<div dir="ltr"><div>"If this passes I can see similar legislation being introduced in other jurisdictions."</div><div><br></div><div>I think this legislation and all its warts is going to be a particularly Australian feature.</div><div><br></div><div>The UK have RIPA already, which will probably become enforceable law after Brexit but there the notices require judicial approval. Europe is a no go due to <span class="gmail-st">GDPR</span> and America has the 2nd Amendment, so surveilling citizens is a non starter.</div><div><br></div><div>So far I've not seen any mention the interim law will have a sunset clause. Let's see, but if there's to be new legislation after the election, we may get a very different result.<br></div><div><br></div><div>Without a sunset clause, political reality, we'll have to wear a botched job.<br></div><div><br></div><div>Kind regards</div><div><br></div><div>Paul Wilkins<br></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, 5 Dec 2018 at 10:30, Mark Andrews <<a href="mailto:marka@isc.org">marka@isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
> On 5 Dec 2018, at 9:54 am, Ross Wheeler <<a href="mailto:rossw@albury.net.au" target="_blank">rossw@albury.net.au</a>> wrote:<br>
> <br>
> On Wed, 5 Dec 2018, Mark Andrews wrote:<br>
> <br>
>> More than likely they will get the app developer to make<br>
>> a custom version,<br>
> <br>
> I wonder if they pay the app developer for this "service"?<br>
> If the developer is outside Australian jurisdiction, how can they “persuade"<br>
> the developer to comply? And what's to stop the developer telling all and<br>
> sundry what the changes were?<br>
<br>
If this passes I can see similar legislation being introduced in other<br>
jurisdictions. Also “you cannot sell to Australians” with enforced<br>
removal from app stores is likely to happen. From the government’s<br>
perspective removal of the app is just as good as a compromised app. <br>
<br>
>> Most people will update when they are told the app is out of date.<br>
> <br>
> After this legislation passes, I think a great many people - especially<br>
> those doing things that may bring them to the attention of authorities -<br>
> will be highly suspicious of "updates" of all sorts.<br>
<br>
They still have to communicate with the rest of the world which is moving<br>
on.<br>
<br>
>> We are training people to update regularly to close security holes.<br>
> <br>
> Or, to open new ones, as the case may soon be.<br>
<br>
In general updating is the safer thing to do despite the small<br>
risk of new bugs being introduced especially if it update is<br>
billed as a maintenance release.<br>
<br>
>> Alternatively they will covertly install the updated version<br>
>> on the device.<br>
> <br>
> If they have the ability to do that now, why are the extra powers required?<br>
<br>
Reverse engineering a fake app to make it behave like the original app is<br>
difficult and error prone. Much simpler to get the developer to add the<br>
covert logging capability to the existing app.<br>
<br>
> R.<br>
<br>
-- <br>
Mark Andrews, ISC<br>
1 Seymour St., Dundas Valley, NSW 2117, Australia<br>
PHONE: +61 2 9871 4742 INTERNET: <a href="mailto:marka@isc.org" target="_blank">marka@isc.org</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote></div>