[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Sat Nov 3 13:09:55 EST 2018

Coexistence with Data Retention Regime (Under Telecommunications Act)

Passage of this Bill will set the stage for mass surveillance, where
carriers are already subject to data retention, but the Minister may
further declare any service provider subject to the metadata regime.

187A Service providers must keep certain information and documents

(3A) The Minister may, by legislative instrument, declare a service to be a
service to which this Part applies.

Such declaration has a statutory limitation of 40 sitting days of
Parliament, however nothing in the Act prevents such a declaration being
rolled over by the Minister, maintaining a metadata regime in perpetuity
for any service they should designate. All this would lie within the
provisioned scope of the Minister's powers without any further legislation.

Access to such metadata does not necessarily require a warrant. Access
under the Telecommunications Act can be rendered by the service provider as
voluntary assistance.

On Thu, 1 Nov 2018 at 11:50, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Rob,
> Check your inbox/spam folder 29/10.
> Kind regards
> Paul Wilkins
> On Thu, 1 Nov 2018 at 08:33, Robert Hudson <hudrob at gmail.com> wrote:
>> Odd.  I signed up to track the enquiry, but have had no notifications at
>> all that additional hearings had been scheduled.
>> There's an another additional day according to the committee website -
>> 27th November.
>> Where did you see if information that they're asking for supplementary
>> submissions?
>> On Wed, 31 Oct 2018 at 12:28, Paul Wilkins <paulwilkins369 at gmail.com>
>> wrote:
>>> *UN's Special Rapporteur on the right to privacy* has weighed in on the
>>> PJCIS review with incandescent criticism:
>>> https://www.aph.gov.au/DocumentStore.ashx?id=8012483f-e421-41a7-8bd4-1e8eb5eb39eb&subId=661745
>>> In my considered view, the Assistance and Access Bill is an example of a
>>> poorly conceived national security measure that is equally as likely to
>>> endanger security as not; it is technologically questionnable if it can
>>> achieve its aims and avoid introducing vulnerabilities to the cybersecurity
>>> of all devices irrespective of whether they are mobiles, tablets, watches,
>>> cars, etc., and it unduly undermines human rights including the right to
>>> privacy. It is out of step with international rulings raising the related
>>> issue of how the Australian Government would enforce this law on
>>> transnational technology companies.
>>> I can't but think that if the Minister for Home Affairs to be doing
>>> well to attract the ire of the United Nations and his timing couldn't be
>>> better, just as the Government has lost control of the House. I'm hopeful
>>> the Australian media will pick up on the interest of the UN in the Bill,
>>> fingers crossed.
>>> Furthermore, the PJCIS, after announcing two additional hearings 16/30
>>> Nov, are also asking for *supplementary submissions, to be received no
>>> later than 26 November.*
>>> Kind regards
>>> Paul Wilkins
>>> On Fri, 26 Oct 2018 at 13:07, Paul Wilkins <paulwilkins369 at gmail.com>
>>> wrote:
>>>> We're at a critical juncture where the Minister for Home Affairs may
>>>> get his way and steam roll this Bill through Parliament (how this could
>>>> play out in both Houses would be interesting, as they'll need either Labor
>>>> or one of the independents in the Lower House). Or the Bill gets
>>>> substantially modified or sent back to the Dep't Home Affairs to start over.
>>>> What's of deep concern is that the Minister represents to the House
>>>> consultation has been extensive, and that modifications of the Bill
>>>> represent a consensus view. Yet industry has been vocal in opposition to
>>>> the Bill, and have criticised the level of consultation and the
>>>> Government's preparedness to receive advice:
>>>> While DIGI appreciates the challenges facing law enforcement, we
>>>> continue to have concerns with the Bill, which, contrary to its stated
>>>> objective, we believe may undermine public safety by making it easier for
>>>> bad actors to commit crimes against individuals, organisations or
