[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Wed Dec 12 12:39:10 EST 2018


https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf

On Wed, 12 Dec 2018 at 12:25, Paul Brooks <pbrooks-ausnog at layer10.com.au>
wrote:

> @Matt - 'a screen capture and remote access ability', if installed on all
> phones would surely be a 'systemic vulnerability' in anybody's view, and
> would be a global disaster if the method of triggering this ability escaped
> to the wider world. This would be an example of precisely the dangerous and
> ill-advised exploit that we are all concerned the agencies might ask for in
> ignorance.   Heck, this is exactly the sort of malware exploit that
> after-market malware scanners and virus checkers for phones should be
> looking for to to detect and warn the user if an app or the OS had been
> compromised and was attempting to do these things. I can see a rapidly
> growing market for malware checkers!
>
> @Paul - where is the requirement for 'judicial approval'? - it doesn't go
> anywhere near a court.   The TCN can be issued by the Attorney General. If
> (and only if) the recipient thinks it might be able to be pushed back on,
> they can ask for a review by a *retired* judge and a tech expert with a
> high security clearance.  A *retired* judge is not a 'judicial approval',
> and the easiest place to source the other expert from is from within ASIO -
> hardly independent.  The AGD chooses the two reviewers, not the recipient.
> The legislation as passed also doesn't deal with the situation if the two
> experts disagree on whether it is allowable or not.   And there is no
> requirement for a warrant to have been issued - the whole point of a TCN is
> to preemptively create a capability that can be exploited later, on the off
> chance there will be a future warrant that requires the exploit to be
> triggered.
>
> Paul.
>
> On 12/12/2018 12:02 pm, Paul Wilkins wrote:
>
> Matt, (IINAL)
> But it appears on my reading that both 317ZG and more specifically the new
> 317ZGA would arguably prohibit this.
>
> The (pending?) amendments are worth a read. Stronger terms on 317ZG and
> importantly - *requirement for judicial approval of TCNs*.
>
> 317P (5)(2)(d) the designated communications provider has, if reasonably
> practicable, been consulted and given a reasonable opportunity to make
> submissions on whether the requirements to be imposed by the notice are
> reasonable and proportionate and whether compliance with the notice is
> practicable and technically feasible.
>
>
> On Wed, 12 Dec 2018 at 11:30, Matt Perkins <matt at spectrum.com.au> wrote:
>
>> It strikes me that all that will be needed is the phone manufacturers to
>> put a screen capture and remote access ability on the phones. Then Law
>> enforcement need to do is read the screens no need to involve the
>> individual app makers at all.  They are after a wide and non savvy audience
>> here. Looking over the shoulder of phone users is what we are talking
>> about. I would say expect to see a boost in convictions of medium size drug
>> distributors  and  small amateur terror type people.
>>
>> These are the same people that used sms before they just want that
>> capability back.
>>
>> Matt
>>
>>
>>
>> --
>> /* Matt Perkins
>>        Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>>        Office 1300 133 299     matt at spectrum.com.au
>>        Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>>       SIP 1300137379 at sip.spectrum.com.au
>>        Google Talk MattAPerkins at gmail.com
>>        PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
>> */
>>
>> > On 12 Dec 2018, at 8:27 am, Paul Brooks <pbrooks-ausnog at layer10.com.au>
>> wrote:
>> >
>> >> On 12/12/2018 3:54 am, Scott Weeks wrote:
>> >>
>> >> -----------------
>> >> The Bill was passed on Thursday
>> >> -----------------
>> >>
>> >>
>> >> Damn, I'm gonna need a bigger bag of popcorn!
>> >> Waaaay bigger.  I can't wait to see how this
>> >> plays out.
>> >
>> > We'll probably never know how this plays out, unless one of the major
>> global brands
>> > pulls out of the Australian market.
>> >
>> > Tech companies doing development in Aust will put in independent code
>> reviews by an
>> > offshore team to protect against onshore employees, or will quietly
>> close Australian
>> > development shops over years.  Some tech companies will move overseas -
>> gradually,
>> > over months and years.    Net result - lower demand for Australian IT
>> staff, lower
>> > export figures in the DFAT stats over years.
>> >
>> > Many 'component manufacturers or suppliers' will blithely carry on,
>> unaware this might
>> > apply to them at all until they receive a notice
>> >
>> > A massive data breach in 3 years time may not be traced back to a
>> system change caused
>> > as a result of a notice, or if an investigation does uncover the root
>> cause, is likely
>> > to be quietly hushed up.
>> >
>> > It'll take a massive ASIC-website-blocking-like event own-goal to
>> generate demand for
>> > popcorn. That or a majority of politicians starting to listen to
>> experts rather than
>> > agencies and repealing it, and there's precious few Andrew Wilkies
>> around at the
>> > moment so that's even less likely.
>> >
>> > P.
>> >
>> >
>> >
>> >
>> >
>> >>
>> >> scott
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>>
>> >>>
>> >>>
>> >>> _______________________________________________
>> >>> AusNOG mailing list
>> >>> AusNOG at lists.ausnog.net
>> >>> http://lists.ausnog.net/mailman/listinfo/ausnog
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> AusNOG mailing list
>> >> AusNOG at lists.ausnog.net
>> >> http://lists.ausnog.net/mailman/listinfo/ausnog
>> >>
>> >>
>> >> _______________________________________________
>> >> AusNOG mailing list
>> >> AusNOG at lists.ausnog.net
>> >> http://lists.ausnog.net/mailman/listinfo/ausnog
>> >
>> >
>> > _______________________________________________
>> > AusNOG mailing list
>> > AusNOG at lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181212/45212e21/attachment.html>


More information about the AusNOG mailing list