[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Thu Nov 15 12:18:23 EST 2018


Paul,
I'm concerned that under s313(3)c and s280(1)(b) Telecommunications Act
1997, TCNs/TANs can be issued to to create automated warrantless metadata
access, and we've seen little discussion around this, mostly the focus has
been on computer/data warrants.

There also used to be provision for voluntary disclosure by carriers to
LEAs, which either I can't find or has been amended.

Kind regards

Paul Wilkins

On Thu, 15 Nov 2018 at 11:58, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

>
> https://www.arnnet.com.au/article/648206/cisco-raises-grave-concerns-over-assistance-access-bill/
>
> In a submission to parliament, the networking giant expressed "serious
> reservations" regarding provisions within the Bill that "threaten to
> undercut sustained efforts by Cisco and others to develop, deploy and
> maintain technologies that are secure, trustworthy, transparent and
> accountable".
>
> On Thu, 15 Nov 2018 at 11:28, Paul Brooks <pbrooks-ausnog at layer10.com.au>
> wrote:
>
>> The meetings (now 4 in total) have been listed on the Committee website
>> for several weeks.
>> We (IA) were notified of our invitation to appear and speak two weeks ago
>> while they were putting together the detailed runsheet.
>>
>> FWIW tomorrow I'll be appearing for Internet Australia at 2:30pm, and
>> we've brought in Martin Thomson from the IAB to speak to the IAB submission
>> in the same session (the program says Mark Nottingham, but Mark couldn't
>> make it.)
>>
>> The morning session kicks off at 9am with Prof Danny Weitzner from MIT in
>> Boston on audio conference, followed by Stanford Law. Both made excellent
>> submissions, and should be entertaining listening.
>>
>> I plan to be there in the room for the day, if anyone in Sydney turning
>> up in person wants to say g'day.
>>
>> cheers,
>>     Paul.
>>
>>
>>
>>
>>
>>
>> On 15/11/2018 10:41 AM, Nathan Brookfield wrote:
>>
>> Could they possibly give less notice.... Unbelievable!
>>
>> Nathan Brookfield
>> Chief Executive Officer
>>
>> Simtronic Technologies Pty Ltd
>> http://www.simtronic.com.au
>>
>> On 15 Nov 2018, at 10:40, Paul Wilkins <paulwilkins369 at gmail.com> wrote:
>>
>> Media Release: Issue date: 14 November 2018
>>
>> *Second public hearing on the Encryption Bill*
>>
>> The second public hearing on the Telecommunication and Other Legislation
>> Amendment (Assistance and Access) Bill 2018 will be held on *Friday, 16
>> November 2018* in Sydney. The Committee will hear from academics,
>> statutory oversight agencies, and industry peak bodies.
>> Details of the public hearing:
>>
>> *9:00 am – 3.15pm SMC Conference & Function Centre, 66 Goulburn St,
>> Sydney (Carrington Room)*
>>
>> The hearing will be live streamed (audio only) at www.aph.gov.au/live.
>>
>> The full program of the hearing is available at
>> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Public_Hearings
>>
>> Additional hearings will be held in *Canberra on 27 and 30 November*.
>> Further information on the inquiry can be obtained from the Committee’s
>> website.
>>
>> On Tue, 13 Nov 2018 at 11:36, Paul Wilkins <paulwilkins369 at gmail.com>
>> wrote:
>>
>>> Communications Alliance submission
>>> <https://www.aph.gov.au/DocumentStore.ashx?id=789049aa-edfc-48e2-a79c-0dd1c28f95b8&subId=662644> makes
>>> the point both s313 and s280 (1)(b) of the Telecommunications Act 1997
>>> are current extensively used to access metadata.
