<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 9/01/2019 11:18 am, Paul Wilkins
      wrote:<br>
    </div>
    <blockquote type="cite"
cite="mid:CAMmROTKOjwzzYfRBDPsMKKpvvCfD5tX0jcDkwHC0jBzdVU0rJQ@mail.gmail.com">
      <meta http-equiv="content-type" content="text/html; charset=UTF-8">
      <div dir="ltr">
        <div dir="ltr">Obviously this has been in limbo over the
          Christmas break. There's 2 really important issues, on hold
          because of this.<br>
          <br>
          1 - When or if the PJCIS will call for public comment on the
          Act as passed.<br>
        </div>
      </div>
    </blockquote>
    <p>PJCIS called for further comments on the Act as passed a few days
      after the Act was passed -</p>
    <p>They opened a new page on the PJCIS as a new inquiry: 'Review of
      the Telecommunications and Other Legislation Amendment (Assistance
      and Access) Act 2018 with specific reference to Government
      amendments introduced and passed on 6 December 2018'<br>
    </p>
    <p><a class="moz-txt-link-freetext" href="https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct">https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct</a><br>
    </p>
    <blockquote type="cite">
      <p>The Government amendments introduced and passed on 6 December
        2018 are available at this<a
href="https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Famend%2Fr6195_amend_2ef65c47-7a59-45e1-9427-cf3e7400ef4d%22">
          link</a>. A <a
href="https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22legislation/ems/r6195_ems_b832c54b-6091-41ca-baf4-35bb94a856e8%22">Supplementary
          Explanatory Memorandum </a>on the amendments was also
        presented to the Parliament.</p>
      <p>The Committee will accept submissions on any new matters
        arising with the passage of the Act, and will consider the need
        for further hearings as the inquiry progresses.</p>
    </blockquote>
    <p>There are already two new submissions , from IGIS and
      Commonwealth Ombudsman.</p>
    <p>They are specifically looking for comments on wording and
      construction, suggestions on better definitions for 'Systemic
      Weakness' and on the definitions used and passed.</p>
    <p><br>
    </p>
    <blockquote type="cite"
cite="mid:CAMmROTKOjwzzYfRBDPsMKKpvvCfD5tX0jcDkwHC0jBzdVU0rJQ@mail.gmail.com">
      <div dir="ltr">
        <div dir="ltr"><br>
          So we probably won't see any developments until Parliament
          resumes 12th February.<br>
          <br>
          Kind regards<br>
          <br>
          Paul Wilkins<br>
          <br>
        </div>
      </div>
      <br>
      <div class="gmail_quote">
        <div dir="ltr">On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <<a
            href="mailto:paulwilkins369@gmail.com"
            moz-do-not-send="true">paulwilkins369@gmail.com</a>>
          wrote:<br>
        </div>
        <blockquote class="gmail_quote" style="margin:0px 0px 0px
          0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
          <div dir="ltr">
            <div dir="ltr">
              <div dir="ltr">
                <div dir="ltr">
                  <div dir="ltr">
                    <div>
                      <div>I guess we should anticipate that the PJCIS
                        will ask for further submissions. Probably they
                        will give as little advance warning as possible
                        to conform to their "accelerated timetable". I
                        would think they'll announce their request for
                        submissions as soon as the Labor amendments are
                        dealt with.</div>
                      <div><br>
                      </div>
                      <div>The Labor amendments are critical for:</div>
                      <ul>
                        <li>Requirements for judicial review of
                          TCNs/TARs, and avenue of judicial appeal for
                          service providers</li>
                        <li>Strengthened requirements for necessity and
                          proportionality</li>
                        <li>Definitions of system vulnerability and
                          systemic weakness (which preclude mass
                          deployment of patched code)</li>
                      </ul>
                    </div>
                    <div>These amendments are necessary and reasonable.
                      However for me, the following issues still remain
                      to be resolved:</div>
                    <div><br>
                    </div>
                    <div>1 - Granting the  police EA powers  (rather
                      than the intelligence services - ASIO & AFP)
                      goes too far where the police do not require EA.
