[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Brooks pbrooks-ausnog at layer10.com.au
Thu Jan 10 01:42:53 EST 2019

On 9/01/2019 11:18 am, Paul Wilkins wrote:
> Obviously this has been in limbo over the Christmas break. There's 2 really
> important issues, on hold because of this.
> 1 - When or if the PJCIS will call for public comment on the Act as passed.

PJCIS called for further comments on the Act as passed a few days after the Act was
passed -

They opened a new page on the PJCIS as a new inquiry: 'Review of the
Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018
with specific reference to Government amendments introduced and passed on 6 December 2018'


> The Government amendments introduced and passed on 6 December 2018 are available at
> thislink
> <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Famend%2Fr6195_amend_2ef65c47-7a59-45e1-9427-cf3e7400ef4d%22>.
> A Supplementary Explanatory Memorandum
> <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22legislation/ems/r6195_ems_b832c54b-6091-41ca-baf4-35bb94a856e8%22>on
> the amendments was also presented to the Parliament.
> The Committee will accept submissions on any new matters arising with the passage of
> the Act, and will consider the need for further hearings as the inquiry progresses.
There are already two new submissions , from IGIS and Commonwealth Ombudsman.

They are specifically looking for comments on wording and construction, suggestions on
better definitions for 'Systemic Weakness' and on the definitions used and passed.

> So we probably won't see any developments until Parliament resumes 12th February.
> Kind regards
> Paul Wilkins
> On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <paulwilkins369 at gmail.com
> <mailto:paulwilkins369 at gmail.com>> wrote:
>     I guess we should anticipate that the PJCIS will ask for further submissions.
>     Probably they will give as little advance warning as possible to conform to
>     their "accelerated timetable". I would think they'll announce their request for
>     submissions as soon as the Labor amendments are dealt with.
>     The Labor amendments are critical for:
>       * Requirements for judicial review of TCNs/TARs, and avenue of judicial appeal
>         for service providers
>       * Strengthened requirements for necessity and proportionality
>       * Definitions of system vulnerability and systemic weakness (which preclude
>         mass deployment of patched code)
>     These amendments are necessary and reasonable. However for me, the following
>     issues still remain to be resolved:
>     1 - Granting the  police EA powers  (rather than the intelligence services -
>     ASIO & AFP) goes too far where the police do not require EA. Rather the least
>     intrusive powers that would still enable them to prosecute serious crime, would
>     be Legal Intercept (basically enough powers to get to the clear text, where they
>     are back to where they were before before the "going dark" due to encryption).
>     This means that Police should get a different category of TAN - where there are
>     no write or modify data powers (ie. read only). Any write or modify capabilities
>     they require should be implemented under a duly authorised TCN.
>     2 - Once there is allowance for differentiation in Police vs Intelligence
>     Services powers, there should similarly be differentiation for the seriousness
>     of crimes investigated. The 3 years for Police services (but limited to Legal
>     Intercept) would still allow the police to investigate cyber stalking, but also
>     many other crimes some have suggested is like using a sledge hammer to crack a
>     nut. Given the more intrusive nature of EA vs Legal Intercept, there should be a
>     higher bar for the Intelligence Services to demand EA powers (say 20 years to
>     life). If they need only Legal Intercept, then the bar could remain at 3 years.

>     3 - It's still not clear that anything doable under a TCN, cannot be compelled
>     under a TAN's write/modify data powers. Hence, there ought to be exclusions of a
>     TAN's powers from compelling the implementation of a capability for which a TCN
>     can be issued.
>     4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from serving as
>     "authorisation" under s280 / s313 of the Telecommunications Act 1997, sufficient
>     to demand mass access to carrier metadata/ metadata datastreams. There is also
>     lawful disclosure of mass metadata under s177 of the Telecomms Interception and
>     Access Act 1979. If the police and/or intelligence services get access to
>     metadata streams, they will integrate this with their other metadata projects,
>     including CCTV and facial recognition databases. Which is obviously something
>     some in Law Enforcement are advocating for, though I think most citizens would
>     regard this as an alarming move towards mass surveillance and a police state.
>     5 - Having one agency act as a clearing house for notices and warrant data, is
>     still a preferable framework to access by multiple agencies, and would provide
>     advantages for economy, efficiency, governance, and the secure custody of both
>     warrant data and service provider confidential information.
>     6 - Journalists and media organisations ought to be able to mount a public
>     interest defense against the issue of TANs.
>     7 - Any citizen ought to have standing to mount a public interest defense
>     against the issue of a TCN.
>     8 - An audit trail be mandated for all TAN/TAR actions.
>     Interested to hear if anyone has comments or other concerns.
>     Kind regards
>     Paul Wilkins
>     On Sat, 15 Dec 2018 at 09:29, I <beatthebastards at inbox.com
>     <mailto:beatthebastards at inbox.com>> wrote:
>         GCHQ is going for the same thing
>         https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
>         _______________________________________________
>         AusNOG mailing list
>         AusNOG at lists.ausnog.net <mailto:AusNOG at lists.ausnog.net>
>         http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190110/502fcac8/attachment.html>

More information about the AusNOG mailing list