[AusNOG] Dutton decryption bill

Scott siridar at gmail.com
Thu Aug 16 15:54:08 EST 2018


You know, I've often wondered about these large companies - what would stop
them from presenting a page that said "Your access to our services has been
restricted because of laws in your jurisdiction. If you have any questions,
please call <local member> on <phone number> to discuss the issue"?

On Thu, 16 Aug 2018 at 14:48, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Couple of points for discussion:
>
> 1 - The overseas jurisdiction is to be met by whether you conduct business
> within Australia. So that already covers the big corporates, social media
> etc. If you want to continue to conduct business in Australia, you're going
> to have to comply with Australian law or have your company delisted/brands
> invalidated/accounts frozen. So it will be immaterial the jurisdiction of
> where the service is hosted.
>
> 2 - The reporting oversite proposed is meaningless. Just reporting the
> number of notices within a period means nothing. There ought to be
> additional data as to the type of actions sought, classifications of data
> extracted (personal data, geolocation, financial, "metadata"...), and the
> classification of offence the notice was to address (national security,
> child abuse material, family law etc). As currently drafted the AG would
> have the power to issue assistance notices/capability requests, while
> simultaneously criminalising disclosure of both the terms and existence of
> the notices. Journalists take note.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Thu, 16 Aug 2018 at 13:20, Robert Hudson <hudrob at gmail.com> wrote:
>
>> Hi Paul,
>>
>> We have already published our stance on this previously in press releases
>> and our regular newsletter, and will be sending a formal response to the
>> govt's invitation to do so.
>>
>> That response is currently being formulated to ensure we cover all
>> pertinent points, thus far (until we complete our reading of the mattter)
>> being:
>>
>> * The proposed laws are WAY too vague to start with, and contradictory at
>> times in what is and isn't allowed, who and who is not allowed to access
>> the data, etc
>> * There is a strong history already of misuse of power by government
>> agencies/privileged individuals.
>> * This is over-reach by government with significant potential impact to
>> law-abiding citizens
>> * There is no way to breach end-to-end asymmetric key encryption in the
>> way they're talking without creating back-doors, compromising the
>> encryption process or creating secondary back-channels
>> * The idea that the Australian government can enforce the law with
>> parties based overseas where they are outside of the jurisdiction of our
>> government or its treaty partners is laughable
>> * There is insufficient protection of process - the A-G gets to make the
>> requests/notices, and the A-G gets to decide at the same time what's
>> reasonable and what's not
>> * The criminals this is aimed at will simply move to using tools outside
>> of the government's reach if they're even remotely competent (if they're
>> not, surely this level of law is not required to catch them), meaning that
>> the only people this will really impact will, again, be law-abiding citizens
>> * The likely next step when people start using tools outside of the
>> government's control will be to mandate that only govt-controlled apps are
>> used - meaning loss of functionality for law-abiding citizens, or
>> unintentional criminal acts when they download and use something they don't
>> realise is sanctioned.
>>
>> There's probably (almost certainly) more.  I've got a full-time job
>> outside of doing this, as do the rest of the ITPA board.  If (or anyone
>> else reading this) has strong feelings/expertise in this area, we'd gladly
>> look to work with you on our response.  Or hell, join and volunteer to help
>> us with this - we represent ~18,000 associate members at this stage, and
>> the bigger we get, the more our voice will resonate.
>>
>> Regards,
>>
>> Robert
>>
>> On Thu, 16 Aug. 2018, 12:59 pm Paul Julian, <paul at buildingconnect.com.au>
>> wrote:
>>
>>> Hi Robert,
>>>
>>>
>>>
>>> I think it’s a perfectly valid point, so just out of interest what is
>>> ITPA’s plan to respond to this current situation ?
>>>
>>>
>>>
>>> Regards
>>>
>>> Paul
>>>
>>>
>>>
>>> *From:* Robert Hudson <hudrob at gmail.com>
>>> *Sent:* Thursday, 16 August 2018 12:34 PM
>>> *To:* paul at buildingconnect.com.au
>>> *Cc:* Paul Wilkins <paulwilkins369 at gmail.com>; ausnog at lists.ausnog.net
>>> *Subject:* Re: [AusNOG] Dutton decryption bill
>>>
>>>
>>>
>>> On Thu, 16 Aug 2018 at 11:10, Paul Julian <paul at buildingconnect.com.au>
>>> wrote:
>>>
>>> Hi Paul,
>>>
>>>
>>>
>>> Where do you even start ?
>>>
>>> I would love to be able to comment on these things properly but how do
>>> you structure a response that isn’t just a whinge and saying that it’s not
>>> fair and blah blah, it would need to offer alternatives or suggestions on
>>> how else this could be accomplished or why it shouldn’t be in the first
>>> place.
>>>
>>>
>>>
>>> Apologies if this isn't considered appropriate on this list, but I think
>>> the point of joining representative organisations is important, especially
>>> on this topic.
>>>
>>>
>>>
>>> Join a group like ITPA (it doesn't have to be ITPA, so this isn't
>>> "strictly" an ad - more a drive to get people participating in industry
>>> associations.  The more members we have, the stronger our voice.  We have
>>> commented strongly on this issue, and will continue to do so on this and
>>> other issues of importance to IT Professionals.
>>>
>>>
>>>
>>> ITPA Associate membership is free.  Paid membership is less than the
>>> cost of a cup of coffee a week.
>>>
>>>
>>>
>>> If not us, choose another representative organisation, and make sure
>>> your voice is heard.
>>>
>>>
>>>
>>> If you (and others) don't, then things like Metadata Retention, breaking
>>> encryption, and goodness knows what they have up their sleeves next will
>>> continue to go through.
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>> Robert
>>>
>>>
>>>
>>>
>>>
>>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180816/f604cf30/attachment.html>


More information about the AusNOG mailing list