                      Rather the least intrusive powers that would still
                      enable them to prosecute serious crime, would be
                      Legal Intercept (basically enough powers to get to
                      the clear text, where they are back to where they
                      were before before the "going dark" due to
                      encryption). This means that Police should get a
                      different category of TAN - where there are no
                      write or modify data powers (ie. read only). Any
                      write or modify capabilities they require should
                      be implemented under a duly authorised TCN.</div>
                    <div><br>
                    </div>
                    <div>2 - Once there is allowance for differentiation
                      in Police vs Intelligence Services powers, there
                      should similarly be differentiation for the
                      seriousness of crimes investigated. The 3 years
                      for Police services (but limited to Legal
                      Intercept) would still allow the police to
                      investigate cyber stalking, but also many other
                      crimes some have suggested is like using a sledge
                      hammer to crack a nut. Given the more intrusive
                      nature of EA vs Legal Intercept, there should be a
                      higher bar for the Intelligence Services to demand
                      EA powers (say 20 years to life). If they need
                      only Legal Intercept, then the bar could remain at
                      3 years.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>3 - It's still not clear that anything doable
                      under a TCN, cannot be compelled under a TAN's
                      write/modify data powers. Hence, there ought to be
                      exclusions of a TAN's powers from compelling the
                      implementation of a capability for which a TCN can
                      be issued.</div>
                    <div><br>
                    </div>
                    <div>4 - I'm still not seeing where a TCN, TAN, or
                      TAR, is disallowed from serving as "authorisation"
                      under s280 / s313 of the Telecommunications Act
                      1997, sufficient to demand mass access to carrier
                      metadata/ metadata datastreams. There is also
                      lawful disclosure of mass metadata under s177 of
                      the Telecomms Interception and Access Act 1979. If
                      the police and/or intelligence services get access
                      to metadata streams, they will integrate this with
                      their other metadata projects, including CCTV and
                      facial recognition databases. Which is obviously
                      something some in Law Enforcement are advocating
                      for, though I think most citizens would regard
                      this as an alarming move towards mass surveillance
                      and a police state.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>5 - Having one agency act as a clearing house
                      for notices and warrant data, is still a
                      preferable framework to access by multiple
                      agencies, and would provide advantages for
                      economy, efficiency, governance, and the secure
                      custody of both warrant data and service provider
                      confidential information.</div>
                    <div><br>
                    </div>
                    <div>6 - Journalists and media organisations ought
                      to be able to mount a public interest defense
                      against the issue of TANs.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>7 - Any citizen ought to have standing to mount
                      a public interest defense against the issue of a
                      TCN.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>8 - An audit trail be mandated for all TAN/TAR
                      actions.</div>
                    <div><br>
                    </div>
                    <div>Interested to hear if anyone has comments or
                      other concerns.<br>
                    </div>
                    <div><br>
                    </div>
                    <div>Kind regards</div>
                    <div><br>
                    </div>
                    <div>Paul Wilkins<br>
                    </div>
                  </div>
                </div>
              </div>
            </div>
          </div>
          <br>
          <div class="gmail_quote">
            <div dir="ltr">On Sat, 15 Dec 2018 at 09:29, I <<a
                href="mailto:beatthebastards@inbox.com" target="_blank"
                moz-do-not-send="true">beatthebastards@inbox.com</a>>
              wrote:<br>
            </div>
            <blockquote class="gmail_quote" style="margin:0px 0px 0px
              0.8ex;border-left:1px solid
              rgb(204,204,204);padding-left:1ex">
              <div>
                <div>GCHQ is going for the same thing</div>
                <a
href="https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate"
                  target="_blank" moz-do-not-send="true">https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate</a>
              </div>
              _______________________________________________<br>
              AusNOG mailing list<br>
              <a href="mailto:AusNOG@lists.ausnog.net" target="_blank"
                moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
              <a href="http://lists.ausnog.net/mailman/listinfo/ausnog"
                rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
            </blockquote>
          </div>
        </blockquote>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
    </blockquote>
    <p><br>
    </p>
  </body>
</html>