[AusNOG] Dutton decryption bill

[Paul Julian]

I think it’s easy to read this, just re-read the bollocks that we have already had to comply with and it should match pretty close.
 
The summary I get from it is that they can’t access encrypted stuff now so they want everybody to make it so they can, but they can’t say that they will force people to make it so, just that they would really like it to be so.
If it costs you money to make it so then they may pay you for your efforts, or maybe they won’t. The only real thing that is concreate in this proposal is that the AG will be the only one to make requests.
 
I mean seriously, how does an ISP build capability to be able to view encrypted communications that traverse their network ?
 
This is typical of the recent few years of legislation involving the communications industry, vague enough for somebody to enforce it somehow, but still vague enough for people to not really know what they are expected to provide and how.
 
I think somebody in our government gets paid to create acronyms personally, there is a new swag of them in this proposal, just like the last ones.
 
Paul
 
From: AusNOG <ausnog-bounces at lists.ausnog.net> On Behalf Of Robert Hudson
Sent: Tuesday, 14 August 2018 1:31 PM
To: xrobau at gmail.com
Cc: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Dutton decryption bill
 
My reading isn't as positive.  tl;dr - it's too vague and open to intepretation.
 
>From the Explanatory Document (https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf):
 
" Allow the Attorney-General to issue a technical capability notice, requiring a designated communications provider to build a new capability that will enable them to give assistance as specified in the legislation to ASIO and interception agencies. A technical capability notice cannot require a provider to build or implement a capability to remove electronic protection, such as encryption. The Attorney-General must be satisfied that any requirements are reasonable, proportionate, practicable and technically feasible. The Attorney-General must also consult with the affected provider prior to issuing a notice, and may also determine procedures and arrangements relating to requests for technical capability notices. "
 
So, our government is proposing that it should be able to compel organisations to build capability into their products that allows the various designated interception agencies to access data.  The government can't required that they turn off existing electronic protections - but it does not say that they cannot add back-doors, AND it relies on the AG's satisfaction (remembering that s/he's the one issuing the "technical capability notice") that the requirements are reasonable, proportionate... etc.
 
I'm still not sure how we plan to force our will on overseas companies.  I'm also not convinced that the protections against back-doors are strong enough, particularly when it appears that the AG gets to decide what's appropriate and what isn't, particularly when the various requests and notices are issued by the AG to start with, and the AG will clearly have a vested interest in whatever they want being done as requested.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180814/07826bbf/attachment.html>