Re: [AusNOG] Suggestions for security audit

[Paul Wilkins]

Sounds like a job for browser client certificates.

On Wed, 11 Dec 2019 at 15:10, Rhys Hanrahan  wrote:

> Hi All,
>
>
>
> Thanks for all the recommendations, much appreciated. I’ve got a number of
> options to look at now, and lots of discussions to be had.
>
>
>
> Thanks.
>
>
>
> Rhys Hanrahan
> Chief Information Officer
> Nexus One Pty Ltd
>
>
> E: supp...@nexusone.com.au
> P: +61 2 9191 0606
> W: http://www.nexusone.com.au/
> M: PO Box A356 Sydney South, NSW 1235
> A: Level 12 227 Elizabeth St, Sydney NSW 2000
>
> [image: ttp://quintus.nexusone.com.au/~rhys/nexus1-email-sig.jpg]
>
>
>
>
>
> *From: *AusNOG  on behalf of Rhys
> Hanrahan 
> *Date: *Wednesday, 11 December 2019 at 1:27 pm
> *To: *"ausnog@lists.ausnog.net" 
> *Subject: *[AusNOG] Suggestions for security audit
>
>
>
> Hi All,
>
>
>
> Sorry for the noise, but I am looking for some suggestions in terms of a
> security company who can perform an audit/testing, with some sort of
> certification for some new infrastructure we are due to setup. I am hoping
> there’s some people who can give me some off-list replies to point me in
> the right direction in terms of some companies to speak to.
>
>
>
> For some context: We are in the process of providing a dedicated hosting
> setup for a customer who will be hosting a private website. The project is
> due to start in mid-late Janauary and the site itself is only small, but
> the customer’s board is going to require that we provide some level of
> certification or assurance that the infrastructure will be secure. So the
> best way I can see of providing this is an independent review/test of the
> infrastructure. They are coming from an environment that has both ISO 27001
> and SOC 2 compliance, and although I feel this is overkill for the size of
> the project, we do need to give them something.
>
>
>
> Thanks for any recommendations.
>
>
> Rhys Hanrahan
> Chief Information Officer
> Nexus One Pty Ltd
>
>
> E: supp...@nexusone.com.au
> P: +61 2 9191 0606
> W: http://www.nexusone.com.au/
> M: PO Box A356 Sydney South, NSW 1235
> A: Level 12 227 Elizabeth St, Sydney NSW 2000
>
> [image: ttp://quintus.nexusone.com.au/~rhys/nexus1-email-sig.jpg]
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Home Affairs to request Facebook legal intercept

[Paul Wilkins]

Facebook refuses to compromise on privacy, firing back at Australia, US and
UK
<https://www.smh.com.au/politics/federal/facebook-refuses-to-compromise-on-privacy-firing-back-at-australia-us-and-uk-20191210-p53ik7.html>

On Fri, 4 Oct 2019 at 13:42, Paul Wilkins  wrote:

> Presumably Home Affairs will back such request with a TCN.
>
>
> https://www.theguardian.com/technology/2019/oct/03/facebook-surveillance-us-uk-australia-backdoor-encryption
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Smoke and radio performance

[Paul Wilkins]

I imagine the effects are too chaotic to allow anything resembling sensible
data modelling, other than big fires cause greater signal loss over wider
areas than smaller fires (my consulting cheque is in the mail).

However I doubt the effects of fire could be anywhere near the impact or
frequency of a solid downpour, so signal loss will be within expected power
budgets.

Regards

Paul Wilkins

On Tue, 10 Dec 2019 at 17:22, Matt Perkins  wrote:

> Assume your talking LIPD band stuff with low power.  I’m sure there is
> increased attention on the path due to scatter and Increased cross channel
> interference from same. But most commercial licensed systems should have
> sufficiently budged in there power budgets for that.   We have see only
> minimum increase in BER even up in mm wave systems.
>
> Believe it or not the biggest issues with summer the  threat to fixed
> wireless NBN is a thing called tropospheric ducting which often effects NBN
> in Tasmania from southern Victoria. Normally microwave does not go beyond
> the horizon however with specific summer atmospheric conditions systems
> from VHF right up to about 4 ghz can bounce there way where they were not
> planned to be.   It caused a massive NBN outage last year and I’m sure will
> again this year.
>
> Matt
> VK2FLY
>
>
> --
> /* Matt Perkins
>Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>Office 1300 133 299 m...@spectrum.com.au
>Fax1300 133 255 Level 6, 350 George Street Sydney 2000
>   SIP 1300137...@sip.spectrum.com.au
>Google Talk mattaperk...@gmail.com
>PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
> */
>
> > On 10 Dec 2019, at 10:15 am, Narelle Clark  wrote:
> >
> > 
> >
> > Folks
> > Does anyone have any real world measurement data on the performance
> impact from the bushfire smoke on point to point radio throughput?
> >
> > We're seeing a hit on a 5GHz system over the last week or so which seems
> awfully coincidental...
> >
> >
> > Narelle
> >
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

Upcoming Public Hearings
<https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime>

*06 Dec 2019:* Canberra, ACT




On Thu, 19 Sep 2019 at 10:21, Paul Wilkins  wrote:

> NSW Police Force submission #39
> <https://www.aph.gov.au/DocumentStore.ashx?id=75170998-0442-4a5d-823e-3ed3898e44a1=670049>
>
> On Wed, 11 Sep 2019 at 10:51, Paul Wilkins 
> wrote:
>
>>
>> Home affairs unlawfully accessed stored metadata, ombudsman reveals
>> <https://www.theguardian.com/australia-news/2019/sep/11/home-affairs-unlawfully-accessed-stored-metadata-ombudsman-reveals>
>>
>>
>> The home affairs department ordered companies to preserve metadata and
>> used warrants to access it “without proper authority” and twice
>> unlawfully accessed stored communications, according to an ombudsman’s
>> report.
>>
>> In a sequel to the report revealing 116 illegal metadata searches by the
>> ACT police
>> <https://www.theguardian.com/australia-news/2019/jul/23/police-made-illegal-metadata-searches-and-obtained-invalid-warrants-targeting-journalists>,
>> later admitted to number more than 3,000
>> <https://www.theguardian.com/australia-news/2019/jul/26/act-police-admit-unlawfully-accessed-metadata-more-than-3000-times>,
>> the Commonwealth Ombudsman has declared that unlawful access by government
>> agencies has “reduced significantly” since 2016-17.
>>
>> But despite improved compliance, the ombudsman still found a litany of
>> errors between 1 July 2017 and 30 June 2018 such as 31 instances of
>> agencies receiving data outside the parameters of the authority, including
>> 26 at the home affairs department.
>>
>> In 2015 law enforcement agencies gained the power to access individuals’
>> metadata – information about a communication which does not include its
>> content – when investigating certain offences, subject to oversight from
>> the ombudsman.
>>
>> In its latest report, tabled in parliament on Tuesday, the ombudsman
>> concluded that agencies were “generally exercising their powers …
>> appropriately” but highlighted lapses including:...
>>
>> On Tue, 13 Aug 2019 at 15:53, Paul Wilkins 
>> wrote:
>>
>>> I found this rather cryptic observation in the submission
>>> <https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18=668584>
>>> from the Inspector General of Intelligence and Security. It points out
>>> where metadata retained under the Data Retention regime, may be accessed
>>> without a warrant, where the data in question is not content. Such would
>>> obviously be the case where LEAs sought access to metadata datastreams
>>> using a TCN as the enabling authorisation. After due consideration of a
>>> number of other PJCIS submissions, I'm yet more confident than where I
>>> first laid out the case to PJCIS back last November, that a combination of
>>> s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
>>> metadata datastreams without warrant or any judicial or parliamentary
>>> oversite.
>>>
>>> It should also be noted that although the obligations in the
>>> Telecommunications Act 1997 prevent carriers and carriage service providers
>>> from disclosing telecommunications data without a warrant or authorisation
>>> in place, these obligations do not prevent agencies from accessing that
>>> data using other means. Any access by an agency to telecommunications data
>>> that does not require disclosure by a carrier or carriage service provider
>>> would therefore not require a warrant or authorisation, unless it also
>>> involved accessing content or unauthorised access to a computer.
>>>
>>>
>>>
>>> *Access to telecommunications data outside Chapter 4 of the TIA ActThe
>>> Committee may wish to discuss with relevant agencies the extent, if any, to
>>> which telecommunications data is accessed outside the framework provided by
>>> Chapter 4 of the TIA Act.*
>>>
>>> The Australian Information Commissioner's submission
>>> <https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f=668240>
>>>  could
>>> also be regarded as making the case that s280/s313 substantiate warrantless
>>> access to metadata.
>>>
>>> The OAIC recommends that the Committee consider implementing an
>>> enforceable restriction on the agencies that are permitted to access
>>> telecommunications data, noting this was a safeguard 

Re: [AusNOG] Telstra Wi-Fi calling on our network.

[Paul Wilkins]

So I checked the Telstra terms, which states that Wi-Fi Calling *uses WiFi
as a network of last resort*:

https://www.telstra.com.au/support/category/mobiles-tablets/telstra-wi-fi-calling/what-is-telstra-wi-fi-calling

Wi-Fi Calling enables you to make voice calls using a Fixed Broadband Wi-Fi
connection from your compatible Telstra mobile *when you can’t connect to
the mobile network*.

If the OP can establish their case, "*to revert to using Wifi calling even
in the presence of decent signal strength*" then either Telstra needs to
fix the misrepresentation in their T (for which the OP should follow up
with Fair Trading), or, this is deliberate policy to prefer WiFi over
cellular, and the OP should follow up with the ACCC.

