[AusNOG] Dutton decryption bill

Tue Sep 4 11:52:20 EST 2018

Paul,
I can't agree. There appear to be specific protections under the bill that
prevent weakening of security - viz: 317ZG & 317ZH.

The internet has come to an important cross roads. It's no longer
acceptable to expect that privacy considerations are sufficient to justify
free reign for the crooks, creeps, and crazies. Something has to give. The
best we can hope for is that LEA are given powers only sufficient that
would allow search and seizure under judicial writ, and that this be well
regulated with proper oversite checks and balances. But that requires
engaging with the process. Otherwise LEA will steam roll ahead with the
sort of ambit claims included in the bill.

Kind regards

Paul Wilkins

On Tue, 4 Sep 2018 at 00:05, Paul Brooks <pbrooks-ausnog at layer10.com.au>
wrote:

> On 3/09/2018 11:47 AM, Chris Ford wrote:
>
> Paul,
>
>
> I agree with you in general as to the point that if we are happy with the
> premise of the current TIA Act that LEAs should be able to intercept
> communications with a duly authorised warrant, then extending that to
> encrypted services seems a reasonable extension to keep up with technology.
>
>
> However, the current intercept regime is very difficult if not impossible
> for a bad actor to exploit. The intercept points are within the Carrier and
> CSP networks, out of reach of most people. When we move to intercept
> end-to-end encrypted services you either need to break the encryption
> (which thankfully does not seem to be the path anybody is proposing), OR,
> you need to access the clear text at the end point itself. The problem I
> have with this is that the end point is out in user land, often accessible
> to anyone on the internet, and now exposed to exploit by bad actors.
>
> ..And this is it. The new legislation is NOT about encryption, primarily,
> despite what we thought before the draft was released.
> They've explicitly acknowledged they can't 'break' encryption, and do not
> want to weaken encryption. They want the sent and received message text,
> stored in the device after/before the encrypted transport.
>
> Its actually a 'device malware' bill - a bill to enable general police
> forces to achieve things that previously only shadowy four-letter agencies
> could do - implant malware and modify the function of any end-user device,
> handset, modem, laptop, tablet, printer, connected TV, Amazon Alexa/Google
> Home/etc. Actually it goes further - rather than implant the malware
> themselves once they've achieved physical access, this 'device malware'
> bill enables them to ask nicely for assistance, and then to require, the
> device suppliers and manufacturers to build and implant the exploit for
> them. Why should AS** develop an exploit, when they can ask Apple or
> Netgear or Samsung nicely to develop and install the exploit for them.
>
> We've spent decades educating users that the green padlock on a website
> means something, and that 'IOT devices' such as your average Smart TV might
> be easily hijacked and be recording and watching the home through its
> microphone and embedded webcam. This bill makes government-authorised
> modified firmware with exploits that the network and software industry have
> spent billions developing virus scanning apps to detect and eradicate.
>
> Paul.
>
>
>
>
> --
>
> Chris Ford | CTO
>
> Inabox Group Limited
>
>
> Ph: + 61 2 8275 6871
>
> Mb: +61 401 988 844
>
> Em: chris.ford at inaboxgroup.com.au
> ------------------------------
> *From:* AusNOG <ausnog-bounces at lists.ausnog.net>
> <ausnog-bounces at lists.ausnog.net> on behalf of Paul Wilkins
> <paulwilkins369 at gmail.com> <paulwilkins369 at gmail.com>
> *Sent:* Monday, 3 September 2018 11:31:14 AM
> *To:* AusNOG at lists.ausnog.net
> *Subject:* Re: [AusNOG] Dutton decryption bill
>
> Bradley,
> The Common Law has always allowed judicial scrutiny of our privacy.
> There's always been the right for judicial search warrants to override
> what's considered one's private domain. I'm supportive of this bill where
> it extends judicial oversite to the cyber domain, which is a gap that
> exists only because legislation/common law has lagged behind technology.
> While at the same time realising that conversations conducted over the
> internet, even if encrypted, are more properly regarded as public
> conversations, than say one you might have in your living room. Whether
> government is going to regulate the internet, the boat has sailed on this
> long ago. The hard line privacy advocates are simply going to be left out
> of a conversation democracy needs to have over not whether the internet
> should be regulated, but how.
>
> What's interesting in this bill is that it goes beyond extending judicial
> writ, allowing law enforcement emergency powers the right to surveil
> suspects. This will be authorised by law enforcement, without judicial or
> governmental oversite. I think this probably goes too far. The best outcome
> for everyone, to protect privacy, and to empower law enforcement to enforce
> laws and to protect citizens rights, would be to limit the scope of these
> new powers to judicial writ.
>
> Kind regards
>
> Paul Wilkins
>
>
>
>
>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180904/7c9fb6ac/attachment-0001.html>