>>>
>>> It follows that under the new bill, about a dozen LEAs will similarly be
>>> able to rely on s313 and s280(1)(b) to get warrantless metadata access.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>>
>>> On Sat, 3 Nov 2018 at 13:09, Paul Wilkins <paulwilkins369 at gmail.com>
>>> wrote:
>>>
>>>> Coexistence with Data Retention Regime (Under Telecommunications Act)
>>>>
>>>>
>>>> Passage of this Bill will set the stage for mass surveillance, where
>>>> carriers are already subject to data retention, but the Minister may
>>>> further declare any service provider subject to the metadata regime.
>>>>
>>>>
>>>> 187A Service providers must keep certain information and documents
>>>>
>>>> (3A) The Minister may, by legislative instrument, declare a service to
>>>> be a service to which this Part applies.
>>>>
>>>>
>>>> Such declaration has a statutory limitation of 40 sitting days of
>>>> Parliament, however nothing in the Act prevents such a declaration being
>>>> rolled over by the Minister, maintaining a metadata regime in perpetuity
>>>> for any service they should designate. All this would lie within the
>>>> provisioned scope of the Minister's powers without any further legislation.
>>>>
>>>> Access to such metadata does not necessarily require a warrant. Access
>>>> under the Telecommunications Act can be rendered by the service provider as
>>>> voluntary assistance.
>>>>
>>>> On Thu, 1 Nov 2018 at 11:50, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>
>>>>> Rob,
>>>>> Check your inbox/spam folder 29/10.
>>>>>
>>>>> Kind regards
>>>>> Paul Wilkins
>>>>>
>>>>> On Thu, 1 Nov 2018 at 08:33, Robert Hudson <hudrob at gmail.com> wrote:
>>>>>
>>>>>> Odd.  I signed up to track the enquiry, but have had no notifications
>>>>>> at all that additional hearings had been scheduled.
>>>>>>
>>>>>> There's an another additional day according to the committee website
>>>>>> - 27th November.
>>>>>>
>>>>>> Where did you see if information that they're asking for
>>>>>> supplementary submissions?
>>>>>>
>>>>>> On Wed, 31 Oct 2018 at 12:28, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> *UN's Special Rapporteur on the right to privacy* has weighed in on
>>>>>>> the PJCIS review with incandescent criticism:
>>>>>>>
>>>>>>>
>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=8012483f-e421-41a7-8bd4-1e8eb5eb39eb&subId=661745
>>>>>>>
>>>>>>> In my considered view, the Assistance and Access Bill is an example
>>>>>>> of a poorly conceived national security measure that is equally as likely
>>>>>>> to endanger security as not; it is technologically questionnable if it can
>>>>>>> achieve its aims and avoid introducing vulnerabilities to the cybersecurity
>>>>>>> of all devices irrespective of whether they are mobiles, tablets, watches,
>>>>>>> cars, etc., and it unduly undermines human rights including the right to
>>>>>>> privacy. It is out of step with international rulings raising the related
>>>>>>> issue of how the Australian Government would enforce this law on
>>>>>>> transnational technology companies.
>>>>>>>
>>>>>>> I can't but think that if the Minister for Home Affairs to be doing
>>>>>>> well to attract the ire of the United Nations and his timing couldn't be
>>>>>>> better, just as the Government has lost control of the House. I'm hopeful
>>>>>>> the Australian media will pick up on the interest of the UN in the Bill,
>>>>>>> fingers crossed.
>>>>>>>
>>>>>>> Furthermore, the PJCIS, after announcing two additional hearings
>>>>>>> 16/30 Nov, are also asking for *supplementary submissions, to be
>>>>>>> received no later than 26 November.*
>>>>>>>
>>>>>>> Kind regards
>>>>>>> Paul Wilkins
>>>>>>>
>>>>>>> On Fri, 26 Oct 2018 at 13:07, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> We're at a critical juncture where the Minister for Home Affairs
>>>>>>>> may get his way and steam roll this Bill through Parliament (how this could
>>>>>>>> play out in both Houses would be interesting, as they'll need either Labor
>>>>>>>> or one of the independents in the Lower House). Or the Bill gets
>>>>>>>> substantially modified or sent back to the Dep't Home Affairs to start over.