Kind regards

Paul Wilkins

On Tue, 15 Oct 2019 at 19:54, Jamie Lovick  wrote:

> Hi,
>
> WiFi calling is a user configurable option. It's available on Optus,
> Vodafone, and Tesltra. The OP's customer is paying the OP for Internet.
> They've entered into a contract for provision of service. They should be
> able to use that service within the terms and conditions.
>
> I don't see why the OP would bother blocking something that a customer
> using their network is paying for.
>
> Jamie
>
> On Tue, 15 Oct 2019 at 5:09 pm, Paul Wilkins 
> wrote:
>
>> Well that is interesting Narelle, however, if it's anticompetitive to
>> discriminately treat packet based VOIP traffic, then it is likewise
>> anticompetetive to cross subsidise your circuit based business by shunting
>> traffic over a competitors' packet based network. What's sauce for the
>> goose etc.
>>
>> Kind regards
>>
>>
>> Paul Wilkins
>>
>> On Tue, 15 Oct 2019 at 14:45, Narelle Clark  wrote:
>>
>>> On Sat, 12 Oct 2019 at 10:14,  wrote:
>>> >
>>> > Also, anyone have any thoughts about what ACL one might put in place
>>> > to block wifi calling if one was of a mind to?
>>>
>>> The last time I had a conversation with the Chair of the ACCC about
>>> deliberately degraded (poor or no performance of) VoIP on other
>>> networks, he wasn't impressed...
>>>
>>> The phrase anti-competitive behaviour was used... an eyebrow was
>>> raised...
>>>
>>> People do notice when SIP, RTP etc stop working on networks, so it
>>> really isn't a good idea.
>>>
>>> That applies to the big players as much as it does to the smaller
>>> ones, btw. If you want to release a new product or service, surely you
>>> *want* to reach their customers too? And you want your customers
>>> happy?
>>>
>>> --
>>>
>>>
>>> Narelle Clark
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> --
> Jamie Lovick <-> IT Consultant <-> AU <-> +61-4-1479-1681
> -> US <-> +1-8018-4-52643 (JAMIE)
> -> FR <-> +33-9-7073-0340
> Doof.org-> Em <-> jalov...@doof.org
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Wi-Fi calling on our network.

[Paul Wilkins]

Well that is interesting Narelle, however, if it's anticompetitive to
discriminately treat packet based VOIP traffic, then it is likewise
anticompetetive to cross subsidise your circuit based business by shunting
traffic over a competitors' packet based network. What's sauce for the
goose etc.

Kind regards

Paul Wilkins

On Tue, 15 Oct 2019 at 14:45, Narelle Clark  wrote:

> On Sat, 12 Oct 2019 at 10:14,  wrote:
> >
> > Also, anyone have any thoughts about what ACL one might put in place
> > to block wifi calling if one was of a mind to?
>
> The last time I had a conversation with the Chair of the ACCC about
> deliberately degraded (poor or no performance of) VoIP on other
> networks, he wasn't impressed...
>
> The phrase anti-competitive behaviour was used... an eyebrow was raised...
>
> People do notice when SIP, RTP etc stop working on networks, so it
> really isn't a good idea.
>
> That applies to the big players as much as it does to the smaller
> ones, btw. If you want to release a new product or service, surely you
> *want* to reach their customers too? And you want your customers
> happy?
>
> --
>
>
> Narelle Clark
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Wi-Fi calling on our network.

[Paul Wilkins]

I think this is a truly complex issue, which as it would require the wisdom
of Solomon  to resolve, probably puts it beyond most people's caring or the
actual extent of the problem. Because it's available to the telcos to argue
it's done to improve service quality, you'd really need to prove that there
existed systematic cost shifting.

But it does raise salient questions of monopoly power. For one thing, it's
not the user that opts for these alternate routes, it's the telco, and
their ability to dictate firmware. This is probably not the kind of
behaviour government policy makers and the ACCC envisage in the role of the
national carrier.

Not only do I think policy makers and the ACCC have bigger fish to fry, but
over time the current distinction between voice and internet traffic may
become less distinct. Which turns on questions of net neutrality, which is
still very much an emerging debate, and realistically will be resolved in
the US, and Australia will have little option but to follow suit. It's the
consequence of being a branch economy, that policy and technical outcomes
are put beyond the reach of national sovereignty.

Kind regards

Paul Wilkins

On Sat, 12 Oct 2019 at 16:42, Bradley Amm  wrote:

> Well if you have your IPWAN in NZ and the internet endpoint in Australia
> you can ;)
>
> Get Outlook for iOS <https://aka.ms/o0ukef>
>
> --
> *From:* AusNOG  on behalf of Matthew
> Moyle-Croft 
> *Sent:* Saturday, October 12, 2019 1:29 pm
> *To:* John Edwards; m...@ozonline.com.au
> *Cc:* AusNOG
> *Subject:* Re: [AusNOG] Telstra Wi-Fi calling on our network.
>
> FYI:
>
> Telstra and Optus do NOT allow WIFI calling while overseas. Which sucks.
> I have US sim that does and it works fine so it’s a business not technical
> decision.
>
> WIFI calling is such a tiny amount of data compared to almost all other
> uses it seems dumb to think about blocking it. Especially when people rely
> so much on mobile and a lot of in-building calling can suck pretty hard.
> (Heck, my multi-AP, Ubiquiti wifi at home gives me better in-home coverage
> than any of the telcos).
>
> MMC
>
> On 12 Oct 2019, at 1:54 pm, John Edwards  wrote:
>
> Every bit of territory that your "sworn competitor" gives up by putting
> call data on your network instead of their private mobile network is
> territory that it may never get back.
>
> Imagine what WiFi calling is doing for International roaming revenue if
> every call now looks like a local origination.
>
> Rejoice in this scenario and encourage a world where a 20 billion dollar
> LTE network or 100 year monopoly are not prerequisites to making
> mobile calls - it's one of the few places where you might get a level
> playing field for telecommunications services.
>
> John
>
>
> On Sat, 12 Oct 2019 at 09:44,  wrote:
>
>> Hi All,
>>
>> So Telstra mobile services increasingly seem to revert to using
>> Wifi calling even in the presence of decent signal strength.
>>
>> If I were a CDN wanting to connect to Telstra IP,
>> they'd charge me for injecting traffic into their network or for transit,
>> and yet Telstra is injecting traffic into our our network to carry
>> some of their cell traffic, without payment or agreement.
>>
>> Now you might say, sure, but we're doing that for our customers not
>> for Telstra. But Telstra themselves will charge CDNs for delivering
>> content
>> to Telstra's customers, something Telstra's end customers are presumably
>> already paying for. So yeah, we know in this industry what is good for the
>> goose is not always good for the gander.
>>
>> Another point, Telstra, who are our sworn competitors, are using our
>> network for Wifi calling to supplement their mobile network. Presumably
>> this use of their competitor's networks reduces their capital investment
>> requirement and supports their revenue stream by raising the
>> quality of their coverage. Hence Telstra's use of their competitor's
>> networks
>> enhances their ability to dominate the industry, again without
>> any kind of settlement to their competitor ISPs.
>>
>> Thoughts?
>>
>> Also, anyone have any thoughts about what ACL one might put in place
>> to block wifi calling if one was of a mind to?
>>
>> Michael
>> Australia On Line.
>>
>>
>>
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Software Defined Routers

[Paul Wilkins]

>> "if performance matters (and it does very much so), why would you be
using *_anything_* virtualised at all..."

Because it's not actually possible to write meaningful SLAs for time
multiplexed services.

At the end of the day I agree with Brad, if you need a performant system
you want resident hardware.

Kind regards

Paul Wilkins

On Fri, 4 Oct 2019 at 21:20, Noel Butler  wrote:

> if performance matters (and it does very much so), why would you be using
> *_anything_* virtualised at all...
>
>
> On 03/10/2019 23:19, Guy Ellis wrote:
>
> Has anyone bothered to evaluate TNSR which I will think replace pfsense
> where performance really matters?
>
> --
>
> Kind Regards,
>
> Noel Butler
> This Email, including any attachments, may contain legally privileged
> information, therefore remains confidential and subject to copyright
> protected under international law. You may not disseminate, discuss, or
> reveal, any part, to anyone, without the authors express written authority
> to do so. If you are not the intended recipient, please notify the sender
> then delete all copies of this message including attachments, immediately.
> Confidentiality, copyright, and legal privilege are not waived or lost by
> reason of the mistaken delivery of this message. Only PDF
> <http://www.adobe.com/> and ODF
> <http://en.wikipedia.org/wiki/OpenDocument> documents accepted, please do
> not send proprietary formatted documents
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Anyone have any ancient Bay 5000/5399's lying around?

[Paul Wilkins]

I'm kind of surprised there isn't more of this, people building their own 2
fact
or authentication services. I'd kind of assumed the obstacle being
negotiating SMPP telco access, leaving it to Google & Microsoft and a few
others who have the market clout to actually get access.

It's super drole that for whatever billions have been invested globally in
internet security products, having a CLID tied to a physical line offers a
level of security that's both physical and out of band, that's unattainable
with SHA/PKI/DH etc up to your eye balls.

The advantage of CLID over SMS being you can make the process hands free
and accessible through a serial port. Offer an accessible way to
authenticate against a CLID, and the business model looks increasingly less
crazy and more something useful to do with your time.

