[AusNOG] Dutton decryption bill

Robert Hudson hudrob at gmail.com
Tue Aug 14 13:31:00 EST 2018


My reading isn't as positive.  tl;dr - it's too vague and open to
intepretation.

>From the Explanatory Document (
https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf
):

" Allow the Attorney-General to issue a technical capability notice,
requiring a designated communications provider to build a new capability
that will enable them to give assistance as specified in the legislation to
ASIO and interception agencies. A technical capability notice cannot
require a provider to build or implement a capability to remove electronic
protection, such as encryption. The Attorney-General must be satisfied that
any requirements are reasonable, proportionate, practicable and technically
feasible. The Attorney-General must also consult with the affected provider
prior to issuing a notice, and may also determine procedures and
arrangements relating to requests for technical capability notices. "

So, our government is proposing that it should be able to compel
organisations to build capability into their products that allows the
various designated interception agencies to access data.  The government
can't required that they turn off existing electronic protections - but it
does not say that they cannot add back-doors, AND it relies on the AG's
satisfaction (remembering that s/he's the one issuing the "technical
capability notice") that the requirements are reasonable, proportionate...
etc.

I'm still not sure how we plan to force our will on overseas companies.
I'm also not convinced that the protections against back-doors are strong
enough, particularly when it appears that the AG gets to decide what's
appropriate and what isn't, particularly when the various requests and
notices are issued by the AG to start with, and the AG will clearly have a
vested interest in whatever they want being done as requested.

On Tue, 14 Aug 2018 at 13:01, Rob Thomas <xrobau at gmail.com> wrote:

> I hate to be the ones COMPLIMENTING the Gumbyment, but it's nowhere
> near as bad as I thought they were going to make it. It looks like
> they've actually spoken to some people who udnerstand crypto.
>
> The important bits seem to be on Pages 8 and 9 here -
>
> https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf
> - where they explain what they can do.
>
> The only SLIGHTLY worrying bit is the second last part on Page 9 -
> They can compel people into "Modifying or substituting a target
> service", which seems worryingly vague.
>
> I haven't read through all of it, and - of course - the devil will be
> in the details.  But, it's not bad, all things considered.
>
> --Rob
>
> On Tue, 14 Aug 2018 at 12:40, I <beatthebastards at inbox.com> wrote:
> >
> >
> https://www.homeaffairs.gov.au/about/consultations/assistance-and-access-bill-2018
> > _______________________________________________
> > AusNOG mailing list
> > AusNOG at lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180814/44122540/attachment.html>


More information about the AusNOG mailing list