<div dir="ltr"><div><a href="https://www.theguardian.com/australia-news/2018/sep/27/australias-spyware-law-could-expose-phones-to-exploitation-business-group-warns">https://www.theguardian.com/australia-news/2018/sep/27/australias-spyware-law-could-expose-phones-to-exploitation-business-group-warns</a></div><div><br></div><div>Submission by <a href="https://www.homeaffairs.gov.au/consultations/Documents/australian-information-industry.pdf">Australian Information Industry Association</a></div><br></div><br><div class="gmail_quote"><div dir="ltr">On Tue, 25 Sep 2018 at 17:58, Paul Brooks <<a href="mailto:pbrooks-ausnog@layer10.com.au">pbrooks-ausnog@layer10.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div class="m_7476132786117279664moz-cite-prefix">I've heard the PJCIS process will also
be rushed. Calls for 'intentions to submit/reqests to appear' are
open now for a few weeks only.<br>
<b>They are planning precisely 1 single day for public hearings.
No more.</b><br>
<br>
There are three sitting weeks left in the year. There is an
election to be called next year probably in May, and caretaker
conventions which would prevent any further work on this bill from
sometime in April. so the Government's need for an accelerated
process is clear.<br>
<br>
All these points below need to be made in submissions to the PJCIS
now, so that they can easily see they'll need more than 1 day to
get through all the witnesses that want to appear and make these
points.<br>
<br>
<a class="m_7476132786117279664moz-txt-link-freetext" href="https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018" target="_blank">https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018</a><br>
<blockquote type="cite">The Committee is currently accepting
submissions to this review. Submissions should be provided no
later than <strong>12pm, Friday, 12 October 2018.</strong> If
you intend to make a submission, please contact the Secretariat
at <a href="mailto:TOLAbill@aph.gov.au" target="_blank">TOLAbill@aph.gov.au</a>
by Tuesday, 2 October 2018 to assist with planning. Hearings are
expected to be held on Friday, 19 October 2018.</blockquote>
<br>
Please - send an email now to <a class="m_7476132786117279664moz-txt-link-abbreviated" href="mailto:TOLAbill@aph.gov.au" target="_blank">TOLAbill@aph.gov.au</a> to confirm you
will (a) make a submission, and (b) wish to appear at the public
hearing - and then work out what you want to say. Re-sending a
submission previously sent to the Home Affairs sham consultation
would be a good start - the committee may not be given the
submissions sent in earlier this month to Home Affairs..<br>
<br>
And clear your diaries for Friday 19th October - maybe in Canberra
if there is to be only one day. I'm still waiting on confirmation
of venue.<br>
<br>
Paul.<br>
<br>
<br>
On 25/09/2018 5:05 PM, Paul Wilkins wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">I'm thinking Dutton's decision to push ahead with
an ill drawn bill wasn't completely isolated from his and the
government's need to change the news cycle around his au pair
scrape.<br>
<br>
Which is not to say the cops don't have active activations
they want these powers for, and as soon as possible. A big
bust with Dutton's new powers would be a shot in the arm for
the government's fortunes.<br>
<br>
However, the Bill doesn't deserve to pass, because it's not
ready, and will lead to unhappy outcomes, particularly for
service providers. Everyone has their concerns, these are
mine:<br>
<br>
1 - The multiplicity of agencies and agents who can authorise
TANs and TARs.<br>
<br>
1a - Warrant data and service provider data will reside with
the issuing agencies.<br>
<br>
Hence, the government needs to reconsider the whole approach,
and instead, have one agency act as a clearing house for
TCN/TAN/TARs, and act as custodian of warrant data and service
provider confidential data.<br>
<br>
2 - The lack of civil appeal process against TCN/TAN/TARs.<br>
Grounds for appeal to either refuse or delay assistance should
include:<br>
Cost, security management, risk management, business
management processes, disruption to business, disparity of
TCN/TAN/TAR with Privacy Act 1988.<br>
<br>
2a - The real possibility TAN/TARs will be used by Law
Enforcement to coerce unlawful access/disclosure.<br>
<br>
3 - The low bar required to issue TCN/TAN/TARs. The
government's case for these powers is serious crime and
terrorism. I don't know, but I imagine they settled for
"serious crime as defined under the Crimes Act" because (again
I'm guessing) that's the standard for physical warrants? It'd
be good to be clear as to this point, because cyber warrants
and physical warrants are, I think we'll agree, different in
kind. It's one thing to execute a physical warrant, which
means you have to give Law Enforcement entry, but I feel 2
years sets the bar a little low to let Law Enforcement go
snooping about a data centre, or pushing bootloader updates to
your phone.<br>
<br>
4 - The lack of accountability. The reporting requirements are
a rubber stamp, and leave the public none the wiser how these
powers are being used, whether they're successful, and to what
ends they're exercised. They will of course be used by the AFP
to pursue journalist sources of government leaks. I'm not sure
it's clear all leaks are against the public interest. There's
that problem where the government's interests, and the public
interest, are not always the same thing.<br>
<br>
4a - There needs to be specific details as to the use of the
power to enforce silence as to the existence of TCN/TAN/TARs.