Kind regards

Paul Wilkins

On Fri, 20 Sep 2019 at 21:30, Tom Storey  wrote:

> I did something similar at home a couple of years ago, using some Cisco
> routers, a bunch of BRI/PRI VIC/VWIC/NM modules and an NM-30DM. I got good
> old fasioned "56K" dialup working, but there was so much chatter from
> modern web based services that it was useless for loading websites, and
> even after I shut Chrome down it was still useless so maybe even modern
> OSes are too chatty?
>
> My setup was something like an 1800 with an external dialup modem on the
> AUX port connected to a 3800 with an FXS (or was it FXO, I keep getting
> those two confused) VIC, VWIC'd via E1 over to another 3800 with a PRI NM
> and terminating on the NM-30DM. I'd also attempted to get ISDN working, but
> it seems that the combination of ISDN WIC/V(W)IC cards I used werent
> capable of exchanging data calls.
>
> Maybe my setup wasnt 100% quite right, I got bored after some days of
> debugging failed ISDN data calls and packed it all away. Maybe I'd give it
> another shot if I could figure out how to get ISDN going. :-)
>
>
> On Fri, 20 Sep 2019 at 00:00, Rob Thomas  wrote:
>
>> I was reminiscing on derpbook, and realised that it would be a
>> RIDICULOUSLY insane idea to try to recreate a 56k dialup ISP in 2020.
>> So I'm going to do it.
>>
>> To further this plan, I'm hoping that someone has some old Bay
>> 5000/5399's lying around that they paid megabucks for and are now
>> worth less than nothing, that they want to donate to a good home.
>>
>> If one happens to be in Brisbane, that would be even better, because
>> I'm heading down there for Comicon this weekend, and I could pick it
>> up then!
>>
>> If not, maybe some old Cisco devices? Or whatever those TNT devices
>> were? Something that takes a PRI in one end and makes modem sounds at
>> it, basically.
>>
>> --Rob
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

NSW Police Force submission #39
<https://www.aph.gov.au/DocumentStore.ashx?id=75170998-0442-4a5d-823e-3ed3898e44a1=670049>

On Wed, 11 Sep 2019 at 10:51, Paul Wilkins  wrote:

>
> Home affairs unlawfully accessed stored metadata, ombudsman reveals
> <https://www.theguardian.com/australia-news/2019/sep/11/home-affairs-unlawfully-accessed-stored-metadata-ombudsman-reveals>
>
>
> The home affairs department ordered companies to preserve metadata and
> used warrants to access it “without proper authority” and twice
> unlawfully accessed stored communications, according to an ombudsman’s
> report.
>
> In a sequel to the report revealing 116 illegal metadata searches by the
> ACT police
> <https://www.theguardian.com/australia-news/2019/jul/23/police-made-illegal-metadata-searches-and-obtained-invalid-warrants-targeting-journalists>,
> later admitted to number more than 3,000
> <https://www.theguardian.com/australia-news/2019/jul/26/act-police-admit-unlawfully-accessed-metadata-more-than-3000-times>,
> the Commonwealth Ombudsman has declared that unlawful access by government
> agencies has “reduced significantly” since 2016-17.
>
> But despite improved compliance, the ombudsman still found a litany of
> errors between 1 July 2017 and 30 June 2018 such as 31 instances of
> agencies receiving data outside the parameters of the authority, including
> 26 at the home affairs department.
>
> In 2015 law enforcement agencies gained the power to access individuals’
> metadata – information about a communication which does not include its
> content – when investigating certain offences, subject to oversight from
> the ombudsman.
>
> In its latest report, tabled in parliament on Tuesday, the ombudsman
> concluded that agencies were “generally exercising their powers …
> appropriately” but highlighted lapses including:...
>
> On Tue, 13 Aug 2019 at 15:53, Paul Wilkins 
> wrote:
>
>> I found this rather cryptic observation in the submission
>> <https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18=668584>
>> from the Inspector General of Intelligence and Security. It points out
>> where metadata retained under the Data Retention regime, may be accessed
>> without a warrant, where the data in question is not content. Such would
>> obviously be the case where LEAs sought access to metadata datastreams
>> using a TCN as the enabling authorisation. After due consideration of a
>> number of other PJCIS submissions, I'm yet more confident than where I
>> first laid out the case to PJCIS back last November, that a combination of
>> s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
>> metadata datastreams without warrant or any judicial or parliamentary
>> oversite.
>>
>> It should also be noted that although the obligations in the
>> Telecommunications Act 1997 prevent carriers and carriage service providers
>> from disclosing telecommunications data without a warrant or authorisation
>> in place, these obligations do not prevent agencies from accessing that
>> data using other means. Any access by an agency to telecommunications data
>> that does not require disclosure by a carrier or carriage service provider
>> would therefore not require a warrant or authorisation, unless it also
>> involved accessing content or unauthorised access to a computer.
>>
>>
>>
>> *Access to telecommunications data outside Chapter 4 of the TIA ActThe
>> Committee may wish to discuss with relevant agencies the extent, if any, to
>> which telecommunications data is accessed outside the framework provided by
>> Chapter 4 of the TIA Act.*
>>
>> The Australian Information Commissioner's submission
>> <https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f=668240>
>>  could
>> also be regarded as making the case that s280/s313 substantiate warrantless
>> access to metadata.
>>
>> The OAIC recommends that the Committee consider implementing an
>> enforceable restriction on the agencies that are permitted to access
>> telecommunications data, noting this was a safeguard that provided privacy
>> protections in the absence of more formal mechanisms such as a
>> warrant-based access regime. As the law currently stands, there appears to
>> be mechanisms for accessing telecommunications data outside of the TIA Act
>> that, while permitted, have the practical impact of reducing the
>> effectiveness of safeguards in the TIA Act.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Sat, 27 Jul 2019 at 14:56, Paul Wilkins 
>> wrote:
>>
>&

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

Home affairs unlawfully accessed stored metadata, ombudsman reveals
<https://www.theguardian.com/australia-news/2019/sep/11/home-affairs-unlawfully-accessed-stored-metadata-ombudsman-reveals>


The home affairs department ordered companies to preserve metadata and used
warrants to access it “without proper authority” and twice unlawfully
accessed stored communications, according to an ombudsman’s report.

In a sequel to the report revealing 116 illegal metadata searches by the
ACT police
<https://www.theguardian.com/australia-news/2019/jul/23/police-made-illegal-metadata-searches-and-obtained-invalid-warrants-targeting-journalists>,
later admitted to number more than 3,000
<https://www.theguardian.com/australia-news/2019/jul/26/act-police-admit-unlawfully-accessed-metadata-more-than-3000-times>,
the Commonwealth Ombudsman has declared that unlawful access by government
agencies has “reduced significantly” since 2016-17.

But despite improved compliance, the ombudsman still found a litany of
errors between 1 July 2017 and 30 June 2018 such as 31 instances of
agencies receiving data outside the parameters of the authority, including
26 at the home affairs department.

In 2015 law enforcement agencies gained the power to access individuals’
metadata – information about a communication which does not include its
content – when investigating certain offences, subject to oversight from
the ombudsman.

In its latest report, tabled in parliament on Tuesday, the ombudsman
concluded that agencies were “generally exercising their powers …
appropriately” but highlighted lapses including:...

On Tue, 13 Aug 2019 at 15:53, Paul Wilkins  wrote:

> I found this rather cryptic observation in the submission
> <https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18=668584>
> from the Inspector General of Intelligence and Security. It points out
> where metadata retained under the Data Retention regime, may be accessed
> without a warrant, where the data in question is not content. Such would
> obviously be the case where LEAs sought access to metadata datastreams
> using a TCN as the enabling authorisation. After due consideration of a
> number of other PJCIS submissions, I'm yet more confident than where I
> first laid out the case to PJCIS back last November, that a combination of
> s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
> metadata datastreams without warrant or any judicial or parliamentary
> oversite.
>
> It should also be noted that although the obligations in the
> Telecommunications Act 1997 prevent carriers and carriage service providers
> from disclosing telecommunications data without a warrant or authorisation
> in place, these obligations do not prevent agencies from accessing that
> data using other means. Any access by an agency to telecommunications data
> that does not require disclosure by a carrier or carriage service provider
> would therefore not require a warrant or authorisation, unless it also
> involved accessing content or unauthorised access to a computer.
>
>
>
> *Access to telecommunications data outside Chapter 4 of the TIA ActThe
> Committee may wish to discuss with relevant agencies the extent, if any, to
> which telecommunications data is accessed outside the framework provided by
> Chapter 4 of the TIA Act.*
>
> The Australian Information Commissioner's submission
> <https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f=668240>
>  could
> also be regarded as making the case that s280/s313 substantiate warrantless
> access to metadata.
>
> The OAIC recommends that the Committee consider implementing an
> enforceable restriction on the agencies that are permitted to access
> telecommunications data, noting this was a safeguard that provided privacy
> protections in the absence of more formal mechanisms such as a
> warrant-based access regime. As the law currently stands, there appears to
> be mechanisms for accessing telecommunications data outside of the TIA Act
> that, while permitted, have the practical impact of reducing the
> effectiveness of safeguards in the TIA Act.
>
> Kind regards
>
> Paul Wilkins
>
> On Sat, 27 Jul 2019 at 14:56, Paul Wilkins 
> wrote:
>
>> Report in the Guardian today of judicial and governance experts
>> increasingly concerned Australia is stifling journalism and State
>> accountability playing the security trump card.
>>
>> National security being used to stifle public interest journalism, former
>> judges warn
>> <https://www.theguardian.com/australia-news/2019/jul/27/national-security-being-used-to-stifle-public-interest-journalism-former-judges-warn>
>>
>> As regards the consequences of this, Data Retention means that
>> c

Re: [AusNOG] Telstra Exchange Access (Break-in's)

[Paul Wilkins]

You'd hope as a matter of course after these intrusions they'd have done a
physical audit of wifi dongles.

I'm thinking that unauthorised entry is potentially an opportunity to
install a Zigbee dongle, and I doubt most security policies have the 802.15
band on the radar, and it would be easy peasy to get a Zigbee dongle into a
wifi shell.

