Paul, I'm concerned that under s313(3)c and s280(1)(b) Telecommunications Act 1997, TCNs/TANs can be issued to to create automated warrantless metadata access, and we've seen little discussion around this, mostly the focus has been on computer/data warrants.
There also used to be provision for voluntary disclosure by carriers to LEAs, which either I can't find or has been amended. Kind regards Paul Wilkins On Thu, 15 Nov 2018 at 11:58, Paul Wilkins <paulwilkins...@gmail.com> wrote: > > https://www.arnnet.com.au/article/648206/cisco-raises-grave-concerns-over-assistance-access-bill/ > > In a submission to parliament, the networking giant expressed "serious > reservations" regarding provisions within the Bill that "threaten to > undercut sustained efforts by Cisco and others to develop, deploy and > maintain technologies that are secure, trustworthy, transparent and > accountable". > > On Thu, 15 Nov 2018 at 11:28, Paul Brooks <pbrooks-aus...@layer10.com.au> > wrote: > >> The meetings (now 4 in total) have been listed on the Committee website >> for several weeks. >> We (IA) were notified of our invitation to appear and speak two weeks ago >> while they were putting together the detailed runsheet. >> >> FWIW tomorrow I'll be appearing for Internet Australia at 2:30pm, and >> we've brought in Martin Thomson from the IAB to speak to the IAB submission >> in the same session (the program says Mark Nottingham, but Mark couldn't >> make it.) >> >> The morning session kicks off at 9am with Prof Danny Weitzner from MIT in >> Boston on audio conference, followed by Stanford Law. Both made excellent >> submissions, and should be entertaining listening. >> >> I plan to be there in the room for the day, if anyone in Sydney turning >> up in person wants to say g'day. >> >> cheers, >> Paul. >> >> >> >> >> >> >> On 15/11/2018 10:41 AM, Nathan Brookfield wrote: >> >> Could they possibly give less notice.... Unbelievable! >> >> Nathan Brookfield >> Chief Executive Officer >> >> Simtronic Technologies Pty Ltd >> http://www.simtronic.com.au >> >> On 15 Nov 2018, at 10:40, Paul Wilkins <paulwilkins...@gmail.com> wrote: >> >> Media Release: Issue date: 14 November 2018 >> >> *Second public hearing on the Encryption Bill* >> >> The second public hearing on the Telecommunication and Other Legislation >> Amendment (Assistance and Access) Bill 2018 will be held on *Friday, 16 >> November 2018* in Sydney. The Committee will hear from academics, >> statutory oversight agencies, and industry peak bodies. >> Details of the public hearing: >> >> *9:00 am – 3.15pm SMC Conference & Function Centre, 66 Goulburn St, >> Sydney (Carrington Room)* >> >> The hearing will be live streamed (audio only) at www.aph.gov.au/live. >> >> The full program of the hearing is available at >> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Public_Hearings >> >> Additional hearings will be held in *Canberra on 27 and 30 November*. >> Further information on the inquiry can be obtained from the Committee’s >> website. >> >> On Tue, 13 Nov 2018 at 11:36, Paul Wilkins <paulwilkins...@gmail.com> >> wrote: >> >>> Communications Alliance submission >>> <https://www.aph.gov.au/DocumentStore.ashx?id=789049aa-edfc-48e2-a79c-0dd1c28f95b8&subId=662644> >>> makes >>> the point both s313 and s280 (1)(b) of the Telecommunications Act 1997 >>> are current extensively used to access metadata. >>> >>> It follows that under the new bill, about a dozen LEAs will similarly be >>> able to rely on s313 and s280(1)(b) to get warrantless metadata access. >>> >>> Kind regards >>> >>> Paul Wilkins >>> >>> >>> On Sat, 3 Nov 2018 at 13:09, Paul Wilkins <paulwilkins...