Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Phil Memery]

https://www.abc.net.au/news/justin/

"

 *
   Breaking news
   Prime Minister Scott Morrison proposes new laws to make it easier to
   strip Australian citizenship from people convicted of terrorism offences

"

I saw the live on ABC news event. Scomo insisted on the Access Bill 
being passed within the next 2 sitting weeks.


I guess the Video of the press conf will make to the Internet soon...


On 22/11/18 2:34 pm, Paul Wilkins wrote:

/"it's going to our government"/
/
/
Well actually no. Not since Wentworth. The government can't pass bills 
without either Labor or the cross benchers, so it's highly risorous 
the Home Affairs Minister thinks this an opportune time to give the 
PJCIS the hurry along./

/

He also presents himself and department as unanswerable to the PJCHR, 
who go to volumes in their criticisms./

/

On Thu, 22 Nov 2018 at 10:43, Bradley Silverman 
mailto:bsilver...@staff.ventraip.com>> 
wrote:


/"no thinking person" - /That's the problem, it's not going to
thinking people, it's going to our government...
VentraIP Australia logo 

*Bradley Silverman
*Technical Operations \\ VentraIP Australia
*M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au




On Thu, Nov 22, 2018 at 10:17 AM Paul Wilkins
mailto:paulwilkins...@gmail.com>> wrote:

I can't agree that whether the Bill passes at this stage comes
down to simple numbers along party lines.

1 - The Bill is simply too far reaching in consequences for
parliament to wave it through. With power comes
responsibility. The Bill is attracting huge condemnation
internationally, and those supporting the Bill risk looking
like chumps. It's a bit like global warming, no one who knows
what they're talking about thinks this is a good idea.

2 - The Department for Home Affairs put this Bill together,
and Dutton arrived at the tail end of the process. Although he
might like to distance himself from the legislation, the buck
ultimately stops with him as he introduced and commended the
Bill to the House.

3 - The Bill is more Trumpist than Liberal. Even if it's bad
law and bad for Liberal Democracy, it's good politics for the
Liberal Trumpists.

4 - If Labor knocks it back in the Lower House, I can't see it
getting through without some sort of deal being struck with
one of the cross benchers. Because no thinking person sees
this Bill as a good move, there will be no Lower House deal
without a serious quid pro quo. Then there would need to be
another deal in the Upper House, with differently aligned
cross benchers.

Kind regards

Paul Wilkins


On Wed, 21 Nov 2018 at 22:44, Bryan O'Reilly
mailto:br...@telcoindependent.com.au>> wrote:

Hi Paul,

I’m looking forward to your Lunchtime Lecture next week on
this topic!

Kind regards,

Bryan O'Reilly
Founder - Telco Independent Consulting
www.telcoindependent.com.au


0419 632 098

30+ years experience to provide YOUR business with
independent advice.

FaceBook; https://www.facebook.com/TelcoIndependent/

LinkedIN; https://www.linkedin.com/in/bryanoreilly/

rsz_rsz_1rsz_screen_shot_2016-11-03_at_33423_pm

Important:
This message may contain confidential or privileged
information. If you are not the intended recipient of this
message, you must not take any action based on the
contents herein, except to advise us of the error and
destroy the message.

Any documents or other information that may be in this
email is copyright © Telco Independent Consulting 2018.

*From:*AusNOG mailto:ausnog-boun...@lists.ausnog.net>> *On Behalf Of
*Paul Brooks
*Sent:* Wednesday, 21 November 2018 5:18 PM
*To:* ausnog@lists.ausnog.net 
*Subject:* Re: [AusNOG] Assistance and Access Bill moves
to PJCIS

Thanks Rob.
In the latest, Dutton wants to speed up the Bill and have
it passed "next week", and has apparently asked the PJCIS
to cut short its evaluation, according to reporting of an
interview on Sky News.

Dutton tries to speed up encryption bill



(Point of clarification - that bit about smart and dumb
criminals was while trying to explain the difference
between a system having a capability that can be used by
the operator to 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

*"it's going to our government"*

Well actually no. Not since Wentworth. The government can't pass bills
without either Labor or the cross benchers, so it's highly risorous the
Home Affairs Minister thinks this an opportune time to give the PJCIS the
hurry along.

He also presents himself and department as unanswerable to the PJCHR, who
go to volumes in their criticisms.

