[AusNOG] Dutton decryption bill

Thu Aug 16 14:47:54 EST 2018

Couple of points for discussion:

1 - The overseas jurisdiction is to be met by whether you conduct business
within Australia. So that already covers the big corporates, social media
etc. If you want to continue to conduct business in Australia, you're going
to have to comply with Australian law or have your company delisted/brands
invalidated/accounts frozen. So it will be immaterial the jurisdiction of
where the service is hosted.

2 - The reporting oversite proposed is meaningless. Just reporting the
number of notices within a period means nothing. There ought to be
additional data as to the type of actions sought, classifications of data
extracted (personal data, geolocation, financial, "metadata"...), and the
classification of offence the notice was to address (national security,
child abuse material, family law etc). As currently drafted the AG would
have the power to issue assistance notices/capability requests, while
simultaneously criminalising disclosure of both the terms and existence of
the notices. Journalists take note.

Kind regards

Paul Wilkins

On Thu, 16 Aug 2018 at 13:20, Robert Hudson <hudrob at gmail.com> wrote:

> Hi Paul,
>
> We have already published our stance on this previously in press releases
> and our regular newsletter, and will be sending a formal response to the
> govt's invitation to do so.
>
> That response is currently being formulated to ensure we cover all
> pertinent points, thus far (until we complete our reading of the mattter)
> being:
>
> * The proposed laws are WAY too vague to start with, and contradictory at
> times in what is and isn't allowed, who and who is not allowed to access
> the data, etc
> * There is a strong history already of misuse of power by government
> agencies/privileged individuals.
> * This is over-reach by government with significant potential impact to
> law-abiding citizens
> * There is no way to breach end-to-end asymmetric key encryption in the
> way they're talking without creating back-doors, compromising the
> encryption process or creating secondary back-channels
> * The idea that the Australian government can enforce the law with parties
> based overseas where they are outside of the jurisdiction of our government
> or its treaty partners is laughable
> * There is insufficient protection of process - the A-G gets to make the
> requests/notices, and the A-G gets to decide at the same time what's
> reasonable and what's not
> * The criminals this is aimed at will simply move to using tools outside
> of the government's reach if they're even remotely competent (if they're
> not, surely this level of law is not required to catch them), meaning that
> the only people this will really impact will, again, be law-abiding citizens
> * The likely next step when people start using tools outside of the
> government's control will be to mandate that only govt-controlled apps are
> used - meaning loss of functionality for law-abiding citizens, or
> unintentional criminal acts when they download and use something they don't
> realise is sanctioned.
>
> There's probably (almost certainly) more.  I've got a full-time job
> outside of doing this, as do the rest of the ITPA board.  If (or anyone
> else reading this) has strong feelings/expertise in this area, we'd gladly
> look to work with you on our response.  Or hell, join and volunteer to help
> us with this - we represent ~18,000 associate members at this stage, and
> the bigger we get, the more our voice will resonate.
>
> Regards,
>
> Robert
>
> On Thu, 16 Aug. 2018, 12:59 pm Paul Julian, <paul at buildingconnect.com.au>
> wrote:
>
>> Hi Robert,
>>
>>
>>
>> I think it’s a perfectly valid point, so just out of interest what is
>> ITPA’s plan to respond to this current situation ?
>>
>>
>>
>> Regards
>>
>> Paul
>>
>>
>>
>> *From:* Robert Hudson <hudrob at gmail.com>
>> *Sent:* Thursday, 16 August 2018 12:34 PM
>> *To:* paul at buildingconnect.com.au
>> *Cc:* Paul Wilkins <paulwilkins369 at gmail.com>; ausnog at lists.ausnog.net
>> *Subject:* Re: [AusNOG] Dutton decryption bill
>>
>>
>>
>> On Thu, 16 Aug 2018 at 11:10, Paul Julian <paul at buildingconnect.com.au>
>> wrote:
>>
>> Hi Paul,
>>
>>
>>
>> Where do you even start ?
>>
>> I would love to be able to comment on these things properly but how do
>> you structure a response that isn’t just a whinge and saying that it’s not
>> fair and blah blah, it would need to offer alternatives or suggestions on
>> how else this could be accomplished or why it shouldn’t be in the first
>> place.
>>
>>
>>
>> Apologies if this isn't considered appropriate on this list, but I think
>> the point of joining representative organisations is important, especially
>> on this topic.
>>
>>
>>
>> Join a group like ITPA (it doesn't have to be ITPA, so this isn't
>> "strictly" an ad - more a drive to get people participating in industry
>> associations.  The more members we have, the stronger our voice.  We have
>> commented strongly on this issue, and will continue to do so on this and
>> other issues of importance to IT Professionals.
>>
>>
>>
>> ITPA Associate membership is free.  Paid membership is less than the cost
>> of a cup of coffee a week.
>>
>>
>>
>> If not us, choose another representative organisation, and make sure your
>> voice is heard.
>>
>>
>>
>> If you (and others) don't, then things like Metadata Retention, breaking
>> encryption, and goodness knows what they have up their sleeves next will
>> continue to go through.
>>
>>
>>
>> Regards,
>>
>>
>> Robert
>>
>>
>>
>>
>>
>> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180816/8df2cbb0/attachment-0001.html>