Unfortunately it gives them the legal capability to require your startup/IT company/multinational to put development time in at their request to enable your software to give them the access they want.
For example-
get chats in real time
log IP addresses and pass them to gov
open containers stored on your infrastructure
get into the phone or device you have sold to a client previously
These are not interpretations of the legislation- these are the use cases they wrote it to solve.
As ex LEO I get it but the burden on organisations is going to bad for business, not to mention the insecure solutions that are going to get drummed up/coded on the fly to comply with these requests- security nightmare.
There is some reasonable paranoia that this might be a Trojan to enable access in the US. Can't pass legislation in the US? Easy, get your vassal state (AU) to pass it, then ask them to investigate your target and then force people to comply with your vassals state's request.
"yeh I know you can't do that in Texas but you can in Western Australia and we, the US, has a treaty with Australia so you're just going to hand over that data. We'll deliver it to the Aussies for you"
I may be paranoid, but I'm not the only one seeing this angle on it.
Big conspiracies- count me out. Gov is lazy and disorganised. Little conspiracies between gov-buddies ? Absolutely.
> sounds like asking a phone company to tap a phone, which is pretty well established?
That is exactly what they are asking for. In fact, the legalisation enabling them to gather the data and under what conditions (the authorisation required, like a court order) isn't being changed. This new piece of legislation just extends who they can force to collect it form them. It use to be the telco's, which was originally just phone taps but then extended to internet data. They are now extending that to software companies. (Also cloud providers like SpiderOak and "secure email" companies.)
In a few words this extension allows them to order a software company to (with suitable compensation of course):
1. Develop / assist in developing an undetectable tap / bug for them, and
2. Surreptitiously install it for them via an over the air update.
This extends their reach from phone calls to any device that auto-installed software updates / patches. Whether you consider the ability to install a "phone tap" into your phone, tv, car, router, wifi camera, pc, robot vacuum, modem, that can read all the data on there, enable the microphone and camera, monitor the GPS and other sensors, read keystrokes, fingerprints and other authentication data to be roughly as intrusive as someone monitoring your phone calls is I guess a mater of taste.
For example-
get chats in real time
log IP addresses and pass them to gov
open containers stored on your infrastructure
get into the phone or device you have sold to a client previously
These are not interpretations of the legislation- these are the use cases they wrote it to solve.
As ex LEO I get it but the burden on organisations is going to bad for business, not to mention the insecure solutions that are going to get drummed up/coded on the fly to comply with these requests- security nightmare.
There is some reasonable paranoia that this might be a Trojan to enable access in the US. Can't pass legislation in the US? Easy, get your vassal state (AU) to pass it, then ask them to investigate your target and then force people to comply with your vassals state's request.
"yeh I know you can't do that in Texas but you can in Western Australia and we, the US, has a treaty with Australia so you're just going to hand over that data. We'll deliver it to the Aussies for you"
I may be paranoid, but I'm not the only one seeing this angle on it.
Big conspiracies- count me out. Gov is lazy and disorganised. Little conspiracies between gov-buddies ? Absolutely.