Just for the info. There was an event yesterday "Safe Encryption Australia Forum" in Sydney. Some highlights are here. https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws
https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html Regards, Aftab A. Siddiqui On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins <paulwilkins...@gmail.com> wrote: > The silence on the Assistance and Access Act since it passed in December > has been deafening. It was firmly understood, on representations by the > Liberal Government, that the bill passed was passed as an expedient, yet > now we have the third report from PJCIS due 3rd April, and yet another > round of submissions from corporations large and small, industry luminaries > and human rights and legal experts, all saying that basically we're where > we were back in September 2018, when Dutton rather disingenuously reported > to the House that: > > "The government has consulted extensively with industry and the public on > these measures and has made amendments to reflect the feedback in the > legislation now before the parliament." > > Yet no matter how many submissions are made to how many parliamentary > committees, we now seem stuck with a deeply flawed Act, the Liberals are > walking backwards on the Labor amendements, while the country's police > forces now operate with sweeping interception powers well beyond what's > necessary and proportional. > > Kind regards > > Paul Wilkins > > > On Thu, 14 Feb 2019 at 12:03, Paul Wilkins <paulwilkins...@gmail.com> > wrote: > >> ACIC in their submission seem to be making the case, that as police now >> have EA powers under the Act to surveil targets, so too should the ACIC >> have EA powers to surveil the police. >> >> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b&subId=666446 >> >> I think however this too is wrong, and that two wrongs don't make a >> right. The police should never have been given EA powers to break >> encryption when all they need is legal intercept. And then ACIC too could >> have LI powers. >> >> As I point out in my latest PJCIS submission, >> >> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789&subId=666483 >> there's a basic difference between Legal Intercept and Exceptional >> Access, where EA you need read/modify/write/delete rights, whereas LI is >> read only. >> >> If you restrict access by the police to read only, a very large chunk of >> the ensuant vulnerabilities go away. Further, the amount of damage the >> police can do on a magical mystery tour of your data centre is contained. >> >> Kind regards >> >> Paul Wilkins >> >> >> On Thu, 24 Jan 2019 at 13:27, Robert Hudson <hud...@gmail.com> wrote: >> >>> The government said they'd consider them, not that they'd implement them. >>> >>> I have very little faith at all that without significant pressure being >>> brought to bear, that the government response would be anything more than >>> "we consider them, and decided no, we're happy as we are". >>> >>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins <paulwilkins...@gmail.com> >>> wrote: >>> >>>> Labor's amendments haven't been forgotten, and will have to be dealt >>>> with eventually, when the time comes for the PJCIS to table their April >>>> recommendations. >>>> >>>> Noone is forgetting that the Act was passed as an interim measure, to >>>> allow law enforcement to deal with the Christmas break with new powers. It >>>> would be a serious breach of faith for the government to renege on the >>>> outstanding amendments. >>>> >>>> Kind regards >>>> >>>> Paul Wilkins >>>> >>>> >>>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan <miche...@sorbs.net> >>>> wrote: >>>> >>>>> Paul Wilkins wrote: >>>>> > Obviously this has been in limbo over the Christmas break. There's 2 >>>>> > really important issues, on hold because of this. >>>>> > >>>>> > 1 - When or if the PJCIS will call for public comment on the Act as >>>>> > passed. >>>>> > >>>>> > 2 - The appearance of the Labor amendments. >>>>> > >>>>> > So we probably won't see any developments until Parliament resumes >>>>> > 12th February. >>>>> >>>>> I'll lay money there will be no amendments (passed), there will be an >>>>> attempt to force Apple etc to write in a weakness which will be >>>>> challenged. There will be many people that will not update their >>>>> iOS/Andriod anytime soon. Personally I stopped updating the moment >>>>> this >>>>> bill was passed - particularly as there is at least one Apple update >>>>> that stated, "No bug/security fixes"... >>>>> >>>>> What you will most likely find (and the idiots over in the ACT >>>>> haven;'t >>>>> worked it out yet) is that the terrorists have some very smart people >>>>> "working" for them and they probably already jailbreak their phones >>>>> and >>>>> install their own messaging software on it.. (not that you need to >>>>> jailbreak when you can use the 'team' functionality in xcode to >>>>> install >>>>> non apple approved apps on your phone.) >>>>> >>>>> Of course the highly amusing part is how easy it is to plugin to >>>>> online >>>>> services and how easy it is to run your own asymmetric cryptography... >>>>> I >>>>> suspect it would be trivial to put your own encryption over the top of >>>>> any of those services/apps that allow such (and some already do - >>>>> recently came across a plugin to the mailapp that has a custom >>>>> encryption/decryption mechanism which is used by a bank for secure >>>>> messaging. This means as posted elsewhere any interception would have >>>>> to be by screen capture and keyboard interception on the device, which >>>>> I >>>>> personally would immediately class as a systemic weakness because if I >>>>> were doing it i'd be cut/pasting messages into my own non-internet >>>>> connected app for encryption/decryption so you can capture what you >>>>> want >>>>> off imessage, facebook messenger etc... you'd still be getting >>>>> encrypted >>>>> blocks of data.. and if you capture everything you have online banking >>>>> passwords and everything else that goes with that and there one thinks >>>>> about who else can see the captures.... >>>>> >>>>> This is what you get when you have people in charge that have interest >>>>> in obtaining data they are not entitled to. >>>>> >>>>> At least the Queensland police will not get voice recorded giving out >>>>> new locations to abusive ex-husbands, now they can protect themselves >>>>> by >>>>> just accessing the phone of the wife in hiding.. >>>>> >>>>> ... anyone seen my foil hat today I seem to have misplaced it....? :P >>>>> >>>>> -- >>>>> Michelle Sullivan >>>>> http://www.mhix.org/ >>>>> >>>>> _______________________________________________ >>>>> AusNOG mailing list >>>>> AusNOG@lists.ausnog.net >>>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>>> >>>> _______________________________________________ >>>> AusNOG mailing list >>>> AusNOG@lists.ausnog.net >>>> http://lists.ausnog.net/mailman/listinfo/ausnog >>>> >>> _______________________________________________ > AusNOG mailing list > AusNOG@lists.ausnog.net > http://lists.ausnog.net/mailman/listinfo/ausnog >
_______________________________________________ AusNOG mailing list AusNOG@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog