[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Tue Sep 25 17:05:14 EST 2018 

I'm thinking Dutton's decision to push ahead with an ill drawn bill wasn't
completely isolated from his and the government's need to change the news
cycle around his au pair scrape.

Which is not to say the cops don't have active activations they want these
powers for, and as soon as possible. A big bust with Dutton's new powers
would be a shot in the arm for the government's fortunes.

However, the Bill doesn't deserve to pass, because it's not ready, and will
lead to unhappy outcomes, particularly for service providers. Everyone has
their concerns, these are mine:

1 - The multiplicity of agencies and agents who can authorise TANs and TARs.

1a - Warrant data and service provider data will reside with the issuing
agencies.

Hence, the government needs to reconsider the whole approach, and instead,
have one agency act as a clearing house for TCN/TAN/TARs, and act as
custodian of warrant data and service provider confidential data.

2 - The lack of civil appeal process against TCN/TAN/TARs.
Grounds for appeal to either refuse or delay assistance should include:
Cost, security management, risk management, business management processes,
disruption to business, disparity of TCN/TAN/TAR with Privacy Act 1988.

2a - The real possibility TAN/TARs will be used by Law Enforcement to
coerce unlawful access/disclosure.

3 - The low bar required to issue TCN/TAN/TARs. The government's case for
these powers is serious crime and terrorism. I don't know, but I imagine
they settled for "serious crime as defined under the Crimes Act" because
(again I'm guessing) that's the standard for physical warrants? It'd be
good to be clear as to this point, because cyber warrants and physical
warrants are, I think we'll agree, different in kind. It's one thing to
execute a physical warrant, which means you have to give Law Enforcement
entry, but I feel 2 years sets the bar a little low to let Law Enforcement
go snooping about a data centre, or pushing bootloader updates to your
phone.

4 - The lack of accountability. The reporting requirements are a rubber
stamp, and leave the public none the wiser how these powers are being used,
whether they're successful, and to what ends they're exercised. They will
of course be used by the AFP to pursue journalist sources of government
leaks. I'm not sure it's clear all leaks are against the public interest.
There's that problem where the government's interests, and the public
interest, are not always the same thing.

4a - There needs to be specific details as to the use of the power to
enforce silence as to the  existence of TCN/TAN/TARs. I'm thinking this
power to suppress shouldn't lie with Law Enforcement at all, but should
rather form part of the terms of the accompanying computer/data warrants.

5 - The Emergency provisions make the police a power answerable to
themselves for 48 hours.

6 - The definition of "computer" which extends to any data held on any
computer connected on "the same network" - which can be read as extending
to the internet and anything that connects to the internet.

7 - I think the drafting is flawed, where TCN/TAN/TARs restrict themselves
to a target computer. I think it's arguable the Bill doesn't extend to
compelling access to ancillary computers/network devices, needed to extract
data from the target computer.

Kind regards

Paul Wilkins

On Tue, 25 Sep 2018 at 13:51, <trs80 at ucc.gu.uwa.edu.au> wrote:

> On Tue, 25 Sep 2018, Paul Wilkins wrote:
>
> > Australia is bound under international law against arbitrary or unlawful
> incursions of the right to privacy. That's black letter
> > law.
>
> We are also bound under international law the 1951 Refugee Convention. The
> Australian government removed references to the convention from the laws
> of Australia, so the courts can no longer enforce it. See also this great
> quote:
>
> The Court held that Australian courts are bound to apply Australian
> statute law “even if that law should violate a rule of international law.”
>
>
> http://ilareporter.org.au/2018/04/australias-disengagement-from-international-refugee-law-the-principle-of-non-refoulement-and-the-doctrine-of-jurisdiction-sophie-capicchiano-young/
> http://www.austlii.edu.au/cgi-bin/sinodisp/au/cases/cth/HCA/2015/1.html
> p462
>
> So as Mark said, these international "laws" mean nothing here unless
> enacted by the Australian parliament. And specific bills, like the
> Assistance and Access Bill can override them at will.
>
> --
> # TRS-80              trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub here
> will do \
> # UCC Wheel Member     http://trs80.ucc.asn.au/ #|  what squirrels do
> best     |
> [ "There's nobody getting rich writing          ]|  -- Collect and hide
> your   |
> [  software that I know of" -- Bill Gates, 1980 ]\  nuts." -- Acid Reflux
> #231 /
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20180925/51e74524/attachment.html>

More information about the AusNOG mailing list