<div dir="ltr"><div dir="ltr">The inclusion of judicial authorisation of notices is an important safeguard, for no less reason than that it would provide the necessary safeguard against a TCN or TAN being used as constituting authorisation under section 313C(3) and s280(1)(b) of the Telecommunications Act for the bulk disclosure of carrier metadata.<br><br>Kind regards<br><br>Paul Wilkins<br><br></div></div><br><div class="gmail_quote"><div dir="ltr">On Wed, 12 Dec 2018 at 13:14, Paul Brooks <<a href="mailto:pbrooks-ausnog@layer10.com.au">pbrooks-ausnog@layer10.com.au</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF">
    <div class="gmail-m_6924476029596879072moz-cite-prefix">Paul - those are the additional
      Opposition amendments, to have been moved by Penny Wong, that were
      not introduced and are not part of the current legislation. If the
      opposition crosses its fingers, they might be allowed to try them
      in February.</div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix"><br>
    </div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix">Right now, the relevant part is 317WA 
      Assessment and report (regarding a TCN):</div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix">
      <blockquote type="cite"><br>
        (1) If a consultation notice is given to a designated
        communications provider under subsection 317W(1) in relation to
        a proposed technical capability notice, the provider may, within
        the time limit specified in the consultation notice, give the
        Attorney-General a written notice requesting the carrying out of
        an assessment of whether the proposed technical capability
        notice should be given.<br>
        (2) If a designated communications provider gives the
        Attorney-General a notice under subsection (1) in relation to a
        proposed technical capability notice, the Attorney-General must
        appoint 2 persons to carry out an assessment of whether the
        proposed technical capability notice should be given.<br>
        (3) For the purposes of this section, the persons appointed
        under subsection (2) are to be known as the <i>assessors.</i><br>
        (4) One of the assessors must be a person who: <br>
                    (a) has knowledge that would enable the person to
        assess whether proposed technical capability notices would
        contravene section 317ZG; and<br>
                    (b) is cleared for security purposes to:<br>
                                    (i) the highest level required by
        staff members of ASIO; or<br>
                                    (ii) such lower level as the
        Attorney-General approves.<br>
        (5) One of the assessors must be a person who:<br>
                       (a) has served as a judge in one or more
        prescribed courts for a period of 5 years; and<br>
                       (b) no longer holds a commission as a judge of a
        prescribed court.</blockquote>
      <br>
    </div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix">etc.</div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix"><br>
    </div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix"><br>
    </div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix"><br>
    </div>
    <div class="gmail-m_6924476029596879072moz-cite-prefix">On 12/12/2018 12:45 pm, Paul Wilkins
      wrote:<br>
    </div>
    <blockquote type="cite">
      
      <div dir="ltr">
        <div dir="ltr">
          <div><br>
          </div>
          <div><br>
          </div>
          <div>317V, substitute:<br>
            unless:<br>
            <div style="margin-left:40px">(a) the Attorney-General is
              satisfied that:<br>
            </div>
            <div style="margin-left:80px">(i) the requirements imposed
              by the notice are reasonable and proportionate; and<br>
              (ii) compliance with the notice is practicable and
              technically feasible; and<br>
            </div>
            <div style="margin-left:40px"><b>(b) an eligible Judge has
                approved the giving of the notice.</b><br>
            </div>
          </div>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr">On Wed, 12 Dec 2018 at 12:39, Paul Wilkins <<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div dir="ltr"><a href="https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf" target="_blank">https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf</a><br>
          </div>
          <br>
          <div class="gmail_quote">
            <div dir="ltr">On Wed, 12 Dec 2018 at 12:25, Paul Brooks
              <<a href="mailto:pbrooks-ausnog@layer10.com.au" target="_blank">pbrooks-ausnog@layer10.com.au</a>>
              wrote:<br>
            </div>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
              <div bgcolor="#FFFFFF">
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">@Matt
                  - 'a screen capture and remote access ability', if
                  installed on all phones would surely be a 'systemic
                  vulnerability' in anybody's view, and would be a
                  global disaster if the method of triggering this
                  ability escaped to the wider world. This would be an
                  example of precisely the dangerous and ill-advised
                  exploit that we are all concerned the agencies might
                  ask for in ignorance.   Heck, this is exactly the sort
                  of malware exploit that after-market malware scanners
                  and virus checkers for phones should be looking for to
                  to detect and warn the user if an app or the OS had
                  been compromised and was attempting to do these
                  things. I can see a rapidly growing market for malware
                  checkers!</div>
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix"><br>
                </div>
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">@Paul
                  - where is the requirement for 'judicial approval'? -
                  it doesn't go anywhere near a court.   The TCN can be
                  issued by the Attorney General. If (and only if) the
                  recipient thinks it might be able to be pushed back
                  on, they can ask for a review by a *retired* judge and
                  a tech expert with a high security clearance.  A
                  *retired* judge is not a 'judicial approval', and the
                  easiest place to source the other expert from is from
                  within ASIO - hardly independent.  The AGD chooses the
                  two reviewers, not the recipient. The legislation as
                  passed also doesn't deal with the situation if the two
                  experts disagree on whether it is allowable or not.  
