404 for the page on the ACS website.. On Thu, 28 Mar 2019 at 12:40, Aftab Siddiqui <[email protected]> wrote:
> Just for the info. There was an event yesterday "Safe Encryption Australia > Forum" in Sydney. Some highlights are here. > https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws > > > https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html > > Regards, > > Aftab A. Siddiqui > > > On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins <[email protected]> > wrote: > >> The silence on the Assistance and Access Act since it passed in December >> has been deafening. It was firmly understood, on representations by the >> Liberal Government, that the bill passed was passed as an expedient, yet >> now we have the third report from PJCIS due 3rd April, and yet another >> round of submissions from corporations large and small, industry luminaries >> and human rights and legal experts, all saying that basically we're where >> we were back in September 2018, when Dutton rather disingenuously reported >> to the House that: >> >> "The government has consulted extensively with industry and the public on >> these measures and has made amendments to reflect the feedback in the >> legislation now before the parliament." >> >> Yet no matter how many submissions are made to how many parliamentary >> committees, we now seem stuck with a deeply flawed Act, the Liberals are >> walking backwards on the Labor amendements, while the country's police >> forces now operate with sweeping interception powers well beyond what's >> necessary and proportional. >> >> Kind regards >> >> Paul Wilkins >> >> >> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins <[email protected]> >> wrote: >> >>> ACIC in their submission seem to be making the case, that as police now >>> have EA powers under the Act to surveil targets, so too should the ACIC >>> have EA powers to surveil the police. >>> >>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b&subId=666446 >>> >>> I think however this too is wrong, and that two wrongs don't make a >>> right. The police should never have been given EA powers to break >>> encryption when all they need is legal intercept. And then ACIC too could >>> have LI powers. >>> >>> As I point out in my latest PJCIS submission, >>> >>> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789&subId=666483 >>> there's a basic difference between Legal Intercept and Exceptional >>> Access, where EA you need read/modify/write/delete rights, whereas LI is >>> read only. >>> >>> If you restrict access by the police to read only, a very large chunk of >>> the ensuant vulnerabilities go away. Further, the amount of damage the >>> police can do on a magical mystery tour of your data centre is contained. >>> >>> Kind regards >>> >>> Paul Wilkins >>> >>> >>> On Thu, 24 Jan 2019 at 13:27, Robert Hudson <[email protected]> wrote: >>> >>>> The government said they'd consider them, not that they'd implement >>>> them. >>>> >>>> I have very little faith at all that without significant pressure being >>>> brought to bear, that the government response would be anything more than >>>> "we consider them, and decided no, we're happy as we are". >>>> >>>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins <[email protected]> >>>> wrote: >>>> >>>>> Labor's amendments haven't been forgotten, and will have to be dealt >>>>> with eventually, when the time comes for the PJCIS to table their April >>>>> recommendations. >>>>> >>>>> Noone is forgetting that the Act was passed as an interim measure, to >>>>> allow law enforcement to deal with the Christmas break with new powers. It >>>>> would be a serious breach of faith for the government to renege on the >>>>> outstanding amendments. >>>>> >>>>> Kind regards >>>>> >>>>> Paul Wilkins >>>>> >>>>> >>>>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan <[email protected]> >>>>> wrote: >>>>> >>>>>> Paul Wilkins wrote: >>>>>> > Obviously this has been in limbo over the Christmas break. There's >>>>>> 2 >>>>>> > really important issues, on hold because of this. >>>>>> > >>>>>> > 1 - When or if the PJCIS will call for public comment on the Act as >>>>>> > passed. >>>>>> > >>>>>> > 2 - The appearance of the Labor amendments. >>>>>> > >>>>>> > So we probably won't see any developments until Parliament resumes >>>>>> > 12th February. >>>>>> >>>>>> I'll lay money there will be no amendments (passed), there will be an >>>>>> attempt to force Apple etc to write in a weakness which will be >>>>>> challenged. There will be many people that will not update their >>>>>> iOS/Andriod anytime soon. Personally I stopped updating the moment >>>>>> this >>>>>> bill was passed - particularly as there is at least one Apple update >>>>>> that stated, "No bug/security fixes"... >>>>>> >>>>>> What you will most likely find (and the idiots over in the ACT >>>>>> haven;'t >>>>>> worked it out yet) is that the terrorists have some very smart people >>>>>> "working" for them and they probably already jailbreak their phones >>>>>> and >>>>>> install their own messaging software on it.. (not that you need to >>>>>> jailbreak when you can use the 'team' functionality in xcode to >>>>>> install >>>>>> non apple approved apps on your phone.) >>>>>> >>>>>> Of course the highly amusing part is how easy it is to plugin to >>>>>> online >>>>>> services and how easy it is to run your own asymmetric >>>>>> cryptography... I >>>>>> suspect it would be trivial to put your own encryption over the top >>>>>> of >>>>>> any of those services/apps that allow such (and some already do - >>>>>> recently came across a plugin to the mailapp that has a custom >>>>>> encryption/decryption mechanism which is used by a bank for secure >>>>>> messaging. This means as posted elsewhere any interception would >>>>>> have >>>>>> to be by screen capture and keyboard interception on the device, >>>>>> which I >>>>>> personally would immediately class as a systemic weakness because if >>>>>> I >>>>>> were doing it i'd be cut/pasting messages into my own non-internet >>>>>> connected app for encryption/decryption so you can capture what you >>>>>> want >>>>>> off imessage, facebook messenger etc... you'd still be getting >>>>>> encrypted >>>>>> blocks of data.. and if you capture everything you have online >>>>>> banking >>>>>> passwords and everything else that goes with that and there one >>>>>> thinks >>>>>> about who else can see the captures.... >>>>>> >>>>>> This is what you get when you have people in charge that have >>>>>> interest >>>>>> in obtaining data they are not entitled to. >>>>>> >>>>>> At least the Queensland police will not get voice recorded giving out >>>>>> new locations to abusive ex-husbands, now they can protect themselves >>>>>> by >>>>>> just accessing the phone of the wife in hiding.. >>>>>> >>>>>> ... anyone seen my foil hat today I seem to have misplaced it....? :P >>>>>> >>>>>> -- >>>>>> Michelle Sullivan >>>>>> http://www.mhix.org/ >>>>>> >>>>>> _______________________________________________ >>>>>> AusNOG mailing list >>>>>> [email protected] >>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>>>> >>>>> _______________________________________________ >>>>> AusNOG mailing list >>>>> [email protected] >>>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>>> >>>> _______________________________________________ >> AusNOG mailing list >> [email protected] >> http://lists.ausnog.net/mailman/listinfo/ausnog >> > _______________________________________________ > AusNOG mailing list > [email protected] > http://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list [email protected] http://lists.ausnog.net/mailman/listinfo/ausnog