Kind regards

Paul Wilkins

On Fri, 23 Aug 2019 at 17:09, andrew clarke  wrote:

> On Wed 2019-08-21 04:19:55 UTC+, Mark Delany (g...@juliet.emu.st)
> wrote:
>
> > > 26 exchanges, that's absolutely insane, thanks for that Evan!
> >
> > The ABC article says 44 exchanges in the Sydney area!
> >
> > That suggests something far more organized than a couple of vandals or
> > opportunistic copper thieves. (Is copper theft even a thing in
> > Australia?)
>
> It certainly is:
>
>
> https://www.theage.com.au/national/victoria/sky-rail-copper-thief-pleads-guilty-as-manager-charged-over-home-renovations-20190703-p523q4.html
>
>
> https://www.heraldsun.com.au/leader/inner-south/copper-thefts-cost-melbourne-trains-millions-in-lost-productivity/news-story/4b32e46501873a8b5ef6def50be0d10c
>
>
> https://www.heraldsun.com.au/news/victoria/rush-repairs-after-theft-stops-trains/news-story/7bb116004901095e00a2e2b7ebf18815
>
> Andrew
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Exchange Access (Break-in's)

[Paul Wilkins]

stolen Moore solved Bronze sculpture worth £3m melted down and sold off as
scrap


On Fri, 23 Aug 2019 at 17:09, andrew clarke  wrote:

> On Wed 2019-08-21 04:19:55 UTC+, Mark Delany (g...@juliet.emu.st)
> wrote:
>
> > > 26 exchanges, that's absolutely insane, thanks for that Evan!
> >
> > The ABC article says 44 exchanges in the Sydney area!
> >
> > That suggests something far more organized than a couple of vandals or
> > opportunistic copper thieves. (Is copper theft even a thing in
> > Australia?)
>
> It certainly is:
>
>
> https://www.theage.com.au/national/victoria/sky-rail-copper-thief-pleads-guilty-as-manager-charged-over-home-renovations-20190703-p523q4.html
>
>
> https://www.heraldsun.com.au/leader/inner-south/copper-thefts-cost-melbourne-trains-millions-in-lost-productivity/news-story/4b32e46501873a8b5ef6def50be0d10c
>
>
> https://www.heraldsun.com.au/news/victoria/rush-repairs-after-theft-stops-trains/news-story/7bb116004901095e00a2e2b7ebf18815
>
> Andrew
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] [AUSNOG] Disk wear & Foucault Period

[Paul Wilkins]

Btw, if the forces seem insignificant, consider that turning a disk over
360 degrees every day, means precession forces doing work equivalent to 2
full start/stop/start cycles every day * sin(latitude). It's worse than
this of course because of the shear forces on the bearings.

Over a disk's 5 year life, that's about 1800 power cycles. Not enough to
kill a disk, or to even be an obvious problem, but a hidden and unnecessary
drain on disk life and IT budgets.

So yes, I'm now of the view we as an industry should insist that rows in
our DCs should be run North/South.

Kind regards

Paul Wilkins

On Thu, 22 Aug 2019 at 10:17, Paul Wilkins  wrote:

> I think this is germane to the mail list for the following reasons:
>
> 1 - IF there is an obvious correlation between Au resident DCs with East
> West running cabinet rows and higher failure rates rather than North South
> running cabinet rows, then it should be within the ability/resources of
> this mail list to identify.
>
> Reason being, for precession purposes, Australia qualifies as Equitorial
> (as opposed to Polar). The means you minimise precession with vertical
> disks, where the disk axis points north. Because disks insert into disk
> arrays face first, this means you minimise precession with cabinet rows
> that run North/South. (ie. the cabinet rows are parallel to the disk axes).
>
> 2 - IF the correlation is real, then this is knowledge of value, due to
> improved reliability and level of service that entails. And just as
> importantly, tech time spent restoring crashed drives can be invested
> elsewhere. Thirdly, it may mean you get to extend the useful life of drive
> arrays, which will give capital and operational economies.
>
> If there's no obvious correlation, the only cost is some argument over
> noise on the list.
>
> Kind regards
>
> Paul Wilkins
>
> On Thu, 22 Aug 2019 at 08:45, andrew khoo 
> wrote:
>
>> i hate to be a “me too”.
>>
>> i personally believe this issue is of relevance to operators.
>>
>> in the australian context this is even more relevant due to potential
>> costs we have to incur to keep spinning rust for our compliance
>> requirements.
>>
>> maintaining a healthy lifecycle means potentially extending the useful
>> life of storage that surely an operator cannot run without.
>>
>> just my 2c.
>>
>> (and OP’s theory might mean a migration to DCs in darwin? :) :))
>>
>>
>>
>> On Thu, 22 Aug 2019 at 08:37,  wrote:
>>
>>> Excuse my apparent naivety, but I thought data centres were attached to
>>> networks? It’s apparent that only DevOps engineers are allowed to think
>>> scientifically, unlike the rest of us mere mortals. I’m sure that I’m not
>>> the only one that found Paul’s theorising quite interesting…or has the
>>> inherent Luddite atmosphere of stifling creative thought in this country
>>> now permeated into the Technosphere…?
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> *From:* AusNOG  *On Behalf Of *James
>>> Hodgkinson
>>> *Sent:* Wednesday, 21 August 2019 6:36 PM
>>> *To:* ausnog@lists.ausnog.net
>>> *Subject:* Re: [AusNOG] [AUSNOG] Disk wear & Foucault Period
>>>
>>>
>>>
>>> Please stop thinking out loud, this is the quiet carriage.
>>>
>>>
>>>
>>> James
>>>
>>>
>>>
>>> On Wed, 21 Aug 2019, at 17:17, Paul Wilkins wrote:
>>>
>>> Another thought, which is that horizontal mounting is optimal for polar
>>> regions, whereas you minimise precession at equitorial latitudes with
>>> vertical mounting (but only if the axis is north aligned), which could go
>>> some way to explaining the anecdotal stuff you hear about horizontal versus
>>> vertical mounting. Though I've yet to hear anyone asking what's your
>>> latitude before they proceed to build a data centre or installing your
>>> vertical disks arrays to be north axis aligned.
>>>
>>>
>>>
>>> Kind regards
>>>
>>>
>>>
>>> Paul Wilkins
>>>
>>>
>>>
>>> On Wed, 21 Aug 2019 at 16:31, Mark Smith  wrote:
>>>
>>> How is this related to network operation? AusNOG - Australian Network
>>> Operators Group.
>>>
>>>
>>>
>>> You wouldn't go to a car show to ask about motorbikes - you'd to to a
>>> motorbike show, because that's where the most people interested in and
>>> having the most knowledge about motorbikes would be.
>>>
>>>
>>>
>>&g

Re: [AusNOG] [AUSNOG] Disk wear & Foucault Period

[Paul Wilkins]

I think this is germane to the mail list for the following reasons:

1 - IF there is an obvious correlation between Au resident DCs with East
West running cabinet rows and higher failure rates rather than North South
running cabinet rows, then it should be within the ability/resources of
this mail list to identify.

Reason being, for precession purposes, Australia qualifies as Equitorial
(as opposed to Polar). The means you minimise precession with vertical
disks, where the disk axis points north. Because disks insert into disk
arrays face first, this means you minimise precession with cabinet rows
that run North/South. (ie. the cabinet rows are parallel to the disk axes).

2 - IF the correlation is real, then this is knowledge of value, due to
improved reliability and level of service that entails. And just as
importantly, tech time spent restoring crashed drives can be invested
elsewhere. Thirdly, it may mean you get to extend the useful life of drive
arrays, which will give capital and operational economies.

If there's no obvious correlation, the only cost is some argument over
noise on the list.

Kind regards

Paul Wilkins

On Thu, 22 Aug 2019 at 08:45, andrew khoo  wrote:

> i hate to be a “me too”.
>
> i personally believe this issue is of relevance to operators.
>
> in the australian context this is even more relevant due to potential
> costs we have to incur to keep spinning rust for our compliance
> requirements.
>
> maintaining a healthy lifecycle means potentially extending the useful
> life of storage that surely an operator cannot run without.
>
> just my 2c.
>
> (and OP’s theory might mean a migration to DCs in darwin? :) :))
>
>
>
> On Thu, 22 Aug 2019 at 08:37,  wrote:
>
>> Excuse my apparent naivety, but I thought data centres were attached to
>> networks? It’s apparent that only DevOps engineers are allowed to think
>> scientifically, unlike the rest of us mere mortals. I’m sure that I’m not
>> the only one that found Paul’s theorising quite interesting…or has the
>> inherent Luddite atmosphere of stifling creative thought in this country
>> now permeated into the Technosphere…?
>>
>>
>>
>>
>>
>>
>>
>> *From:* AusNOG  *On Behalf Of *James
>> Hodgkinson
>> *Sent:* Wednesday, 21 August 2019 6:36 PM
>> *To:* ausnog@lists.ausnog.net
>> *Subject:* Re: [AusNOG] [AUSNOG] Disk wear & Foucault Period
>>
>>
>>
>> Please stop thinking out loud, this is the quiet carriage.
>>
>>
>>
>> James
>>
>>
>>
>> On Wed, 21 Aug 2019, at 17:17, Paul Wilkins wrote:
>>
>> Another thought, which is that horizontal mounting is optimal for polar
>> regions, whereas you minimise precession at equitorial latitudes with
>> vertical mounting (but only if the axis is north aligned), which could go
>> some way to explaining the anecdotal stuff you hear about horizontal versus
>> vertical mounting. Though I've yet to hear anyone asking what's your
>> latitude before they proceed to build a data centre or installing your
>> vertical disks arrays to be north axis aligned.
>>
>>
>>
>> Kind regards
>>
>>
>>
>> Paul Wilkins
>>
>>
>>
>> On Wed, 21 Aug 2019 at 16:31, Mark Smith  wrote:
>>
>> How is this related to network operation? AusNOG - Australian Network
>> Operators Group.
>>
>>
>>
>> You wouldn't go to a car show to ask about motorbikes - you'd to to a
>> motorbike show, because that's where the most people interested in and
>> having the most knowledge about motorbikes would be.
>>
>>
>>
>> On Wed, 21 Aug 2019 at 15:30, Roy Adams  wrote:
>>
>> Paul, I would be most interested if you hear back from them.
>>
>>
>>
>> I am curious if even BackBlaze have considered your idea in the past..
>> maybe a wake up for them and others
>>
>>
>>
>> FYI, they produce these reports each quarter - worth calendaring to pick
>> up.
>>
>> I was stunned at the 14TB Toshiba reliability... interestingly, 2 weeks
>> ago that top line read 0 failures... today it says 1 - v.strange
>>
>>
>>
>>
>>
>> Kindly,
>>
>>
>>
>> ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
>> https://ex.racs.com.au:444/ | eMail: mailto:r...@racs.com.au
>> 
>>
>> Please never upgrade to the latest Windows 10 - You don’t need the
>> hassle, and I don’t need the work.
>>
>> More seriously, the 6 month older Windows 10 releases are typically FAR
>> MORE stable - a simple RACS script can fix this - just ask :)
>> If you t

