[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Thu Dec 6 17:33:36 EST 2018 

Just checked, and cyber stalking qualifies as it has 3 year max sentence.

On Thu, 6 Dec 2018 at 17:21, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> To get a TAN approved, you'll need:
>
>    - to be an interception agency
>    - to have your TAN approved by the AFP
>    - the investigation must attach a 3 year sentence
>    - there *may *need to also be a data / computer warrant. Then again
>    there may not.
>
> So no TANs for councils.
>
> TARs I'm not sure. There's amendments to bring them into line with TANs
> but I'd be guessing if their approval is 100% contiguous to TANs.
>
> Labor wanted to remove both ICACS and the state police, because when you
> look at it, there is no Ombudsman oversite of powers exercised by states
> under the Telecommunications Act. So it is a surprise to see state police
> still will get TANs/TARs under the revised Bill, but they will need AFP
> approval, which is definite improvement.
>
> I can see a need for state police to have Legal Intercept powers, but no
> reason it should go as far as the right to modify data.
>
> Kind regards
>
> Paul Wilkins
>
> On Thu, 6 Dec 2018 at 17:00, Robert Hudson <hudrob at gmail.com> wrote:
>
>>
>>
>> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins <paulwilkins369 at gmail.com
>> wrote:
>>
>>> The original 172 page Bill was so obviously deficient in so many areas,
>>> it was easier to just say the Bill should be thrown out in its entirety and
>>> start over. Now, post 50 pages of amendments, there's still plenty of scope
>>> for serious criticism, and the debate around getting the balance right
>>> between citizens rights, and the right of the State to extend judicial writ
>>> to cyberspace will continue, but this is in every way a very much improved
>>> Bill over the original.
>>>
>>
>> Is it? Have the amendments increased the likelyhood that it will actually
>> help law enforcement? Have the amendments helped to ensure that criminals
>> continue to use services that are subject to the reach of Australian law
>> enforcement agencies?
>>
>> As Mark Newton pointed out in another forum recently, he was told, face
>> to face, by a sitting MP, in that MPs office, that his concerns that the
>> agencies that would have access to metadata would increase substantially
>> were ill-founded, as were his concerns that the reasons to request metadata
>> would increase dramatically. And now local councils have access to
>> metadata, and there are close to 1,000 requests for metadata per day.
>>
>>>
>>> I don't see on any of the grounds of criticism of the original Bill, the
>>> amendments have gone as far as they need to, but on all the metrics that
>>> matter this new Bill represents an honest attempt to accommodate issues of
>>> privacy, accountability, and the need to maintain security and protect
>>> service provider property rights against unnecessary or disproportionate
>>> intrusion by Law Enforcement, and balance those against the legitimate
>>> interests of the State to enforce the rule of law in cyberspace.
>>>
>>
>> I contend that the bill now represents an honest attempt to look like
>> they're accomodating issues that aren't related to the core fact that the
>> proposed laws won't actually reduce crime or increase security.
>>
>> How explicitly removing state (and potential future federal) ICACs as
>> agencies able to utilise the powers of the bill is, in any way, reasonably
>> associated with the phrase "honest attempt" is beyond me.
>>
>>>
>>> From the definitions of systemic vulnerability and systemic weakness it
>>> would seem to put it beyond question that back doors can only be deployed
>>> against target devices, not deployed en masse. That said, there needs to be
>>> a control plane function that allows access to the target device that
>>> wasn't there before, which still constitutes a potential
>>> weakness/vulnerability.
>>>
>>
>> I am sure the bill will be successful in stopping the vulnerabilities it
>> creates leaking. I mean, if (when, recall just how successfully the NSA
>> managed to keep stuxnet under lock and key) the AFP manage to leak code
>> that allows keylogger installs onto iPhones, no criminal group (or just
>> obnoxious bunch of script kiddies posing as an online hacking group) would
>> be able to take advantage of this - that's not a systemic vulnerability or