>>>>>>>>
>>>>>>>> What's of deep concern is that the Minister represents to the House
>>>>>>>> consultation has been extensive, and that modifications of the Bill
>>>>>>>> represent a consensus view. Yet industry has been vocal in opposition to
>>>>>>>> the Bill, and have criticised the level of consultation and the
>>>>>>>> Government's preparedness to receive advice:
>>>>>>>>
>>>>>>>> While DIGI appreciates the challenges facing law enforcement, we
>>>>>>>> continue to have concerns with the Bill, which, contrary to its stated
>>>>>>>> objective, we believe may undermine public safety by making it easier for
>>>>>>>> bad actors to commit crimes against individuals, organisations or
>>>>>>>> communities. We also remain concerned at the lack of independent oversight
>>>>>>>> of Notices and the absence of checks and balances with this legislation,
>>>>>>>> which we discuss in more detail in this submission.
>>>>>>>> Submission to PJCIS - DIGI (includes Google, Amazon,
>>>>>>>> Facebook...)(78)
>>>>>>>>
>>>>>>>>
>>>>>>>> We urge the government to seriously consider the comments submitted
>>>>>>>> by industry and civil society and consider changes that would protect the
>>>>>>>> security and privacy of Apple’s users and all Australians.
>>>>>>>> Submission to PJCIS - Apple (53)
>>>>>>>>
>>>>>>>> Given the complexity of the Bill, the sensitivity of the subject
>>>>>>>> matter, and the  limited consultation period, the summary above is not an
>>>>>>>> exhaustive list of BSA's concerns and recommendations in respect of the
>>>>>>>> Bill. There are other aspects of the Bill that require further
>>>>>>>> consideration in order to find the right balance between the legitimate
>>>>>>>> rights, needs, and responsibilities of the Australian Government, citizens,
>>>>>>>> providers of critical infrastructure, third party stewards of data, and
>>>>>>>> innovators.
>>>>>>>>
>>>>>>>> As such, we respectfully encourage the Australian Government to
>>>>>>>> engage in further dialogue with industry to consider the broader issues at
>>>>>>>> play and the implications (and possible unintended consequences of the
>>>>>>>> Bill).
>>>>>>>> Submission to PJCIS - BSA (Cisco, IBM et al.)(48)
>>>>>>>>
>>>>>>>> On Thu, 25 Oct 2018 at 16:48, Paul Wilkins <
>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> I'm determined the Minister for Home Affairs doesn't get to drop a
>>>>>>>>> deeply flawed Bill on a supine and compliant Parliament, and have taken
>>>>>>>>> measures, to whit, written 22 MPs in positions where they can influence
>>>>>>>>> policy, and provided links to submissions which point out the Bill as
>>>>>>>>> proposed is neither proportionate nor necessary:
>>>>>>>>>
>>>>>>>>> Law Council of Australia:
>>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=859d9cda-0f99-4bef-994f-edc6006c87bf&subId=661321
>>>>>>>>>
>>>>>>>>> Joint Councils for Civil Liberties:
>>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=6a26c1ce-15f3-4229-9b45-dd4ad7cfb8f2&subId=661197
>>>>>>>>>
>>>>>>>>> Australian Human Rights Commission:
>>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=a7b9ff25-7c09-41e9-b97a-56dae1ac0e94&subId=661055
>>>>>>>>>
>>>>>>>>> PJCHR,starts @ p24:
>>>>>>>>> https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en
>>>>>>>>> <https://www.aph.gov.au/%7E/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Kind regards
>>>>>>>>>
>>>>>>>>> Paul Wilkins
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On Thu, 25 Oct 2018 at 16:20, Paul Wilkins <
>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>
>>>>>>>>>> *New PJCIS Public Hearings*
>>>>>>>>>>
>>>>>>>>>> *16 Nov 2018:* Sydney, NSW
>>>>>>>>>> *30 Nov 2018:* Canberra, ACT
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018
>>>>>>>>>>
>>>>>>>>>> On Thu, 25 Oct 2018 at 13:23, Paul Wilkins <
>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>
>>>>>>>>>>> Has anyone yet had the opportunity to think through the use of
>>>>>>>>>>> force provisions? Does use of force extend beyond physical forced entry, to
>>>>>>>>>>> say, hacking?
