<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">@Matt - 'a screen capture and remote
access ability', if installed on all phones would surely be a
'systemic vulnerability' in anybody's view, and would be a global
disaster if the method of triggering this ability escaped to the
wider world. This would be an example of precisely the dangerous
and ill-advised exploit that we are all concerned the agencies
might ask for in ignorance. Heck, this is exactly the sort of
malware exploit that after-market malware scanners and virus
checkers for phones should be looking for to to detect and warn
the user if an app or the OS had been compromised and was
attempting to do these things. I can see a rapidly growing market
for malware checkers!</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">@Paul - where is the requirement for
'judicial approval'? - it doesn't go anywhere near a court. The
TCN can be issued by the Attorney General. If (and only if) the
recipient thinks it might be able to be pushed back on, they can
ask for a review by a *retired* judge and a tech expert with a
high security clearance. A *retired* judge is not a 'judicial
approval', and the easiest place to source the other expert from
is from within ASIO - hardly independent. The AGD chooses the two
reviewers, not the recipient. The legislation as passed also
doesn't deal with the situation if the two experts disagree on
whether it is allowable or not. And there is no requirement for
a warrant to have been issued - the whole point of a TCN is to
preemptively create a capability that can be exploited later, on
the off chance there will be a future warrant that requires the
exploit to be triggered.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Paul.<br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 12/12/2018 12:02 pm, Paul Wilkins
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMmROTK867A3J4-gggAp9YupGuF8k2tEb6_J5+UKNsWzq6OmZQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Matt, (IINAL)</div>
<div>But it appears on
my reading that both
317ZG and more
specifically the new
317ZGA would
arguably prohibit
this.</div>
<div><br>
</div>
<div>The (pending?)
amendments are worth
a read. Stronger
terms on 317ZG and
importantly - <b>requirement
for judicial
approval of TCNs</b>.<br>
</div>
<div><br>
</div>
<div>
<div
style="margin-left:40px">317P
(5)(2)(d) the
designated
communications
provider has, if
reasonably
practicable, been
consulted and
given a reasonable
opportunity to
make submissions
on whether the
requirements to be
imposed by the
notice are
reasonable and
proportionate and
whether compliance
with the notice is
practicable and
technically
feasible.<br>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, 12 Dec 2018 at 11:30, Matt Perkins <<a
href="mailto:matt@spectrum.com.au" moz-do-not-send="true">matt@spectrum.com.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">It
strikes me that all that will be needed is the phone
manufacturers to put a screen capture and remote access
ability on the phones. Then Law enforcement need to do is read
the screens no need to involve the individual app makers at
all. They are after a wide and non savvy audience here.
Looking over the shoulder of phone users is what we are
talking about. I would say expect to see a boost in
convictions of medium size drug distributors and small
amateur terror type people. <br>
<br>
These are the same people that used sms before they just want
that capability back. <br>
<br>
Matt<br>
<br>
<br>
<br>
-- <br>
/* Matt Perkins<br>
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.<br>
Office 1300 133 299 <a
href="mailto:matt@spectrum.com.au" target="_blank"
moz-do-not-send="true">matt@spectrum.com.au</a><br>
Fax 1300 133 255 Level 6, 350 George Street
Sydney 2000<br>
SIP <a href="mailto:1300137379@sip.spectrum.com.au"
target="_blank" moz-do-not-send="true">1300137379@sip.spectrum.com.au</a><br>
Google Talk <a href="mailto:MattAPerkins@gmail.com"
target="_blank" moz-do-not-send="true">MattAPerkins@gmail.com</a><br>
PGP/GNUPG Public Key can be found at <a
href="http://pgp.mit.edu" rel="noreferrer" target="_blank"
moz-do-not-send="true">http://pgp.mit.edu</a><br>
*/<br>
<br>
> On 12 Dec 2018, at 8:27 am, Paul Brooks <<a
href="mailto:pbrooks-ausnog@layer10.com.au" target="_blank"
moz-do-not-send="true">pbrooks-ausnog@layer10.com.au</a>>
wrote:<br>
> <br>
>> On 12/12/2018 3:54 am, Scott Weeks wrote:<br>
>> <br>
>> -----------------<br>
>> The Bill was passed on Thursday<br>
>> -----------------<br>
>> <br>
>> <br>
>> Damn, I'm gonna need a bigger bag of popcorn!<br>
>> Waaaay bigger. I can't wait to see how this <br>
>> plays out.<br>
> <br>
> We'll probably never know how this plays out, unless one
of the major global brands<br>
> pulls out of the Australian market.<br>
> <br>
> Tech companies doing development in Aust will put in
independent code reviews by an<br>
> offshore team to protect against onshore employees, or
will quietly close Australian<br>
> development shops over years. Some tech companies will
move overseas - gradually,<br>
> over months and years. Net result - lower demand for
Australian IT staff, lower<br>
> export figures in the DFAT stats over years.<br>
> <br>
> Many 'component manufacturers or suppliers' will blithely
carry on, unaware this might<br>
> apply to them at all until they receive a notice<br>
> <br>
> A massive data breach in 3 years time may not be traced
back to a system change caused<br>
> as a result of a notice, or if an investigation does
uncover the root cause, is likely<br>
> to be quietly hushed up.<br>
> <br>
> It'll take a massive ASIC-website-blocking-like event
own-goal to generate demand for<br>
> popcorn. That or a majority of politicians starting to
listen to experts rather than<br>
> agencies and repealing it, and there's precious few
Andrew Wilkies around at the<br>
> moment so that's even less likely.<br>
> <br>
> P.<br>
> <br>
> <br>
> <br>
> <br>
> <br>
>> <br>
>> scott<br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>>> <br>
>>> <br>
>>> <br>
>>> _______________________________________________<br>
>>> AusNOG mailing list<br>
>>> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
>>> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
>> <br>
>> <br>
>> <br>
>> _______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
>> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
>> <br>
>> <br>
>> _______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
>> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
> <br>
> <br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net" target="_blank"
moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank"
moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>