Re: [AusNOG] [AUSNOG] Disk wear & Foucault Period

[Paul Wilkins]

Another thought, which is that horizontal mounting is optimal for polar
regions, whereas you minimise precession at equitorial latitudes with
vertical mounting (but only if the axis is north aligned), which could go
some way to explaining the anecdotal stuff you hear about horizontal versus
vertical mounting. Though I've yet to hear anyone asking what's your
latitude before they proceed to build a data centre or installing your
vertical disks arrays to be north axis aligned.

Kind regards

Paul Wilkins

On Wed, 21 Aug 2019 at 16:31, Mark Smith  wrote:

> How is this related to network operation? AusNOG - Australian Network
> Operators Group.
>
> You wouldn't go to a car show to ask about motorbikes - you'd to to a
> motorbike show, because that's where the most people interested in and
> having the most knowledge about motorbikes would be.
>
> On Wed, 21 Aug 2019 at 15:30, Roy Adams  wrote:
>
>> Paul, I would be most interested if you hear back from them.
>>
>> I am curious if even BackBlaze have considered your idea in the past..
>> maybe a wake up for them and others
>>
>> FYI, they produce these reports each quarter - worth calendaring to pick
>> up.
>> I was stunned at the 14TB Toshiba reliability... interestingly, 2 weeks
>> ago that top line read 0 failures... today it says 1 - v.strange
>>
>>
>> Kindly,
>>
>> ROY ADAMS* | *P 07 3040 5010  | Web: http://www.racs.com.au/ | Wiki:
>> https://ex.racs.com.au:444/ | eMail: mailto:r...@racs.com.au
>> 
>> Please never upgrade to the latest Windows 10 - You don’t need the
>> hassle, and I don’t need the work.
>> More seriously, the 6 month older Windows 10 releases are typically FAR
>> MORE stable - a simple RACS script can fix this - just ask :)
>> If you think it's expensive to hire a professional to do the job, wait
>> until you hire an amateur - Red Adair.
>> Life is a journey through a series of adventures.. Live them, love them,
>> hate them, but never give up on your dreams, desires, and goals.
>> Have you been good today? .ಠ_ಠ
>>
>>
>> On Wed, 21 Aug 2019 at 11:22, Paul Wilkins 
>> wrote:
>>
>>> Roy,
>>> Those are the most comprehensive disk stats I've ever seen.
>>>
>>> So out of curiosity, I emailed Backblaze to ask if they'd noticed any
>>> latitudinal effect on disk wear. Not realistically expecting a response,
>>> but if they did notice a correlation, it may perhaps emerge by osmosis.
>>>
>>> Karl, I have to think turning a 15K RPM on it's head over a, admittedly
>>> long period, has to have an effect. Cumulatively you're going to get uneven
>>> wear on the bearings. Also the wear is going to be strongly non linear.
>>> Even if it's not a factor today due to current production tolerances and
>>> HVAC, it must become a factor eventually, though maybe not necessarily in
>>> our lifetime.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>> On Tue, 20 Aug 2019 at 19:59, Peter Betyounan <
>>> peter.betyou...@serversaustralia.com.au> wrote:
>>>
>>>> Easy solution , move to all flash, predicable failures and wear.
>>>>
>>>> Tue, 20 Aug at 4:07 pm,  wrote:
>>>>
>>>> Has anyone ever noticed a pattern of disks in equatorial latitudes
>>>> lasting significantly longer than say Sydney or Melbourne? I notice the
>>>> Foucault Period for Brisbane is 52hrs vs Melbourne's 39hrs and can't but
>>>> wonder if this doesn't mean Brisbane based DCs will have their disks last
>>>> 30% longer, or Darwin x3.
>>>>
>>>>
>>>> Kind regards
>>>>
>>>> Paul Wilkins
>>>>
>>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Moving equipment from Singapore to Sydney

[Paul Wilkins]

How do you manage risk on such a move? vs someone internal with systems +
local knowledge?

Hard disks can travel as carry on.

On Wed, 21 Aug 2019 at 10:15, Mark Anthony Delfin  wrote:

> Hi All,
>
> We have some newish gear(Total 16 RU, 11 - Server, 5 - network gear)  that
> we are exploring to move from Singapore (Equinix SG3) to Sydney.  Does
> anyone on the list have experience or know someone who provides service for
> this kind of move(removing from the rack, and ship it to Sydney)?
>
> Kindly reply off-list.
>
> Thank you.
>
> Regards,
>
> Mark
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Exchange Access (Break-in's)

[Paul Wilkins]

Yet more concerning is the vulnerability of exchanges to unauthorised
entry, and where there's been no damage, no one's made aware of the
security breach...

On Wed, 21 Aug 2019 at 14:09, Nathan Brookfield <
nathan.brookfi...@simtronic.com.au> wrote:

> 26 exchanges, that’s absolutely insane, thanks for that Evan!
>
>
>
> *From:* AusNOG  *On Behalf Of *Evan Dent
> *Sent:* Wednesday, August 21, 2019 2:07 PM
> *To:*  
> *Subject:* Re: [AusNOG] Telstra Exchange Access (Break-in's)
>
>
>
> I'd seen a few news articles about it .
>
>
>
>
> https://www.itnews.com.au/news/telstra-calls-in-police-after-26-exchanges-broken-into-528846
>
>
>
>
>
> On Wed, 21 Aug. 2019, 1:34 pm Nathan Brookfield, <
> nathan.brookfi...@simtronic.com.au> wrote:
>
> Has anyone else seen the notice from Telstra about exchange access?
> Apparently they’ve had a spate of Break and Enters to exchange facilities
> and they’ve suffered “significant damage to critical electrical equipment”.
>
>
>
> I just happened to stumble across this Incident Notice but first I’m
> hearing of it….
>
>
>
> Seems very random and suspicious!
>
>
>
> Kindest Regards,
>
> Nathan Brookfield (VK2NAB)
>
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] [AUSNOG] Disk wear & Foucault Period

[Paul Wilkins]

Roy,
Those are the most comprehensive disk stats I've ever seen.

So out of curiosity, I emailed Backblaze to ask if they'd noticed any
latitudinal effect on disk wear. Not realistically expecting a response,
but if they did notice a correlation, it may perhaps emerge by osmosis.

Karl, I have to think turning a 15K RPM on it's head over a, admittedly
long period, has to have an effect. Cumulatively you're going to get uneven
wear on the bearings. Also the wear is going to be strongly non linear.
Even if it's not a factor today due to current production tolerances and
HVAC, it must become a factor eventually, though maybe not necessarily in
our lifetime.

Kind regards

Paul Wilkins

On Tue, 20 Aug 2019 at 19:59, Peter Betyounan <
peter.betyou...@serversaustralia.com.au> wrote:

> Easy solution , move to all flash, predicable failures and wear.
>
> Tue, 20 Aug at 4:07 pm,  wrote:
>
> Has anyone ever noticed a pattern of disks in equatorial latitudes lasting
> significantly longer than say Sydney or Melbourne? I notice the Foucault
> Period for Brisbane is 52hrs vs Melbourne's 39hrs and can't but wonder if
> this doesn't mean Brisbane based DCs will have their disks last 30% longer,
> or Darwin x3.
>
>
> Kind regards
>
> Paul Wilkins
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] [AUSNOG] Disk wear & Foucault Period

[Paul Wilkins]

Has anyone ever noticed a pattern of disks in equatorial latitudes lasting
significantly longer than say Sydney or Melbourne? I notice the Foucault
Period for Brisbane is 52hrs vs Melbourne's 39hrs and can't but wonder if
this doesn't mean Brisbane based DCs will have their disks last 30% longer,
or Darwin x3.


Kind regards

Paul Wilkins
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

I found this rather cryptic observation in the submission
<https://www.aph.gov.au/DocumentStore.ashx?id=0076905f-bd1c-4536-8ff3-a90dd3ac6b18=668584>
from the Inspector General of Intelligence and Security. It points out
where metadata retained under the Data Retention regime, may be accessed
without a warrant, where the data in question is not content. Such would
obviously be the case where LEAs sought access to metadata datastreams
using a TCN as the enabling authorisation. After due consideration of a
number of other PJCIS submissions, I'm yet more confident than where I
first laid out the case to PJCIS back last November, that a combination of
s280/s313 or s177 and TCN would be sufficient for LEAs to gain access to
metadata datastreams without warrant or any judicial or parliamentary
oversite.

It should also be noted that although the obligations in the
Telecommunications Act 1997 prevent carriers and carriage service providers
from disclosing telecommunications data without a warrant or authorisation
in place, these obligations do not prevent agencies from accessing that
data using other means. Any access by an agency to telecommunications data
that does not require disclosure by a carrier or carriage service provider
would therefore not require a warrant or authorisation, unless it also
involved accessing content or unauthorised access to a computer.



