<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Thanks Rob.<br>
Internet Australia's submission is at
<a class="moz-txt-link-freetext" href="https://internet.org.au/news/209-submission-internet-australia-s-submission-on-draft-assistance-and-access-bill">https://internet.org.au/news/209-submission-internet-australia-s-submission-on-draft-assistance-and-access-bill</a>.<br>
<br>
We're also collating other submissions at this page to aid
transparency, in case the Department doesn't publish the
collection themselves. <br>
There are currently 6 other submissions linked there, with more to
be added:<br>
<ul>
<li>- Massachusetts Institute of Technology: Internet Policy
Research Intiative</li>
<li>- Internet Architecture Board</li>
<li>- Chris Culnane and Vanessa Teague</li>
<li>- Communications Alliance, Australian Information Industry
Association, Australian Mobile Telecommunications Association</li>
<li>- Mark Nottingham</li>
<li>- Digital Rights Watch, Australia Privacy Foundation,
Electronic Fontiers Australia, Access Now, NSW Council for
Civil Liberties, Future Wise, Blueprint for Free Speech,
Queensland Council for Civil Liberties</li>
</ul>
All are well worth reading. <br>
<br>
The IAB didn't mince words - cherry picking selected paragraphs: "<br>
<blockquote type="cite">"While we normally do not review proposed
legislation, we are concerned that this proposal might have a
serious and undesirable impact upon the Internet and, taken as a
model, the sum of similar legislation may result in the
fragmentation of the Internet. <br>
....as custodians of the Internet’s architecture, <br>
we are required to take a global view. This approach, if applied
generally, would result in the <br>
Internet’s privacy and security being the lowest common
denominator permitted by the actions taken <br>
in myriad judicial contexts. From that perspective, this
approach drastically reduces trust in critical <br>
Internet infrastructure and affects the long term health and
viability of the Internet. "<br>
</blockquote>
<br>
May we include the ITPA submission, or a link to the ITPA page, in
that collection?<br>
<br>
Paul (with Chair of Internet Australia hat on)<br>
<br>
On 12/09/2018 9:07 AM, Robert Hudson wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOu9xNJTr6G_frHLoY4fqvzo0ANQ6KZV-f99AGqk+-6i3=1QBg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<div dir="ltr">As per my comments in August, ITPA put forward the
following comment on the draft bill within the offiicial public
comment window:
<div><br>
</div>
<div>"To whom it may concern,</div>
<div><br>
</div>
<div>On behalf of the Information Technology Professionals
Association (ITPA) and its members, I am writing today to
express a lack of support for "The Access and Assistance Bill,
2018" as it currently stands. This bill should not be
introduced to Parliament in its current form, and certainly
should not be voted into law.</div>
<div><br>
</div>
<div>ITPA and its members recognise the fact that encrypted
communication is one tool used by criminals to make it harder
for law enforcement agencies to discover and track their
whereabouts, plans, and other details of crimes they may have
or be able to commit. We appreciate the fact that the
government is seeking ways to increase its ability to better
prevent and prosecute crime. But it is ITPA's position that
the only real-life outcome of "The Access and Assistance Bill
2018" will be a negative impact to the individual privacy of
Australian citizens, and that the proposed benefits (allowing
law-enforcement to prevent or prosecute crimes) will not be
realised.<br>
</div>
<div><br>
</div>
<div>"The Access and Assistance Bill 2018" will not only fail to
achieve its stated aim (criminals will simply move to using
encryption products not covered by this bill - most of the
tools currently used in this area are not written by companies
which are bound by this bill, and those which are will simply
be traded for tools produced outside of Australia's
jurisdiction), but it will result in a significant reduction
of individual privacy for law-abiding citizens.</div>
<div><br>
</div>
<div>In addition to failing to achieve the desired goals, tools
created under this legislation to break or bypass the
encryption created by commonly used applications will almost
certainly be misused by individuals in positions of power
within law-enforcement agencies, as we have already seen
happen in other areas of surveillance legislation such as the
mandatory metadata retention scheme.</div>
<div><br>
</div>
<div>Further, it is certain that these tools will also become
available to people outside of legitimate law-enforcement
agencies, and will be used as a weapon against law-abiding