I'm thinking this power to suppress shouldn't lie with Law
Enforcement at all, but should rather form part of the terms
of the accompanying computer/data warrants.<br>
<br>
5 - The Emergency provisions make the police a power
answerable to themselves for 48 hours.<br>
<br>
6 - The definition of "computer" which extends to any data
held on any computer connected on "the same network" - which
can be read as extending to the internet and anything that
connects to the internet.<br>
<br>
7 - I think the drafting is flawed, where TCN/TAN/TARs
restrict themselves to a target computer. I think it's
arguable the Bill doesn't extend to compelling access to
ancillary computers/network devices, needed to extract data
from the target computer.</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">
<div>Kind regards</div>
<div class="m_7476132786117279664gmail-yj6qo m_7476132786117279664gmail-ajU">
<div id="m_7476132786117279664gmail-:qx" class="m_7476132786117279664gmail-ajR"><img class="m_7476132786117279664gmail-ajT" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div>
</div>
<span style="color:rgb(0,0,0)"><span class="m_7476132786117279664gmail-HOEnZb m_7476132786117279664gmail-adL">
<div><br>
</div>
<div>Paul Wilkins</div>
</span></span></div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Tue, 25 Sep 2018 at 13:51, <<a href="mailto:trs80@ucc.gu.uwa.edu.au" target="_blank">trs80@ucc.gu.uwa.edu.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, 25
Sep 2018, Paul Wilkins wrote:<br>
<br>
> Australia is bound under international law against
arbitrary or unlawful incursions of the right to privacy.
That's black letter<br>
> law.<br>
<br>
We are also bound under international law the 1951 Refugee
Convention. The <br>
Australian government removed references to the convention
from the laws <br>
of Australia, so the courts can no longer enforce it. See also
this great <br>
quote:<br>
<br>
The Court held that Australian courts are bound to apply
Australian <br>
statute law “even if that law should violate a rule of
international law.”<br>
<br>
<a href="http://ilareporter.org.au/2018/04/australias-disengagement-from-international-refugee-law-the-principle-of-non-refoulement-and-the-doctrine-of-jurisdiction-sophie-capicchiano-young/" rel="noreferrer" target="_blank">http://ilareporter.org.au/2018/04/australias-disengagement-from-international-refugee-law-the-principle-of-non-refoulement-and-the-doctrine-of-jurisdiction-sophie-capicchiano-young/</a><br>
<a href="http://www.austlii.edu.au/cgi-bin/sinodisp/au/cases/cth/HCA/2015/1.html" rel="noreferrer" target="_blank">http://www.austlii.edu.au/cgi-bin/sinodisp/au/cases/cth/HCA/2015/1.html</a>
p462<br>
<br>
So as Mark said, these international "laws" mean nothing here
unless <br>
enacted by the Australian parliament. And specific bills, like
the <br>
Assistance and Access Bill can override them at will.<br>
<br>
-- <br>
# TRS-80 trs80(a)<a href="http://ucc.gu.uwa.edu.au" rel="noreferrer" target="_blank">ucc.gu.uwa.edu.au</a>
#/ "Otherwise Bub here will do \<br>
# UCC Wheel Member <a href="http://trs80.ucc.asn.au/" rel="noreferrer" target="_blank">http://trs80.ucc.asn.au/</a>
#| what squirrels do best |<br>
[ "There's nobody getting rich writing ]| -- Collect
and hide your |<br>
[ software that I know of" -- Bill Gates, 1980 ]\ nuts." --
Acid Reflux #231 /</blockquote>
</div>
<br>
<fieldset class="m_7476132786117279664mimeAttachmentHeader"></fieldset>
<br>
<pre>_______________________________________________
AusNOG mailing list
<a class="m_7476132786117279664moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a class="m_7476132786117279664moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<p><br>
</p>
</div>
</blockquote></div>