[AusNOG] Dutton decryption bill

[Robert Hudson]

Hi Paul,

Happy to have you link to our submission.  I've thrown it up as an item on
our website:

https://www.itpa.org.au/news/itpa-submission-assistance-and-access-bill-2018-australian-government-department-home-affairs/

Regards,

Robert

On Wed, 12 Sep 2018 at 09:48, Paul Brooks <pbrooks-ausnog at layer10.com.au>
wrote:

> Thanks Rob.
> Internet Australia's submission is at
> https://internet.org.au/news/209-submission-internet-australia-s-submission-on-draft-assistance-and-access-bill
> .
>
> We're also collating other submissions at this page to aid transparency,
> in case the Department doesn't publish the collection themselves.
> There are currently 6 other submissions linked there, with more to be
> added:
>
>    - - Massachusetts Institute of Technology: Internet Policy Research
>    Intiative
>    - - Internet Architecture Board
>    - - Chris Culnane and Vanessa Teague
>    - - Communications Alliance, Australian Information Industry
>    Association, Australian Mobile Telecommunications Association
>    - - Mark Nottingham
>    - - Digital Rights Watch, Australia Privacy Foundation, Electronic
>    Fontiers Australia, Access Now, NSW Council for Civil Liberties, Future
>    Wise, Blueprint for Free Speech, Queensland Council for Civil Liberties
>
> All are well worth reading.
>
> The IAB didn't mince words - cherry picking selected paragraphs: "
>
> "While we normally do not review proposed legislation, we are concerned
> that this proposal might have a serious and undesirable impact upon the
> Internet and, taken as a model, the sum of similar legislation may result
> in the fragmentation of the Internet.
> ....as custodians of the Internet’s architecture,
> we are required to take a global view. This approach, if applied
> generally, would result in the
> Internet’s privacy and security being the lowest common denominator
> permitted by the actions taken
> in myriad judicial contexts. From that perspective, this approach
> drastically reduces trust in critical
> Internet infrastructure and affects the long term health and viability of
> the Internet. "
>
>
> May we include the ITPA submission, or a link to the ITPA page, in that
> collection?
>
> Paul (with Chair of Internet Australia hat on)
>
> On 12/09/2018 9:07 AM, Robert Hudson wrote:
>
> As per my comments in August, ITPA put forward the following comment on
> the draft bill within the offiicial public comment window:
>
> "To whom it may concern,
>
> On behalf of the Information Technology Professionals Association (ITPA)
> and its members, I am writing today to express a lack of support for "The
> Access and Assistance Bill, 2018" as it currently stands.  This bill should
> not be introduced to Parliament in its current form, and certainly should
> not be voted into law.
>
> ITPA and its members recognise the fact that encrypted communication is
> one tool used by criminals to make it harder for law enforcement agencies
> to discover and track their whereabouts, plans, and other details of crimes
> they may have or be able to commit.  We appreciate the fact that the
> government is seeking ways to increase its ability to better prevent and
> prosecute crime.  But it is ITPA's position that the only real-life outcome
> of "The Access and Assistance Bill 2018" will be a negative impact to the
> individual privacy of Australian citizens, and that the proposed benefits
> (allowing law-enforcement to prevent or prosecute crimes) will not be
> realised.
>
> "The Access and Assistance Bill 2018" will not only fail to achieve its
> stated aim (criminals will simply move to using encryption  products not
> covered by this bill - most of the tools currently used in this area are
> not written by companies which are bound by this bill, and those which are
> will simply be traded for tools produced outside of Australia's
> jurisdiction), but it will result in a significant reduction of individual
> privacy for law-abiding citizens.
>
> In addition to failing to achieve the desired goals, tools created under
> this legislation to break or bypass the encryption created by commonly used
> applications will almost certainly be misused by individuals in positions
> of power within law-enforcement agencies, as we have already seen happen in
> other areas of surveillance legislation such as the mandatory metadata
> retention scheme.
>
> Further, it is certain that these tools will also become available to
> people outside of legitimate law-enforcement agencies, and will be used as
> a weapon against law-abiding citizens - the leaking of the list of
> "blocked" sites under Internet filtering regimes of the past (
> https://www.smh.com.au/national/dentists-website-on-leaked-blacklist-20090319-93cl.html)
> shows that secrets and artifacts (such as lists of websites, or access to
> tools) can and do get leaked beyond the approved area of usage).
>
> "The Access and Assistance Bill 2018" also has issues of governance and
> oversight which require adjustment before it could be supported.  Although
> there is still a requirement for warrants to be issued and a level of
> judicial oversight, a political appointment (The Attorney General) holds
> significant (and ultimate for short-term activities with post-activity
> oversight) power within this legislation.  It would be preferable to have a
> politically independent body (an individual or organisation) to provide the
> level of oversight and authority carried by the Attorney General in this
> legislation to ensure that decisions are not made under the authority of
> this bill for political purposes.
>
> If the government really wants to achieve better levels of policing and
> crime prevention in areas of technology, we implore the government to
> consult with the technology industry during the drafting phases of
> legislation, rather than after the draft has been put together in such a
> fashion as to be technically infeasible.  ITPA would be more than willing
> to be part of a consultation process to resolve issues with the currently
> proposed legislation, or for any other legislation which requires technical
> expertise to achieve success."
>
> On Wed, 15 Aug 2018 at 13:48, Robert Hudson <hudrob at gmail.com> wrote:
>
>> Hi Paul,
>>
>> On Wed, 15 Aug 2018 at 13:31, Paul Brooks <pbrooks-ausnog at layer10.com.au>
>> wrote:
>>
>>> Thanks Aftab for the plug - this is something that IA has been tracking
>>> and meeting in Canberra with various Minister-types down over the past 6-9
>>> months, trying to determine what they were looking to do, and educate them
>>> on the concerns.
>>> This is data retention all over again. On one hand, as an ISP, if you
>>> don't actually supply end-user devices and all the OTT messaging apps pass
>>> through your network, there may not be much in this to concern.  This Bill
>>> is aimed at Samsung/Google/HTC/Oppo, and OTT service providers like Apple
>>> iMessage, WhatsApp, Google Hangouts, etc.
>>> They were quite insistent they would not be seeking to back-door
>>> encryption, and as it happens, they were right! They just want to back-door
>>> the entire device. And website, which is classed in there too.
>>>
>>
>> The legislation is sufficiently vague as to allow pretty much anything
>> the A-G thinks is reasonable at the time the A-G makes a request.
>>
>>>
>>> If you're in Canberra on Monday night, we've got a number of people from
>>> MIT Computer Science and Artificial Inelligence Labs (CSAIL) and other
>>> experts that talk to USA's people, and tickets still available - From
>>> 4:30pm, with free drinks provided afterwards.
>>>
>>>
>>> https://www.eventbrite.com.au/e/encryption-experts-session-evening-in-canberra-tickets-48911717263
>>>
>>
>> Canberra could be hard to attend from Sydney, but this one may be
>> important enough for me to make the trip.
>>
>>>
>>>
>>> They're taking feedback/submissions/comments for 4 weeks only - is
>>> anyone planning to submit some comment?
>>>
>>
>> ITPA is looking to provide feedback.  We'd be happy to work with other
>> parties (individuals or organisations) to put up a joint response.
>>
>> Regards,
>>
>> Robert
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180912/1360e692/attachment.html>