https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf
On Wed, 12 Dec 2018 at 12:25, Paul Brooks <[email protected]> wrote: > @Matt - 'a screen capture and remote access ability', if installed on all > phones would surely be a 'systemic vulnerability' in anybody's view, and > would be a global disaster if the method of triggering this ability escaped > to the wider world. This would be an example of precisely the dangerous and > ill-advised exploit that we are all concerned the agencies might ask for in > ignorance. Heck, this is exactly the sort of malware exploit that > after-market malware scanners and virus checkers for phones should be > looking for to to detect and warn the user if an app or the OS had been > compromised and was attempting to do these things. I can see a rapidly > growing market for malware checkers! > > @Paul - where is the requirement for 'judicial approval'? - it doesn't go > anywhere near a court. The TCN can be issued by the Attorney General. If > (and only if) the recipient thinks it might be able to be pushed back on, > they can ask for a review by a *retired* judge and a tech expert with a > high security clearance. A *retired* judge is not a 'judicial approval', > and the easiest place to source the other expert from is from within ASIO - > hardly independent. The AGD chooses the two reviewers, not the recipient. > The legislation as passed also doesn't deal with the situation if the two > experts disagree on whether it is allowable or not. And there is no > requirement for a warrant to have been issued - the whole point of a TCN is > to preemptively create a capability that can be exploited later, on the off > chance there will be a future warrant that requires the exploit to be > triggered. > > Paul. > > On 12/12/2018 12:02 pm, Paul Wilkins wrote: > > Matt, (IINAL) > But it appears on my reading that both 317ZG and more specifically the new > 317ZGA would arguably prohibit this. > > The (pending?) amendments are worth a read. Stronger terms on 317ZG and > importantly - *requirement for judicial approval of TCNs*. > > 317P (5)(2)(d) the designated communications provider has, if reasonably > practicable, been consulted and given a reasonable opportunity to make > submissions on whether the requirements to be imposed by the notice are > reasonable and proportionate and whether compliance with the notice is > practicable and technically feasible. > > > On Wed, 12 Dec 2018 at 11:30, Matt Perkins <[email protected]> wrote: > >> It strikes me that all that will be needed is the phone manufacturers to >> put a screen capture and remote access ability on the phones. Then Law >> enforcement need to do is read the screens no need to involve the >> individual app makers at all. They are after a wide and non savvy audience >> here. Looking over the shoulder of phone users is what we are talking >> about. I would say expect to see a boost in convictions of medium size drug >> distributors and small amateur terror type people. >> >> These are the same people that used sms before they just want that >> capability back. >> >> Matt >> >> >> >> -- >> /* Matt Perkins >> Direct 1300 137 379 Spectrum Networks Ptd. Ltd. >> Office 1300 133 299 [email protected] >> Fax 1300 133 255 Level 6, 350 George Street Sydney 2000 >> SIP [email protected] >> Google Talk [email protected] >> PGP/GNUPG Public Key can be found at http://pgp.mit.edu >> */ >> >> > On 12 Dec 2018, at 8:27 am, Paul Brooks <[email protected]> >> wrote: >> > >> >> On 12/12/2018 3:54 am, Scott Weeks wrote: >> >> >> >> ----------------- >> >> The Bill was passed on Thursday >> >> ----------------- >> >> >> >> >> >> Damn, I'm gonna need a bigger bag of popcorn! >> >> Waaaay bigger. I can't wait to see how this >> >> plays out. >> > >> > We'll probably never know how this plays out, unless one of the major >> global brands >> > pulls out of the Australian market. >> > >> > Tech companies doing development in Aust will put in independent code >> reviews by an >> > offshore team to protect against onshore employees, or will quietly >> close Australian >> > development shops over years. Some tech companies will move overseas - >> gradually, >> > over months and years. Net result - lower demand for Australian IT >> staff, lower >> > export figures in the DFAT stats over years. >> > >> > Many 'component manufacturers or suppliers' will blithely carry on, >> unaware this might >> > apply to them at all until they receive a notice >> > >> > A massive data breach in 3 years time may not be traced back to a >> system change caused >> > as a result of a notice, or if an investigation does uncover the root >> cause, is likely >> > to be quietly hushed up. >> > >> > It'll take a massive ASIC-website-blocking-like event own-goal to >> generate demand for >> > popcorn. That or a majority of politicians starting to listen to >> experts rather than >> > agencies and repealing it, and there's precious few Andrew Wilkies >> around at the >> > moment so that's even less likely. >> > >> > P. >> > >> > >> > >> > >> > >> >> >> >> scott >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >>> >> >>> >> >>> >> >>> _______________________________________________ >> >>> AusNOG mailing list >> >>> [email protected] >> >>> http://lists.ausnog.net/mailman/listinfo/ausnog >> >> >> >> >> >> >> >> _______________________________________________ >> >> AusNOG mailing list >> >> [email protected] >> >> http://lists.ausnog.net/mailman/listinfo/ausnog >> >> >> >> >> >> _______________________________________________ >> >> AusNOG mailing list >> >> [email protected] >> >> http://lists.ausnog.net/mailman/listinfo/ausnog >> > >> > >> > _______________________________________________ >> > AusNOG mailing list >> > [email protected] >> > http://lists.ausnog.net/mailman/listinfo/ausnog >> >> _______________________________________________ >> AusNOG mailing list >> [email protected] >> http://lists.ausnog.net/mailman/listinfo/ausnog >> > > _______________________________________________ > AusNOG mailing > [email protected]http://lists.ausnog.net/mailman/listinfo/ausnog > > > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