>> weakness, right?
>>
>>
>>> "systemic vulnerability means a vulnerability that affects a whole class
>>> of technology, but does not include a vulnerability that is selectively
>>> introduced to one or more target technologies that are connected with a
>>> particular person. For this purpose, it is immaterial whether the person
>>> can be identified."
>>>
>>> There's still obvious gaps around the powers and accountabilities of
>>> state police.
>>>
>>> I have to say it looks dangerously like a sensible working position from
>>> which to move forward from, while ensuring security services get the powers
>>> they say they have an immediate need for.
>>>
>>
>> When they prove the need beyond saying "We need this because we say we
>> need it", and show that the intended targets won't simply sidestep it and
>> move on, THEN we may have a working position from which to move forward.
>>
>> Until then, this is just massive over-reach.
>>
>> As Mark Newton previously noted, this has "The Four Horsemen of the
>> Infocalypse" written all over it. In particular, the script to follow:
>>
>> "How to get what you want in 4 easy stages:
>>
>>
>>    1. Have a target "thing" you wish to stop, yet lack any moral, or
>>    practical reasons for doing so? *[We want to break encryption]*
>>    2. Pick a fear common to lots of people, something that will evoke a
>>    gut reaction: terrorists, pedophiles, serial killers. *[Terrorists,
>>    natch.]*
>>    3. Scream loudly to the media that "thing" is being used by
>>    perpetrators. (Don't worry if this is true, or common to all other things,
>>    or less common with "thing" than with other long established
>>    systems—payphones, paper mail, private hotel rooms, lack of bugs in all
>>    houses etc.) *[OMG, terrorists are using encryption (lets ignore the
>>    fact that we're still stopping them without being able to break it, and we
>>    still let the ones we know about stab people). Sure, its ubiquitous,  but
>>    TERRORISTS!]*
>>    4. Say that the only way to stop perpetrators is to close down
>>    "thing", or to regulate it to death, or to have laws forcing en masse
>>    tapability of all private communications on "thing". Don't worry if
>>    communicating on "thing" is a constitutionally protected right, if you have
>>    done a good job in choosing and publicising the horsemen in 2, no one will
>>    notice, they will be too busy clamouring for you to save them from the
>>    supposed evils. *[This whole debate - there are still people acting
>>    on the assumption that this is needed, and that it will achieve the stated
>>    goals. Bonus points for screaming at anyone who disagrees that they're only
>>    doing so because they must support terrorism - yep, we've seen that.]*
>>    "
>>
>>
>> Just because they say they need it doesn't mean that they do, or that it
>> will work.
>>
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>>
>>> On Thu, 6 Dec 2018 at 13:48, Mark Newton <newton at atdot.dotat.org> wrote:
>>>
>>>>
>>>>
>>>> On 12/05/2018 11:48 AM, Paul Wilkins wrote:
>>>> > "If this passes I can see similar legislation being introduced in
>>>> > other jurisdictions."
>>>> >
>>>> > I think this legislation and all its warts is going to be a
>>>> > particularly Australian feature.
>>>>
>>>> Exported globally, though.
>>>>
>>>> A 5-eyes power who wants to surveil someone can come to Australia, get
>>>> ASIO or ASD to land a TCN on the target's platform provider, and pass
>>>> on
>>>> the result.
>>>>
>>>> Example:
>>>>
>>>> CIA wants something from an iPhone user. They can't get it themselves.
>>>> So they take the iPhone user's IMEI to ASD and ask for 5-eyes
>>>> assistance.
>>>>
>>>> ASD screams "terrorist!" in a TCN sent to Apple, which demands
>>>> production of a compromised version of iOS which keylogs and
>>>> screenshots
>>>> any encrypted messaging apps which happen to run, and pushed as a
>>>> silent
>>>> upgrade to that user's phone.
>>>>
>>>> Results flow from Apple to ASD, and ASD passes them back to the CIA.
>>>>
>>>> There is no need for any other 5-eyes nation to pass this law now that
>>>> Australia has it. It's provided 5-eyes with a global capability.
>>>>
>>>>    - mark
>>>>
>>>>
>>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181206/1cbbc9f7/attachment-0001.html>

More information about the AusNOG mailing list