*Access to telecommunications data outside Chapter 4 of the TIA ActThe
Committee may wish to discuss with relevant agencies the extent, if any, to
which telecommunications data is accessed outside the framework provided by
Chapter 4 of the TIA Act.*

The Australian Information Commissioner's submission
<https://www.aph.gov.au/DocumentStore.ashx?id=8e675437-b875-4863-87cc-71b721280d8f=668240>
could
also be regarded as making the case that s280/s313 substantiate warrantless
access to metadata.

The OAIC recommends that the Committee consider implementing an enforceable
restriction on the agencies that are permitted to access telecommunications
data, noting this was a safeguard that provided privacy protections in the
absence of more formal mechanisms such as a warrant-based access regime. As
the law currently stands, there appears to be mechanisms for accessing
telecommunications data outside of the TIA Act that, while permitted, have
the practical impact of reducing the effectiveness of safeguards in the TIA
Act.

Kind regards

Paul Wilkins

On Sat, 27 Jul 2019 at 14:56, Paul Wilkins  wrote:

> Report in the Guardian today of judicial and governance experts
> increasingly concerned Australia is stifling journalism and State
> accountability playing the security trump card.
>
> National security being used to stifle public interest journalism, former
> judges warn
> <https://www.theguardian.com/australia-news/2019/jul/27/national-security-being-used-to-stifle-public-interest-journalism-former-judges-warn>
>
> As regards the consequences of this, Data Retention means that
> conventional avenues for whistleblowers to contact national media are
> severely curtailed, where the Feds can apply for journalist warrants, as
> they have recently, to go after the ABC et al. And as has been pointed out,
> no warrant is required to access data retention of non journalist sources
> suspected of leaking, which gives police an end around the journalist
> warrant process anyway.
>
> Now from a jurisprudential prism within the Australian jurisdiction, this
> looks like a simple conflict of security versus accountability, but not so.
> Because of the reach of the internet beyond Australia's jurisdiction, the
> Data Retention regime creates a situation where whistleblowers have
> options. They can either leak their concerns to an Australian media
> organisation, and run the gambit of being exposed, or, they may prefer to
> leak to organisations outside the Australian jurisdiction, to organisations
> who won't have the national interest as a concern, nor the constraints of
> operating as a media organisation within the Australian jurisdiction. Which
> is kind of germane if you were say, inclined towards leaking matters
> pertaining to national security.
>
> Kind regards
>
> Paul Wilkins
>
> On Wed, 17 Jul 2019 at 11:29, Mark Smith  wrote:
>
>>
>>
>> On Wed, 17 Jul 2019 at 10:32, Paul Wilkins 
>> wrote:
>>
>>> Comms Alliance submission
>>> <https://www.aph.gov.au/DocumentStore.ashx?id=10156360-86ba-4fff-93c9-f2caa3577dd6=668168>
>>> makes the case that the costs of Data Retention are not being properly
>>> compensated, with substantial incurred costs being a carrier expense.
>>>
>>>
>>> The initial capital costs incurred by industry to meet the requirements
>>> of the regime were
>>> partially – but not fully – met via grants from Go

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

Comms Alliance submission
<https://www.aph.gov.au/DocumentStore.ashx?id=10156360-86ba-4fff-93c9-f2caa3577dd6=668168>
makes the case that the costs of Data Retention are not being properly
compensated, with substantial incurred costs being a carrier expense.


The initial capital costs incurred by industry to meet the requirements of
the regime were
partially – but not fully – met via grants from Government. As has been
highlighted in
information presented to the committee, industry has incurred a net cost to
meet its
obligations under the regime of *at least $171m over a four year period*,
despite cost-recovery mechanisms being in place.

This gets more interesting still, when you begin to consider the
substantially more expensive and complex TCNs/TANs.

Kind regards


Paul Wilkins

On Thu, 11 Jul 2019 at 11:50, Paul Wilkins  wrote:

> This enquiry has data retention back in the news, that and recent AFP
> execution of search warrants on journalists.
>
> Link to PJCIS submissions
> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Submissions>
>
> Kind regards
>
> Paul Wilkins
>
> On Tue, 2 Jul 2019 at 11:38, Paul Wilkins 
> wrote:
>
>> News this morning that the Victorian government is developing plans to
>> use mobile apps to track commuters. The government argues the data will be
>> used to improve travel times. This however, ignores the larger picture,
>> that across all Australian governments, both State and Federal, there's a
>> forward going agenda to widen the meta data kept on citizens - CCTV facial
>> recognition, license plate capture, and that these data bases are being
>> integrated by law enforcement.
>>
>> So where there exists the theoretical possibility that data retention
>> metadata can now, under existing law, be integrated into other law
>> enforcement databases under TANs/TCNs, there is a genuine concern that
>> blandishments by law enforcement that "we wouldn't do that" may not
>> actually be an effective check on creeping extensions of police powers, and
>> that there should in fact be legislated protections against the use of data
>> retention datasets.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Fri, 21 Jun 2019 at 17:05, Paul Wilkins 
>> wrote:
>>
>>> Submissions close 1st July for those so foolhardy as to throw their
>>> random stream of consciousness into the void of Dep't Home Affairs'
>>> accountability.
>>>
>>> And when you throw your random stream of consciousness into the void,
>>> the void throws its random stream of consciousness back at you, or
>>> something.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>> On Sat, 13 Apr 2019 at 11:26, Paul Wilkins 
>>> wrote:
>>>
>>>> I raised the point in my PJCIS submissions regarding the Assistance and
>>>> Access Act, that TANs/TCNs are potentially sufficient grounds to serve as
>>>> authorisation under s280/s313 of the Telecommunications Act for the access
>>>> of Data Retention datasets, and so provide the necessary enabling
>>>> legislation for law enforcement to institute access to metadata 
>>>> datastreams.
>>>>
>>>> I had thought with the election announced, there'd be some respite from
>>>> this rinse/repeat cycle of calling for public submissions. Just when you
>>>> thought it was safe to go back in the water.
>>>>
>>>> Kind regards
>>>>
>>>> Paul Wilkins
>>>>
>>>>
>>>> On Fri, 12 Apr 2019 at 19:29, Robert Hudson  wrote:
>>>>
>>>>>
>>>>>
>>>>> -- Forwarded message -
>>>>> From: ITPA President 
>>>>> Date: Wed, 10 Apr 2019 at 20:27
>>>>> Subject: Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>>>>> INVITATION TO MAKE A SUBMISSION
>>>>> To: 
>>>>>
>>>>>
>>>>> FYI
>>>>>
>>>>> -- Forwarded message -
>>>>> From: Little, Robert (REPS) 
>>>>> Date: Fri, 5 Apr 2019 at 13:23
>>>>> Subject: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>>>>> INVITATION TO MAKE A SUBMISSION
>>>>> To:
>>>>>
>>>>>
>>>>> *PARLIAMENTARY JOINT COMMITTEE ON INTELLIGENCE AND SECURITY*
>>>>>
>>>>> *REVIEW OF THE MANDATORY DATA RETENTION REGIME*
>>>>>

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

This enquiry has data retention back in the news, that and recent AFP
execution of search warrants on journalists.

Link to PJCIS submissions
<https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Submissions>

Kind regards

Paul Wilkins

On Tue, 2 Jul 2019 at 11:38, Paul Wilkins  wrote:

> News this morning that the Victorian government is developing plans to use
> mobile apps to track commuters. The government argues the data will be used
> to improve travel times. This however, ignores the larger picture, that
> across all Australian governments, both State and Federal, there's a
> forward going agenda to widen the meta data kept on citizens - CCTV facial
> recognition, license plate capture, and that these data bases are being
> integrated by law enforcement.
>
> So where there exists the theoretical possibility that data retention
> metadata can now, under existing law, be integrated into other law
> enforcement databases under TANs/TCNs, there is a genuine concern that
> blandishments by law enforcement that "we wouldn't do that" may not
> actually be an effective check on creeping extensions of police powers, and
> that there should in fact be legislated protections against the use of data
> retention datasets.
>
> Kind regards
>
> Paul Wilkins
>
> On Fri, 21 Jun 2019 at 17:05, Paul Wilkins 
> wrote:
>
>> Submissions close 1st July for those so foolhardy as to throw their
>> random stream of consciousness into the void of Dep't Home Affairs'
>> accountability.
>>
>> And when you throw your random stream of consciousness into the void, the
>> void throws its random stream of consciousness back at you, or something.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Sat, 13 Apr 2019 at 11:26, Paul Wilkins 
>> wrote:
>>
>>> I raised the point in my PJCIS submissions regarding the Assistance and
>>> Access Act, that TANs/TCNs are potentially sufficient grounds to serve as
>>> authorisation under s280/s313 of the Telecommunications Act for the access
>>> of Data Retention datasets, and so provide the necessary enabling
>>> legislation for law enforcement to institute access to metadata datastreams.
>>>
>>> I had thought with the election announced, there'd be some respite from
>>> this rinse/repeat cycle of calling for public submissions. Just when you
>>> thought it was safe to go back in the water.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>>
>>> On Fri, 12 Apr 2019 at 19:29, Robert Hudson  wrote:
>>>
>>>>
>>>>
>>>> -- Forwarded message -
>>>> From: ITPA President 
>>>> Date: Wed, 10 Apr 2019 at 20:27
>>>> Subject: Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>>>> INVITATION TO MAKE A SUBMISSION
>>>> To: 
>>>>
>>>>
>>>> FYI
>>>>
>>>> -- Forwarded message -
>>>> From: Little, Robert (REPS) 
>>>> Date: Fri, 5 Apr 2019 at 13:23
>>>> Subject: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>>>> INVITATION TO MAKE A SUBMISSION
>>>> To:
>>>>
>>>>
>>>> *PARLIAMENTARY JOINT COMMITTEE ON INTELLIGENCE AND SECURITY*
>>>>
>>>> *REVIEW OF THE MANDATORY DATA RETENTION REGIME*
>>>>
>>>> *INVITATION TO MAKE A SUBMISSION*
>>>> The Parliamentary Joint Committee on Intelligence and Security has
>>>> commenced a review of the mandatory data retention regime proscribed by
>>>> Part 5-1A of the *Telecommunications (Interception and Access) Act
>>>> 1979 (TIA Act).* <https://www.legislation.gov.au/Details/C2019C00010>
>>>> On behalf of the Committee I am writing to invite you to make a submission
>>>> to the Committee’s review.
>>>> The mandatory data retention regime is a legislative framework which
>>>> requires carriers, carriage service providers and internet service
>>>> providers to retain a defined set of telecommunications data for two years,
>>>> ensuring that such data remains available for law enforcement and national
>>>> security investigations.
>>>> Section 187N of the TIA Act provides for the review and requires the
>>>> Committee to report by 13 April 2020. Terms of reference are available
>>>> here
>>>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Datare

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

Submissions close 1st July for those so foolhardy as to throw their random
stream of consciousness into the void of Dep't Home Affairs' accountability.