On Thu, 22 Nov 2018 at 10:43, Bradley Silverman <
bsilver...@staff.ventraip.com> wrote:

> *"no thinking person" - *That's the problem, it's not going to thinking
> people, it's going to our government...
> [image: VentraIP Australia logo]
>
>
> *Bradley Silverman*Technical Operations \\ VentraIP Australia
> *M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au
>
>
> On Thu, Nov 22, 2018 at 10:17 AM Paul Wilkins 
> wrote:
>
>> I can't agree that whether the Bill passes at this stage comes down to
>> simple numbers along party lines.
>>
>> 1 - The Bill is simply too far reaching in consequences for parliament to
>> wave it through. With power comes responsibility. The Bill is attracting
>> huge condemnation internationally, and those supporting the Bill risk
>> looking like chumps. It's a bit like global warming, no one who knows what
>> they're talking about thinks this is a good idea.
>>
>> 2 - The Department for Home Affairs put this Bill together, and Dutton
>> arrived at the tail end of the process. Although he might like to distance
>> himself from the legislation, the buck ultimately stops with him as he
>> introduced and commended the Bill to the House.
>>
>> 3 - The Bill is more Trumpist than Liberal. Even if it's bad law and bad
>> for Liberal Democracy, it's good politics for the Liberal Trumpists.
>>
>> 4 - If Labor knocks it back in the Lower House, I can't see it getting
>> through without some sort of deal being struck with one of the cross
>> benchers. Because no thinking person sees this Bill as a good move, there
>> will be no Lower House deal without a serious quid pro quo. Then there
>> would need to be another deal in the Upper House, with differently aligned
>> cross benchers.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Wed, 21 Nov 2018 at 22:44, Bryan O'Reilly <
>> br...@telcoindependent.com.au> wrote:
>>
>>> Hi Paul,
>>>
>>>
>>>
>>> I’m looking forward to your Lunchtime Lecture next week on this topic!
>>>
>>>
>>>
>>> Kind regards,
>>>
>>> Bryan O'Reilly
>>> Founder - Telco Independent Consulting
>>> www.telcoindependent.com.au
>>>
>>> 0419 632 098
>>>
>>> 30+ years experience to provide YOUR business with independent advice.
>>>
>>>
>>>
>>> FaceBook; https://www.facebook.com/TelcoIndependent/
>>>
>>> LinkedIN; https://www.linkedin.com/in/bryanoreilly/
>>>
>>>
>>>
>>> [image: rsz_rsz_1rsz_screen_shot_2016-11-03_at_33423_pm]
>>>
>>>
>>>
>>> Important:
>>> This message may contain confidential or privileged information. If you
>>> are not the intended recipient of this message, you must not take any
>>> action based on the contents herein, except to advise us of the error and
>>> destroy the message.
>>>
>>> Any documents or other information that may be in this email is
>>> copyright © Telco Independent Consulting 2018.
>>>
>>>
>>>
>>>
>>>
>>> *From:* AusNOG  *On Behalf Of *Paul
>>> Brooks
>>> *Sent:* Wednesday, 21 November 2018 5:18 PM
>>> *To:* ausnog@lists.ausnog.net
>>> *Subject:* Re: [AusNOG] Assistance and Access Bill moves to PJCIS
>>>
>>>
>>>
>>> Thanks Rob.
>>> In the latest, Dutton wants to speed up the Bill and have it passed
>>> "next week", and has apparently asked the PJCIS to cut short its
>>> evaluation, according to reporting of an interview on Sky News.
>>>
>>> Dutton tries to speed up encryption bill
>>> 
>>>
>>> (Point of clarification - that bit about smart and dumb criminals was
>>> while trying to explain the difference between a system having a capability
>>> that can be used by the operator to implement a "act or thing", and an
>>> operator actually using that capability in a particular instance against a
>>> particular target - and that the existence of the capability isn't and
>>> shouldn't be secret, even if the actual use in response to a warrant was
>>> still kept a secret.  That distinction has been difficult for the committee
>>> to understand without a simple illustration.)
>>>
>>>
>>> Paul.
>>>
>>>
>>> On 21/11/2018 2:00 PM, Robert Hudson wrote:
>>>
>>> (Not necessarily a direct response to Paul's email, just additional data
>>> for the thread).
>>>
>>>
>>>
>>> Traditional media are starting to pick this up, and they're just
>>> parroting the govt position. Macquarie Radio news at 8am ran a story on it
>>> this morning, and it was all about Dutton saying he wants the legislation
>>> passed quickly so they can catch more terrorists.
>>>
>>>
>>>
>>> Other than the point well made by Paul Brooks that the only criminals
>>> who will be caught by this are the dumb ones (there was a link made 

