<div dir="ltr">You know, I've often wondered about these large companies - what would stop them from presenting a page that said "Your access to our services has been restricted because of laws in your jurisdiction. If you have any questions, please call <local member> on <phone number> to discuss the issue"? <div><br><div class="gmail_quote"><div dir="ltr">On Thu, 16 Aug 2018 at 14:48, Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com">paulwilkins369@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Couple of points for discussion:<br><br>1 - The overseas jurisdiction is to be met by whether you conduct business within Australia. So that already covers the big corporates, social media etc. If you want to continue to conduct business in Australia, you're going to have to comply with Australian law or have your company delisted/brands invalidated/accounts frozen. So it will be immaterial the jurisdiction of where the service is hosted.<br><br>2 - The reporting oversite proposed is meaningless. Just reporting the number of notices within a period means nothing. There ought to be additional data as to the type of actions sought, classifications of data extracted (personal data, geolocation, financial, "metadata"...), and the classification of offence the notice was to address (national security, child abuse material, family law etc). As currently drafted the AG would have the power to issue assistance notices/capability requests, while simultaneously criminalising disclosure of both the terms and existence of the notices. Journalists take note.<br><br>Kind regards<br><br>Paul Wilkins<br></div><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr">On Thu, 16 Aug 2018 at 13:20, Robert Hudson <<a href="mailto:hudrob@gmail.com" target="_blank">hudrob@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div dir="auto">Hi Paul,<div dir="auto"><br></div><div dir="auto">We have already published our stance on this previously in press releases and our regular newsletter, and will be sending a formal response to the govt's invitation to do so.</div><div dir="auto"><br></div><div dir="auto">That response is currently being formulated to ensure we cover all pertinent points, thus far (until we complete our reading of the mattter) being:</div><div dir="auto"><br></div><div>* The proposed laws are WAY too vague to start with, and contradictory at times in what is and isn't allowed, who and who is not allowed to access the data, etc</div><div>* There is a strong history already of misuse of power by government agencies/privileged individuals.</div><div>* This is over-reach by government with significant potential impact to law-abiding citizens</div><div>* There is no way to breach end-to-end asymmetric key encryption in the way they're talking without creating back-doors, compromising the encryption process or creating secondary back-channels</div><div>* The idea that the Australian government can enforce the law with parties based overseas where they are outside of the jurisdiction of our government or its treaty partners is laughable</div><div>* There is insufficient protection of process - the A-G gets to make the requests/notices, and the A-G gets to decide at the same time what's reasonable and what's not</div><div>* The criminals this is aimed at will simply move to using tools outside of the government's reach if they're even remotely competent (if they're not, surely this level of law is not required to catch them), meaning that the only people this will really impact will, again, be law-abiding citizens</div><div>* The likely next step when people start using tools outside of the government's control will be to mandate that only govt-controlled apps are used - meaning loss of functionality for law-abiding citizens, or unintentional criminal acts when they download and use something they don't realise is sanctioned.</div><div><br></div><div>There's probably (almost certainly) more. I've got a full-time job outside of doing this, as do the rest of the ITPA board. If (or anyone else reading this) has strong feelings/expertise in this area, we'd gladly look to work with you on our response. Or hell, join and volunteer to help us with this - we represent ~18,000 associate members at this stage, and the bigger we get, the more our voice will resonate.</div><div><br></div><div>Regards,</div><div><br>Robert</div></div></div><br><div class="gmail_quote"><div dir="ltr">On Thu, 16 Aug. 2018, 12:59 pm Paul Julian, <<a href="mailto:paul@buildingconnect.com.au" target="_blank">paul@buildingconnect.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div lang="EN-AU" link="blue" vlink="purple"><div class="m_8464408384246977657m_-2628746268313273432m_-6064251370114055479m_6093841125420367848m_-2779746914913838197WordSection1"><p class="MsoNormal"><span>Hi Robert,<u></u><u></u></span></p><p class="MsoNormal"><span><u></u> <u></u></span></p><p class="MsoNormal"><span>I think it’s a perfectly valid point, so just out of interest what is ITPA’s plan to respond to this current situation ?<u></u><u></u></span></p><p class="MsoNormal"><span><u></u> <u></u></span></p><p class="MsoNormal"><span>Regards<u></u><u></u></span></p><p class="MsoNormal"><span>Paul<u></u><u></u></span></p><p class="MsoNormal"><span><u></u> <u></u></span></p><p class="MsoNormal"><b><span lang="EN-US">From:</span></b><span lang="EN-US"> Robert Hudson <<a href="mailto:hudrob@gmail.com" rel="noreferrer" target="_blank">hudrob@gmail.com</a>> <br><b>Sent:</b> Thursday, 16 August 2018 12:34 PM<br><b>To:</b> <a href="mailto:paul@buildingconnect.com.au" rel="noreferrer" target="_blank">paul@buildingconnect.com.au</a><br><b>Cc:</b> Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com" rel="noreferrer" target="_blank">paulwilkins369@gmail.com</a>>; <a href="mailto:ausnog@lists.ausnog.net" rel="noreferrer" target="_blank">ausnog@lists.ausnog.net</a><br><b>Subject:</b> Re: [AusNOG] Dutton decryption bill<u></u><u></u></span></p><p class="MsoNormal"><u></u> <u></u></p><div><div><div><p class="MsoNormal">On Thu, 16 Aug 2018 at 11:10, Paul Julian <<a href="mailto:paul@buildingconnect.com.au" rel="noreferrer" target="_blank">paul@buildingconnect.com.au</a>> wrote:<u></u><u></u></p></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm"><div><div><p class="MsoNormal">Hi Paul,<u></u><u></u></p><p class="MsoNormal"> <u></u><u></u></p><p class="MsoNormal">Where do you even start ?<u></u><u></u></p><p class="MsoNormal">I would love to be able to comment on these things properly but how do you structure a response that isn’t just a whinge and saying that it’s not fair and blah blah, it would need to offer alternatives or suggestions on how else this could be accomplished or why it shouldn’t be in the first place.<u></u><u></u></p></div></div></blockquote><div><p class="MsoNormal"><u></u> <u></u></p></div><p class="MsoNormal">Apologies if this isn't considered appropriate on this list, but I think the point of joining representative organisations is important, especially on this topic.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Join a group like ITPA (it doesn't have to be ITPA, so this isn't "strictly" an ad - more a drive to get people participating in industry associations. The more members we have, the stronger our voice. We have commented strongly on this issue, and will continue to do so on this and other issues of importance to IT Professionals.<u></u><u></u></p><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">ITPA Associate membership is free. Paid membership is less than the cost of a cup of coffee a week.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">If not us, choose another representative organisation, and make sure your voice is heard.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">If you (and others) don't, then things like Metadata Retention, breaking encryption, and goodness knows what they have up their sleeves next will continue to go through.<u></u><u></u></p></div><div><p class="MsoNormal"><u></u> <u></u></p></div><div><p class="MsoNormal">Regards,<u></u><u></u></p></div><div><p class="MsoNormal"><br>Robert<u></u><u></u></p></div><div><p class="MsoNormal"> <u></u><u></u></p></div><blockquote style="border:none;border-left:solid #cccccc 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm"><div><div><p class="MsoNormal"> <u></u><u></u></p></div></div></blockquote></div></div></div></div></blockquote></div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div></div></div>