And when you throw your random stream of consciousness into the void, the
void throws its random stream of consciousness back at you, or something.

Kind regards

Paul Wilkins

On Sat, 13 Apr 2019 at 11:26, Paul Wilkins  wrote:

> I raised the point in my PJCIS submissions regarding the Assistance and
> Access Act, that TANs/TCNs are potentially sufficient grounds to serve as
> authorisation under s280/s313 of the Telecommunications Act for the access
> of Data Retention datasets, and so provide the necessary enabling
> legislation for law enforcement to institute access to metadata datastreams.
>
> I had thought with the election announced, there'd be some respite from
> this rinse/repeat cycle of calling for public submissions. Just when you
> thought it was safe to go back in the water.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Fri, 12 Apr 2019 at 19:29, Robert Hudson  wrote:
>
>>
>>
>> -- Forwarded message -
>> From: ITPA President 
>> Date: Wed, 10 Apr 2019 at 20:27
>> Subject: Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
>> INVITATION TO MAKE A SUBMISSION
>> To: 
>>
>>
>> FYI
>>
>> -- Forwarded message -
>> From: Little, Robert (REPS) 
>> Date: Fri, 5 Apr 2019 at 13:23
>> Subject: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION
>> TO MAKE A SUBMISSION
>> To:
>>
>>
>> *PARLIAMENTARY JOINT COMMITTEE ON INTELLIGENCE AND SECURITY*
>>
>> *REVIEW OF THE MANDATORY DATA RETENTION REGIME*
>>
>> *INVITATION TO MAKE A SUBMISSION*
>> The Parliamentary Joint Committee on Intelligence and Security has
>> commenced a review of the mandatory data retention regime proscribed by
>> Part 5-1A of the *Telecommunications (Interception and Access) Act 1979
>> (TIA Act).* <https://www.legislation.gov.au/Details/C2019C00010> On
>> behalf of the Committee I am writing to invite you to make a submission to
>> the Committee’s review.
>> The mandatory data retention regime is a legislative framework which
>> requires carriers, carriage service providers and internet service
>> providers to retain a defined set of telecommunications data for two years,
>> ensuring that such data remains available for law enforcement and national
>> security investigations.
>> Section 187N of the TIA Act provides for the review and requires the
>> Committee to report by 13 April 2020. Terms of reference are available
>> here
>> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Terms_of_Reference>
>> .
>> The Committee has resolved to focus on the following aspects of the
>> legislation:
>>
>>- the continued effectiveness of the scheme, taking into account
>>changes in the use of technology since the passage of the Bill;
>>- the appropriateness of the dataset and retention period;
>>- costs, including ongoing costs borne by service providers for
>>compliance with the regime, any potential improvements to oversight,
>>including in relation to journalist information warrants;
>>- any regulations and determinations made under the regime;
>>- the number of complaints about the scheme to relevant bodies,
>>including the Commonwealth Ombudsman and the Inspector-General of
>>Intelligence and Security;
>>- security requirements in relation to data stored under the regime,
>>including in relation to data stored offshore;
>>- any access by agencies to retained telecommunications data outside
>>the TIA Act framework, such as under the Telecommunications Act 1997; and
>>- developments in international jurisdictions since the passage of
>>the Bill.
>>
>> *Making a submission*
>> The Committee invites written submissions addressing any or all of
>> the areas of focus for the Committee’s inquiry. Submissions should clearly
>> identify which areas of focus are being addressed.
>> Prospective submitters are advised that any submission to the Committee’s
>> inquiry must be prepared solely for the inquiry and should not be published
>> prior to being accepted by the Committee. Documents do not attract
>> parliamentary privilege until they are accepted by the Committee. Documents
>> submitted during the election period will be held by the Secretariat and
>> provided to the Committee as established in the 46th Parliament.
>> Submis

Re: [AusNOG] Deep buffer switches and CDN networks

[Paul Wilkins]

Deep buffers of transit routers do not add bandwidth, nor do they improve
your bandwidth/delay product.

The only use case I've ever found for deep buffers is remote sites on low
bandwidth links, where with the right QoS maps you can shunt bulk transfer
traffic aside, meaning user traffic eg voice, isn't contending with say
email.

Once you have 10 or more concurrent users, the law of large numbers means
deep buffers just take longer to fill before buffer drop. Buffer drop never
means you need deeper buffers, it means you need more bandwidth.

Perhaps there's a case for shunting update traffic between CDN caches, but
again, this relies on there being a benefit in delaying CDN cache update
packets from a user traffic peak to a user traffic trough, (where the delay
between peak and trough < 1s), the absence of user traffic freeing
bandwidth for the cache update. Again, the law of large numbers makes this
unlikely.


Kind regards

Paul Wilkins

On Fri, 24 May 2019 at 23:32, Tom Paseka  wrote:

> Timely presentation from Netflix On this exact topic.
> https://ripe78.ripe.net/archives/video/128/
>
> On Thu, May 23, 2019 at 7:52 AM Tom Paseka  wrote:
>
>> everything depends on your application and how you're moving traffic.
>>
>> if you lots of east-west flow (between equal speed interfaces, especially
>> in many to one) you'll need buffers. If you're doing north to south traffic
>> with interface change, you'll likely need buffers.
>>
>> The choice here might not have been for deep buffer, but for other
>> capabilities (forwarding, route table size, etc). Dave mentions from a
>> question there is no east-west traffic, everything is south-north.
>>
>> On Wed, May 22, 2019 at 5:46 AM Jason Leschnik  wrote:
>>
>>> Hi Noggers,
>>>
>>> I just finished watching the NANOG presentation of Netflix
>>> openconnect[1], I noticed that their core switch of choice was an Arista
>>> 7500E which is a deep buffer switch. I remember seeing a lot of comments
>>> around buffer bloat for deep buffer switches. Would this be considered an
>>> acceptable use case for this type of switch in the DC?
>>>
>>> Has anyone got experience with ideal switch types (shallow, deep
>>> buffers) for edge CDN network deployments?
>>>
>>> [1] - https://www.youtube.com/watch?v=tbqcsHg-Q_o
>>>
>>> Regards,
>>> Jason.
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Office365 Exchange Security contact

[Paul Wilkins]

Martin,

Just so we're all on the same page, email routing is never directly related
to IP allocations, it's MX bound if properly standards compliant. And if
the canonical MX record is directing to the alternate customer, the problem
lies with DNS not email.

Kind regards

Paul Wilkins

On Tue, 21 May 2019 at 10:14, Martin - StudioCoast <
martin.sincl...@studiocoast.com.au> wrote:

> Been there, done that. The support responses I have received show a lack
> of understanding of the issue unfortunately...
>
> On 21/05/2019 8:16 am, Greg Lipschitz wrote:
>
> Hi Martin
>
>
> The best way to get Office 365 support is log in to the portal as the
> tenancy administrator and open a support request.
>
>
> They are extremely good at finding these sorts of issues and have a range
> of PowerShell scripts they can run against your tenancy to find the issue.
>
>
> Cheers
>
> Greg
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Building manager refuses entry to MDF

[Paul Wilkins]

The premise of the national $50/$75/$100bn investment in the NBN was so
that we could have a free market in retail supply. If that access is
subject to restrictive practices, that's a question for the ACCC.

Kind regards

Paul Wilkins


On Tue, 14 May 2019 at 14:54, Evan Dent  wrote:

