<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 9/01/2019 11:18 am, Paul Wilkins
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAMmROTKOjwzzYfRBDPsMKKpvvCfD5tX0jcDkwHC0jBzdVU0rJQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div dir="ltr">Obviously this has been in limbo over the
Christmas break. There's 2 really important issues, on hold
because of this.<br>
<br>
1 - When or if the PJCIS will call for public comment on the
Act as passed.<br>
</div>
</div>
</blockquote>
<p>PJCIS called for further comments on the Act as passed a few days
after the Act was passed -</p>
<p>They opened a new page on the PJCIS as a new inquiry: 'Review of
the Telecommunications and Other Legislation Amendment (Assistance
and Access) Act 2018 with specific reference to Government
amendments introduced and passed on 6 December 2018'<br>
</p>
<p><a class="moz-txt-link-freetext" href="https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct">https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct</a><br>
</p>
<blockquote type="cite">
<p>The Government amendments introduced and passed on 6 December
2018 are available at this<a
href="https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Famend%2Fr6195_amend_2ef65c47-7a59-45e1-9427-cf3e7400ef4d%22">
link</a>. A <a
href="https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22legislation/ems/r6195_ems_b832c54b-6091-41ca-baf4-35bb94a856e8%22">Supplementary
Explanatory Memorandum </a>on the amendments was also
presented to the Parliament.</p>
<p>The Committee will accept submissions on any new matters
arising with the passage of the Act, and will consider the need
for further hearings as the inquiry progresses.</p>
</blockquote>
<p>There are already two new submissions , from IGIS and
Commonwealth Ombudsman.</p>
<p>They are specifically looking for comments on wording and
construction, suggestions on better definitions for 'Systemic
Weakness' and on the definitions used and passed.</p>
<p><br>
</p>
<blockquote type="cite"
cite="mid:CAMmROTKOjwzzYfRBDPsMKKpvvCfD5tX0jcDkwHC0jBzdVU0rJQ@mail.gmail.com">
<div dir="ltr">
<div dir="ltr"><br>
So we probably won't see any developments until Parliament
resumes 12th February.<br>
<br>
Kind regards<br>
<br>
Paul Wilkins<br>
<br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <<a
href="mailto:paulwilkins369@gmail.com"
moz-do-not-send="true">paulwilkins369@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div dir="ltr">
<div>
<div>I guess we should anticipate that the PJCIS
will ask for further submissions. Probably they
will give as little advance warning as possible
to conform to their "accelerated timetable". I
would think they'll announce their request for
submissions as soon as the Labor amendments are
dealt with.</div>
<div><br>
</div>
<div>The Labor amendments are critical for:</div>
<ul>
<li>Requirements for judicial review of
TCNs/TARs, and avenue of judicial appeal for
service providers</li>
<li>Strengthened requirements for necessity and
proportionality</li>
<li>Definitions of system vulnerability and
systemic weakness (which preclude mass
deployment of patched code)</li>
</ul>
</div>
<div>These amendments are necessary and reasonable.
However for me, the following issues still remain
to be resolved:</div>
<div><br>
</div>
<div>1 - Granting the police EA powers (rather
than the intelligence services - ASIO & AFP)
goes too far where the police do not require EA.
Rather the least intrusive powers that would still
enable them to prosecute serious crime, would be
Legal Intercept (basically enough powers to get to
the clear text, where they are back to where they
were before before the "going dark" due to
encryption). This means that Police should get a
different category of TAN - where there are no
write or modify data powers (ie. read only). Any
write or modify capabilities they require should
be implemented under a duly authorised TCN.</div>
<div><br>
</div>
<div>2 - Once there is allowance for differentiation
in Police vs Intelligence Services powers, there
should similarly be differentiation for the
seriousness of crimes investigated. The 3 years
for Police services (but limited to Legal
Intercept) would still allow the police to
investigate cyber stalking, but also many other
crimes some have suggested is like using a sledge
hammer to crack a nut. Given the more intrusive
nature of EA vs Legal Intercept, there should be a
higher bar for the Intelligence Services to demand
EA powers (say 20 years to life). If they need
only Legal Intercept, then the bar could remain at
3 years.<br>
</div>
<div><br>
</div>
<div>3 - It's still not clear that anything doable
under a TCN, cannot be compelled under a TAN's
write/modify data powers. Hence, there ought to be
exclusions of a TAN's powers from compelling the
implementation of a capability for which a TCN can
be issued.</div>
<div><br>
</div>
<div>4 - I'm still not seeing where a TCN, TAN, or
TAR, is disallowed from serving as "authorisation"
under s280 / s313 of the Telecommunications Act
1997, sufficient to demand mass access to carrier
metadata/ metadata datastreams. There is also
lawful disclosure of mass metadata under s177 of
the Telecomms Interception and Access Act 1979. If
the police and/or intelligence services get access
to metadata streams, they will integrate this with
their other metadata projects, including CCTV and
facial recognition databases. Which is obviously
something some in Law Enforcement are advocating
for, though I think most citizens would regard
this as an alarming move towards mass surveillance
and a police state.<br>
</div>
<div><br>
</div>
<div>5 - Having one agency act as a clearing house
for notices and warrant data, is still a
preferable framework to access by multiple
agencies, and would provide advantages for
economy, efficiency, governance, and the secure
custody of both warrant data and service provider
confidential information.</div>
<div><br>
</div>
<div>6 - Journalists and media organisations ought
to be able to mount a public interest defense
against the issue of TANs.<br>
</div>
<div><br>
</div>
<div>7 - Any citizen ought to have standing to mount
a public interest defense against the issue of a
TCN.<br>
</div>
<div><br>
</div>
<div>8 - An audit trail be mandated for all TAN/TAR
actions.</div>
<div><br>
</div>
<div>Interested to hear if anyone has comments or
other concerns.<br>
</div>
<div><br>
</div>
<div>Kind regards</div>
<div><br>
</div>
<div>Paul Wilkins<br>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr">On Sat, 15 Dec 2018 at 09:29, I <<a
href="mailto:beatthebastards@inbox.com" target="_blank"
moz-do-not-send="true">beatthebastards@inbox.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div>
<div>GCHQ is going for the same thing</div>
<a
href="https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate"
target="_blank" moz-do-not-send="true">https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate</a>
</div>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank"
moz-do-not-send="true">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
</blockquote>
</div>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<p><br>
</p>
</body>
</html>