I think it’s easy to read this, just re-read the bollocks that we have already
had to comply with and it should match pretty close.
The summary I get from it is that they can’t access encrypted stuff now so they
want everybody to make it so they can, but they can’t say that they will force
people to make it so, just that they would really like it to be so.
If it costs you money to make it so then they may pay you for your efforts, or
maybe they won’t. The only real thing that is concreate in this proposal is
that the AG will be the only one to make requests.
I mean seriously, how does an ISP build capability to be able to view encrypted
communications that traverse their network ?
This is typical of the recent few years of legislation involving the
communications industry, vague enough for somebody to enforce it somehow, but
still vague enough for people to not really know what they are expected to
provide and how.
I think somebody in our government gets paid to create acronyms personally,
there is a new swag of them in this proposal, just like the last ones.
Paul
From: AusNOG <ausnog-boun...@lists.ausnog.net> On Behalf Of Robert Hudson
Sent: Tuesday, 14 August 2018 1:31 PM
To: xro...@gmail.com
Cc: ausnog@lists.ausnog.net
Subject: Re: [AusNOG] Dutton decryption bill
My reading isn't as positive. tl;dr - it's too vague and open to intepretation.
>From the Explanatory Document
>(https://www.homeaffairs.gov.au/consultations/Documents/explanatory-document.pdf):
" Allow the Attorney-General to issue a technical capability notice, requiring
a designated communications provider to build a new capability that will enable
them to give assistance as specified in the legislation to ASIO and
interception agencies. A technical capability notice cannot require a provider
to build or implement a capability to remove electronic protection, such as
encryption. The Attorney-General must be satisfied that any requirements are
reasonable, proportionate, practicable and technically feasible. The
Attorney-General must also consult with the affected provider prior to issuing
a notice, and may also determine procedures and arrangements relating to
requests for technical capability notices. "
So, our government is proposing that it should be able to compel organisations
to build capability into their products that allows the various designated
interception agencies to access data. The government can't required that they
turn off existing electronic protections - but it does not say that they cannot
add back-doors, AND it relies on the AG's satisfaction (remembering that s/he's
the one issuing the "technical capability notice") that the requirements are
reasonable, proportionate... etc.
I'm still not sure how we plan to force our will on overseas companies. I'm
also not convinced that the protections against back-doors are strong enough,
particularly when it appears that the AG gets to decide what's appropriate and
what isn't, particularly when the various requests and notices are issued by
the AG to start with, and the AG will clearly have a vested interest in
whatever they want being done as requested.
_______________________________________________
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog