[AusNOG] Assistance and Access Bill moves to PJCIS

Michelle Sullivan michelle at sorbs.net
Wed Jan 23 13:23:42 EST 2019

Paul Wilkins wrote:
> Obviously this has been in limbo over the Christmas break. There's 2 
> really important issues, on hold because of this.
> 1 - When or if the PJCIS will call for public comment on the Act as 
> passed.
> 2 - The appearance of the Labor amendments.
> So we probably won't see any developments until Parliament resumes 
> 12th February.

I'll lay money there will be no amendments (passed), there will be an 
attempt to force Apple etc to write in a weakness which will be 
challenged.  There will be many people that will not update their 
iOS/Andriod anytime soon.  Personally I stopped updating the moment this 
bill was passed - particularly as there is at least one Apple update 
that stated, "No bug/security fixes"...

What you will most likely find (and the idiots over in the ACT haven;'t 
worked it out yet) is that the terrorists have some very smart people 
"working" for them and they probably already jailbreak their phones and 
install their own messaging software on it.. (not that you need to 
jailbreak when you can use the 'team' functionality in xcode to install 
non apple approved apps on your phone.)

Of course the highly amusing part is how easy it is to plugin to online 
services and how easy it is to run your own asymmetric cryptography... I 
suspect it would be trivial to put your own encryption over the top of 
any of those services/apps that allow such (and some already do - 
recently came across a plugin to the mailapp that has a custom 
encryption/decryption mechanism which is used by a bank for secure 
messaging.  This means as posted elsewhere any interception would have 
to be by screen capture and keyboard interception on the device, which I 
personally would immediately class as a systemic weakness because if I 
were doing it i'd be cut/pasting messages into my own non-internet 
connected app for encryption/decryption so you can capture what you want 
off imessage, facebook messenger etc... you'd still be getting encrypted 
blocks of data.. and if you capture everything you have online banking 
passwords and everything else that goes with that and there one thinks 
about who else can see the captures....

This is what you get when you have people in charge that have interest 
in obtaining data they are not entitled to.

At least the Queensland police will not get voice recorded giving out 
new locations to abusive ex-husbands, now they can protect themselves by 
just accessing the phone of the wife in hiding..

... anyone seen my foil hat today I seem to have misplaced it....? :P

Michelle Sullivan

More information about the AusNOG mailing list