I would first like to apologise for the foolish and damaging actions of my government - the Australian government - who has recently passed a new law, the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018
For those who aren’t aware, this law will allow authorities to compel a company or individual to hand over secure information and if this is not possible, make it so that it is (such as by modifying software, etc) - and then not tell anyone, including their boss and obviously not their customers.
Cloudflare is in a unique situation where a huge amount of third-party information traverses its networks and is stored, even if only temporarily, on its systems. Put simply, Cloudflare is in a unique position to decrypt, collect, or otherwise subvert the security on a vast amount of information.
My questions are:
- How does this new law affect Cloudflare (who serve Australian content, and have networks, servers and customers in Australia)?
- How can I trust that information held by Cloudflare or traversing the Cloudflare network, and Cloudflare’s systems, are secure, when a law now exists that appears able to compel Cloudflare, or an individual with access to Cloudflare’s systems, to make such information insecure or alter Cloudflare’s systems in such a way as to subvert their security, while also making it illegal for that individual or Cloudflare to advise anyone of this?