[AusNOG] Assistance and Access Bill moves to PJCIS

Paul Wilkins paulwilkins369 at gmail.com
Thu Apr 4 10:22:38 EST 2019


On Sat, 30 Mar 2019 at 13:35, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> It's a curious move for the PJCIS to refer the Assistance and Access Act
> to the Independent National Security Legislation Monitor. As they say,
> they've never referred legislation to the INSLM ever before.
> If the considerable resources at the disposal of the PJCIS, Attorney
> General's, and the Dep't of Home Affairs haven't been sufficient to produce
> workable law, then what hope the INSLM?
> Kind regards
> Paul Wilkins
> On Fri, 29 Mar 2019 at 19:05, Robert Hudson <hudrob at gmail.com> wrote:
>> 404 for the page on the ACS website..
>> On Thu, 28 Mar 2019 at 12:40, Aftab Siddiqui <aftab.siddiqui at gmail.com>
>> wrote:
>>> Just for the info. There was an event yesterday "Safe Encryption
>>> Australia Forum" in Sydney. Some highlights are here.
>>> https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws
>>> https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html
>>> Regards,
>>> Aftab A. Siddiqui
>>> On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins <paulwilkins369 at gmail.com>
>>> wrote:
>>>> The silence on the Assistance and Access Act since it passed in
>>>> December has been deafening. It was firmly understood, on representations
>>>> by the Liberal Government, that the bill passed was passed as an expedient,
>>>> yet now we have the third report from PJCIS due 3rd April, and yet another
>>>> round of submissions from corporations large and small, industry luminaries
>>>> and human rights and legal experts, all saying that basically we're where
>>>> we were back in September 2018, when Dutton rather disingenuously reported
>>>> to the House that:
>>>> "The government has consulted extensively with industry and the public
>>>> on these measures and has made amendments to reflect the feedback in the
>>>> legislation now before the parliament."
>>>> Yet no matter how many submissions are made to how many parliamentary
>>>> committees, we now seem stuck with a deeply flawed Act, the Liberals are
>>>> walking backwards on the Labor amendements, while the country's police
>>>> forces now operate with sweeping interception powers well beyond what's
>>>> necessary and proportional.
>>>> Kind regards
>>>> Paul Wilkins
>>>> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins <paulwilkins369 at gmail.com>
>>>> wrote:
>>>>> ACIC in their submission seem to be making the case, that as police
>>>>> now have EA powers under the Act to surveil targets, so too should the ACIC
>>>>> have EA powers to surveil the police.
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b&subId=666446
>>>>> I think however this too is wrong, and that two wrongs don't make a
>>>>> right. The police should never have been given EA powers to break
>>>>> encryption when all they need is legal intercept. And then ACIC too could
>>>>> have LI powers.
>>>>> As I point out in my latest PJCIS submission,
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789&subId=666483
>>>>> there's a basic difference between Legal Intercept and Exceptional
>>>>> Access, where EA you need read/modify/write/delete rights, whereas LI is
>>>>> read only.
>>>>> If you restrict access by the police to read only, a very large chunk
>>>>> of the ensuant vulnerabilities go away. Further, the amount of damage the
>>>>> police can do on a magical mystery tour of your data centre is contained.
>>>>> Kind regards
>>>>> Paul Wilkins
>>>>> On Thu, 24 Jan 2019 at 13:27, Robert Hudson <hudrob at gmail.com> wrote:
>>>>>> The government said they'd consider them, not that they'd implement
>>>>>> them.
>>>>>> I have very little faith at all that without significant pressure
>>>>>> being brought to bear, that the government response would be anything more
>>>>>> than "we consider them, and decided no, we're happy as we are".
>>>>>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins <paulwilkins369 at gmail.com>
>>>>>> wrote:
>>>>>>> Labor's amendments haven't been forgotten, and will have to be dealt
>>>>>>> with eventually, when the time comes for the PJCIS to table their April