                  And there is no requirement for a warrant to have been
                  issued - the whole point of a TCN is to preemptively
                  create a capability that can be exploited later, on
                  the off chance there will be a future warrant that
                  requires the exploit to be triggered.<br>
                </div>
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix"><br>
                </div>
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">Paul.<br>
                </div>
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix"><br>
                </div>
                <div class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">On
                  12/12/2018 12:02 pm, Paul Wilkins wrote:<br>
                </div>
                <blockquote type="cite">
                  <div dir="ltr">
                    <div dir="ltr">
                      <div dir="ltr">
                        <div dir="ltr">
                          <div dir="ltr">
                            <div dir="ltr">
                              <div dir="ltr">
                                <div dir="ltr">
                                  <div dir="ltr">
                                    <div dir="ltr">
                                      <div dir="ltr">
                                        <div dir="ltr">
                                          <div dir="ltr">
                                            <div dir="ltr">
                                              <div dir="ltr">
                                                <div dir="ltr">
                                                  <div dir="ltr">
                                                    <div dir="ltr">
                                                      <div dir="ltr">
                                                        <div dir="ltr">
                                                          <div dir="ltr">
                                                          <div dir="ltr">
                                                          <div>Matt,
                                                          (IINAL)</div>
                                                          <div>But it
                                                          appears on my
                                                          reading that
                                                          both 317ZG and
                                                          more
                                                          specifically
                                                          the new 317ZGA
                                                          would arguably
                                                          prohibit this.</div>
                                                          <div><br>
                                                          </div>
                                                          <div>The
                                                          (pending?)
                                                          amendments are
                                                          worth a read.
                                                          Stronger terms
                                                          on 317ZG and
                                                          importantly -
                                                          <b>requirement
                                                          for judicial
                                                          approval of
                                                          TCNs</b>.<br>
                                                          </div>
                                                          <div><br>
                                                          </div>
                                                          <div>
                                                          <div style="margin-left:40px">317P
                                                          (5)(2)(d) the
                                                          designated
                                                          communications
                                                          provider has,
                                                          if reasonably
                                                          practicable,
                                                          been consulted
                                                          and given a
                                                          reasonable
                                                          opportunity to
                                                          make
                                                          submissions on
                                                          whether the
                                                          requirements
                                                          to be imposed
                                                          by the notice
                                                          are reasonable
                                                          and
                                                          proportionate
                                                          and whether
                                                          compliance
                                                          with the
                                                          notice is
                                                          practicable
                                                          and
                                                          technically
                                                          feasible.<br>
                                                          </div>
                                                          <br>
                                                          </div>
                                                          </div>
                                                          </div>
                                                        </div>
                                                      </div>
                                                    </div>
                                                  </div>
                                                </div>
                                              </div>
                                            </div>
                                          </div>
                                        </div>
                                      </div>
                                    </div>
                                  </div>
                                </div>
                              </div>
                            </div>
                          </div>
                        </div>
                      </div>
                    </div>
                  </div>
                  <br>
                  <div class="gmail_quote">
                    <div dir="ltr">On Wed, 12 Dec 2018 at 11:30, Matt
                      Perkins <<a href="mailto:matt@spectrum.com.au" target="_blank">matt@spectrum.com.au</a>>
                      wrote:<br>
                    </div>
                    <blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">It strikes me
                      that all that will be needed is the phone
                      manufacturers to put a screen capture and remote