Re: [AusNOG] "How China diverts, then spies on Australia's internet traffic"

[Mark Smith]

On Thu, 22 Nov 2018 at 09:03, Ken Sayers  wrote:
>
> This was discussed some time ago from a North American perspective in this 
> article.
> As I have said for years, "The internet was created in an age in innocence". 
> As a result, the basic architecture of the network is open to exploitation.

I don't think the early Internet designers were innocent. The story
from Vint Cerf is that the NSA and friends prevented the use of
information security technology like cryptography.

"Vint Cerf wanted to make internet secure from the start, but secrecy
prevented it"
https://www.theregister.co.uk/2014/04/07/internet_inception_security_vint_cerf_google_hangout/


The 1974 paper on TCP (before it was split into TCP/IP, and before it
had 32 bit addresses) by Vint Cerf and Bob Kahn, briefly mentions the
use of encryption.

"A Protocol for Packet Network Intercommunication",
https://www.cs.princeton.edu/courses/archive/fall06/cos561/papers/cerf74.pdf


Internet Engineering Notes (IENs) are early documents that were
sometimes written in parallel with early RFCs and then were eventually
replaced by RFCs. (If you get a full copy of the RFC archive, you'll
get an 'ien' directory containing the IENs). Digging through those can
tell a bit of Internet/ARPANET development history.

The earliest IEN where the term 'encrypt' occurs is IEN12, from March 1977,

"Issues in Reliable Host-to-Host Protocols"
https://www.rfc-editor.org/ien/ien12.txt

Of the around 200 IENs, the term 'encrypt' occurs more than once in 3 of them.

 16 ien113.txt, August 1980
 15 ien85.txt, March 1979
  3 ien32.txt, April 28, 1978


The earliest RFC that the term 'encrypt' occurs in is RFC610, from
December 1973.

"Further Datalanguage Design Concepts", Richard Winter, Jeffrey Hill,
Warren Greiff
https://www.rfc-editor.org/rfc/rfc610.txt


Of the first 1000 RFCs, 'encrypt' occurs more than once in a number of them.

 82 rfc989.txt
 44 rfc841.txt
 43 rfc806.txt
 16 rfc759.txt
 15 rfc753.txt
 11 rfc822.txt
  5 rfc942.txt
  3 rfc987.txt
  2 rfc999.txt
  2 rfc874.txt

It appearing a lot in RFC989 isn't a surprise -

"Privacy Enhancement for Internet Electronic Mail: Part I: Message
Encipherment and Authentication Procedures", February 1987
https://www.rfc-editor.org/rfc/rfc989.txt

One RFC that does stick out in the above list is RFC822, the SMTP
standard RFC. So SMTP was expected to support encryption from its
earliest days.

> Let's all go back to the OSI Stack!!

I don't think that would really solve anything.

Radia Perlman has said that the ISO networking standards are just ISO
versions of the Internet protocols with tweaks.

For example, "3.3.  Overview of IDRP (ISO/IEC 10747)" is a functional
description of BGP, with different, more generic (ISOfied) entity
names.

https://tools.ietf.org/html/rfc1629#section-3.3


Regards,
Mark.

> Regards Ken Sayers
>
> -
> Ken Sayers Tel: +61 414 384 010
>
>
> On Wed, 21 Nov 2018 at 17:38, Christian Heinrich 
>  wrote:
>>
>> Has anyone observed
>> https://www.smh.com.au/technology/how-china-diverts-then-spies-on-australia-s-internet-traffic-20181120-p50h80.html
>> or not?
>>
>> --
>> Regards,
>> Christian Heinrich
>>
>> http://cmlh.id.au/contact
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Bradley Silverman]

*"no thinking person" - *That's the problem, it's not going to thinking
people, it's going to our government...
[image: VentraIP Australia logo]


*Bradley Silverman*Technical Operations \\ VentraIP Australia
*M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au


On Thu, Nov 22, 2018 at 10:17 AM Paul Wilkins 
wrote:

