[AusNOG] Assistance and Access Bill moves to PJCIS

[Nathan Brookfield]

Could they possibly give less notice.... Unbelievable!

Nathan Brookfield
Chief Executive Officer

Simtronic Technologies Pty Ltd
http://www.simtronic.com.au

On 15 Nov 2018, at 10:40, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:

Media Release: Issue date: 14 November 2018

Second public hearing on the Encryption Bill

The second public hearing on the Telecommunication and Other Legislation Amendment (Assistance and Access) Bill 2018 will be held on Friday, 16 November 2018 in Sydney. The Committee will hear from academics, statutory oversight agencies, and industry peak bodies.
Details of the public hearing:
9:00 am – 3.15pm
SMC Conference & Function Centre, 66 Goulburn St, Sydney (Carrington Room)

The hearing will be live streamed (audio only) at www.aph.gov.au/live<http://www.aph.gov.au/live>.

The full program of the hearing is available at https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Public_Hearings

Additional hearings will be held in Canberra on 27 and 30 November.
Further information on the inquiry can be obtained from the Committee’s website.

On Tue, 13 Nov 2018 at 11:36, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
Communications Alliance submission<https://www.aph.gov.au/DocumentStore.ashx?id=789049aa-edfc-48e2-a79c-0dd1c28f95b8&subId=662644> makes the point both s313 and s280 (1)(b) of the Telecommunications Act 1997 are current extensively used to access metadata.

It follows that under the new bill, about a dozen LEAs will similarly be able to rely on s313 and s280(1)(b) to get warrantless metadata access.

Kind regards

Paul Wilkins


On Sat, 3 Nov 2018 at 13:09, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:

Coexistence with Data Retention Regime (Under Telecommunications Act)


Passage of this Bill will set the stage for mass surveillance, where carriers are already subject to data retention, but the Minister may further declare any service provider subject to the metadata regime.


187A Service providers must keep certain information and documents

(3A) The Minister may, by legislative instrument, declare a service to be a service to which this Part applies.


Such declaration has a statutory limitation of 40 sitting days of Parliament, however nothing in the Act prevents such a declaration being rolled over by the Minister, maintaining a metadata regime in perpetuity for any service they should designate. All this would lie within the provisioned scope of the Minister's powers without any further legislation.

Access to such metadata does not necessarily require a warrant. Access under the Telecommunications Act can be rendered by the service provider as voluntary assistance.

On Thu, 1 Nov 2018 at 11:50, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
Rob,
Check your inbox/spam folder 29/10.

Kind regards
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
Paul Wilkins

On Thu, 1 Nov 2018 at 08:33, Robert Hudson <hudrob at gmail.com<mailto:hudrob at gmail.com>> wrote:
Odd.  I signed up to track the enquiry, but have had no notifications at all that additional hearings had been scheduled.

There's an another additional day according to the committee website - 27th November.

Where did you see if information that they're asking for supplementary submissions?

On Wed, 31 Oct 2018 at 12:28, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
UN's Special Rapporteur on the right to privacy has weighed in on the PJCIS review with incandescent criticism:

https://www.aph.gov.au/DocumentStore.ashx?id=8012483f-e421-41a7-8bd4-1e8eb5eb39eb&subId=661745

In my considered view, the Assistance and Access Bill is an example of a poorly conceived national security measure that is equally as likely to endanger security as not; it is technologically questionnable if it can achieve its aims and avoid introducing vulnerabilities to the cybersecurity of all devices irrespective of whether they are mobiles, tablets, watches, cars, etc., and it unduly undermines human rights including the right to privacy. It is out of step with international rulings raising the related issue of how the Australian Government would enforce this law on transnational technology companies.

I can't but think that if the Minister for Home Affairs to be doing  well to attract the ire of the United Nations and his timing couldn't be better, just as the Government has lost control of the House. I'm hopeful the Australian media will pick up on the interest of the UN in the Bill, fingers crossed.

Furthermore, the PJCIS, after announcing two additional hearings 16/30 Nov, are also asking for supplementary submissions, to be received no later than 26 November.

Kind regards
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
Paul Wilkins

On Fri, 26 Oct 2018 at 13:07, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
We're at a critical juncture where the Minister for Home Affairs may get his way and steam roll this Bill through Parliament (how this could play out in both Houses would be interesting, as they'll need either Labor or one of the independents in the Lower House). Or the Bill gets substantially modified or sent back to the Dep't Home Affairs to start over.

What's of deep concern is that the Minister represents to the House consultation has been extensive, and that modifications of the Bill represent a consensus view. Yet industry has been vocal in opposition to the Bill, and have criticised the level of consultation and the Government's preparedness to receive advice:

While DIGI appreciates the challenges facing law enforcement, we continue to have concerns with the Bill, which, contrary to its stated objective, we believe may undermine public safety by making it easier for bad actors to commit crimes against individuals, organisations or communities. We also remain concerned at the lack of independent oversight of Notices and the absence of checks and balances with this legislation, which we discuss in more detail in this submission.
Submission to PJCIS - DIGI (includes Google, Amazon, Facebook...)(78)


We urge the government to seriously consider the comments submitted by industry and civil society and consider changes that would protect the security and privacy of Apple’s users and all Australians.
Submission to PJCIS - Apple (53)

Given the complexity of the Bill, the sensitivity of the subject matter, and the  limited consultation period, the summary above is not an exhaustive list of BSA's concerns and recommendations in respect of the Bill. There are other aspects of the Bill that require further consideration in order to find the right balance between the legitimate rights, needs, and responsibilities of the Australian Government, citizens, providers of critical infrastructure, third party stewards of data, and innovators.

