Obviously this has been in limbo over the Christmas break. There's 2 really important issues, on hold because of this.
1 - When or if the PJCIS will call for public comment on the Act as passed. 2 - The appearance of the Labor amendments. So we probably won't see any developments until Parliament resumes 12th February. Kind regards Paul Wilkins On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <[email protected]> wrote: > I guess we should anticipate that the PJCIS will ask for further > submissions. Probably they will give as little advance warning as possible > to conform to their "accelerated timetable". I would think they'll announce > their request for submissions as soon as the Labor amendments are dealt > with. > > The Labor amendments are critical for: > > - Requirements for judicial review of TCNs/TARs, and avenue of > judicial appeal for service providers > - Strengthened requirements for necessity and proportionality > - Definitions of system vulnerability and systemic weakness (which > preclude mass deployment of patched code) > > These amendments are necessary and reasonable. However for me, the > following issues still remain to be resolved: > > 1 - Granting the police EA powers (rather than the intelligence services > - ASIO & AFP) goes too far where the police do not require EA. Rather the > least intrusive powers that would still enable them to prosecute serious > crime, would be Legal Intercept (basically enough powers to get to the > clear text, where they are back to where they were before before the "going > dark" due to encryption). This means that Police should get a different > category of TAN - where there are no write or modify data powers (ie. read > only). Any write or modify capabilities they require should be implemented > under a duly authorised TCN. > > 2 - Once there is allowance for differentiation in Police vs Intelligence > Services powers, there should similarly be differentiation for the > seriousness of crimes investigated. The 3 years for Police services (but > limited to Legal Intercept) would still allow the police to investigate > cyber stalking, but also many other crimes some have suggested is like > using a sledge hammer to crack a nut. Given the more intrusive nature of EA > vs Legal Intercept, there should be a higher bar for the Intelligence > Services to demand EA powers (say 20 years to life). If they need only > Legal Intercept, then the bar could remain at 3 years. > > 3 - It's still not clear that anything doable under a TCN, cannot be > compelled under a TAN's write/modify data powers. Hence, there ought to be > exclusions of a TAN's powers from compelling the implementation of a > capability for which a TCN can be issued. > > 4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from > serving as "authorisation" under s280 / s313 of the Telecommunications Act > 1997, sufficient to demand mass access to carrier metadata/ metadata > datastreams. There is also lawful disclosure of mass metadata under s177 of > the Telecomms Interception and Access Act 1979. If the police and/or > intelligence services get access to metadata streams, they will integrate > this with their other metadata projects, including CCTV and facial > recognition databases. Which is obviously something some in Law Enforcement > are advocating for, though I think most citizens would regard this as an > alarming move towards mass surveillance and a police state. > > 5 - Having one agency act as a clearing house for notices and warrant > data, is still a preferable framework to access by multiple agencies, and > would provide advantages for economy, efficiency, governance, and the > secure custody of both warrant data and service provider confidential > information. > > 6 - Journalists and media organisations ought to be able to mount a public > interest defense against the issue of TANs. > > 7 - Any citizen ought to have standing to mount a public interest defense > against the issue of a TCN. > > 8 - An audit trail be mandated for all TAN/TAR actions. > > Interested to hear if anyone has comments or other concerns. > > Kind regards > > Paul Wilkins > > On Sat, 15 Dec 2018 at 09:29, I <[email protected]> wrote: > >> GCHQ is going for the same thing >> >> https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate >> _______________________________________________ >> AusNOG mailing list >> [email protected] >> http://lists.ausnog.net/mailman/listinfo/ausnog >> >
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