> I can't agree that whether the Bill passes at this stage comes down to
> simple numbers along party lines.
>
> 1 - The Bill is simply too far reaching in consequences for parliament to
> wave it through. With power comes responsibility. The Bill is attracting
> huge condemnation internationally, and those supporting the Bill risk
> looking like chumps. It's a bit like global warming, no one who knows what
> they're talking about thinks this is a good idea.
>
> 2 - The Department for Home Affairs put this Bill together, and Dutton
> arrived at the tail end of the process. Although he might like to distance
> himself from the legislation, the buck ultimately stops with him as he
> introduced and commended the Bill to the House.
>
> 3 - The Bill is more Trumpist than Liberal. Even if it's bad law and bad
> for Liberal Democracy, it's good politics for the Liberal Trumpists.
>
> 4 - If Labor knocks it back in the Lower House, I can't see it getting
> through without some sort of deal being struck with one of the cross
> benchers. Because no thinking person sees this Bill as a good move, there
> will be no Lower House deal without a serious quid pro quo. Then there
> would need to be another deal in the Upper House, with differently aligned
> cross benchers.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Wed, 21 Nov 2018 at 22:44, Bryan O'Reilly <
> br...@telcoindependent.com.au> wrote:
>
>> Hi Paul,
>>
>>
>>
>> I’m looking forward to your Lunchtime Lecture next week on this topic!
>>
>>
>>
>> Kind regards,
>>
>> Bryan O'Reilly
>> Founder - Telco Independent Consulting
>> www.telcoindependent.com.au
>>
>> 0419 632 098
>>
>> 30+ years experience to provide YOUR business with independent advice.
>>
>>
>>
>> FaceBook; https://www.facebook.com/TelcoIndependent/
>>
>> LinkedIN; https://www.linkedin.com/in/bryanoreilly/
>>
>>
>>
>> [image: rsz_rsz_1rsz_screen_shot_2016-11-03_at_33423_pm]
>>
>>
>>
>> Important:
>> This message may contain confidential or privileged information. If you
>> are not the intended recipient of this message, you must not take any
>> action based on the contents herein, except to advise us of the error and
>> destroy the message.
>>
>> Any documents or other information that may be in this email is copyright
>> © Telco Independent Consulting 2018.
>>
>>
>>
>>
>>
>> *From:* AusNOG  *On Behalf Of *Paul
>> Brooks
>> *Sent:* Wednesday, 21 November 2018 5:18 PM
>> *To:* ausnog@lists.ausnog.net
>> *Subject:* Re: [AusNOG] Assistance and Access Bill moves to PJCIS
>>
>>
>>
>> Thanks Rob.
>> In the latest, Dutton wants to speed up the Bill and have it passed "next
>> week", and has apparently asked the PJCIS to cut short its evaluation,
>> according to reporting of an interview on Sky News.
>>
>> Dutton tries to speed up encryption bill
>> 
>>
>> (Point of clarification - that bit about smart and dumb criminals was
>> while trying to explain the difference between a system having a capability
>> that can be used by the operator to implement a "act or thing", and an
>> operator actually using that capability in a particular instance against a
>> particular target - and that the existence of the capability isn't and
>> shouldn't be secret, even if the actual use in response to a warrant was
>> still kept a secret.  That distinction has been difficult for the committee
>> to understand without a simple illustration.)
>>
>>
>> Paul.
>>
>>
>> On 21/11/2018 2:00 PM, Robert Hudson wrote:
>>
>> (Not necessarily a direct response to Paul's email, just additional data
>> for the thread).
>>
>>
>>
>> Traditional media are starting to pick this up, and they're just
>> parroting the govt position. Macquarie Radio news at 8am ran a story on it
>> this morning, and it was all about Dutton saying he wants the legislation
>> passed quickly so they can catch more terrorists.
>>
>>
>>
>> Other than the point well made by Paul Brooks that the only criminals who
>> will be caught by this are the dumb ones (there was a link made between
>> this proposed legislation and three potential terrorists were were arrested
>> - without this legislation in place), and the smarter criminals (ie those
>> capable of tieing their own shoe laces) will simply use software that is
>> not subject to the legislation, there is an extension - to break the
>> encryption WILL involve creating vulnerabilities (there's simply no way
>> around this), and those vulnerabilities will then be available for
>> criminals (the bar may be higher than shoelaces, maybe they can button
>> their own shirts as well) to exploit and compromise data that is
>> 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

I can't agree that whether the Bill passes at this stage comes down to
simple numbers along party lines.