                      access ability on the phones. Then Law enforcement
                      need to do is read the screens no need to involve
                      the individual app makers at all.  They are after
                      a wide and non savvy audience here. Looking over
                      the shoulder of phone users is what we are talking
                      about. I would say expect to see a boost in
                      convictions of medium size drug distributors  and 
                      small amateur terror type people. <br>
                      <br>
                      These are the same people that used sms before
                      they just want that capability back. <br>
                      <br>
                      Matt<br>
                      <br>
                      <br>
                      <br>
                      -- <br>
                      /* Matt Perkins<br>
                             Direct 1300 137 379     Spectrum Networks
                      Ptd. Ltd.<br>
                             Office 1300 133 299     <a href="mailto:matt@spectrum.com.au" target="_blank">matt@spectrum.com.au</a><br>
                             Fax    1300 133 255     Level 6, 350 George
                      Street Sydney 2000<br>
                            SIP <a href="mailto:1300137379@sip.spectrum.com.au" target="_blank">1300137379@sip.spectrum.com.au</a><br>
                             Google Talk <a href="mailto:MattAPerkins@gmail.com" target="_blank">MattAPerkins@gmail.com</a><br>
                             PGP/GNUPG Public Key can be found at  <a href="http://pgp.mit.edu" rel="noreferrer" target="_blank">http://pgp.mit.edu</a><br>
                      */<br>
                      <br>
                      > On 12 Dec 2018, at 8:27 am, Paul Brooks <<a href="mailto:pbrooks-ausnog@layer10.com.au" target="_blank">pbrooks-ausnog@layer10.com.au</a>>
                      wrote:<br>
                      > <br>
                      >> On 12/12/2018 3:54 am, Scott Weeks wrote:<br>
                      >> <br>
                      >> -----------------<br>
                      >> The Bill was passed on Thursday<br>
                      >> -----------------<br>
                      >> <br>
                      >> <br>
                      >> Damn, I'm gonna need a bigger bag of
                      popcorn!<br>
                      >> Waaaay bigger.  I can't wait to see how
                      this <br>
                      >> plays out.<br>
                      > <br>
                      > We'll probably never know how this plays out,
                      unless one of the major global brands<br>
                      > pulls out of the Australian market.<br>
                      > <br>
                      > Tech companies doing development in Aust will
                      put in independent code reviews by an<br>
                      > offshore team to protect against onshore
                      employees, or will quietly close Australian<br>
                      > development shops over years.  Some tech
                      companies will move overseas - gradually,<br>
                      > over months and years.    Net result - lower
                      demand for Australian IT staff, lower<br>
                      > export figures in the DFAT stats over years.<br>
                      > <br>
                      > Many 'component manufacturers or suppliers'
                      will blithely carry on, unaware this might<br>
                      > apply to them at all until they receive a
                      notice<br>
                      > <br>
                      > A massive data breach in 3 years time may not
                      be traced back to a system change caused<br>
                      > as a result of a notice, or if an
                      investigation does uncover the root cause, is
                      likely<br>
                      > to be quietly hushed up.<br>
                      > <br>
                      > It'll take a massive
                      ASIC-website-blocking-like event own-goal to
                      generate demand for<br>
                      > popcorn. That or a majority of politicians
                      starting to listen to experts rather than<br>
                      > agencies and repealing it, and there's
                      precious few Andrew Wilkies around at the<br>
                      > moment so that's even less likely.<br>
                      > <br>
                      > P.<br>
                      > <br>
                      > <br>
                      > <br>
                      > <br>
                      > <br>
                      >> <br>
                      >> scott<br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >>>  <br>
                      >>> <br>
                      >>> <br>
                      >>>
                      _______________________________________________<br>
                      >>> AusNOG mailing list<br>
                      >>> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
                      >>> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
                      >> <br>
                      >> <br>
                      >> <br>
                      >>
                      _______________________________________________<br>
                      >> AusNOG mailing list<br>
                      >> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
                      >> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
                      >> <br>
                      >> <br>
                      >>
                      _______________________________________________<br>
                      >> AusNOG mailing list<br>
                      >> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
                      >> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
                      > <br>
                      > <br>
                      >
                      _______________________________________________<br>
                      > AusNOG mailing list<br>
                      > <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
                      > <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
                      <br>
                      _______________________________________________<br>
                      AusNOG mailing list<br>
                      <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
                      <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
                    </blockquote>
                  </div>
                  <br>
                  <fieldset class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892mimeAttachmentHeader"></fieldset>
                  <pre class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-quote-pre">_______________________________________________
AusNOG mailing list
<a class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a>
<a class="gmail-m_6924476029596879072gmail-m_520188063830096251gmail-m_5788927746176696892moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
                </blockquote>
                <p><br>
                </p>
              </div>
              _______________________________________________<br>
              AusNOG mailing list<br>
              <a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
              <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
            </blockquote>
          </div>
        </blockquote>
      </div>
    </blockquote>
    <p><br>
    </p>
  </div>

</blockquote></div>