citizens - the leaking of the list of "blocked" sites under
Internet filtering regimes of the past (<a
href="https://www.smh.com.au/national/dentists-website-on-leaked-blacklist-20090319-93cl.html"
target="_blank" moz-do-not-send="true">https://www.smh.com.au/national/dentists-website-on-leaked-blacklist-20090319-93cl.html</a>)
shows that secrets and artifacts (such as lists of websites,
or access to tools) can and do get leaked beyond the approved
area of usage).</div>
<div><br>
</div>
<div>"The Access and Assistance Bill 2018" also has issues of
governance and oversight which require adjustment before it
could be supported. Although there is still a requirement for
warrants to be issued and a level of judicial oversight, a
political appointment (The Attorney General) holds significant
(and ultimate for short-term activities with post-activity
oversight) power within this legislation. It would be
preferable to have a politically independent body (an
individual or organisation) to provide the level of oversight
and authority carried by the Attorney General in this
legislation to ensure that decisions are not made under the
authority of this bill for political purposes.</div>
<div><br>
</div>
<div>If the government really wants to achieve better levels of
policing and crime prevention in areas of technology, we
implore the government to consult with the technology industry
during the drafting phases of legislation, rather than after
the draft has been put together in such a fashion as to be
technically infeasible. ITPA would be more than willing to be
part of a consultation process to resolve issues with the
currently proposed legislation, or for any other legislation
which requires technical expertise to achieve success."</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, 15 Aug 2018 at 13:48, Robert Hudson <<a
href="mailto:hudrob@gmail.com" moz-do-not-send="true">hudrob@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Paul,
<div><br>
</div>
<div>On Wed, 15 Aug 2018 at 13:31, Paul Brooks <<a
href="mailto:pbrooks-ausnog@layer10.com.au"
target="_blank" moz-do-not-send="true">pbrooks-ausnog@layer10.com.au</a>>
wrote:<br>
</div>
<div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div
class="m_8588547021095780586m_-3767039695596670175moz-cite-prefix">Thanks
Aftab for the plug - this is something that IA has
been tracking and meeting in Canberra with various
Minister-types down over the past 6-9 months, trying
to determine what they were looking to do, and
educate them on the concerns.<br>
This is data retention all over again. On one hand,
as an ISP, if you don't actually supply end-user
devices and all the OTT messaging apps pass through
your network, there may not be much in this to
concern. This Bill is aimed at
Samsung/Google/HTC/Oppo, and OTT service providers
like Apple iMessage, WhatsApp, Google Hangouts, etc.<br>
They were quite insistent they would not be seeking
to back-door encryption, and as it happens, they
were right! They just want to back-door the entire
device. And website, which is classed in there too.<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>The legislation is sufficiently vague as to allow
pretty much anything the A-G thinks is reasonable at the
time the A-G makes a request. </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div
class="m_8588547021095780586m_-3767039695596670175moz-cite-prefix">
<br>
If you're in Canberra on Monday night, we've got a
number of people from MIT Computer Science and
Artificial Inelligence Labs (CSAIL) and other
experts that talk to USA's people, and tickets still
available - From 4:30pm, with free drinks provided
afterwards.<br>
<br>
<a
class="m_8588547021095780586m_-3767039695596670175moz-txt-link-freetext"
href="https://www.eventbrite.com.au/e/encryption-experts-session-evening-in-canberra-tickets-48911717263"
target="_blank" moz-do-not-send="true">https://www.eventbrite.com.au/e/encryption-experts-session-evening-in-canberra-tickets-48911717263</a></div>
</div>
</blockquote>
<div><br>
</div>
<div>Canberra could be hard to attend from Sydney, but
this one may be important enough for me to make the
trip. </div>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div
class="m_8588547021095780586m_-3767039695596670175moz-cite-prefix"><br>
<br>
They're taking feedback/submissions/comments for 4
weeks only - is anyone planning to submit some
comment?<br>
</div>
</div>
</blockquote>
<div><br>
</div>
<div>ITPA is looking to provide feedback. We'd be happy
to work with other parties (individuals or
organisations) to put up a joint response.</div>
<div><br>
</div>
<div>Regards,</div>
<div><br>
Robert</div>
</div>
</div>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>