"If "there is a need for these powers over the Christmas period," then that ship has sailed. Too late, they needed to pass it in September."
Apparently change freezes also apply to national security :) On Thu, 6 Dec 2018 at 17:33, Paul Wilkins <[email protected]> wrote: > Just checked, and cyber stalking qualifies as it has 3 year max sentence. > > On Thu, 6 Dec 2018 at 17:21, Paul Wilkins <[email protected]> > wrote: > >> To get a TAN approved, you'll need: >> >> - to be an interception agency >> - to have your TAN approved by the AFP >> - the investigation must attach a 3 year sentence >> - there *may *need to also be a data / computer warrant. Then again >> there may not. >> >> So no TANs for councils. >> >> TARs I'm not sure. There's amendments to bring them into line with TANs >> but I'd be guessing if their approval is 100% contiguous to TANs. >> >> Labor wanted to remove both ICACS and the state police, because when you >> look at it, there is no Ombudsman oversite of powers exercised by states >> under the Telecommunications Act. So it is a surprise to see state police >> still will get TANs/TARs under the revised Bill, but they will need AFP >> approval, which is definite improvement. >> >> I can see a need for state police to have Legal Intercept powers, but no >> reason it should go as far as the right to modify data. >> >> Kind regards >> >> Paul Wilkins >> >> On Thu, 6 Dec 2018 at 17:00, Robert Hudson <[email protected]> wrote: >> >>> >>> >>> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins <[email protected] >>> wrote: >>> >>>> The original 172 page Bill was so obviously deficient in so many areas, >>>> it was easier to just say the Bill should be thrown out in its entirety and >>>> start over. Now, post 50 pages of amendments, there's still plenty of scope >>>> for serious criticism, and the debate around getting the balance right >>>> between citizens rights, and the right of the State to extend judicial writ >>>> to cyberspace will continue, but this is in every way a very much improved >>>> Bill over the original. >>>> >>> >>> Is it? Have the amendments increased the likelyhood that it will >>> actually help law enforcement? Have the amendments helped to ensure that >>> criminals continue to use services that are subject to the reach of >>> Australian law enforcement agencies? >>> >>> As Mark Newton pointed out in another forum recently, he was told, face >>> to face, by a sitting MP, in that MPs office, that his concerns that the >>> agencies that would have access to metadata would increase substantially >>> were ill-founded, as were his concerns that the reasons to request metadata >>> would increase dramatically. And now local councils have access to >>> metadata, and there are close to 1,000 requests for metadata per day. >>> >>>> >>>> I don't see on any of the grounds of criticism of the original Bill, >>>> the amendments have gone as far as they need to, but on all the metrics >>>> that matter this new Bill represents an honest attempt to accommodate >>>> issues of privacy, accountability, and the need to maintain security and >>>> protect service provider property rights against unnecessary or >>>> disproportionate intrusion by Law Enforcement, and balance those against >>>> the legitimate interests of the State to enforce the rule of law in >>>> cyberspace. >>>> >>> >>> I contend that the bill now represents an honest attempt to look like >>> they're accomodating issues that aren't related to the core fact that the >>> proposed laws won't actually reduce crime or increase security. >>> >>> How explicitly removing state (and potential future federal) ICACs as >>> agencies able to utilise the powers of the bill is, in any way, reasonably >>> associated with the phrase "honest attempt" is beyond me. >>> >>>> >>>> From the definitions of systemic vulnerability and systemic weakness it >>>> would seem to put it beyond question that back doors can only be deployed >>>> against target devices, not deployed en masse. That said, there needs to be >>>> a control plane function that allows access to the target device that >>>> wasn't there before, which still constitutes a potential >>>> weakness/vulnerability. >>>> >>> >>> I am sure the bill will be successful in stopping the vulnerabilities it >>> creates leaking. I mean, if (when, recall just how successfully the NSA >>> managed to keep stuxnet under lock and key) the AFP manage to leak code >>> that allows keylogger installs onto iPhones, no criminal group (or just >>> obnoxious bunch of script kiddies posing as an online