@gmail.com> >>> wrote: >>> >>>> Coexistence with Data Retention Regime (Under Telecommunications Act) >>>> >>>> >>>> Passage of this Bill will set the stage for mass surveillance, where >>>> carriers are already subject to data retention, but the Minister may >>>> further declare any service provider subject to the metadata regime. >>>> >>>> >>>> 187A Service providers must keep certain information and documents >>>> >>>> (3A) The Minister may, by legislative instrument, declare a service to >>>> be a service to which this Part applies. >>>> >>>> >>>> Such declaration has a statutory limitation of 40 sitting days of >>>> Parliament, however nothing in the Act prevents such a declaration being >>>> rolled over by the Minister, maintaining a metadata regime in perpetuity >>>> for any service they should designate. All this would lie within the >>>> provisioned scope of the Minister's powers without any further legislation. >>>> >>>> Access to such metadata does not necessarily require a warrant. Access >>>> under the Telecommunications Act can be rendered by the service provider as >>>> voluntary assistance. >>>> >>>> On Thu, 1 Nov 2018 at 11:50, Paul Wilkins <paulwilkins...@gmail.com> >>>> wrote: >>>> >>>>> Rob, >>>>> Check your inbox/spam folder 29/10. >>>>> >>>>> Kind regards >>>>> Paul Wilkins >>>>> >>>>> On Thu, 1 Nov 2018 at 08:33, Robert Hudson <hud...@gmail.com> wrote: >>>>> >>>>>> Odd. I signed up to track the enquiry, but have had no notifications >>>>>> at all that additional hearings had been scheduled. >>>>>> >>>>>> There's an another additional day according to the committee website >>>>>> - 27th November. >>>>>> >>>>>> Where did you see if information that they're asking for >>>>>> supplementary submissions? >>>>>> >>>>>> On Wed, 31 Oct 2018 at 12:28, Paul Wilkins <paulwilkins...@gmail.com> >>>>>> wrote: >>>>>> >>>>>>> *UN's Special Rapporteur on the right to privacy* has weighed in on >>>>>>> the PJCIS review with incandescent criticism: >>>>>>> >>>>>>> >>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=8012483f-e421-41a7-8bd4-1e8eb5eb39eb&subId=661745 >>>>>>> >>>>>>> In my considered view, the Assistance and Access Bill is an example >>>>>>> of a poorly conceived national security measure that is equally as >>>>>>> likely >>>>>>> to endanger security as not; it is technologically questionnable if it >>>>>>> can >>>>>>> achieve its aims and avoid introducing vulnerabilities to the >>>>>>> cybersecurity >>>>>>> of all devices irrespective of whether they are mobiles, tablets, >>>>>>> watches, >>>>>>> cars, etc., and it unduly undermines human rights including the right to >>>>>>> privacy. It is out of step with international rulings raising the >>>>>>> related >>>>>>> issue of how the Australian Government would enforce this law on >>>>>>> transnational technology companies. >>>>>>> >>>>>>> I can't but think that if the Minister for Home Affairs to be doing >>>>>>> well to attract the ire of the United Nations and his timing couldn't be >>>>>>> better, just as the Government has lost control of the House. I'm >>>>>>> hopeful >>>>>>> the Australian media will pick up on the interest of the UN in the Bill, >>>>>>> fingers crossed. >>>>>>> >>>>>>> Furthermore, the PJCIS, after announcing two additional hearings >>>>>>> 16/30 Nov, are also asking for *supplementary submissions, to be >>>>>>> received no later than 26 November.* >>>>>>> >>>>>>> Kind regards >>>>>>> Paul Wilkins >>>>>>> >>>>>>> On Fri, 26 Oct 2018 at 13:07, Paul Wilkins <paulwilkins...