>>>> communities. We also remain concerned at the lack of independent oversight
>>>> of Notices and the absence of checks and balances with this legislation,
>>>> which we discuss in more detail in this submission.
>>>> Submission to PJCIS - DIGI (includes Google, Amazon, Facebook...)(78)
>>>> We urge the government to seriously consider the comments submitted by
>>>> industry and civil society and consider changes that would protect the
>>>> security and privacy of Apple’s users and all Australians.
>>>> Submission to PJCIS - Apple (53)
>>>> Given the complexity of the Bill, the sensitivity of the subject
>>>> matter, and the  limited consultation period, the summary above is not an
>>>> exhaustive list of BSA's concerns and recommendations in respect of the
>>>> Bill. There are other aspects of the Bill that require further
>>>> consideration in order to find the right balance between the legitimate
>>>> rights, needs, and responsibilities of the Australian Government, citizens,
>>>> providers of critical infrastructure, third party stewards of data, and
>>>> innovators.
>>>> As such, we respectfully encourage the Australian Government to engage
>>>> in further dialogue with industry to consider the broader issues at play
>>>> and the implications (and possible unintended consequences of the Bill).
>>>> Submission to PJCIS - BSA (Cisco, IBM et al.)(48)
>>>> On Thu, 25 Oct 2018 at 16:48, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>> I'm determined the Minister for Home Affairs doesn't get to drop a
>>>>> deeply flawed Bill on a supine and compliant Parliament, and have taken
>>>>> measures, to whit, written 22 MPs in positions where they can influence
>>>>> policy, and provided links to submissions which point out the Bill as
>>>>> proposed is neither proportionate nor necessary:
>>>>> Law Council of Australia:
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=859d9cda-0f99-4bef-994f-edc6006c87bf&subId=661321
>>>>> Joint Councils for Civil Liberties:
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=6a26c1ce-15f3-4229-9b45-dd4ad7cfb8f2&subId=661197
>>>>> Australian Human Rights Commission:
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=a7b9ff25-7c09-41e9-b97a-56dae1ac0e94&subId=661055
>>>>> PJCHR,starts @ p24:
>>>>> https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en
>>>>> Kind regards
>>>>> Paul Wilkins
>>>>> On Thu, 25 Oct 2018 at 16:20, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>> wrote:
>>>>>> *New PJCIS Public Hearings*
>>>>>> *16 Nov 2018:* Sydney, NSW
>>>>>> *30 Nov 2018:* Canberra, ACT
>>>>>> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018
>>>>>> On Thu, 25 Oct 2018 at 13:23, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>> wrote:
>>>>>>> Has anyone yet had the opportunity to think through the use of force
>>>>>>> provisions? Does use of force extend beyond physical forced entry, to say,
>>>>>>> hacking?
>>>>>>> Kind regards
>>>>>>> Paul Wilkins
>>>>>>> On Wed, 24 Oct 2018 at 18:03, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>>> wrote:
>>>>>>>> Compare:
>>>>>>>> CHAIR: So the big companies like Facebook, Amazon, Twitter,
>>>>>>>> over-the-top  messaging services like Signal and WhatsApp?
>>>>>>>> Mr Hansford: A range of different industry companies.
>>>>>>>> CHAIR: *A good percentage of those?*
>>>>>>>> Mr Hansford: *A reasonable percentage, I'd say.*
>>>>>>>> (Public) FRIDAY, 19 OCTOBER 2018
>>>>>>>> "The government has consulted *extensively* with industry and the
>>>>>>>> public on these measuresand has made amendments to reflect the feedback in
>>>>>>>> the legislation now before the parliament."
>>>>>>>> Minister for Home Affairs - Speech to Parliament 20 Sept 2018
>>>>>>>> On Wed, 24 Oct 2018 at 16:01, Paul Wilkins <
>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>> DIGI's submission (Amazon, Facebook, Google, Oath, and Twitter)
>>>>>>>>> has just appeared:
>>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=d48c3c35-221d-4544-a7d7-109a82c72dc1&subId=661549
>>>>>>>>> On August 14, 2018, the Government released for Public Exposure a
>>>>>>>>> draft of the Telecommunications and Other Legislation Amendment (Assistance
>>>>>>>>> and Access) Bill 2018 (the “Bill”) together with an Exposure Document, to
