[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Sat Dec 15 11:44:21 EST 2018 

I guess we should anticipate that the PJCIS will ask for further
submissions. Probably they will give as little advance warning as possible
to conform to their "accelerated timetable". I would think they'll announce
their request for submissions as soon as the Labor amendments are dealt
with.

The Labor amendments are critical for:

   - Requirements for judicial review of TCNs/TARs, and avenue of judicial
   appeal for service providers
   - Strengthened requirements for necessity and proportionality
   - Definitions of system vulnerability and systemic weakness (which
   preclude mass deployment of patched code)

These amendments are necessary and reasonable. However for me, the
following issues still remain to be resolved:

1 - Granting the  police EA powers  (rather than the intelligence services
- ASIO & AFP) goes too far where the police do not require EA. Rather the
least intrusive powers that would still enable them to prosecute serious
crime, would be Legal Intercept (basically enough powers to get to the
clear text, where they are back to where they were before before the "going
dark" due to encryption). This means that Police should get a different
category of TAN - where there are no write or modify data powers (ie. read
only). Any write or modify capabilities they require should be implemented
under a duly authorised TCN.

2 - Once there is allowance for differentiation in Police vs Intelligence
Services powers, there should similarly be differentiation for the
seriousness of crimes investigated. The 3 years for Police services (but
limited to Legal Intercept) would still allow the police to investigate
cyber stalking, but also many other crimes some have suggested is like
using a sledge hammer to crack a nut. Given the more intrusive nature of EA
vs Legal Intercept, there should be a higher bar for the Intelligence
Services to demand EA powers (say 20 years to life). If they need only
Legal Intercept, then the bar could remain at 3 years.

3 - It's still not clear that anything doable under a TCN, cannot be
compelled under a TAN's write/modify data powers. Hence, there ought to be
exclusions of a TAN's powers from compelling the implementation of a
capability for which a TCN can be issued.

4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from
serving as "authorisation" under s280 / s313 of the Telecommunications Act
1997, sufficient to demand mass access to carrier metadata/ metadata
datastreams. There is also lawful disclosure of mass metadata under s177 of
the Telecomms Interception and Access Act 1979. If the police and/or
intelligence services get access to metadata streams, they will integrate
this with their other metadata projects, including CCTV and facial
recognition databases. Which is obviously something some in Law Enforcement
are advocating for, though I think most citizens would regard this as an
alarming move towards mass surveillance and a police state.

5 - Having one agency act as a clearing house for notices and warrant data,
is still a preferable framework to access by multiple agencies, and would
provide advantages for economy, efficiency, governance, and the secure
custody of both warrant data and service provider confidential information.

6 - Journalists and media organisations ought to be able to mount a public
interest defense against the issue of TANs.

7 - Any citizen ought to have standing to mount a public interest defense
against the issue of a TCN.

8 - An audit trail be mandated for all TAN/TAR actions.

Interested to hear if anyone has comments or other concerns.

Kind regards

Paul Wilkins

On Sat, 15 Dec 2018 at 09:29, I <beatthebastards at inbox.com> wrote:

> GCHQ is going for the same thing
>
> https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181215/66f495e1/attachment.html>

More information about the AusNOG mailing list