@gmail.com> >>>>>>> wrote: >>>>>>> >>>>>>>> We're at a critical juncture where the Minister for Home Affairs >>>>>>>> may get his way and steam roll this Bill through Parliament (how this >>>>>>>> could >>>>>>>> play out in both Houses would be interesting, as they'll need either >>>>>>>> Labor >>>>>>>> or one of the independents in the Lower House). Or the Bill gets >>>>>>>> substantially modified or sent back to the Dep't Home Affairs to start >>>>>>>> over. >>>>>>>> >>>>>>>> What's of deep concern is that the Minister represents to the House >>>>>>>> consultation has been extensive, and that modifications of the Bill >>>>>>>> represent a consensus view. Yet industry has been vocal in opposition >>>>>>>> to >>>>>>>> the Bill, and have criticised the level of consultation and the >>>>>>>> Government's preparedness to receive advice: >>>>>>>> >>>>>>>> While DIGI appreciates the challenges facing law enforcement, we >>>>>>>> continue to have concerns with the Bill, which, contrary to its stated >>>>>>>> objective, we believe may undermine public safety by making it easier >>>>>>>> for >>>>>>>> bad actors to commit crimes against individuals, organisations or >>>>>>>> communities. We also remain concerned at the lack of independent >>>>>>>> oversight >>>>>>>> of Notices and the absence of checks and balances with this >>>>>>>> legislation, >>>>>>>> which we discuss in more detail in this submission. >>>>>>>> Submission to PJCIS - DIGI (includes Google, Amazon, >>>>>>>> Facebook...)(78) >>>>>>>> >>>>>>>> >>>>>>>> We urge the government to seriously consider the comments submitted >>>>>>>> by industry and civil society and consider changes that would protect >>>>>>>> the >>>>>>>> security and privacy of Apple’s users and all Australians. >>>>>>>> Submission to PJCIS - Apple (53) >>>>>>>> >>>>>>>> Given the complexity of the Bill, the sensitivity of the subject >>>>>>>> matter, and the limited consultation period, the summary above is not >>>>>>>> an >>>>>>>> exhaustive list of BSA's concerns and recommendations in respect of the >>>>>>>> Bill. There are other aspects of the Bill that require further >>>>>>>> consideration in order to find the right balance between the legitimate >>>>>>>> rights, needs, and responsibilities of the Australian Government, >>>>>>>> citizens, >>>>>>>> providers of critical infrastructure, third party stewards of data, and >>>>>>>> innovators. >>>>>>>> >>>>>>>> As such, we respectfully encourage the Australian Government to >>>>>>>> engage in further dialogue with industry to consider the broader >>>>>>>> issues at >>>>>>>> play and the implications (and possible unintended consequences of the >>>>>>>> Bill). >>>>>>>> Submission to PJCIS - BSA (Cisco, IBM et al.)(48) >>>>>>>> >>>>>>>> On Thu, 25 Oct 2018 at 16:48, Paul Wilkins < >>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>> >>>>>>>>> I'm determined the Minister for Home Affairs doesn't get to drop a >>>>>>>>> deeply flawed Bill on a supine and compliant Parliament, and have >>>>>>>>> taken >>>>>>>>> measures, to whit, written 22 MPs in positions where they can >>>>>>>>> influence >>>>>>>>> policy, and provided links to submissions which point out the Bill as >>>>>>>>> proposed is neither proportionate nor necessary: >>>>>>>>> >>>>>>>>> Law Council of Australia: >>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=859d9cda-0f99-4bef-994f-edc6006c87bf&subId=661321 >>>>>>>>> >>>>>>>>> Joint Councils for Civil Liberties: >>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=6a26c1ce-15f3-4229-9b45-dd4ad7cfb8f2&subId=661197 >>>>>>>>> >>>>>>>>> Australian Human Rights Commission: >>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=a7b9ff25-7c09-41e9-b97a-56dae1ac0e94&subId=661055 >>>>>>>>> >>>>>>>>> PJCHR,starts @ p24: >>>>>>>>> https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en >>>>>>>>> <https://www.aph.gov.au/%7E/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en> >>>>>>>>> >>>>>>>>> >>>>>>>>> Kind regards >>>>>>>>> >>>>>>>>> Paul Wilkins >>>>>>>>> >>>>>>>>> >>>>>>>>> On Thu, 25 Oct 2018 at 16:20, Paul Wilkins < >>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>> >>>>>>>>>> *New PJCIS Public Hearings* >>>>>>>>>> >>>>>>>>>> *16 Nov 2018:* Sydney, NSW >>>>>>>>>> *30 Nov 2018:* Canberra, ACT >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018 >>>>>>>>>> >>>>>>>>>> On Thu, 25 Oct 2018 at 13:23, Paul Wilkins < >>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>> >>>>>>>>>>> Has