317V, substitute: unless: (a) the Attorney-General is satisfied that: (i) the requirements imposed by the notice are reasonable and proportionate; and (ii) compliance with the notice is practicable and technically feasible; and *(b) an eligible Judge has approved the giving of the notice.*
On Wed, 12 Dec 2018 at 12:39, Paul Wilkins <paulwilkins...@gmail.com> wrote: > > https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf > > On Wed, 12 Dec 2018 at 12:25, Paul Brooks <pbrooks-aus...@layer10.com.au> > wrote: > >> @Matt - 'a screen capture and remote access ability', if installed on all >> phones would surely be a 'systemic vulnerability' in anybody's view, and >> would be a global disaster if the method of triggering this ability escaped >> to the wider world. This would be an example of precisely the dangerous and >> ill-advised exploit that we are all concerned the agencies might ask for in >> ignorance. Heck, this is exactly the sort of malware exploit that >> after-market malware scanners and virus checkers for phones should be >> looking for to to detect and warn the user if an app or the OS had been >> compromised and was attempting to do these things. I can see a rapidly >> growing market for malware checkers! >> >> @Paul - where is the requirement for 'judicial approval'? - it doesn't go >> anywhere near a court. The TCN can be issued by the Attorney General. If >> (and only if) the recipient thinks it might be able to be pushed back on, >> they can ask for a review by a *retired* judge and a tech expert with a >> high security clearance. A *retired* judge is not a 'judicial approval', >> and the easiest place to source the other expert from is from within ASIO - >> hardly independent. The AGD chooses the two reviewers, not the recipient. >> The legislation as passed also doesn't deal with the situation if the two >> experts disagree on whether it is allowable or not. And there is no >> requirement for a warrant to have been issued - the whole point of a TCN is >> to preemptively create a capability that can be exploited later, on the off >> chance there will be a future warrant that requires the exploit to be >> triggered. >> >> Paul. >> >> On 12/12/2018 12:02 pm, Paul Wilkins wrote: >> >> Matt, (IINAL) >> But it appears on my reading that both 317ZG and more specifically the >> new 317ZGA would arguably prohibit this. >> >> The (pending?) amendments are worth a read. Stronger terms on 317ZG and >> importantly - *requirement for judicial approval of TCNs*. >> >> 317P (5)(2)(d) the designated communications provider has, if reasonably >> practicable, been consulted and given a reasonable opportunity to make >> submissions on whether the requirements to be imposed by the notice are >> reasonable and proportionate and whether compliance with the notice is >> practicable and technically feasible. >> >> >> On Wed, 12 Dec 2018 at 11:30, Matt Perkins <m...@spectrum.com.au> wrote: >> >>> It strikes me that all that will be needed is the phone manufacturers to >>> put a screen capture and remote access ability on the phones. Then Law >>> enforcement need to do is read the screens no need to involve the >>> individual app makers at all. They are after a wide and non savvy audience >>> here. Looking over the shoulder of phone users is what we are talking >>> about. I would say expect to see a boost in convictions of medium size drug >>> distributors and small amateur terror type people. >>> >>> These are the same people that used sms before they just want that >>> capability back. >>> >>> Matt >>> >>> >>> >>> -- >>> /* Matt Perkins >>> Direct 1300 137 379 Spectrum Networks Ptd. Ltd. >>> Office 1300 133 299 m...@spectrum.com.au >>> Fax 1300 133 255 Level 6, 350 George Street Sydney 2000 >>> SIP 1300137...@sip.spectrum.com.au >>> Google Talk mattaperk...@gmail.com >>> PGP/GNUPG Public Key can be found at http://pgp.mit.edu >>> */ >>> >>> > On 12 Dec 2018, at 8:27 am, Paul Brooks <pbrooks-aus...@layer10.com.au> >>> wrote: >>> > >>> >> On 12/12/2018 3:54 am, Scott Weeks wrote: >>> >> >>> >> ----------------- >>> >> The Bill was passed on Thursday >>> >> ----------------- >>> >> >>> >> >>> >> Damn, I'm gonna need a bigger bag of popcorn! >>> >> Waaaay bigger. I can't wait to see how this >>> >> plays out. >>> > >>> > We'll probably never know how this plays out, unless one of the major >>> global brands >>> > pulls out of the Australian market. >>> > >>> > Tech companies doing development in Aust will put in independent code >>> reviews by an >>> > offshore team to protect against onshore employees, or will quietly >>> close Australian >>> > development shops over years. Some tech companies will move overseas >>> - gradually, >>> > over months and years. Net result - lower demand for Australian IT >>> staff, lower >>> > export figures in the DFAT stats over years. >>> > >>> > Many 'component manufacturers or suppliers' will blithely carry on, >>> unaware this might >>> > apply to them at all until they receive a notice >>> > >>> > A massive data breach in 3 years time may not be traced back to a >>> system change caused >>> > as a result of a notice, or if an investigation does uncover the root >>> cause, is likely >>> > to be quietly hushed up. >>> > >>> > It'll take a massive ASIC-website-blocking-like event own-goal to >>> generate demand for >>> > popcorn. That or a majority of politicians starting to listen to >>> experts rather than >>> > agencies and repealing it, and there's precious few Andrew Wilkies >>> around at the >>> > moment so that's even less likely. >>> > >>> > P. >>> > >>> > >>> > >>> > >>> > >>> >> >>> >> scott >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> >>> >>> >>> >>> >>> >>> >>> >>> _______________________________________________ >>> >>> AusNOG mailing list >>> >>> AusNOG@lists.ausnog.net >>> >>> http://lists.ausnog.net/mailman/listinfo/ausnog >>> >> >>> >> >>> >> >>> >> _______________________________________________ >>> >> AusNOG mailing list >>> >> AusNOG@lists.ausnog.net >>> >> http://lists.ausnog.net/mailman/listinfo/ausnog >>> >> >>> >> >>> >> _______________________________________________ >>> >> AusNOG mailing list >>> >> AusNOG@lists.ausnog.net >>> >> http://lists.ausnog.net/mailman/listinfo/ausnog >>> > >>> > >>> > _______________________________________________ >>> > AusNOG mailing list >>> > AusNOG@lists.ausnog.net >>> > http://lists.ausnog.net/mailman/listinfo/ausnog >>> >>> _______________________________________________ >>> AusNOG mailing list >>> AusNOG@lists.ausnog.net >>> http://lists.ausnog.net/mailman/listinfo/ausnog >>> >> >> _______________________________________________ >> AusNOG mailing >> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog >> >> >> _______________________________________________ >> AusNOG mailing list >> AusNOG@lists.ausnog.net >> http://lists.ausnog.net/mailman/listinfo/ausnog >> >
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog