[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Wed Jan 9 11:18:58 EST 2019

Obviously this has been in limbo over the Christmas break. There's 2 really
important issues, on hold because of this.

1 - When or if the PJCIS will call for public comment on the Act as passed.

2 - The appearance of the Labor amendments.

So we probably won't see any developments until Parliament resumes 12th

Kind regards

Paul Wilkins

On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> I guess we should anticipate that the PJCIS will ask for further
> submissions. Probably they will give as little advance warning as possible
> to conform to their "accelerated timetable". I would think they'll announce
> their request for submissions as soon as the Labor amendments are dealt
> with.
> The Labor amendments are critical for:
>    - Requirements for judicial review of TCNs/TARs, and avenue of
>    judicial appeal for service providers
>    - Strengthened requirements for necessity and proportionality
>    - Definitions of system vulnerability and systemic weakness (which
>    preclude mass deployment of patched code)
> These amendments are necessary and reasonable. However for me, the
> following issues still remain to be resolved:
> 1 - Granting the  police EA powers  (rather than the intelligence services
> - ASIO & AFP) goes too far where the police do not require EA. Rather the
> least intrusive powers that would still enable them to prosecute serious
> crime, would be Legal Intercept (basically enough powers to get to the
> clear text, where they are back to where they were before before the "going
> dark" due to encryption). This means that Police should get a different
> category of TAN - where there are no write or modify data powers (ie. read
> only). Any write or modify capabilities they require should be implemented
> under a duly authorised TCN.
> 2 - Once there is allowance for differentiation in Police vs Intelligence
> Services powers, there should similarly be differentiation for the
> seriousness of crimes investigated. The 3 years for Police services (but
> limited to Legal Intercept) would still allow the police to investigate
> cyber stalking, but also many other crimes some have suggested is like
> using a sledge hammer to crack a nut. Given the more intrusive nature of EA
> vs Legal Intercept, there should be a higher bar for the Intelligence
> Services to demand EA powers (say 20 years to life). If they need only
> Legal Intercept, then the bar could remain at 3 years.
> 3 - It's still not clear that anything doable under a TCN, cannot be
> compelled under a TAN's write/modify data powers. Hence, there ought to be
> exclusions of a TAN's powers from compelling the implementation of a
> capability for which a TCN can be issued.
> 4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from
> serving as "authorisation" under s280 / s313 of the Telecommunications Act
> 1997, sufficient to demand mass access to carrier metadata/ metadata
> datastreams. There is also lawful disclosure of mass metadata under s177 of
> the Telecomms Interception and Access Act 1979. If the police and/or
> intelligence services get access to metadata streams, they will integrate
> this with their other metadata projects, including CCTV and facial
> recognition databases. Which is obviously something some in Law Enforcement
> are advocating for, though I think most citizens would regard this as an
> alarming move towards mass surveillance and a police state.
> 5 - Having one agency act as a clearing house for notices and warrant
> data, is still a preferable framework to access by multiple agencies, and
> would provide advantages for economy, efficiency, governance, and the
> secure custody of both warrant data and service provider confidential
> information.
> 6 - Journalists and media organisations ought to be able to mount a public
> interest defense against the issue of TANs.
> 7 - Any citizen ought to have standing to mount a public interest defense
> against the issue of a TCN.
> 8 - An audit trail be mandated for all TAN/TAR actions.
> Interested to hear if anyone has comments or other concerns.
> Kind regards
> Paul Wilkins
> On Sat, 15 Dec 2018 at 09:29, I <beatthebastards at inbox.com> wrote:
>> GCHQ is going for the same thing
>> https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190109/f6426d0e/attachment.html>

More information about the AusNOG mailing list