anyone yet had the opportunity to think through the use of >>>>>>>>>>> force provisions? Does use of force extend beyond physical forced >>>>>>>>>>> entry, to >>>>>>>>>>> say, hacking? >>>>>>>>>>> >>>>>>>>>>> Kind regards >>>>>>>>>>> Paul Wilkins >>>>>>>>>>> >>>>>>>>>>> On Wed, 24 Oct 2018 at 18:03, Paul Wilkins < >>>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>>> >>>>>>>>>>>> Compare: >>>>>>>>>>>> >>>>>>>>>>>> CHAIR: So the big companies like Facebook, Amazon, Twitter, >>>>>>>>>>>> over-the-top messaging services like Signal and WhatsApp? >>>>>>>>>>>> Mr Hansford: A range of different industry companies. >>>>>>>>>>>> CHAIR: *A good percentage of those?* >>>>>>>>>>>> Mr Hansford: *A reasonable percentage, I'd say.* >>>>>>>>>>>> (Public) FRIDAY, 19 OCTOBER 2018 >>>>>>>>>>>> >>>>>>>>>>>> "The government has consulted *extensively* with industry and >>>>>>>>>>>> the public on these measuresand has made amendments to reflect the >>>>>>>>>>>> feedback >>>>>>>>>>>> in the legislation now before the parliament." >>>>>>>>>>>> Minister for Home Affairs - Speech to Parliament 20 Sept 2018 >>>>>>>>>>>> >>>>>>>>>>>> On Wed, 24 Oct 2018 at 16:01, Paul Wilkins < >>>>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>>>> >>>>>>>>>>>>> DIGI's submission (Amazon, Facebook, Google, Oath, and >>>>>>>>>>>>> Twitter) has just appeared: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=d48c3c35-221d-4544-a7d7-109a82c72dc1&subId=661549 >>>>>>>>>>>>> >>>>>>>>>>>>> On August 14, 2018, the Government released for Public >>>>>>>>>>>>> Exposure a draft of the Telecommunications and Other Legislation >>>>>>>>>>>>> Amendment >>>>>>>>>>>>> (Assistance and Access) Bill 2018 (the “Bill”) together with an >>>>>>>>>>>>> Exposure >>>>>>>>>>>>> Document, to which DIGI made a submission (attached). A revised >>>>>>>>>>>>> Bill was >>>>>>>>>>>>> introduced to Parliament ten days following the close of >>>>>>>>>>>>> submissions, with >>>>>>>>>>>>> only minor amendments that fail to address its potential impacts >>>>>>>>>>>>> on public >>>>>>>>>>>>> safety, cybersecurity, privacy and human rights, raising concern >>>>>>>>>>>>> among >>>>>>>>>>>>> industry, consumer and civil society groups. >>>>>>>>>>>>> >>>>>>>>>>>>> On Wed, 24 Oct 2018 at 11:30, Paul Wilkins < >>>>>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>>>>> >>>>>>>>>>>>>> The PJCHR express extensive concerns with the bill. >>>>>>>>>>>>>> >>>>>>>>>>>>>> >>>>>>>>>>>>>> https://www.aph.gov.au/~/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en >>>>>>>>>>>>>> <https://www.aph.gov.au/%7E/media/Committees/Senate/committee/humanrights_ctte/reports/2018/Report%2011/c01.pdf?la=en> >>>>>>>>>>>>>> >>>>>>>>>>>>>> The following demonstrates a posture where they will likely >>>>>>>>>>>>>> oppose the bill without further safeguards: >>>>>>>>>>>>>> >>>>>>>>>>>>>> 1.109 Another relevant factor in assessing whether a measure >>>>>>>>>>>>>> is proportionate is whether there is the possibility of >>>>>>>>>>>>>> oversight and the >>>>>>>>>>>>>> availability of review. The power to give a technical assistance >>>>>>>>>>>>>> notice or >>>>>>>>>>>>>> request, or technical capability notice, is not exercised by a >>>>>>>>>>>>>> judge, nor >>>>>>>>>>>>>> does a judge supervise its application. Section 317ZFA provides >>>>>>>>>>>>>> a >>>>>>>>>>>>>> discretionary power to a court, in relation to proceedings >>>>>>>>>>>>>> before it, to >>>>>>>>>>>>>> make such orders as the court considers appropriate in relation >>>>>>>>>>>>>> to the >>>>>>>>>>>>>> disclosure, protection, storage, handling or destruction of >>>>>>>>>>>>>> technical >>>>>>>>>>>>>> assistance information, if the court is satisfied that it is in >>>>>>>>>>>>>> the public >>>>>>>>>>>>>> interest. The bill does not otherwise provide for court >>>>>>>>>>>>>> involvement in the >>>>>>>>>>>>>> process of