>>>>>>>>>>>
>>>>>>>>>>> Kind regards
>>>>>>>>>>> Paul Wilkins
>>>>>>>>>>>
>>>>>>>>>>> On Wed, 24 Oct 2018 at 18:03, Paul Wilkins <
>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>
>>>>>>>>>>>> Compare:
>>>>>>>>>>>>
>>>>>>>>>>>> CHAIR: So the big companies like Facebook, Amazon, Twitter,
>>>>>>>>>>>> over-the-top  messaging services like Signal and WhatsApp?
>>>>>>>>>>>> Mr Hansford: A range of different industry companies.
>>>>>>>>>>>> CHAIR: *A good percentage of those?*
>>>>>>>>>>>> Mr Hansford: *A reasonable percentage, I'd say.*
>>>>>>>>>>>> (Public) FRIDAY, 19 OCTOBER 2018
>>>>>>>>>>>>
>>>>>>>>>>>> "The government has consulted *extensively* with industry and
>>>>>>>>>>>> the public on these measuresand has made amendments to reflect the feedback
>>>>>>>>>>>> in the legislation now before the parliament."
>>>>>>>>>>>> Minister for Home Affairs - Speech to Parliament 20 Sept 2018
>>>>>>>>>>>>
>>>>>>>>>>>> On Wed, 24 Oct 2018 at 16:01, Paul Wilkins <
>>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>>
>>>>>>>>>>>>> DIGI's submission (Amazon, Facebook, Google, Oath, and
>>>>>>>>>>>>> Twitter) has just appeared:
>>>>>>>>>>>>>
>>>>>>>>>>>>>
>>>>>>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=d48c3c35-221d-4544-a7d7-109a82c72dc1&subId=661549
>>>>>>>>>>>>>
>>>>>>>>>>>>> On August 14, 2018, the Government released for Public
>>>>>>>>>>>>> Exposure a draft of the Telecommunications and Other Legislation Amendment
>>>>>>>>>>>>> (Assistance and Access) Bill 2018 (the “Bill”) together with an Exposure
>>>>>>>>>>>>> Document, to which DIGI made a submission (attached). A revised Bill was
>>>>>>>>>>>>> introduced to Parliament ten days following the close of submissions, with
>>>>>>>>>>>>> only minor amendments that fail to address its potential impacts on public
>>>>>>>>>>>>> safety, cybersecurity, privacy and human rights, raising concern among
>>>>>>>>>>>>> industry, consumer and civil society groups.
