Just checked, and cyber stalking qualifies as it has 3 year max sentence. On Thu, 6 Dec 2018 at 17:21, Paul Wilkins <[email protected]> wrote:
> To get a TAN approved, you'll need: > > - to be an interception agency > - to have your TAN approved by the AFP > - the investigation must attach a 3 year sentence > - there *may *need to also be a data / computer warrant. Then again > there may not. > > So no TANs for councils. > > TARs I'm not sure. There's amendments to bring them into line with TANs > but I'd be guessing if their approval is 100% contiguous to TANs. > > Labor wanted to remove both ICACS and the state police, because when you > look at it, there is no Ombudsman oversite of powers exercised by states > under the Telecommunications Act. So it is a surprise to see state police > still will get TANs/TARs under the revised Bill, but they will need AFP > approval, which is definite improvement. > > I can see a need for state police to have Legal Intercept powers, but no > reason it should go as far as the right to modify data. > > Kind regards > > Paul Wilkins > > On Thu, 6 Dec 2018 at 17:00, Robert Hudson <[email protected]> wrote: > >> >> >> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins <[email protected] >> wrote: >> >>> The original 172 page Bill was so obviously deficient in so many areas, >>> it was easier to just say the Bill should be thrown out in its entirety and >>> start over. Now, post 50 pages of amendments, there's still plenty of scope >>> for serious criticism, and the debate around getting the balance right >>> between citizens rights, and the right of the State to extend judicial writ >>> to cyberspace will continue, but this is in every way a very much improved >>> Bill over the original. >>> >> >> Is it? Have the amendments increased the likelyhood that it will actually >> help law enforcement? Have the amendments helped to ensure that criminals >> continue to use services that are subject to the reach of Australian law >> enforcement agencies? >> >> As Mark Newton pointed out in another forum recently, he was told, face >> to face, by a sitting MP, in that MPs office, that his concerns that the >> agencies that would have access to metadata would increase substantially >> were ill-founded, as were his concerns that the reasons to request metadata >> would increase dramatically. And now local councils have access to >> metadata, and there are close to 1,000 requests for metadata per day. >> >>> >>> I don't see on any of the grounds of criticism of the original Bill, the >>> amendments have gone as far as they need to, but on all the metrics that >>> matter this new Bill represents an honest attempt to accommodate issues of >>> privacy, accountability, and the need to maintain security and protect >>> service provider property rights against unnecessary or disproportionate >>> intrusion by Law Enforcement, and balance those against the legitimate >>> interests of the State to enforce the rule of law in cyberspace. >>> >> >> I contend that the bill now represents an honest attempt to look like >> they're accomodating issues that aren't related to the core fact that the >> proposed laws won't actually reduce crime or increase security. >> >> How explicitly removing state (and potential future federal) ICACs as >> agencies able to utilise the powers of the bill is, in any way, reasonably >> associated with the phrase "honest attempt" is beyond me. >> >>> >>> From the definitions of systemic vulnerability and systemic weakness it >>> would seem to put it beyond question that back doors can only be deployed >>> against target devices, not deployed en masse. That said, there needs to be >>> a control plane function that allows access to the target device that >>> wasn't there before, which still constitutes a potential >>> weakness/vulnerability. >>> >> >> I am sure the bill will be successful in stopping the vulnerabilities it >> creates leaking. I mean, if (when, recall just how successfully the NSA >> managed to keep stuxnet under lock and key) the AFP manage to leak code >> that allows keylogger installs onto iPhones, no criminal group (or just >> obnoxious bunch of script kiddies posing as an online hacking group) would >> be able to take advantage of this - that's not a systemic vulnerability or >> weakness, right? >> >> >>> "systemic vulnerability means a vulnerability that affects a whole class >>> of technology, but does not include a vulnerability that is selectively >>> introduced to one or more target technologies that are connected with a >>> particular person. For this purpose, it is immaterial whether the person >>> can be identified." >>> >>> There's still obvious gaps around the powers and accountabilities of >>> state police. >>> >>> I have to say it looks dangerously like a sensible working position from >>> which to move forward from, while ensuring security services get the powers >>> they say they have an immediate need for. >>> >> >> When they prove the need beyond saying "We need this because we say we >> need it", and show that the intended targets won't simply sidestep it and >> move on, THEN we may have a working position from which to move forward. >> >> Until then, this is just massive over-reach. >> >> As Mark Newton previously noted, this has "The Four Horsemen of the >> Infocalypse" written all over it. In particular, the script to follow: >> >> "How to get what you want in 4 easy stages: >> >> >> 1. Have a target "thing" you wish to stop, yet lack any moral, or >> practical reasons for doing so? *[We want to break encryption]* >> 2. Pick a fear common to lots of people, something that will evoke a >> gut reaction: terrorists, pedophiles, serial killers. *[Terrorists, >> natch.]* >> 3. Scream loudly to the media that "thing" is being used by >> perpetrators. (Don't worry if this is true, or common to all other things, >> or less common with "thing" than with other long established >> systems—payphones, paper mail, private hotel rooms, lack of bugs in all >> houses etc.) *[OMG, terrorists are using encryption (lets ignore the >> fact that we're still stopping them without being able to break it, and we >> still let the ones we know about stab people). Sure, its ubiquitous, but >> TERRORISTS!]* >> 4. Say that the only way to stop perpetrators is to close down >> "thing", or to regulate it to death, or to have laws forcing en masse >> tapability of all private communications on "thing". Don't worry if >> communicating on "thing" is a constitutionally protected right, if you >> have >> done a good job in choosing and publicising the horsemen in 2, no one will >> notice, they will be too busy clamouring for you to save them from the >> supposed evils. *[This whole debate - there are still people acting >> on the assumption that this is needed, and that it will achieve the stated >> goals. Bonus points for screaming at anyone who disagrees that they're >> only >> doing so because they must support terrorism - yep, we've seen that.]* >> " >> >> >> Just because they say they need it doesn't mean that they do, or that it >> will work. >> >>> >>> Kind regards >>> >>> Paul Wilkins >>> >>> >>> On Thu, 6 Dec 2018 at 13:48, Mark Newton <[email protected]> wrote: >>> >>>> >>>> >>>> On 12/05/2018 11:48 AM, Paul Wilkins wrote: >>>> > "If this passes I can see similar legislation being introduced in >>>> > other jurisdictions." >>>> > >>>> > I think this legislation and all its warts is going to be a >>>> > particularly Australian feature. >>>> >>>> Exported globally, though. >>>> >>>> A 5-eyes power who wants to surveil someone can come to Australia, get >>>> ASIO or ASD to land a TCN on the target's platform provider, and pass >>>> on >>>> the result. >>>> >>>> Example: >>>> >>>> CIA wants something from an iPhone user. They can't get it themselves. >>>> So they take the iPhone user's IMEI to ASD and ask for 5-eyes >>>> assistance. >>>> >>>> ASD screams "terrorist!" in a TCN sent to Apple, which demands >>>> production of a compromised version of iOS which keylogs and >>>> screenshots >>>> any encrypted messaging apps which happen to run, and pushed as a >>>> silent >>>> upgrade to that user's phone. >>>> >>>> Results flow from Apple to ASD, and ASD passes them back to the CIA. >>>> >>>> There is no need for any other 5-eyes nation to pass this law now that >>>> Australia has it. It's provided 5-eyes with a global capability. >>>> >>>> - mark >>>> >>>> >>>> _______________________________________________ >>> AusNOG mailing list >>> [email protected] >>> http://lists.ausnog.net/mailman/listinfo/ausnog >>> >>
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