hacking group) would >>> be able to take advantage of this - that's not a systemic vulnerability or >>> weakness, right? >>> >>> >>>> "systemic vulnerability means a vulnerability that affects a whole >>>> class of technology, but does not include a vulnerability that is >>>> selectively introduced to one or more target technologies that are >>>> connected with a particular person. For this purpose, it is immaterial >>>> whether the person can be identified." >>>> >>>> There's still obvious gaps around the powers and accountabilities of >>>> state police. >>>> >>>> I have to say it looks dangerously like a sensible working position >>>> from which to move forward from, while ensuring security services get the >>>> powers they say they have an immediate need for. >>>> >>> >>> When they prove the need beyond saying "We need this because we say we >>> need it", and show that the intended targets won't simply sidestep it and >>> move on, THEN we may have a working position from which to move forward. >>> >>> Until then, this is just massive over-reach. >>> >>> As Mark Newton previously noted, this has "The Four Horsemen of the >>> Infocalypse" written all over it. In particular, the script to follow: >>> >>> "How to get what you want in 4 easy stages: >>> >>> >>> 1. Have a target "thing" you wish to stop, yet lack any moral, or >>> practical reasons for doing so? *[We want to break encryption]* >>> 2. Pick a fear common to lots of people, something that will evoke a >>> gut reaction: terrorists, pedophiles, serial killers. *[Terrorists, >>> natch.]* >>> 3. Scream loudly to the media that "thing" is being used by >>> perpetrators. (Don't worry if this is true, or common to all other >>> things, >>> or less common with "thing" than with other long established >>> systems—payphones, paper mail, private hotel rooms, lack of bugs in all >>> houses etc.) *[OMG, terrorists are using encryption (lets ignore the >>> fact that we're still stopping them without being able to break it, and >>> we >>> still let the ones we know about stab people). Sure, its ubiquitous, but >>> TERRORISTS!]* >>> 4. Say that the only way to stop perpetrators is to close down >>> "thing", or to regulate it to death, or to have laws forcing en masse >>> tapability of all private communications on "thing". Don't worry if >>> communicating on "thing" is a constitutionally protected right, if you >>> have >>> done a good job in choosing and publicising the horsemen in 2, no one >>> will >>> notice, they will be too busy clamouring for you to save them from the >>> supposed evils. *[This whole debate - there are still people acting >>> on the assumption that this is needed, and that it will achieve the >>> stated >>> goals. Bonus points for screaming at anyone who disagrees that they're >>> only >>> doing so because they must support terrorism - yep, we've seen that.]* >>> " >>> >>> >>> Just because they say they need it doesn't mean that they do, or that it >>> will work. >>> >>>> >>>> Kind regards >>>> >>>> Paul Wilkins >>>> >>>> >>>> On Thu, 6 Dec 2018 at 13:48, Mark Newton <[email protected]> >>>> wrote: >>>> >>>>> >>>>> >>>>> On 12/05/2018 11:48 AM, Paul Wilkins wrote: >>>>> > "If this passes I can see similar legislation being introduced in >>>>> > other jurisdictions." >>>>> > >>>>> > I think this legislation and all its warts is going to be a >>>>> > particularly Australian feature. >>>>> >>>>> Exported globally, though. >>>>> >>>>> A 5-eyes power who wants to surveil someone can come to Australia, get >>>>> ASIO or ASD to land a TCN on the target's platform provider, and pass >>>>> on >>>>> the result. >>>>> >>>>> Example: >>>>> >>>>> CIA wants something from an iPhone user. They can't get it themselves. >>>>> So they take the iPhone user's IMEI to ASD and ask for 5-eyes >>>>> assistance. >>>>> >>>>> ASD screams "terrorist!" in a TCN sent to Apple, which demands >>>>> production of a compromised version of iOS which keylogs and >>>>> screenshots >>>>> any encrypted messaging apps which happen to run, and pushed as a >>>>> silent >>>>> upgrade to that user's phone. >>>>> >>>>> Results flow from Apple to ASD, and ASD passes them back to the CIA. >>>>> >>>>> There is no need for any other 5-eyes nation to pass this law now that >>>>> Australia has it. It's provided 5-eyes with a global capability. >>>>> >>>>> - mark >>>>> >>>>> >>>>> _______________________________________________ >>>> AusNOG mailing list >>>> [email protected] >>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>> >>>
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