giving a technical assistance notice or request, or >>>>>>>>>>>>>> technical >>>>>>>>>>>>>> capability notice. The bill additionally seeks to amend the >>>>>>>>>>>>>> Administrative >>>>>>>>>>>>>> Decisions (Judicial Review) Act 1977 (ADJR Act) to exclude >>>>>>>>>>>>>> decisions under >>>>>>>>>>>>>> Part 15 of the Telecommunications Act (which would include a >>>>>>>>>>>>>> decision to >>>>>>>>>>>>>> issue a technical assistance notice or request, or technical >>>>>>>>>>>>>> capability >>>>>>>>>>>>>> notice) from judicial review under the ADJR Act. 47 In these >>>>>>>>>>>>>> circumstances, >>>>>>>>>>>>>> further information from the minister as the adequacy of the >>>>>>>>>>>>>> safeguards in >>>>>>>>>>>>>> terms of oversight and review would assist in determining the >>>>>>>>>>>>>> proportionality of the measures. >>>>>>>>>>>>>> >>>>>>>>>>>>>> Kind regards >>>>>>>>>>>>>> Paul Wilkins >>>>>>>>>>>>>> >>>>>>>>>>>>>> On Tue, 23 Oct 2018 at 15:12, Paul Wilkins < >>>>>>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>>>>>> >>>>>>>>>>>>>>> 21 October AEC had received 6890 postal votes out of 12,788 >>>>>>>>>>>>>>> issued. Today, received postal votes is 7,789. Sharma is >>>>>>>>>>>>>>> trailing by 1,552. >>>>>>>>>>>>>>> So I'm calling it a Phelps' win and we will have minority >>>>>>>>>>>>>>> government. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Phelps will win by at least 500 votes so no recount. >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> Kind regards >>>>>>>>>>>>>>> Paul Wilkins >>>>>>>>>>>>>>> >>>>>>>>>>>>>>> On Mon, 22 Oct 2018 at 18:19, Paul Wilkins < >>>>>>>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> Transcript of public hearing 19th October: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id%3A%22committees%2Fcommjnt%2F2a1771c8-f314-43f2-b9b0-cd09ad8123ae%2F0000%22 >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> On Mon, 22 Oct 2018 at 16:46, Christian Heinrich < >>>>>>>>>>>>>>>> christian.heinr...@cmlh.id.au> wrote: >>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> Paul, >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> On Mon, Oct 22, 2018 at 2:12 PM Paul Wilkins < >>>>>>>>>>>>>>>>> paulwilkins...@gmail.com> wrote: >>>>>>>>>>>>>>>>> > Except that where subject to an order under 317j to >>>>>>>>>>>>>>>>> conceal the existence of a TCN/TAN forms part of the terms. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> For PCI-DSS Requirement 4 Telstra [as an example I don't >>>>>>>>>>>>>>>>> recommend] >>>>>>>>>>>>>>>>> have mandated that their customer is responsible for both >>>>>>>>>>>>>>>>> the >>>>>>>>>>>>>>>>> infrastructure and software [as a service] within >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> https://www.telstra.com.au/content/dam/tcom/personal/consumer-advice/pdf/business-a-full/cloud-h.pdf >>>>>>>>>>>>>>>>> and are therefore unable to assist with the implementation >>>>>>>>>>>>>>>>> of the >>>>>>>>>>>>>>>>> TCN/TAN. >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> -- >>>>>>>>>>>>>>>>> Regards, >>>>>>>>>>>>>>>>> Christian Heinrich >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>>> http://cmlh.id.au/contact >>>>>>>>>>>>>>>>> >>>>>>>>>>>>>>>> _______________________________________________ >>>>>>> AusNOG mailing list >>>>>>> AusNOG@lists.ausnog.net >>>>>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>>>>> >>>>>> _______________________________________________ >> AusNOG mailing list >> AusNOG@lists.ausnog.net >> http://lists.ausnog.net/mailman/listinfo/ausnog >> >> >> _______________________________________________ >> AusNOG mailing >> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog >> >> >> _______________________________________________ >> AusNOG mailing list >> AusNOG@lists.ausnog.net >> http://lists.ausnog.net/mailman/listinfo/ausnog >> >
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog