[AusNOG] Assistance and Access Bill moves to PJCIS

Robert Hudson hudrob at gmail.com
Fri Mar 29 19:05:21 EST 2019 

404 for the page on the ACS website..

On Thu, 28 Mar 2019 at 12:40, Aftab Siddiqui <aftab.siddiqui at gmail.com>
wrote:

> Just for the info. There was an event yesterday "Safe Encryption Australia
> Forum" in Sydney. Some highlights are here.
>  https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws
>
>
> https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html
>
> Regards,
>
> Aftab A. Siddiqui
>
>
> On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>
>> The silence on the Assistance and Access Act since it passed in December
>> has been deafening. It was firmly understood, on representations by the
>> Liberal Government, that the bill passed was passed as an expedient, yet
>> now we have the third report from PJCIS due 3rd April, and yet another
>> round of submissions from corporations large and small, industry luminaries
>> and human rights and legal experts, all saying that basically we're where
>> we were back in September 2018, when Dutton rather disingenuously reported
>> to the House that:
>>
>> "The government has consulted extensively with industry and the public on
>> these measures and has made amendments to reflect the feedback in the
>> legislation now before the parliament."
>>
>> Yet no matter how many submissions are made to how many parliamentary
>> committees, we now seem stuck with a deeply flawed Act, the Liberals are
>> walking backwards on the Labor amendements, while the country's police
>> forces now operate with sweeping interception powers well beyond what's
>> necessary and proportional.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins <paulwilkins369 at gmail.com>
>> wrote:
>>
>>> ACIC in their submission seem to be making the case, that as police now
>>> have EA powers under the Act to surveil targets, so too should the ACIC
>>> have EA powers to surveil the police.
>>>
>>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b&subId=666446
>>>
>>> I think however this too is wrong, and that two wrongs don't make a
>>> right. The police should never have been given EA powers to break
>>> encryption when all they need is legal intercept. And then ACIC too could
>>> have LI powers.
>>>
>>> As I point out in my latest PJCIS submission,
>>>
>>> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789&subId=666483
>>> there's a basic difference between Legal Intercept and Exceptional
>>> Access, where EA you need read/modify/write/delete rights, whereas LI is
>>> read only.
>>>
>>> If you restrict access by the police to read only, a very large chunk of
>>> the ensuant vulnerabilities go away. Further, the amount of damage the
>>> police can do on a magical mystery tour of your data centre is contained.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>>
>>> On Thu, 24 Jan 2019 at 13:27, Robert Hudson <hudrob at gmail.com> wrote:
>>>
>>>> The government said they'd consider them, not that they'd implement
>>>> them.
>>>>
>>>> I have very little faith at all that without significant pressure being
>>>> brought to bear, that the government response would be anything more than
>>>> "we consider them, and decided no, we're happy as we are".
>>>>
>>>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>
>>>>> Labor's amendments haven't been forgotten, and will have to be dealt
>>>>> with eventually, when the time comes for the PJCIS to table their April
>>>>> recommendations.
>>>>>
>>>>> Noone is forgetting that the Act was passed as an interim measure, to
>>>>> allow law enforcement to deal with the Christmas break with new powers. It
>>>>> would be a serious breach of faith for the government to renege on the
>>>>> outstanding amendments.
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Paul Wilkins
>>>>>
>>>>>
>>>>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan <michelle at sorbs.net>
>>>>> wrote:
>>>>>
>>>>>> Paul Wilkins wrote:
>>>>>> > Obviously this has been in limbo over the Christmas break. There's
>>>>>> 2
>>>>>> > really important issues, on hold because of this.
>>>>>> >
>>>>>> > 1 - When or if the PJCIS will call for public comment on the Act as
>>>>>> > passed.
>>>>>> >
>>>>>> > 2 - The appearance of the Labor amendments.
>>>>>> >
>>>>>> > So we probably won't see any developments until Parliament resumes
>>>>>> > 12th February.
>>>>>>
>>>>>> I'll lay money there will be no amendments (passed), there will be an
>>>>>> attempt to force Apple etc to write in a weakness which will be
>>>>>> challenged.  There will be many people that will not update their
>>>>>> iOS/Andriod anytime soon.  Personally I stopped updating the moment
>>>>>> this
>>>>>> bill was passed - particularly as there is at least one Apple update
>>>>>> that stated, "No bug/security fixes"...
>>>>>>
>>>>>> What you will most likely find (and the idiots over in the ACT
>>>>>> haven;'t
>>>>>> worked it out yet) is that the terrorists have some very smart people
>>>>>> "working" for them and they probably already jailbreak their phones
>>>>>> and
>>>>>> install their own messaging software on it.. (not that you need to
>>>>>> jailbreak when you can use the 'team' functionality in xcode to
>>>>>> install
>>>>>> non apple approved apps on your phone.)
>>>>>>
>>>>>> Of course the highly amusing part is how easy it is to plugin to
>>>>>> online
>>>>>> services and how easy it is to run your own asymmetric
>>>>>> cryptography... I
>>>>>> suspect it would be trivial to put your own encryption over the top
>>>>>> of
>>>>>> any of those services/apps that allow such (and some already do -
>>>>>> recently came across a plugin to the mailapp that has a custom
>>>>>> encryption/decryption mechanism which is used by a bank for secure
>>>>>> messaging.  This means as posted elsewhere any interception would
>>>>>> have
>>>>>> to be by screen capture and keyboard interception on the device,
>>>>>> which I
>>>>>> personally would immediately class as a systemic weakness because if
>>>>>> I
>>>>>> were doing it i'd be cut/pasting messages into my own non-internet
>>>>>> connected app for encryption/decryption so you can capture what you
>>>>>> want
>>>>>> off imessage, facebook messenger etc... you'd still be getting
>>>>>> encrypted
>>>>>> blocks of data.. and if you capture everything you have online
>>>>>> banking
>>>>>> passwords and everything else that goes with that and there one
>>>>>> thinks
>>>>>> about who else can see the captures....
>>>>>>
>>>>>> This is what you get when you have people in charge that have
>>>>>> interest
>>>>>> in obtaining data they are not entitled to.
>>>>>>
>>>>>> At least the Queensland police will not get voice recorded giving out
>>>>>> new locations to abusive ex-husbands, now they can protect themselves
>>>>>> by
>>>>>> just accessing the phone of the wife in hiding..
>>>>>>
>>>>>> ... anyone seen my foil hat today I seem to have misplaced it....? :P
>>>>>>
>>>>>> --
>>>>>> Michelle Sullivan
>>>>>> http://www.mhix.org/
>>>>>>
>>>>>> _______________________________________________
>>>>>> AusNOG mailing list
>>>>>> AusNOG at lists.ausnog.net
>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190329/b051ad64/attachment.html>

More information about the AusNOG mailing list