[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Thu Jan 10 11:36:06 EST 2019 

How annoying.

Fair enough they have new terms of reference, but from the original landing
page it's not obvious there's a new enquiry.

To ensure the process maintains continuity, they need to link through to
the new enquiry from the old landing page. Even APH staff seem confused
where advice I had received from PJCIS 10/12 was call for submissions was
yet to be determined.

I've posted a support ticket so hopefully we'll see an update to the main
page:

https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195

Kind regards


Paul Wilkins


On Thu, 10 Jan 2019 at 01:42, Paul Brooks <pbrooks-ausnog at layer10.com.au>
wrote:

> On 9/01/2019 11:18 am, Paul Wilkins wrote:
>
> Obviously this has been in limbo over the Christmas break. There's 2
> really important issues, on hold because of this.
>
> 1 - When or if the PJCIS will call for public comment on the Act as passed.
>
> PJCIS called for further comments on the Act as passed a few days after
> the Act was passed -
>
> They opened a new page on the PJCIS as a new inquiry: 'Review of the
> Telecommunications and Other Legislation Amendment (Assistance and Access)
> Act 2018 with specific reference to Government amendments introduced and
> passed on 6 December 2018'
>
>
> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct
>
> The Government amendments introduced and passed on 6 December 2018 are
> available at this link
> <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Famend%2Fr6195_amend_2ef65c47-7a59-45e1-9427-cf3e7400ef4d%22>.
> A Supplementary Explanatory Memorandum
> <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22legislation/ems/r6195_ems_b832c54b-6091-41ca-baf4-35bb94a856e8%22>on
> the amendments was also presented to the Parliament.
>
> The Committee will accept submissions on any new matters arising with the
> passage of the Act, and will consider the need for further hearings as the
> inquiry progresses.
>
> There are already two new submissions , from IGIS and Commonwealth
> Ombudsman.
>
> They are specifically looking for comments on wording and construction,
> suggestions on better definitions for 'Systemic Weakness' and on the
> definitions used and passed.
>
>
>
> So we probably won't see any developments until Parliament resumes 12th
> February.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>
>> I guess we should anticipate that the PJCIS will ask for further
>> submissions. Probably they will give as little advance warning as possible
>> to conform to their "accelerated timetable". I would think they'll announce
>> their request for submissions as soon as the Labor amendments are dealt
>> with.
>>
>> The Labor amendments are critical for:
>>
>>    - Requirements for judicial review of TCNs/TARs, and avenue of
>>    judicial appeal for service providers
>>    - Strengthened requirements for necessity and proportionality
>>    - Definitions of system vulnerability and systemic weakness (which
>>    preclude mass deployment of patched code)
>>
>> These amendments are necessary and reasonable. However for me, the
>> following issues still remain to be resolved:
>>
>> 1 - Granting the  police EA powers  (rather than the intelligence
>> services - ASIO & AFP) goes too far where the police do not require EA.
>> Rather the least intrusive powers that would still enable them to prosecute
>> serious crime, would be Legal Intercept (basically enough powers to get to
>> the clear text, where they are back to where they were before before the
>> "going dark" due to encryption). This means that Police should get a
>> different category of TAN - where there are no write or modify data powers
>> (ie. read only). Any write or modify capabilities they require should be
>> implemented under a duly authorised TCN.
>>
>> 2 - Once there is allowance for differentiation in Police vs Intelligence
>> Services powers, there should similarly be differentiation for the
>> seriousness of crimes investigated. The 3 years for Police services (but
>> limited to Legal Intercept) would still allow the police to investigate
>> cyber stalking, but also many other crimes some have suggested is like
>> using a sledge hammer to crack a nut. Given the more intrusive nature of EA
>> vs Legal Intercept, there should be a higher bar for the Intelligence
>> Services to demand EA powers (say 20 years to life). If they need only
>> Legal Intercept, then the bar could remain at 3 years.
>>
>> 3 - It's still not clear that anything doable under a TCN, cannot be
>> compelled under a TAN's write/modify data powers. Hence, there ought to be
>> exclusions of a TAN's powers from compelling the implementation of a
>> capability for which a TCN can be issued.
>>
>> 4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from
>> serving as "authorisation" under s280 / s313 of the Telecommunications Act
>> 1997, sufficient to demand mass access to carrier metadata/ metadata
>> datastreams. There is also lawful disclosure of mass metadata under s177 of
>> the Telecomms Interception and Access Act 1979. If the police and/or
>> intelligence services get access to metadata streams, they will integrate
>> this with their other metadata projects, including CCTV and facial
>> recognition databases. Which is obviously something some in Law Enforcement
>> are advocating for, though I think most citizens would regard this as an
>> alarming move towards mass surveillance and a police state.
>>
>> 5 - Having one agency act as a clearing house for notices and warrant
>> data, is still a preferable framework to access by multiple agencies, and
>> would provide advantages for economy, efficiency, governance, and the
>> secure custody of both warrant data and service provider confidential
>> information.
>>
>> 6 - Journalists and media organisations ought to be able to mount a
>> public interest defense against the issue of TANs.
>>
>> 7 - Any citizen ought to have standing to mount a public interest defense
>> against the issue of a TCN.
>>
>> 8 - An audit trail be mandated for all TAN/TAR actions.
>>
>> Interested to hear if anyone has comments or other concerns.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Sat, 15 Dec 2018 at 09:29, I <beatthebastards at inbox.com> wrote:
>>
>>> GCHQ is going for the same thing
>>>
>>> https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190110/5f9c357d/attachment.html>

More information about the AusNOG mailing list