[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Wed Nov 28 17:58:52 EST 2018


There's a lot of different sections and different Acts that interact, in
complex ways with multiple double negations making it a bit of a head
twist, and I don't believe anyone can say with certainty how the courts
would rule on an attempt by the AG to use TCN/TANs to access metadata
datastreams. I believe it's both possible, and that the Bill should have
stronger protections to discourage law enforcement going down this path at
some point.

TCNs can't compel data retention (we've already been there). However, they
certainly can, (IMHO) compel implementation of providing access to metadata
datastreams as a service.

Once you have the capability to transfer datastreams, then you only need to
turn them on. That can happen either under a TAN/TAR direction from a law
enforcement agency, where the agency decides it's necessary. There's also
no reason a carrier cannot voluntarily provide the datastream. There is no
protection under the law that requires law enforcement to have a warrant to
access metadata. Where law enforcement can compel the provision of metadata
as a service, a request to provide it voluntary comes with the implication
that if it's not provided, law enforcement will be back with a TAN to
compel compliance.

I go through this in excruciating detail in my supplementary submission,
which is now up on the PJCIS website.

Kind regards

Paul Wilkins

On Wed, 28 Nov 2018 at 16:48, Paul Brooks <pbrooks-ausnog at layer10.com.au>
wrote:

> On 28/11/2018 3:42 pm, Paul Wilkins wrote:
>
>
> I'm less concerned that the State may ask a judge for a computer warrant,
> than I am the Attorney General issuing TCNs to access carrier metadata
> datastreams and using that for mass surveillance, or law enforcement then
> forcing patches on service providers for my phone/television to enable the
> mike and camera's for surveillance because I've triggered some kind of
> Minority Report scenario, because, you know, they're doing their job and in
> the AG's opinion it's reasonable.
>
> Much as I hate to defend something that is indefensible on other grounds,
> part of this particular concern seems to be already protected.
>
> See Sect 317(T) (the bit regarding TCNs)
>
> Part (10):
>
> 'A technical capability notice has no effect to the extent (if any) to
> which it requires a designated communications provider to keep, or cause to
> be kept:
>           (a)    information of a kind specified in or under section 187AA
> of the Telecommunications (Interception and Access) Act 1979;  or
>          (b)    documents containing information of that kind;
> relating to any communication carried by means of a service to which Part
> 5 1A of the Telecommunications (Interception and Access) Act 1979 applies.
> Note:    Part 5 1A of the Telecommunications (Interception and Access) Act
> 1979 deals with data retention.'
>
> In other words - they can't issue a TCN to keep more metadata. Or to be
> sent a stream of metadata.
>
> Also Part (2):
>
> 'The specified acts or things must:
>         (a)  be directed towards ensuring that the designated
> communications provider *is capable* of giving listed help to ASIO, or an
> interception agency, in relation to:
>                    (i)    the performance of a function, or the exercise
> of a power, conferred by or under a law of the Commonwealth, a State or a
> Territory, so far as the function or power relates to a relevant objective;
> or
>                    (ii)    a matter that facilitates, or is ancillary or
> incidental to, a matter covered by subparagraph (i); or
>        (b)    be by way of giving help to ASIO, or an interception agency,
> in relation to:
>                    (i)    the performance of a function, or the exercise
> of a power, conferred by or under a law of the Commonwealth, a State or a
> Territory, so far as the function or power relates to a relevant objective;
> or
>                    (ii)    a matter that facilitates, or is ancillary or
> incidental to, a matter covered by subparagraph (i).
>
> '
>
> In other words - they can ask you to do something to make sure you are
> *capable* of giving help under some other law. But you don't have to
> actually do the thing under that other law to satisfy the TCN, they'll
> issue you a separate warrant or request to actively use that capability,
> under that other law, if they need you to actively use it in practice.
>
> The TCN is to require you to make sure you have an easily undoable buckle
> on your belt, in case they have to ask you to bend over under another law,
> and to ensure you can't reply 'Sorry, I cant do that' when they do ask you
> to bend over under that other law. But they can't ask you to actually bend
> over in the TCN itself.
>
> Of course, this all relies on them not asking, or if they do, on the
> recipient of the notice having enough knowledge of the law to respond
> 'under Sect (XXX) you can't do that'. Which is where additional independent
> judiciary scrutiny of a request before it is issued is required.
>
>
> Paul.
>
>
>
>
>
>
>
>
>
> P.
>
>
>
>
>
>
>
>
> In the case of the computer warrant, Law Enforcement have to allege a
> specific breach of the criminal code, and establish evidentiary grounds
> this crime is being committed to a judge's satisfaction. Much in the
> Assistance and Access Bill leaves Law Enforcement as the decision makers as
> to what and how is to be investigated. It is actually possible to
> simultaneously want to see the rule of law be enforced, but without
> establishing the machinery of a police state.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Wed, 28 Nov 2018 at 13:43, Mark Smith <markzzzsmith at gmail.com> wrote:
>
>> On Wed, 28 Nov 2018 at 11:29, Scott Weeks <surfer at mauigateway.com> wrote:
>> >
>> >
>> >
>> > --- paulwilkins369 at gmail.com wrote:
>> > From: Paul Wilkins <paulwilkins369 at gmail.com>
>> >
>> > I do think (and it's not a generally popular position) that
>> > the internet does need to, and is going to be, regulated.
>> > ----------------------------------------------------
>> >
>> >
>> > No.  Absolutely does not need to be and cannot be anyway,
>> > unless you do a China.  Maybe this is what they're jealous
>> > of?  Total control over the media and all information.
>> > Like, you know, the Dark Ages...
>> >
>>
>> I agree.
>>
>> I wonder what Paul specifically thinks needs to be regulated. If it is
>> a general view, rather than a specific one, then Paul has
>> authoritarian beliefs (in other words, just the idea that somebody can
>> do something without first seeking and being given permission is an
>> anathema).
>>
>> The fundamental and most significant benefit of the Internet has been
>> that its architecture has permitted permissionless innovation, through
>> application protocol transparency in the network. To deploy a new
>> application or service over the Internet, you do not have to seek
>> permission of a telco for them to carry your traffic.
>>
>> IPv4 NATs have significantly limited the Internet's transparency,
>> which is why people have been creating an ad hoc and more transparent
>> virtual overlay network over the Internet using UDP - "UDP over IPv4 –
>> a stepping stone to IPv6?" -
>> https://blog.apnic.net/2017/03/24/udp-ipv4-stepping-stone-ipv6/ .
>>
>> Regards,
>> Mark.
>>
>>
>>
>>
>> > scott
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> > > _______________________________________________
>> > > AusNOG mailing list
>> > > AusNOG at lists.ausnog.net
>> > > http://lists.ausnog.net/mailman/listinfo/ausnog
>> > >
>> >
>> >
>> > _______________________________________________
>> > AusNOG mailing list
>> > AusNOG at lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> >
>> >
>> > _______________________________________________
>> > AusNOG mailing list
>> > AusNOG at lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
> _______________________________________________
> AusNOG mailing listAusNOG at lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20181128/7dac5784/attachment.html>


More information about the AusNOG mailing list