1 - The Bill is simply too far reaching in consequences for parliament to
wave it through. With power comes responsibility. The Bill is attracting
huge condemnation internationally, and those supporting the Bill risk
looking like chumps. It's a bit like global warming, no one who knows what
they're talking about thinks this is a good idea.

2 - The Department for Home Affairs put this Bill together, and Dutton
arrived at the tail end of the process. Although he might like to distance
himself from the legislation, the buck ultimately stops with him as he
introduced and commended the Bill to the House.

3 - The Bill is more Trumpist than Liberal. Even if it's bad law and bad
for Liberal Democracy, it's good politics for the Liberal Trumpists.

4 - If Labor knocks it back in the Lower House, I can't see it getting
through without some sort of deal being struck with one of the cross
benchers. Because no thinking person sees this Bill as a good move, there
will be no Lower House deal without a serious quid pro quo. Then there
would need to be another deal in the Upper House, with differently aligned
cross benchers.

Kind regards

Paul Wilkins


On Wed, 21 Nov 2018 at 22:44, Bryan O'Reilly 
wrote:

> Hi Paul,
>
>
>
> I’m looking forward to your Lunchtime Lecture next week on this topic!
>
>
>
> Kind regards,
>
> Bryan O'Reilly
> Founder - Telco Independent Consulting
> www.telcoindependent.com.au
>
> 0419 632 098
>
> 30+ years experience to provide YOUR business with independent advice.
>
>
>
> FaceBook; https://www.facebook.com/TelcoIndependent/
>
> LinkedIN; https://www.linkedin.com/in/bryanoreilly/
>
>
>
> [image: rsz_rsz_1rsz_screen_shot_2016-11-03_at_33423_pm]
>
>
>
> Important:
> This message may contain confidential or privileged information. If you
> are not the intended recipient of this message, you must not take any
> action based on the contents herein, except to advise us of the error and
> destroy the message.
>
> Any documents or other information that may be in this email is copyright
> © Telco Independent Consulting 2018.
>
>
>
>
>
> *From:* AusNOG  *On Behalf Of *Paul
> Brooks
> *Sent:* Wednesday, 21 November 2018 5:18 PM
> *To:* ausnog@lists.ausnog.net
> *Subject:* Re: [AusNOG] Assistance and Access Bill moves to PJCIS
>
>
>
> Thanks Rob.
> In the latest, Dutton wants to speed up the Bill and have it passed "next
> week", and has apparently asked the PJCIS to cut short its evaluation,
> according to reporting of an interview on Sky News.
>
> Dutton tries to speed up encryption bill
> 
>
> (Point of clarification - that bit about smart and dumb criminals was
> while trying to explain the difference between a system having a capability
> that can be used by the operator to implement a "act or thing", and an
> operator actually using that capability in a particular instance against a
> particular target - and that the existence of the capability isn't and
> shouldn't be secret, even if the actual use in response to a warrant was
> still kept a secret.  That distinction has been difficult for the committee
> to understand without a simple illustration.)
>
>
> Paul.
>
>
> On 21/11/2018 2:00 PM, Robert Hudson wrote:
>
> (Not necessarily a direct response to Paul's email, just additional data
> for the thread).
>
>
>
> Traditional media are starting to pick this up, and they're just parroting
> the govt position. Macquarie Radio news at 8am ran a story on it this
> morning, and it was all about Dutton saying he wants the legislation passed
> quickly so they can catch more terrorists.
>
>
>
> Other than the point well made by Paul Brooks that the only criminals who
> will be caught by this are the dumb ones (there was a link made between
> this proposed legislation and three potential terrorists were were arrested
> - without this legislation in place), and the smarter criminals (ie those
> capable of tieing their own shoe laces) will simply use software that is
> not subject to the legislation, there is an extension - to break the
> encryption WILL involve creating vulnerabilities (there's simply no way
> around this), and those vulnerabilities will then be available for
> criminals (the bar may be higher than shoelaces, maybe they can button
> their own shirts as well) to exploit and compromise data that is
> legitimately encrypted.
>
>
>
> In summary - there is no upside to this proposed legislation as far as
> encryption goes, and there is a significant potential downside.
>
>
>
> It cannot be allowed to pass.
>
>
>
> On Wed, 21 Nov. 2018, 12:09 pm Paul Wilkins  wrote:
>
> I'm wondering when the other shoe will drop that the Bill enables mass
> collection and analysis of metadata without any further legislation needed.
> Or the implications that metadata from multiple sources (phone
> towers/CCTV/Social Media), 

