[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Wed Dec 12 12:45:00 EST 2018


317V, substitute:
unless:
(a) the Attorney-General is satisfied that:
(i) the requirements imposed by the notice are reasonable and
proportionate; and
(ii) compliance with the notice is practicable and technically feasible; and
*(b) an eligible Judge has approved the giving of the notice.*

On Wed, 12 Dec 2018 at 12:39, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

>
> https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf
>
> On Wed, 12 Dec 2018 at 12:25, Paul Brooks <pbrooks-ausnog at layer10.com.au>
> wrote:
>
>> @Matt - 'a screen capture and remote access ability', if installed on all
>> phones would surely be a 'systemic vulnerability' in anybody's view, and
>> would be a global disaster if the method of triggering this ability escaped
>> to the wider world. This would be an example of precisely the dangerous and
>> ill-advised exploit that we are all concerned the agencies might ask for in
>> ignorance.   Heck, this is exactly the sort of malware exploit that
>> after-market malware scanners and virus checkers for phones should be
>> looking for to to detect and warn the user if an app or the OS had been
>> compromised and was attempting to do these things. I can see a rapidly
>> growing market for malware checkers!
>>
>> @Paul - where is the requirement for 'judicial approval'? - it doesn't go
>> anywhere near a court.   The TCN can be issued by the Attorney General. If
>> (and only if) the recipient thinks it might be able to be pushed back on,
>> they can ask for a review by a *retired* judge and a tech expert with a
>> high security clearance.  A *retired* judge is not a 'judicial approval',
>> and the easiest place to source the other expert from is from within ASIO -
>> hardly independent.  The AGD chooses the two reviewers, not the recipient.
>> The legislation as passed also doesn't deal with the situation if the two
>> experts disagree on whether it is allowable or not.   And there is no
>> requirement for a warrant to have been issued - the whole point of a TCN is
>> to preemptively create a capability that can be exploited later, on the off
>> chance there will be a future warrant that requires the exploit to be
>> triggered.
>>
>> Paul.
>>
>> On 12/12/2018 12:02 pm, Paul Wilkins wrote:
>>
>> Matt, (IINAL)
>> But it appears on my reading that both 317ZG and more specifically the
>> new 317ZGA would arguably prohibit this.
>>
>> The (pending?) amendments are worth a read. Stronger terms on 317ZG and
>> importantly - *requirement for judicial approval of TCNs*.
>>
>> 317P (5)(2)(d) the designated communications provider has, if reasonably
>> practicable, been consulted and given a reasonable opportunity to make
>> submissions on whether the requirements to be imposed by the notice are
>> reasonable and proportionate and whether compliance with the notice is
>> practicable and technically feasible.
>>
>>
>> On Wed, 12 Dec 2018 at 11:30, Matt Perkins <matt at spectrum.com.au> wrote:
>>
>>> It strikes me that all that will be needed is the phone manufacturers to
>>> put a screen capture and remote access ability on the phones. Then Law
>>> enforcement need to do is read the screens no need to involve the
>>> individual app makers at all.  They are after a wide and non savvy audience
>>> here. Looking over the shoulder of phone users is what we are talking
>>> about. I would say expect to see a boost in convictions of medium size drug
>>> distributors  and  small amateur terror type people.
>>>
>>> These are the same people that used sms before they just want that
>>> capability back.
>>>
>>> Matt
>>>
>>>
>>>
>>> --
>>> /* Matt Perkins
>>>        Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
>>>        Office 1300 133 299     matt at spectrum.com.au
>>>        Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
>>>       SIP 1300137379 at sip.spectrum.com.au
>>>        Google Talk MattAPerkins at gmail.com
>>>        PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
>>> */
>>>
>>> > On 12 Dec 2018, at 8:27 am, Paul Brooks <pbrooks-ausnog at layer10.com.au>
>>> wrote:
>>> >
>>> >> On 12/12/2018 3:54 am, Scott Weeks wrote:
>>> >>
>>> >> -----------------
>>> >> The Bill was passed on Thursday
>>> >> -----------------
>>> >>
>>> >>
>>> >> Damn, I'm gonna need a bigger bag of popcorn!
>>> >> Waaaay bigger.  I can't wait to see how this
>>> >> plays out.
>>> >
>>> > We'll probably never know how this plays out, unless one of the major
>>> global brands
>>> > pulls out of the Australian market.
>>> >
>>> > Tech companies doing development in Aust will put in independent code
>>> reviews by an
>>> > offshore team to protect against onshore employees, or will quietly
>>> close Australian
>>> > development shops over years.  Some tech companies will move overseas
>>> - gradually,
>>> > over months and years.    Net result - lower demand for Australian IT
>>> staff, lower
>>> > export figures in the DFAT stats over years.
>>> >
>>> > Many 'component manufacturers or suppliers' will blithely carry on,
>>> unaware this might
>>> > apply to them at all until they receive a notice
>>> >
>>> > A massive data breach in 3 years time may not be traced back to a
>>> system change caused
>>> > as a result of a notice, or if an investigation does uncover the root
>>> cause, is likely
>>> > to be quietly hushed up.
>>> >
>>> > It'll take a massive ASIC-website-blocking-like event own-goal to
>>> generate demand for
>>> > popcorn. That or a majority of politicians starting to listen to
>>> experts rather than
>>> > agencies and repealing it, and there's precious few Andrew Wilkies
>>> around at the
>>> > moment so that's even less likely.
>>> >
>>> > P.
>>> >
>>> >
>>> >
>>> >
>>> >
>>> >>
>>> >> scott
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>>
>>> >>>
>>> >>>
>>> >>> _______________________________________________
>>> >>> AusNOG mailing list
>>> >>> AusNOG at lists.ausnog.net
>>> >>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> AusNOG mailing list
>>> >> AusNOG at lists.ausnog.net
>>> >> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> AusNOG mailing list
>>> >> AusNOG at lists.ausnog.net
>>> >> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> >
>>> >
>>> > _______________________________________________
>>> > AusNOG mailing list
>>> > AusNOG at lists.ausnog.net
>>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>> _______________________________________________
>> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181212/377ef0bf/attachment.html>


More information about the AusNOG mailing list