown for these people. E2EE is end-to-end encryption:

In an E2EE system you cannot comply with the law. Ergo, to comply with the law your system must not be E2EE. #aabill

And in this tweet, on the practical distinction without a difference of breaking encryption mathematically, versus breaking its implementation in a governement-manded compromised system:

Indeed. And if you have an E2EE system & you get “asked” (access is demanded), you cannot plead ignorance of the law or mathematical impossibility. It is clear at that point that you were in contempt by using an E2EE system when you could have used a compliant system.

It’s to be expected that nerds like us drill into the minutea. But blanket statements like the AABill isn’t about encryption are not helpful at all.

Author bio and support


Ruben Schade is a technical writer and infrastructure architect in Sydney, Australia who refers to himself in the third person. Hi!

The site is powered by Hugo, FreeBSD, and OpenZFS on OrionVM, everyone’s favourite bespoke cloud infrastructure provider.

If you found this post helpful or entertaining, you can shout me a coffee or send a comment. Thanks ☺️.