Re: [AusNOG] "How China diverts, then spies on Australia's internet traffic"

[Ken Sayers]

This was discussed some time ago from a North American perspective in this

article.
As I have said for years, "The internet was created in an age in
innocence". As a result, the basic architecture of the network is open to
exploitation.
Let's all go back to the OSI Stack!!
Regards Ken Sayers

-
Ken Sayers Tel: +61 414 384 010


On Wed, 21 Nov 2018 at 17:38, Christian Heinrich <
christian.heinr...@cmlh.id.au> wrote:

> Has anyone observed
>
> https://www.smh.com.au/technology/how-china-diverts-then-spies-on-australia-s-internet-traffic-20181120-p50h80.html
> or not?
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] "How China diverts, then spies on Australia's internet traffic"

[Mark Prior]

On 21/11/18 18:24, Paul Brooks wrote:

On 21/11/2018 5:42 PM, Grahame Lynch wrote:
How much of this is "hijacking" and how much is just "least cost 
routing"? It is really hard to tell.
Its not 'least cost routing', BGP doesn't work like that, unless the 
target networks really were customers of China Telecom, or 
customers-of-a-customer.
China Telecom must have started advertising that those networks were 
reachable, and then stopped advertising, for the traffic to be sent into 
their network in the first place.




Mark.

___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] "How China diverts, then spies on Australia's internet traffic"

[Grahame Lynch]

Paul my comments were prompted by this discussion on reddit. The report
authors haven't established that all the routing they described was a
hijack, they just assume it because it was a longer route.

https://www.reddit.com/r/netsec/comments/9rlehd/chinese_telecom_performing_bgp_hijacking/

On Wed, 21 Nov 2018 at 18:55, Paul Brooks 
wrote:

> On 21/11/2018 5:42 PM, Grahame Lynch wrote:
>
> How much of this is "hijacking" and how much is just "least cost routing"?
> It is really hard to tell.
>
> Its not 'least cost routing', BGP doesn't work like that, unless the
> target networks really were customers of China Telecom, or
> customers-of-a-customer.
> China Telecom must have started advertising that those networks were
> reachable, and then stopped advertising, for the traffic to be sent into
> their network in the first place.
>
> This can happen by accident/incompetence/error, although that usually
> results in the affected site being blackholed - thats what happened with
> the Telstra BGP hijack of prefixes recently.  In this 'diversion' case the
> traffic is being rerouted and eventually finding its way back out of the
> network and forwarded to the original destination - that is more difficult
> to make happen by accident.
>
> Its arguably laziness on the part of the other networks that China Telecom
> interconnects BGP with - peers, upstreams, and customers - although to be
> fair the various proposals for validating BGP route advertising permissions
> is not widely deployed and still being developed.
>
> Most ISPs filter BGP routing advertisements from customers, but very few
> filter route advertisements from upstreams and peers.
> Securing BGP is a hot topic in recent years, but is taking a long long
> time to get critical mass.
>
> Everyone running BGP-4 should take a look at:
>
>- MANRS (Mutually Agreed Norms for Routing Security -
>https://www.internetsociety.org/issues/manrs)
>- RFC7454 = BCP-194 - BGP Operations and Security -
>https://tools.ietf.org/html/rfc7454
>- NIST "Protecting the Integrity of Internet Routing: Border Gateway
>Protocol (BGP) Route Origin Validation",
>https://csrc.nist.gov/publications/detail/sp/1800-14/draft
>
> ...and plan to implement RPKI for all your routes.
>
> Paul.
>
>
> On Wed, 21 Nov 2018 at 17:38, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
>
>> Has anyone observed
>>
>> https://www.smh.com.au/technology/how-china-diverts-then-spies-on-australia-s-internet-traffic-20181120-p50h80.html
>> or not?
>>
>> --
>> Regards,
>> Christian Heinrich
>>
>> http://cmlh.id.au/contact
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> ___
> AusNOG mailing 
> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Bryan O'Reilly]

Hi Paul,

 

I’m looking forward to your Lunchtime Lecture next week on this topic!

