On 9/01/2019 11:18 am, Paul Wilkins wrote: > Obviously this has been in limbo over the Christmas break. There's 2 really > important issues, on hold because of this. > > 1 - When or if the PJCIS will call for public comment on the Act as passed.
PJCIS called for further comments on the Act as passed a few days after the Act was passed - They opened a new page on the PJCIS as a new inquiry: 'Review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 with specific reference to Government amendments introduced and passed on 6 December 2018' https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct > The Government amendments introduced and passed on 6 December 2018 are > available at > thislink > <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Famend%2Fr6195_amend_2ef65c47-7a59-45e1-9427-cf3e7400ef4d%22>. > A Supplementary Explanatory Memorandum > <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22legislation/ems/r6195_ems_b832c54b-6091-41ca-baf4-35bb94a856e8%22>on > the amendments was also presented to the Parliament. > > The Committee will accept submissions on any new matters arising with the > passage of > the Act, and will consider the need for further hearings as the inquiry > progresses. > There are already two new submissions , from IGIS and Commonwealth Ombudsman. They are specifically looking for comments on wording and construction, suggestions on better definitions for 'Systemic Weakness' and on the definitions used and passed. > > So we probably won't see any developments until Parliament resumes 12th > February. > > Kind regards > > Paul Wilkins > > > On Sat, 15 Dec 2018 at 11:44, Paul Wilkins <[email protected] > <mailto:[email protected]>> wrote: > > I guess we should anticipate that the PJCIS will ask for further > submissions. > Probably they will give as little advance warning as possible to conform > to > their "accelerated timetable". I would think they'll announce their > request for > submissions as soon as the Labor amendments are dealt with. > > The Labor amendments are critical for: > > * Requirements for judicial review of TCNs/TARs, and avenue of judicial > appeal > for service providers > * Strengthened requirements for necessity and proportionality > * Definitions of system vulnerability and systemic weakness (which > preclude > mass deployment of patched code) > > These amendments are necessary and reasonable. However for me, the > following > issues still remain to be resolved: > > 1 - Granting the police EA powers (rather than the intelligence > services - > ASIO & AFP) goes too far where the police do not require EA. Rather the > least > intrusive powers that would still enable them to prosecute serious crime, > would > be Legal Intercept (basically enough powers to get to the clear text, > where they > are back to where they were before before the "going dark" due to > encryption). > This means that Police should get a different category of TAN - where > there are > no write or modify data powers (ie. read only). Any write or modify > capabilities > they require should be implemented under a duly authorised TCN. > > 2 - Once there is allowance for differentiation in Police vs Intelligence > Services powers, there should similarly be differentiation for the > seriousness > of crimes investigated. The 3 years for Police services (but limited to > Legal > Intercept) would still allow the police to investigate cyber stalking, > but also > many other crimes some have suggested is like using a sledge hammer to > crack a > nut. Given the more intrusive nature of EA vs Legal Intercept, there > should be a > higher bar for the Intelligence Services to demand EA powers (say 20 > years to > life). If they need only Legal Intercept, then the bar could remain at 3 > years. > > 3 - It's still not clear that anything doable under a TCN, cannot be > compelled > under a TAN's write/modify data powers. Hence, there ought to be > exclusions of a > TAN's powers from compelling the implementation of a capability for which > a TCN > can be issued. > > 4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from > serving as > "authorisation" under s280 / s313 of the Telecommunications Act 1997, > sufficient > to demand mass access to carrier metadata/ metadata datastreams. There is > also > lawful disclosure of mass metadata under s177 of the Telecomms > Interception and > Access Act 1979. If the police and/or intelligence services get access to > metadata streams, they will integrate this with their other metadata > projects, > including CCTV and facial recognition databases. Which is obviously > something > some in Law Enforcement are advocating for, though I think most citizens > would > regard this as an alarming move towards mass surveillance and a police > state. > > 5 - Having one agency act as a clearing house for notices and warrant > data, is > still a preferable framework to access by multiple agencies, and would > provide > advantages for economy, efficiency, governance, and the secure custody of > both > warrant data and service provider confidential information. > > 6 - Journalists and media organisations ought to be able to mount a public > interest defense against the issue of TANs. > > 7 - Any citizen ought to have standing to mount a public interest defense > against the issue of a TCN. > > 8 - An audit trail be mandated for all TAN/TAR actions. > > Interested to hear if anyone has comments or other concerns. > > Kind regards > > Paul Wilkins > > On Sat, 15 Dec 2018 at 09:29, I <[email protected] > <mailto:[email protected]>> wrote: > > GCHQ is going for the same thing > > https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate > _______________________________________________ > AusNOG mailing list > [email protected] <mailto:[email protected]> > http://lists.ausnog.net/mailman/listinfo/ausnog > > > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
