[AusNOG] Assistance and Access Bill moves to PJCIS

Aftab Siddiqui aftab.siddiqui at gmail.com
Thu Mar 28 12:39:29 EST 2019 

Just for the info. There was an event yesterday "Safe Encryption Australia
Forum" in Sydney. Some highlights are here.
 https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws

https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html

Regards,

Aftab A. Siddiqui


On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins <paulwilkins369 at gmail.com>
wrote:

> The silence on the Assistance and Access Act since it passed in December
> has been deafening. It was firmly understood, on representations by the
> Liberal Government, that the bill passed was passed as an expedient, yet
> now we have the third report from PJCIS due 3rd April, and yet another
> round of submissions from corporations large and small, industry luminaries
> and human rights and legal experts, all saying that basically we're where
> we were back in September 2018, when Dutton rather disingenuously reported
> to the House that:
>
> "The government has consulted extensively with industry and the public on
> these measures and has made amendments to reflect the feedback in the
> legislation now before the parliament."
>
> Yet no matter how many submissions are made to how many parliamentary
> committees, we now seem stuck with a deeply flawed Act, the Liberals are
> walking backwards on the Labor amendements, while the country's police
> forces now operate with sweeping interception powers well beyond what's
> necessary and proportional.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins <paulwilkins369 at gmail.com>
> wrote:
>
>> ACIC in their submission seem to be making the case, that as police now
>> have EA powers under the Act to surveil targets, so too should the ACIC
>> have EA powers to surveil the police.
>>
>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b&subId=666446
>>
>> I think however this too is wrong, and that two wrongs don't make a
>> right. The police should never have been given EA powers to break
>> encryption when all they need is legal intercept. And then ACIC too could
>> have LI powers.
>>
>> As I point out in my latest PJCIS submission,
>>
>> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789&subId=666483
>> there's a basic difference between Legal Intercept and Exceptional
>> Access, where EA you need read/modify/write/delete rights, whereas LI is
>> read only.
>>
>> If you restrict access by the police to read only, a very large chunk of
>> the ensuant vulnerabilities go away. Further, the amount of damage the
>> police can do on a magical mystery tour of your data centre is contained.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Thu, 24 Jan 2019 at 13:27, Robert Hudson <hudrob at gmail.com> wrote:
>>
>>> The government said they'd consider them, not that they'd implement them.
>>>
>>> I have very little faith at all that without significant pressure being
>>> brought to bear, that the government response would be anything more than
>>> "we consider them, and decided no, we're happy as we are".
>>>
>>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins <paulwilkins369 at gmail.com>
>>> wrote:
>>>
>>>> Labor's amendments haven't been forgotten, and will have to be dealt
>>>> with eventually, when the time comes for the PJCIS to table their April
>>>> recommendations.
>>>>
>>>> Noone is forgetting that the Act was passed as an interim measure, to
>>>> allow law enforcement to deal with the Christmas break with new powers. It
>>>> would be a serious breach of faith for the government to renege on the
>>>> outstanding amendments.
>>>>
>>>> Kind regards
>>>>
>>>> Paul Wilkins
>>>>
>>>>
>>>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan <michelle at sorbs.net>
>>>> wrote:
>>>>
>>>>> Paul Wilkins wrote:
>>>>> > Obviously this has been in limbo over the Christmas break. There's 2
>>>>> > really important issues, on hold because of this.
>>>>> >
>>>>> > 1 - When or if the PJCIS will call for public comment on the Act as
>>>>> > passed.
>>>>> >
>>>>> > 2 - The appearance of the Labor amendments.
>>>>> >
>>>>> > So we probably won't see any developments until Parliament resumes
>>>>> > 12th February.
>>>>>
>>>>> I'll lay money there will be no amendments (passed), there will be an
>>>>> attempt to force Apple etc to write in a weakness which will be
>>>>> challenged.  There will be many people that will not update their
>>>>> iOS/Andriod anytime soon.  Personally I stopped updating the moment
>>>>> this
>>>>> bill was passed - particularly as there is at least one Apple update
>>>>> that stated, "No bug/security fixes"...
>>>>>
>>>>> What you will most likely find (and the idiots over in the ACT
>>>>> haven;'t
>>>>> worked it out yet) is that the terrorists have some very smart people
>>>>> "working" for them and they probably already jailbreak their phones
>>>>> and
>>>>> install their own messaging software on it.. (not that you need to
>>>>> jailbreak when you can use the 'team' functionality in xcode to
>>>>> install
>>>>> non apple approved apps on your phone.)
>>>>>
>>>>> Of course the highly amusing part is how easy it is to plugin to
>>>>> online
>>>>> services and how easy it is to run your own asymmetric cryptography...
>>>>> I
>>>>> suspect it would be trivial to put your own encryption over the top of
>>>>> any of those services/apps that allow such (and some already do -
>>>>> recently came across a plugin to the mailapp that has a custom
>>>>> encryption/decryption mechanism which is used by a bank for secure
>>>>> messaging.  This means as posted elsewhere any interception would have
>>>>> to be by screen capture and keyboard interception on the device, which
>>>>> I
>>>>> personally would immediately class as a systemic weakness because if I
>>>>> were doing it i'd be cut/pasting messages into my own non-internet
>>>>> connected app for encryption/decryption so you can capture what you
>>>>> want
>>>>> off imessage, facebook messenger etc... you'd still be getting
>>>>> encrypted
>>>>> blocks of data.. and if you capture everything you have online banking
>>>>> passwords and everything else that goes with that and there one thinks
>>>>> about who else can see the captures....
>>>>>
>>>>> This is what you get when you have people in charge that have interest
>>>>> in obtaining data they are not entitled to.
>>>>>
>>>>> At least the Queensland police will not get voice recorded giving out
>>>>> new locations to abusive ex-husbands, now they can protect themselves
>>>>> by
>>>>> just accessing the phone of the wife in hiding..
>>>>>
>>>>> ... anyone seen my foil hat today I seem to have misplaced it....? :P
>>>>>
>>>>> --
>>>>> Michelle Sullivan
>>>>> http://www.mhix.org/
>>>>>
>>>>> _______________________________________________
>>>>> AusNOG mailing list
>>>>> AusNOG at lists.ausnog.net
>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list
>>>> AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20190328/ae830529/attachment.html>

More information about the AusNOG mailing list