>>>>>>> recommendations.
>>>>>>> Noone is forgetting that the Act was passed as an interim measure,
>>>>>>> to allow law enforcement to deal with the Christmas break with new powers.
>>>>>>> It would be a serious breach of faith for the government to renege on the
>>>>>>> outstanding amendments.
>>>>>>> Kind regards
>>>>>>> Paul Wilkins
>>>>>>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan <michelle at sorbs.net>
>>>>>>> wrote:
>>>>>>>> Paul Wilkins wrote:
>>>>>>>> > Obviously this has been in limbo over the Christmas break.
>>>>>>>> There's 2
>>>>>>>> > really important issues, on hold because of this.
>>>>>>>> >
>>>>>>>> > 1 - When or if the PJCIS will call for public comment on the Act
>>>>>>>> as
>>>>>>>> > passed.
>>>>>>>> >
>>>>>>>> > 2 - The appearance of the Labor amendments.
>>>>>>>> >
>>>>>>>> > So we probably won't see any developments until Parliament
>>>>>>>> resumes
>>>>>>>> > 12th February.
>>>>>>>> I'll lay money there will be no amendments (passed), there will be
>>>>>>>> an
>>>>>>>> attempt to force Apple etc to write in a weakness which will be
>>>>>>>> challenged.  There will be many people that will not update their
>>>>>>>> iOS/Andriod anytime soon.  Personally I stopped updating the moment
>>>>>>>> this
>>>>>>>> bill was passed - particularly as there is at least one Apple
>>>>>>>> update
>>>>>>>> that stated, "No bug/security fixes"...
>>>>>>>> What you will most likely find (and the idiots over in the ACT
>>>>>>>> haven;'t
>>>>>>>> worked it out yet) is that the terrorists have some very smart
>>>>>>>> people
>>>>>>>> "working" for them and they probably already jailbreak their phones
>>>>>>>> and
>>>>>>>> install their own messaging software on it.. (not that you need to
>>>>>>>> jailbreak when you can use the 'team' functionality in xcode to
>>>>>>>> install
>>>>>>>> non apple approved apps on your phone.)
>>>>>>>> Of course the highly amusing part is how easy it is to plugin to
>>>>>>>> online
>>>>>>>> services and how easy it is to run your own asymmetric
>>>>>>>> cryptography... I
>>>>>>>> suspect it would be trivial to put your own encryption over the top
>>>>>>>> of
>>>>>>>> any of those services/apps that allow such (and some already do -
>>>>>>>> recently came across a plugin to the mailapp that has a custom
>>>>>>>> encryption/decryption mechanism which is used by a bank for secure
>>>>>>>> messaging.  This means as posted elsewhere any interception would
>>>>>>>> have
>>>>>>>> to be by screen capture and keyboard interception on the device,
>>>>>>>> which I
>>>>>>>> personally would immediately class as a systemic weakness because
>>>>>>>> if I
>>>>>>>> were doing it i'd be cut/pasting messages into my own non-internet
>>>>>>>> connected app for encryption/decryption so you can capture what you
>>>>>>>> want
>>>>>>>> off imessage, facebook messenger etc... you'd still be getting
>>>>>>>> encrypted
>>>>>>>> blocks of data.. and if you capture everything you have online
>>>>>>>> banking
>>>>>>>> passwords and everything else that goes with that and there one
>>>>>>>> thinks
>>>>>>>> about who else can see the captures....
>>>>>>>> This is what you get when you have people in charge that have
>>>>>>>> interest
>>>>>>>> in obtaining data they are not entitled to.
>>>>>>>> At least the Queensland police will not get voice recorded giving
>>>>>>>> out
>>>>>>>> new locations to abusive ex-husbands, now they can protect
>>>>>>>> themselves by
>>>>>>>> just accessing the phone of the wife in hiding..
>>>>>>>> ... anyone seen my foil hat today I seem to have misplaced it....?
>>>>>>>> :P
>>>>>>>> --
>>>>>>>> Michelle Sullivan
>>>>>>>> http://www.mhix.org/
>>>>>>>> _______________________________________________
>>>>>>>> AusNOG mailing list
>>>>>>>> AusNOG at lists.ausnog.net
>>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>>> _______________________________________________
>>>>>>> AusNOG mailing list
>>>>>>> AusNOG at lists.ausnog.net
>>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>> _______________________________________________
>>> AusNOG mailing list
>>> AusNOG at lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190404/07cf9e99/attachment.html>

More information about the AusNOG mailing list