>>>>>>>>> which DIGI made a submission (attached). A revised Bill was introduced to
>>>>>>>>> Parliament ten days following the close of submissions, with only minor
>>>>>>>>> amendments that fail to address its potential impacts on public safety,
>>>>>>>>> cybersecurity, privacy and human rights, raising concern among industry,
>>>>>>>>> consumer and civil society groups.
>>>>>>>>> On Wed, 24 Oct 2018 at 11:30, Paul Wilkins <
>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>> The PJCHR express extensive concerns with the bill.
>>>>>>>>>> https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en
>>>>>>>>>> The following demonstrates a posture where they will likely
>>>>>>>>>> oppose the bill without further safeguards:
>>>>>>>>>> 1.109 Another relevant factor in assessing whether a measure is
>>>>>>>>>> proportionate is whether there is the possibility of oversight and the
>>>>>>>>>> availability of review. The power to give a technical assistance notice or
>>>>>>>>>> request, or technical  capability notice, is not exercised by a judge, nor
>>>>>>>>>> does a judge supervise its application.  Section 317ZFA provides a
>>>>>>>>>> discretionary power to a court, in relation to proceedings  before it, to
>>>>>>>>>> make such orders as the court considers appropriate in relation to the
>>>>>>>>>> disclosure, protection, storage, handling or destruction of technical
>>>>>>>>>> assistance information, if the court is satisfied that it is in the public
>>>>>>>>>> interest. The bill does  not otherwise provide for court involvement in the
>>>>>>>>>> process of giving a technical assistance notice or request, or technical
>>>>>>>>>> capability notice. The bill additionally  seeks to amend the Administrative
>>>>>>>>>> Decisions (Judicial Review) Act 1977 (ADJR Act) to exclude decisions under
>>>>>>>>>> Part 15 of the Telecommunications Act (which would  include a decision to
>>>>>>>>>> issue a technical assistance notice or request, or technical  capability
>>>>>>>>>> notice) from judicial review under the ADJR Act. 47 In these circumstances,
>>>>>>>>>> further information from the minister as the adequacy of the safeguards in
>>>>>>>>>> terms of oversight and review would assist in determining the
>>>>>>>>>> proportionality of the measures.
>>>>>>>>>> Kind regards
>>>>>>>>>> Paul Wilkins
>>>>>>>>>> On Tue, 23 Oct 2018 at 15:12, Paul Wilkins <
>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>> 21 October AEC had received 6890 postal votes out of 12,788
>>>>>>>>>>> issued. Today, received postal votes is 7,789. Sharma is trailing by 1,552.
>>>>>>>>>>> So I'm calling it a Phelps' win and we will have minority government.
>>>>>>>>>>> Phelps will win by at least 500 votes so no recount.
>>>>>>>>>>> Kind regards
>>>>>>>>>>> Paul Wilkins
>>>>>>>>>>> On Mon, 22 Oct 2018 at 18:19, Paul Wilkins <
>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>> Transcript of public hearing 19th October:
>>>>>>>>>>>> https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22committees%2Fcommjnt%2F2a1771c8-f314-43f2-b9b0-cd09ad8123ae%2F0000%22
>>>>>>>>>>>> On Mon, 22 Oct 2018 at 16:46, Christian Heinrich <
>>>>>>>>>>>> christian.heinrich at cmlh.id.au> wrote:
>>>>>>>>>>>>> Paul,
>>>>>>>>>>>>> On Mon, Oct 22, 2018 at 2:12 PM Paul Wilkins <
>>>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>>> > Except that where subject to an order under 317j to conceal
>>>>>>>>>>>>> the existence of a TCN/TAN forms part of the terms.
>>>>>>>>>>>>> For PCI-DSS Requirement 4 Telstra [as an example I don't
>>>>>>>>>>>>> recommend]
>>>>>>>>>>>>> have mandated that their customer is responsible for both the
>>>>>>>>>>>>> infrastructure and software [as a service] within
>>>>>>>>>>>>> https://www.telstra.com.au/content/dam/tcom/personal/consumer-advice/pdf/business-a-full/cloud-h.pdf
>>>>>>>>>>>>> and are therefore unable to assist with the implementation of
>>>>>>>>>>>>> the
>>>>>>>>>>>>> TCN/TAN.
>>>>>>>>>>>>> --
>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>> Christian Heinrich
>>>>>>>>>>>>> http://cmlh.id.au/contact
>>>>>>>>>>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181103/0e964944/attachment.html>

More information about the AusNOG mailing list