 

Kind regards,

Bryan O'Reilly
Founder - Telco Independent Consulting
www.telcoindependent.com.au  

0419 632 098

30+ years experience to provide YOUR business with independent advice.

 

FaceBook; https://www.facebook.com/TelcoIndependent/

LinkedIN; https://www.linkedin.com/in/bryanoreilly/

 



 

Important:
This message may contain confidential or privileged information. If you are not 
the intended recipient of this message, you must not take any action based on 
the contents herein, except to advise us of the error and destroy the message. 

Any documents or other information that may be in this email is copyright © 
Telco Independent Consulting 2018.

 

 

From: AusNOG  On Behalf Of Paul Brooks
Sent: Wednesday, 21 November 2018 5:18 PM
To: ausnog@lists.ausnog.net
Subject: Re: [AusNOG] Assistance and Access Bill moves to PJCIS

 

Thanks Rob. 
In the latest, Dutton wants to speed up the Bill and have it passed "next 
week", and has apparently asked the PJCIS to cut short its evaluation, 
according to reporting of an interview on Sky News.

Dutton tries to speed up encryption bill 

 

(Point of clarification - that bit about smart and dumb criminals was while 
trying to explain the difference between a system having a capability that can 
be used by the operator to implement a "act or thing", and an operator actually 
using that capability in a particular instance against a particular target - 
and that the existence of the capability isn't and shouldn't be secret, even if 
the actual use in response to a warrant was still kept a secret.  That 
distinction has been difficult for the committee to understand without a simple 
illustration.)


Paul.


On 21/11/2018 2:00 PM, Robert Hudson wrote:

(Not necessarily a direct response to Paul's email, just additional data for 
the thread). 

 

Traditional media are starting to pick this up, and they're just parroting the 
govt position. Macquarie Radio news at 8am ran a story on it this morning, and 
it was all about Dutton saying he wants the legislation passed quickly so they 
can catch more terrorists.

 

Other than the point well made by Paul Brooks that the only criminals who will 
be caught by this are the dumb ones (there was a link made between this 
proposed legislation and three potential terrorists were were arrested - 
without this legislation in place), and the smarter criminals (ie those capable 
of tieing their own shoe laces) will simply use software that is not subject to 
the legislation, there is an extension - to break the encryption WILL involve 
creating vulnerabilities (there's simply no way around this), and those 
vulnerabilities will then be available for criminals (the bar may be higher 
than shoelaces, maybe they can button their own shirts as well) to exploit and 
compromise data that is legitimately encrypted.

 

In summary - there is no upside to this proposed legislation as far as 
encryption goes, and there is a significant potential downside.

 

It cannot be allowed to pass.

 

On Wed, 21 Nov. 2018, 12:09 pm Paul Wilkins mailto:paulwilkins...@gmail.com>  wrote:

I'm wondering when the other shoe will drop that the Bill enables mass 
collection and analysis of metadata without any further legislation needed. Or 
the implications that metadata from multiple sources (phone towers/CCTV/Social 
Media), lays the foundations for the establishment of the machinery of a police 
state. Of course, this will make prosecution of crime straightforward (the 
police will only need to correlate crime against a database of the public's 
electronic fingerprints). However, such powerful machinery can be used for 
oppressive purposes, and the Bill is absent the checks and balances consistent 
with the traditions and institutions of Liberal Democracy.
 
If one were cynical you might think the Bill's outrageous overreach is 
deliberate, a Trumpist ploy to enrage the unthinking. And when we see critics 
of the Bill slandered for being weak on terrorism, maybe not so wide of the 
mark or so cynical.

Kind regards

Paul Wilkins

 

On Wed, 21 Nov 2018 at 04:15, Scott Weeks mailto:sur...@mauigateway.com> > wrote:



On Tue, 20 Nov 2018 at 18:12, Christian Heinrich
mailto:christian.heinr...@cmlh.id.au> > wrote:
> https://www.news.com.au/national/victoria/news/victoria-police-arrest-three-people-allegedly-planning-a-terror-attack-in-melbourne/news-story/e6a92273b37dce750937e1e0f86a7dcd
> has quoted Mr Dutton on WhatsApp again but from my reading WhatsApp
> was not used in this specific case?

