[Linux-aus] Encryption bill and open source

Anthony Towns aj at erisian.com.au
Thu Dec 6 20:20:51 AEDT 2018

On Thu, Dec 06, 2018 at 03:47:22PM +1100, Linux Australia President via linux-aus wrote:
> Thanks aj for getting the conversation started.
> The proposed legislation is deeply flawed, [...]

To me, it seems clear that's irrelevant; the consultation phase
was rushed and pro-forma with comments not being given any serious
consideration, and the legislative phase is looking the same way, with
an emphasis on getting it through for Christmas as if that's going to
have any immediate effect.  My guess is the new Morrison government
isn't strong enough to stand up to the police and intelligence agencies,
and apparently Labor doesn't want to choose the soft-on-terror side with
an election coming up either. I'd be pleased to find out I'm wrong, but
I don't think there's any chance of a last minute legislative save here
(or a judicial or public service save after the fact), and in any case
in the hour or since I postponed this message, it's apparently passed
the senate without any amendments? But hey, YMMV of course.

> Would improving the state of the art in open source help to defray its effects?
> Yes, but no-one's going to do it.

Well, not with that attitude, certainly...

Here's some projects already working on reproducible builds -- there's a lot:

They're funded with $300k USD as of last month, according to https://reproducible-builds.org/news/2018/11/08/reproducible-builds-joins-software-freedom-concervancy/ .

> Looking at platforms and tools, knowledge of GitLab, GitHub, Git, BitBucket etc
> - is required to effectively review and assure code changes. What we're
> increasingly seeing in this space is the monetisation of platforms through
> third party plugins, addons etc that purport to make CI / CD pipelines "easier"
> and "hassle free" - effectively removing testers further and further away from
> the codebase itself. Herein lies the great paradox - the easier we make it for
> people to use, the more we're abstracting it away from the very place that
> malicious changes are made.

So, I feel like my beard is still the wrong colour for this, but the ease
with which you can review code now compared to when I started with open
source is a bajillion miles ahead; and that's comparing with free software
at the time, comparing it with the proprietary software (or shareware
even) that people actually used obviously puts it infinitely far ahead.

Sure, there's a step backwards now and then, but there's been a lot more
steps forward. The state of the art isn't perfect, but it's pretty good,
and it's also the best we've ever had.

> Would collective action from technology practitioners help to defray its
> effects?
> Yes, but there are significant forces working to stop  this.

Anything worthwhile has its detractors. Free software and open source
certainly did.

> Sure, we can
> ask the community to support people whose livelihoods are threatened, but how
> many instances will it take before donor fatigue hits in?

It seems like it could pretty easily be supported by membership in a
professional organisation (with support being available only to members).
Perhaps that would be an actual reason to join ACS... I don't think it'd
be fatiguing to regularly pay, what, $500-$1k a year and see that money
getting spent on legal defences for people acting ethically. Arguably
complying with the AA bill violates the "You will strive to enhance the
quality of life of those affected by your work" and "You will be honest
in your representation of .. products" sections of the ACS code of ethics,
for instance.

> What would help overturn the bill?

Like I said, I don't think that's realistic -- lives are at stake! --
and therefore not a good use of time or energy. Equally, I think amping
up the rhetoric about the horrors that await will backfire; the negatives
won't all happen, and even the ones that do won't happen for a while,
and that will get used as evidence that all the objectors were just
scaremongering and that both parties were right to listen to the police
and security agencies and forge ahead.

On Thu, Dec 06, 2018 at 04:19:20PM +1100, Hugh Blemings via linux-aus wrote:
> I say this from the standpoint of having talked to my local MP and the call
> being respectfully received, noted and being, I gather one of many.

At the point when industry objections are being overruled, I don't
think talking to local MPs will have much real effect. If people were
willing to change their vote over things like this, maybe that would
be different, but I think most everyone here cares more about the usual
hot button issues like refugees or the economy, and won't change their
vote if whichever party they think is worse on those issues starts doing
good on tech issues. So the calculus for the major parties ends up being
"look strong on terror and politely ignore the whiny tech people".


More information about the linux-aus mailing list