>>>>>>>>>>>>>
>>>>>>>>>>>>> On Wed, 24 Oct 2018 at 11:30, Paul Wilkins <
>>>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>>>
>>>>>>>>>>>>>> The PJCHR express extensive concerns with the bill.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en
>>>>>>>>>>>>>> <https://www.aph.gov.au/%7E/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en>
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> The following demonstrates a posture where they will likely
>>>>>>>>>>>>>> oppose the bill without further safeguards:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> 1.109 Another relevant factor in assessing whether a measure
>>>>>>>>>>>>>> is proportionate is whether there is the possibility of oversight and the
>>>>>>>>>>>>>> availability of review. The power to give a technical assistance notice or
>>>>>>>>>>>>>> request, or technical  capability notice, is not exercised by a judge, nor
>>>>>>>>>>>>>> does a judge supervise its application.  Section 317ZFA provides a
>>>>>>>>>>>>>> discretionary power to a court, in relation to proceedings  before it, to
>>>>>>>>>>>>>> make such orders as the court considers appropriate in relation to the
>>>>>>>>>>>>>> disclosure, protection, storage, handling or destruction of technical
>>>>>>>>>>>>>> assistance information, if the court is satisfied that it is in the public
>>>>>>>>>>>>>> interest. The bill does  not otherwise provide for court involvement in the
>>>>>>>>>>>>>> process of giving a technical assistance notice or request, or technical
>>>>>>>>>>>>>> capability notice. The bill additionally  seeks to amend the Administrative
>>>>>>>>>>>>>> Decisions (Judicial Review) Act 1977 (ADJR Act) to exclude decisions under
>>>>>>>>>>>>>> Part 15 of the Telecommunications Act (which would  include a decision to
>>>>>>>>>>>>>> issue a technical assistance notice or request, or technical  capability
>>>>>>>>>>>>>> notice) from judicial review under the ADJR Act. 47 In these circumstances,
>>>>>>>>>>>>>> further information from the minister as the adequacy of the safeguards in
>>>>>>>>>>>>>> terms of oversight and review would assist in determining the
>>>>>>>>>>>>>> proportionality of the measures.
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> Kind regards
>>>>>>>>>>>>>> Paul Wilkins
>>>>>>>>>>>>>>
>>>>>>>>>>>>>> On Tue, 23 Oct 2018 at 15:12, Paul Wilkins <
>>>>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> 21 October AEC had received 6890 postal votes out of 12,788
>>>>>>>>>>>>>>> issued. Today, received postal votes is 7,789. Sharma is trailing by 1,552.
>>>>>>>>>>>>>>> So I'm calling it a Phelps' win and we will have minority government.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Phelps will win by at least 500 votes so no recount.
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> Kind regards
>>>>>>>>>>>>>>> Paul Wilkins
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>> On Mon, 22 Oct 2018 at 18:19, Paul Wilkins <
>>>>>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> Transcript of public hearing 19th October:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22committees%2Fcommjnt%2F2a1771c8-f314-43f2-b9b0-cd09ad8123ae%2F0000%22
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> On Mon, 22 Oct 2018 at 16:46, Christian Heinrich <
>>>>>>>>>>>>>>>> christian.heinrich at cmlh.id.au> wrote:
>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> Paul,
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> On Mon, Oct 22, 2018 at 2:12 PM Paul Wilkins <
>>>>>>>>>>>>>>>>> paulwilkins369 at gmail.com> wrote:
>>>>>>>>>>>>>>>>> > Except that where subject to an order under 317j to
>>>>>>>>>>>>>>>>> conceal the existence of a TCN/TAN forms part of the terms.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> For PCI-DSS Requirement 4 Telstra [as an example I don't
>>>>>>>>>>>>>>>>> recommend]
>>>>>>>>>>>>>>>>> have mandated that their customer is responsible for both
>>>>>>>>>>>>>>>>> the
>>>>>>>>>>>>>>>>> infrastructure and software [as a service] within
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> https://www.telstra.com.au/content/dam/tcom/personal/consumer-advice/pdf/business-a-full/cloud-h.pdf
>>>>>>>>>>>>>>>>> and are therefore unable to assist with the implementation
>>>>>>>>>>>>>>>>> of the
>>>>>>>>>>>>>>>>> TCN/TAN.
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> --
>>>>>>>>>>>>>>>>> Regards,
>>>>>>>>>>>>>>>>> Christian Heinrich
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>>> http://cmlh.id.au/contact
>>>>>>>>>>>>>>>>>
>>>>>>>>>>>>>>>> _______________________________________________
>>>>>>> AusNOG mailing list
>>>>>>> AusNOG at lists.ausnog.net
>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>>
>>>>>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> _______________________________________________
>> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181115/98ae6683/attachment.html>


More information about the AusNOG mailing list