As such, we respectfully encourage the Australian Government to engage in further dialogue with industry to consider the broader issues at play and the implications (and possible unintended consequences of the Bill).
Submission to PJCIS - BSA (Cisco, IBM et al.)(48)

On Thu, 25 Oct 2018 at 16:48, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
I'm determined the Minister for Home Affairs doesn't get to drop a deeply flawed Bill on a supine and compliant Parliament, and have taken measures, to whit, written 22 MPs in positions where they can influence policy, and provided links to submissions which point out the Bill as proposed is neither proportionate nor necessary:

Law Council of Australia: https://www.aph.gov.au/DocumentStore.ashx?id=859d9cda-0f99-4bef-994f-edc6006c87bf&subId=661321

Joint Councils for Civil Liberties: https://www.aph.gov.au/DocumentStore.ashx?id=6a26c1ce-15f3-4229-9b45-dd4ad7cfb8f2&subId=661197

Australian Human Rights Commission: https://www.aph.gov.au/DocumentStore.ashx?id=a7b9ff25-7c09-41e9-b97a-56dae1ac0e94&subId=661055

PJCHR,starts @ p24: https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en


Kind regards

Paul Wilkins


On Thu, 25 Oct 2018 at 16:20, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
New PJCIS Public Hearings

16 Nov 2018: Sydney, NSW
30 Nov 2018: Canberra, ACT

https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018

On Thu, 25 Oct 2018 at 13:23, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
Has anyone yet had the opportunity to think through the use of force provisions? Does use of force extend beyond physical forced entry, to say, hacking?

Kind regards
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
Paul Wilkins

On Wed, 24 Oct 2018 at 18:03, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
Compare:

CHAIR: So the big companies like Facebook, Amazon, Twitter, over-the-top  messaging services like Signal and WhatsApp?
Mr Hansford: A range of different industry companies.
CHAIR: A good percentage of those?
Mr Hansford: A reasonable percentage, I'd say.
(Public) FRIDAY, 19 OCTOBER 2018

"The government has consulted extensively with industry and the public on these measuresand has made amendments to reflect the feedback in the legislation now before the parliament."
Minister for Home Affairs - Speech to Parliament 20 Sept 2018

On Wed, 24 Oct 2018 at 16:01, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
DIGI's submission (Amazon, Facebook, Google, Oath, and Twitter) has just appeared:

https://www.aph.gov.au/DocumentStore.ashx?id=d48c3c35-221d-4544-a7d7-109a82c72dc1&subId=661549

On August 14, 2018, the Government released for Public Exposure a draft of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (the “Bill”) together with an Exposure Document, to which DIGI made a submission (attached). A revised Bill was introduced to Parliament ten days following the close of submissions, with only minor amendments that fail to address its potential impacts on public safety, cybersecurity, privacy and human rights, raising concern among industry, consumer and civil society groups.

On Wed, 24 Oct 2018 at 11:30, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
The PJCHR express extensive concerns with the bill.

https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en

The following demonstrates a posture where they will likely oppose the bill without further safeguards:

1.109 Another relevant factor in assessing whether a measure is proportionate is whether there is the possibility of oversight and the availability of review. The power to give a technical assistance notice or request, or technical  capability notice, is not exercised by a judge, nor does a judge supervise its application.  Section 317ZFA provides a discretionary power to a court, in relation to proceedings  before it, to make such orders as the court considers appropriate in relation to the disclosure, protection, storage, handling or destruction of technical assistance information, if the court is satisfied that it is in the public interest. The bill does  not otherwise provide for court involvement in the process of giving a technical assistance notice or request, or technical capability notice. The bill additionally  seeks to amend the Administrative Decisions (Judicial Review) Act 1977 (ADJR Act) to exclude decisions under Part 15 of the Telecommunications Act (which would  include a decision to issue a technical assistance notice or request, or technical  capability notice) from judicial review under the ADJR Act. 47 In these circumstances, further information from the minister as the adequacy of the safeguards in terms of oversight and review would assist in determining the proportionality of the measures.

Kind regards
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
Paul Wilkins

On Tue, 23 Oct 2018 at 15:12, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
21 October AEC had received 6890 postal votes out of 12,788 issued. Today, received postal votes is 7,789. Sharma is trailing by 1,552. So I'm calling it a Phelps' win and we will have minority government.

Phelps will win by at least 500 votes so no recount.

Kind regards
[https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif]
Paul Wilkins

On Mon, 22 Oct 2018 at 18:19, Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
Transcript of public hearing 19th October:

https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22committees%2Fcommjnt%2F2a1771c8-f314-43f2-b9b0-cd09ad8123ae%2F0000%22

On Mon, 22 Oct 2018 at 16:46, Christian Heinrich <christian.heinrich at cmlh.id.au<mailto:christian.heinrich at cmlh.id.au>> wrote:
Paul,

On Mon, Oct 22, 2018 at 2:12 PM Paul Wilkins <paulwilkins369 at gmail.com<mailto:paulwilkins369 at gmail.com>> wrote:
> Except that where subject to an order under 317j to conceal the existence of a TCN/TAN forms part of the terms.

For PCI-DSS Requirement 4 Telstra [as an example I don't recommend]
have mandated that their customer is responsible for both the
infrastructure and software [as a service] within
https://www.telstra.com.au/content/dam/tcom/personal/consumer-advice/pdf/business-a-full/cloud-h.pdf
and are therefore unable to assist with the implementation of the
TCN/TAN.


--
Regards,
Christian Heinrich

http://cmlh.id.au/contact
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181114/a30d5716/attachment-0001.html>