This has now been alleged within
https://www.news.com.au/technology/gadgets/mobile-phones/unacceptable-risk-the-secret-way-terrorists-and-criminals-are-communicating/news-story/731ca32e7432601d6b3ce5ca4f34bf80

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Brooks]

On 21/11/2018 6:33 PM, Robert Hudson wrote:
> I sent an email to my local (LNP) MP, who forwarded it to Dutton, who sent a 
> letter
> back on lovely heavy paper stock.
>
> Dutton of course completely missed the point, not least of all because he 
> wants to
> miss the point as it is inconvenient for his agenda).

Its a reasonable start, and good on you for writing the letter - Dutton of 
course will
feel that you are completely missing the point, because you're both arguing 
different
points.

The important thing is that, if this thing is pushed back into Parliament, its 
the
lower house MPs and Upper House Senators that will be voting on this, and 
probably
voting along party lines. Neither you, now I, or anybody else on this list gets 
to
participate in that vote.

Minister Dutton is unlikely to change his mind, no matter how many people write 
to him
- in his mind he's doing this to protect the people, and anyone thinking thats 
a poor
idea must be against protecting the people. Also, now its a matter of pride and
personal embarrassment if he was to back down now - so that is unlikely to 
happen,
even if you manage to shake his private conviction that its all for the greater 
good.

To influence that vote, letters and briefings to other MPs and senators on all 
sides,
to work to influence each major Party (and the independents) view of the Bill 
is more
likely to have an effect on the voting numbers.

And FWIW, I've found arguments that lean towards demonstrating the measures are
impractical, infeasible, risky, or likely to cause embarassment tend to be more
powerful than arguments leaning on philosophy - arguments like "you shouldn't 
even be
wanting to do this because we're a liberal democracy" aren't likely to wash as 
much as
'if thats what you're trying to achieve, doing like that won't work or is very 
risky
because...'

Paul.

>
> If anyone wants a scanned copy (could be useful for determining a point of 
> weakness
> in the argument he and DOHA are pushing, I'm happy to share.
>
> On Wed, 21 Nov. 2018, 5:18 pm Paul Brooks   wrote:
>
> Thanks Rob.
> In the latest, Dutton wants to speed up the Bill and have it passed "next 
> week",
> and has apparently asked the PJCIS to cut short its evaluation, according 
> to
> reporting of an interview on Sky News.
>
> Dutton tries to speed up encryption bill
> 
> 
>
> (Point of clarification - that bit about smart and dumb criminals was 
> while
> trying to explain the difference between a system having a capability 
> that can
> be used by the operator to implement a "act or thing", and an operator 
> actually
> using that capability in a particular instance against a particular 
> target - and
> that the existence of the capability isn't and shouldn't be secret, even 
> if the
> actual use in response to a warrant was still kept a secret.  That 
> distinction
> has been difficult for the committee to understand without a simple 
> illustration.)
>
>
> Paul.
>
>
> On 21/11/2018 2:00 PM, Robert Hudson wrote:
>> (Not necessarily a direct response to Paul's email, just additional data 
>> for
>> the thread).
>>
>> Traditional media are starting to pick this up, and they're just 
>> parroting the
>> govt position. Macquarie Radio news at 8am ran a story on it this 
>> morning, and
>> it was all about Dutton saying he wants the legislation passed quickly 
>> so they
>> can catch more terrorists.
>>
>> Other than the point well made by Paul Brooks that the only criminals 
>> who will
>> be caught by this are the dumb ones (there was a link made between this
>> proposed legislation and three potential terrorists were were arrested -
>> without this legislation in place), and the smarter criminals (ie those 
>> capable
>> of tieing their own shoe laces) will simply use software that is not 
>> subject to
>> the legislation, there is an extension - to break the encryption WILL 
>> involve
>> creating vulnerabilities (there's simply no way around this), and those
>> vulnerabilities will then be available for criminals (the bar may be 
>> higher
>> than shoelaces, maybe they can button their own shirts as well) to 
>> exploit and
>> compromise data that is legitimately encrypted.
>>
>> In summary - there is no upside to this proposed legislation as far as
>> encryption goes, and there is a significant potential downside.
>>
>> It cannot be allowed to pass.
>>
>> On Wed, 21 Nov. 2018, 12:09 pm Paul Wilkins >  wrote:
>>
>> I'm wondering when the other shoe will drop that the Bill enables 
>> mass
>> collection and analysis of metadata without any further legislation 
>> needed.
>> Or the implications that metadata from multiple sources (phone
>>