[AusNOG] Assistance and Access Bill moves to PJCIS

Mark Andrews marka at isc.org
Wed Dec 5 10:30:18 EST 2018



> On 5 Dec 2018, at 9:54 am, Ross Wheeler <rossw at albury.net.au> wrote:
> 
> On Wed, 5 Dec 2018, Mark Andrews wrote:
> 
>> More than likely they will get the app developer to make
>> a custom version,
> 
> I wonder if they pay the app developer for this "service"?
> If the developer is outside Australian jurisdiction, how can they “persuade"
> the developer to comply? And what's to stop the developer telling all and
> sundry what the changes were?

If this passes I can see similar legislation being introduced in other
jurisdictions.  Also “you cannot sell to Australians” with enforced
removal from app stores is likely to happen.  From the government’s
perspective removal of the app is just as good as a compromised app. 

>> Most people will update when they are told the app is out of date.
> 
> After this legislation passes, I think a great many people - especially
> those doing things that may bring them to the attention of authorities -
> will be highly suspicious of "updates" of all sorts.

They still have to communicate with the rest of the world which is moving
on.

>> We are training people to update regularly to close security holes.
> 
> Or, to open new ones, as the case may soon be.

In general updating is the safer thing to do despite the small
risk of new bugs being introduced especially if it update is
billed as a maintenance release.

>> Alternatively they will covertly install the updated version
>> on the device.
> 
> If they have the ability to do that now, why are the extra powers required?

Reverse engineering a fake app to make it behave like the original app is
difficult and error prone.  Much simpler to get the developer to add the
covert logging capability to the existing app.

> R.

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org



More information about the AusNOG mailing list