<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Paul - those are the additional
Opposition amendments, to have been moved by Penny Wong, that were
not introduced and are not part of the current legislation. If the
opposition crosses its fingers, they might be allowed to try them
in February.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">Right now, the relevant part is 317WA
Assessment and report (regarding a TCN):</div>
<div class="moz-cite-prefix">
<blockquote type="cite"><br>
(1) If a consultation notice is given to a designated
communications provider under subsection 317W(1) in relation to
a proposed technical capability notice, the provider may, within
the time limit specified in the consultation notice, give the
Attorney-General a written notice requesting the carrying out of
an assessment of whether the proposed technical capability
notice should be given.<br>
(2) If a designated communications provider gives the
Attorney-General a notice under subsection (1) in relation to a
proposed technical capability notice, the Attorney-General must
appoint 2 persons to carry out an assessment of whether the
proposed technical capability notice should be given.<br>
(3) For the purposes of this section, the persons appointed
under subsection (2) are to be known as the <i>assessors.</i><br>
(4) One of the assessors must be a person who: <br>
(a) has knowledge that would enable the person to
assess whether proposed technical capability notices would
contravene section 317ZG; and<br>
(b) is cleared for security purposes to:<br>
(i) the highest level required by
staff members of ASIO; or<br>
(ii) such lower level as the
Attorney-General approves.<br>
(5) One of the assessors must be a person who:<br>
(a) has served as a judge in one or more
prescribed courts for a period of 5 years; and<br>
(b) no longer holds a commission as a judge of a
prescribed court.</blockquote>
<br>
</div>
<div class="moz-cite-prefix">etc.</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix"><br>
</div>
<div class="moz-cite-prefix">On 12/12/2018 12:45 pm, Paul Wilkins
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMmROTL9sjq8NHs=BLLnsBmxpSL3Xd+rQ-XOrQkU1jah8d38yw@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">
<div><br>
</div>
<div><br>
</div>
<div>317V, substitute:<br>
unless:<br>
<div style="margin-left:40px">(a) the Attorney-General is
satisfied that:<br>
</div>
<div style="margin-left:80px">(i) the requirements imposed
by the notice are reasonable and proportionate; and<br>
(ii) compliance with the notice is practicable and
technically feasible; and<br>
</div>
<div style="margin-left:40px"><b>(b) an eligible Judge has
approved the giving of the notice.</b><br>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, 12 Dec 2018 at 12:39, Paul Wilkins <<a
href="mailto:paulwilkins369@gmail.com"
moz-do-not-send="true">paulwilkins369@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr"><a
href="https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf"
target="_blank" moz-do-not-send="true">https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf</a><br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, 12 Dec 2018 at 12:25, Paul Brooks
<<a href="mailto:pbrooks-ausnog@layer10.com.au"
target="_blank" moz-do-not-send="true">pbrooks-ausnog@layer10.com.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">@Matt
- 'a screen capture and remote access ability', if
installed on all phones would surely be a 'systemic
vulnerability' in anybody's view, and would be a
global disaster if the method of triggering this
ability escaped to the wider world. This would be an
example of precisely the dangerous and ill-advised
exploit that we are all concerned the agencies might
ask for in ignorance. Heck, this is exactly the sort
of malware exploit that after-market malware scanners
and virus checkers for phones should be looking for to
to detect and warn the user if an app or the OS had
been compromised and was attempting to do these
things. I can see a rapidly growing market for malware
checkers!</div>
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix"><br>
</div>
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">@Paul
- where is the requirement for 'judicial approval'? -
it doesn't go anywhere near a court. The TCN can be
issued by the Attorney General. If (and only if) the
recipient thinks it might be able to be pushed back
on, they can ask for a review by a *retired* judge and
a tech expert with a high security clearance. A
*retired* judge is not a 'judicial approval', and the
easiest place to source the other expert from is from
within ASIO - hardly independent. The AGD chooses the
two reviewers, not the recipient. The legislation as
passed also doesn't deal with the situation if the two
experts disagree on whether it is allowable or not.
And there is no requirement for a warrant to have been
issued - the whole point of a TCN is to preemptively
create a capability that can be exploited later, on
the off chance there will be a future warrant that
requires the exploit to be triggered.<br>
</div>
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix"><br>
</div>
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">Paul.<br>
</div>
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix"><br>
</div>
<div
class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-cite-prefix">On
12/12/2018 12:02 pm, Paul Wilkins wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>Matt,
(IINAL)</div>
<div>But it
appears on my
reading that
both 317ZG and
more
specifically
the new 317ZGA
would arguably
prohibit this.</div>
<div><br>
</div>
<div>The
(pending?)
amendments are
worth a read.
