Presented by

Abstract

Free software developers, network engineers and privacy advocates have been given a gift by the EU, in the form of six strongly-enforced laws based on human rights that have computer science embedded in them. This talk covers: • How human rights is directly linked to computer science via the legal text of these EU laws • What new software solutions are required by these laws • What long-standing bad internet security practices are banned according to the text of the law • Examples of code based on long-standing open source libraries that meet the requirements of the new EU laws On the one hand, security habits until recently classified as “best practice” are now moved to “fix it now or get off the internet”, which is great news for those who have been advocating for better security for years. Infrastructure providers are required to be secure. Security algorithms known to be cracked may not be used. On the other hand, the EU has introduced new concepts in software-mediated contracts between infrastructure suppliers, and a new emphasis on the privacy of the endpoints in end-to-end communications. In various ways, these laws affect how personal data and communications are handled outside Europe including in Australia, mandating better security and privacy. Which is just as well, because these are dark days for individual privacy in Australia. In January 2020 the Australian Consumer Data Right bill is expected to become law, providing privacy protection to any “reasonably identifiable person, including a business enterprise”, which includes persons such as News Corp and BHP. At the same time the Data Sharing and Release Bill will be enacted, which will remove more than “500 existing data secrecy and confidentiality provisions across more than 175 different pieces of Australian Government legislation”, ensuring that companies such as News Corp and BHP have easier access to Australian citizens’ data. The Federal Court of Australia decided in 2017 that metadata is not personal data, so no doubt the Data Sharing and Release Act will indeed "streamline delivery of citizen data services" from the Australian Government to private companies. Successive Australian prime ministers and their governments believe that “the laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.” Not only do the laws of mathematics apply in Australia, but Australian companies wanting to do business that involves EU residents find themselves covered by EU laws, and EU laws have mathematics right at their core. Instead of (or as well as?) feeling despair at the state of privacy in Australia, the free software community can argue that there is an economic benefit in adopting an EU rights-based approach. Australian companies who deal with EU residents must comply with EU law. Maybe we can end up using the gold standard in privacy, even in Australia.