Stronger terms
on 317ZG and
importantly -
<b>requirement
for judicial
approval of
TCNs</b>.<br>
</div>
<div><br>
</div>
<div>
<div
style="margin-left:40px">317P
(5)(2)(d) the
designated
communications
provider has,
if reasonably
practicable,
been consulted
and given a
reasonable
opportunity to
make
submissions on
whether the
requirements
to be imposed
by the notice
are reasonable
and
proportionate
and whether
compliance
with the
notice is
practicable
and
technically
feasible.<br>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Wed, 12 Dec 2018 at 11:30, Matt
Perkins <<a href="mailto:matt@spectrum.com.au"
target="_blank" moz-do-not-send="true">matt@spectrum.com.au</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">It strikes me
that all that will be needed is the phone
manufacturers to put a screen capture and remote
access ability on the phones. Then Law enforcement
need to do is read the screens no need to involve
the individual app makers at all. They are after
a wide and non savvy audience here. Looking over
the shoulder of phone users is what we are talking
about. I would say expect to see a boost in
convictions of medium size drug distributors and
small amateur terror type people. <br>
<br>
These are the same people that used sms before
they just want that capability back. <br>
<br>
Matt<br>
<br>
<br>
<br>
-- <br>
/* Matt Perkins<br>
Direct 1300 137 379 Spectrum Networks
Ptd. Ltd.<br>
Office 1300 133 299 <a
href="mailto:matt@spectrum.com.au"
target="_blank" moz-do-not-send="true">matt@spectrum.com.au</a><br>
Fax 1300 133 255 Level 6, 350 George
Street Sydney 2000<br>
SIP <a
href="mailto:1300137379@sip.spectrum.com.au"
target="_blank" moz-do-not-send="true">1300137379@sip.spectrum.com.au</a><br>
Google Talk <a
href="mailto:MattAPerkins@gmail.com"
target="_blank" moz-do-not-send="true">MattAPerkins@gmail.com</a><br>
PGP/GNUPG Public Key can be found at <a
href="http://pgp.mit.edu" rel="noreferrer"
target="_blank" moz-do-not-send="true">http://pgp.mit.edu</a><br>
*/<br>
<br>
> On 12 Dec 2018, at 8:27 am, Paul Brooks <<a
href="mailto:pbrooks-ausnog@layer10.com.au"
target="_blank" moz-do-not-send="true">pbrooks-ausnog@layer10.com.au</a>>
wrote:<br>
> <br>
>> On 12/12/2018 3:54 am, Scott Weeks wrote:<br>
>> <br>
>> -----------------<br>
>> The Bill was passed on Thursday<br>
>> -----------------<br>
>> <br>
>> <br>
>> Damn, I'm gonna need a bigger bag of
popcorn!<br>
>> Waaaay bigger. I can't wait to see how
this <br>
>> plays out.<br>
> <br>
> We'll probably never know how this plays out,
unless one of the major global brands<br>
> pulls out of the Australian market.<br>
> <br>
> Tech companies doing development in Aust will
put in independent code reviews by an<br>
> offshore team to protect against onshore
employees, or will quietly close Australian<br>
> development shops over years. Some tech
companies will move overseas - gradually,<br>
> over months and years. Net result - lower
demand for Australian IT staff, lower<br>
> export figures in the DFAT stats over years.<br>
> <br>
> Many 'component manufacturers or suppliers'
will blithely carry on, unaware this might<br>
> apply to them at all until they receive a
notice<br>
> <br>
> A massive data breach in 3 years time may not
be traced back to a system change caused<br>
> as a result of a notice, or if an
investigation does uncover the root cause, is
likely<br>
> to be quietly hushed up.<br>
> <br>
> It'll take a massive
ASIC-website-blocking-like event own-goal to
generate demand for<br>
> popcorn. That or a majority of politicians
starting to listen to experts rather than<br>
> agencies and repealing it, and there's
precious few Andrew Wilkies around at the<br>
> moment so that's even less likely.<br>
> <br>
> P.<br>
> <br>
> <br>
> <br>
> <br>
> <br>
>> <br>
>> scott<br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>> <br>
>>> <br>
>>> <br>
>>> <br>
>>>
_______________________________________________<br>
>>> AusNOG mailing list<br>
>>> <a
href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
>>> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
>> <br>
>> <br>
>> <br>
>>
_______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
>> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
>> <br>
>> <br>
>>
_______________________________________________<br>
>> AusNOG mailing list<br>
>> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
>> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
> <br>
> <br>
>
_______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
> <a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net"
target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
<a
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote>
</div>
<br>
<fieldset
class="gmail-m_520188063830096251gmail-m_5788927746176696892mimeAttachmentHeader"></fieldset>
<pre class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-quote-pre">_______________________________________________
AusNOG mailing list
<a class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net" target="_blank" moz-do-not-send="true">AusNOG@lists.ausnog.net</a>
<a class="gmail-m_520188063830096251gmail-m_5788927746176696892moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<p><br>
</p>
</div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank"
moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote>
</div>
</blockquote>
</div>
</blockquote>
<p><br>
</p>
</body>
</html>