> The flip side of all of this is that you let any Tom, Dick and Harry in,
> how can the building manager vouch for who they are and what they are
> doing. What happens if they do indeed break someone else's service.
>
> I always contact an owner/building manager to seek access to a locked MDF
> before booking any site visit to avoid just this and to comply with any
> requests. I believe from the legal side of it, only the carrier would have
> to be granted access. The person who came to do the jumpering is not the
> carrier, therefore access does not have to be granted. Kinda sucks but just
> suck eggs and call the manager/owner and seek for permission for a tech to
> enter their property.
>
> On Tue, May 14, 2019 at 2:13 PM Paul Wilkins 
> wrote:
>
>> No experience, but this doesn't sound right. The building manager's view
>> and body corporate, presumably, is that the MDF is private property on
>> private property. I think this is wrong headed. The function of the MDF is
>> to provide a utility, and restricting access to supply looks like monopoly
>> enforcement.
>>
>> Of course you can bill the body corporate, and see how they react.
>>
>> The people whose preserve this is is the ACCC. I'd write them (not call)
>> a letter, who knows, they may take a view which they're prepared to enforce.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Tue, 14 May 2019 at 13:42, Matt Perkins  wrote:
>>
>>> On a daily basses
>>> and good luck getting anything back. It's there property. Move on and
>>> welcome to the NBN.
>>>
>>> Oh and my dry humor aside it's helpful to have a check list of things to
>>> do before scheduling staff to attend site. We always contacts the building
>>> manager and provide insurance make an appointment etc.  Just showing up is
>>> bound to get them offside from the start.  This is their castle treating
>>> them like the king helps.
>>>
>>> Matt
>>>
>>> On 14/5/19 1:35 pm, Alex Moorhouse wrote:
>>>
>>> So I arranged for an MDF tech to do some jumpering after the NBN FTTB
>>> tech completed their side. Should have been a 5 minute job, but the
>>> building manager refused entry to our contracted tech and said we had to
>>> use their preferred contractor. Now I am out of pocket for the first visit
>>> and need to pay their contractor to visit again, not only wasting money but
>>> also time and customer frustration.
>>>
>>> Has anyone come across this before? I believe I should be able to
>>> invoice the body corp for the first visit as I doubt it is legal for them
>>> to refuse entry to the MDF. Anyone have some legal codes/links I can attach
>>> to my email to them?
>>>
>>> Thanks
>>>
>>> ___
>>> AusNOG mailing 
>>> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>> --
>>> /* Matt Perkins
>>> Direct 1300 137 379Spectrum Networks Ptd. Ltd.
>>> Office 1300 133 299m...@spectrum.com.au
>>>Level 6, 350 George Street Sydney 2000
>>> Spectrum Networks is a member of the Communications Alliance & TIO
>>> */
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Building manager refuses entry to MDF

[Paul Wilkins]

No experience, but this doesn't sound right. The building manager's view
and body corporate, presumably, is that the MDF is private property on
private property. I think this is wrong headed. The function of the MDF is
to provide a utility, and restricting access to supply looks like monopoly
enforcement.

Of course you can bill the body corporate, and see how they react.

The people whose preserve this is is the ACCC. I'd write them (not call) a
letter, who knows, they may take a view which they're prepared to enforce.

Kind regards

Paul Wilkins


On Tue, 14 May 2019 at 13:42, Matt Perkins  wrote:

> On a daily basses
> and good luck getting anything back. It's there property. Move on and
> welcome to the NBN.
>
> Oh and my dry humor aside it's helpful to have a check list of things to
> do before scheduling staff to attend site. We always contacts the building
> manager and provide insurance make an appointment etc.  Just showing up is
> bound to get them offside from the start.  This is their castle treating
> them like the king helps.
>
> Matt
>
> On 14/5/19 1:35 pm, Alex Moorhouse wrote:
>
> So I arranged for an MDF tech to do some jumpering after the NBN FTTB tech
> completed their side. Should have been a 5 minute job, but the building
> manager refused entry to our contracted tech and said we had to use their
> preferred contractor. Now I am out of pocket for the first visit and need
> to pay their contractor to visit again, not only wasting money but also
> time and customer frustration.
>
> Has anyone come across this before? I believe I should be able to invoice
> the body corp for the first visit as I doubt it is legal for them to refuse
> entry to the MDF. Anyone have some legal codes/links I can attach to my
> email to them?
>
> Thanks
>
> ___
> AusNOG mailing 
> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> --
> /* Matt Perkins
> Direct 1300 137 379Spectrum Networks Ptd. Ltd.
> Office 1300 133 299m...@spectrum.com.au
>Level 6, 350 George Street Sydney 2000
> Spectrum Networks is a member of the Communications Alliance & TIO
> */
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] FTTC

[Paul Wilkins]

Frankly it's a travesty that there should be geographic price specificity.
The whole justification for a government monopoly on internet wholesale was
to avoid the sort of penalisation of remote areas that happens in a free
market.

I don't see the NBN's focus on delivery in the last mile has achieved
anything the private sector wouldn't have, other than slower speeds, higher
data prices, slower delivery, apart from monopoly returns for government.

Now if we were wearing these costs with the invisible benefit of
subsidising the building out of national data carriage, that might be
acceptable. Unfortunately the national data carriage that NBN was supposed
to deliver remains invisible.

Kind regards

Paul Wilkins


On Thu, 2 May 2019 at 09:59, Philip Loenneker <
philip.loenne...@tasmanet.com.au> wrote:

> Apparently the co-contribution installation cost will not exceed $5000,
> but keep in mind that it's only available in areas already serviced by
> FttP, FttN/B, FttC and HFC. So unfortunately it isn't currently an option
> for those wanting to get away from the pains of Fixed Wireless.
>
> NBN give discounts to the RSP for 3 year terms, which RSPs should pass on
> to the end customer. But the zone of the premises also has a significant
> impact on the per month price. We have to run a quote through the NBN EE
> portal to confirm pricing every time due to the variables that impact the
> final cost.
>
> I can't give pricing information on here, but if anyone wants an
> indication of price for a specific address, send me the address, speed and
> contract term privately and I'll get something to you. My apologies if this
> is a grey area in terms of list charter, but I suspect this will be a case
> of people asking out of curiosity rather than with an intention to purchase
> a product, and I don't think anyone is likely to publish much information
> publicly due to the complexity.
>
> Regards,
> Philip Loenneker | Network Engineer | TasmaNet
>
> -Original Message-
> From: Beeson, Ayden 
> Sent: Thursday, 2 May 2019 8:05 AM
> To: Philip Loenneker ; James
> Andrewartha 
> Cc: Jake Anderson ; Skeeve Stevens <
> ausnog@futurecrime.agency>;  <
> ausnog@lists.ausnog.net>
> Subject: Re: [AusNOG] FTTC
>
> That was my first thought too and I couldn't find a concrete figure per
> month for it, but I did find a document saying you were eligible for a free
> build on a 3 year contract (may be inaccurate/specific to that provider I
> found offering that, YMMV) so you'd basically just be paying the up-front
> build fee over time, but for those with bad connections that are desperate
> to get onto Fibre, that may be preferable.
>
> Good to know there is another option there, even if it's unlikely most
> people can/will utilise it.
>
> Cheers,
> Ayden
>
>
> On 2/5/19, 7:32 am, "Philip Loenneker" 
> wrote:
>
> Enterprise Ethernet is certainly a better product, but the costs
> aren't necessarily suitable for a residential customer, regardless of the
> possibility of a free build (which is not always the case).
>
> -Original Message-
> From: James Andrewartha 
> Sent: Wednesday, 1 May 2019 4:27 PM
> To: Beeson, Ayden 
> Cc: Philip Loenneker ; Jake
> Anderson ; Skeeve Stevens <
> ausnog@futurecrime.agency>;  <
> ausnog@lists.ausnog.net>
> Subject: Re: [AusNOG] FTTC
>
> On Wed, 1 May 2019, Beeson, Ayden wrote:
>
> > That is spot on, but I haven’t seen a single quote come back that
> was in the price range you would actually consider going ahead with.
> >
> > Admittedly that was for FTTN -> FTTP upgrades, but still I always
> got the feeling those “choices” were priced to make it unaffordable to
> regular consumers on purpose, meaning that quote price is effectively sunk
> money.
> >
> > I’ll be very interested to see what the FTTC -> FTTP quotes come
> back at, it’s a lot less fibre length to run but still requires a lot of
> the same types of work in the end so I’m not expecting much.
>
> $5100 https://whrl.pl/Rfme7I which is ridiculous although these posts
> from
> 2016 https://whrl.pl/ReLT5w and https://whrl.pl/ReLVZj claim why it's
> expected.
>
> Really if you want fibre you may as well take advantage of the free
> builds on nbn enterprise ethernet at the moment than do a tech change.
>
> --
> # TRS-80  trs80(a)ucc.gu.uwa.edu.au #/ "Otherwise Bub
> here will do \
> # UCC Wheel Member http://trs80.ucc.asn.au/ #|  what squirrels do
> best |
> [ "There's nobody getting rich writing  ]|  -- Collect and
> hide your   |
> [  software that I know of" -- Bill Gates, 1980 ]\  nuts." -- Acid
> Reflux #231 /
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Business - known issues??

[Paul Wilkins]

Ross,
I don't see where you say which Telstra product you're using, and even
then, the network implementation inside Telstra can vary across a single
product offering.
.

But even then, IP is well you know, if nothing's changed, and you can get
out, then you can get in - ergot, something's changed.

One minor possibility, Telstra migrating services to use carrier NAT, so
services that once had fixed IPs might no longer do.

Kind regards

Paul Wilkins


On Sat, 27 Apr 2019 at 12:18, Ross Wheeler  wrote:

>
>
> On Sat, 27 Apr 2019, Jacob Taylor wrote:
>
> > It's a pretty common thing these days to see ISPs blocking TCP 25
> > inbound, even on connections that purport to be 'business' grade. I
> > assume this is because every man and his dog uses GSuite or O365 today.
>
> Yes, but I'd have thought (perhaps foolishly) there would be notice before
> they did that.
>
>
> > How did you verify no SYNs hitting the server? tcpdump?
>
> Yes, managed to gain internal access to their network today through a
> raspberry pi that created a reverse tunnel back out to one of my boxes.
> From there I could access the router and redirected the port 25 port
> forward to the pi and used tcpdump.
>
> Hoping it was just port 25 blocked, I tried various other ports, both well
> known and "random" services both priviliged and non-priv ports (ie, below
> 1024 and above), and confirmed that none of them were being received.
>
> Yes, it's entirely possible it's the (telstra supplied) router.
> But it's equally possible it's within telstras network.
>
> Whatever is its, it's causing significant operational problems for the
> client. Mail is only the tip of the iceberg, various other services
> (including VPN) also stopped working at the same time.
>
> R.
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION TO MAKE A SUBMISSION

[Paul Wilkins]

I raised the point in my PJCIS submissions regarding the Assistance and
Access Act, that TANs/TCNs are potentially sufficient grounds to serve as
authorisation under s280/s313 of the Telecommunications Act for the access
of Data Retention datasets, and so provide the necessary enabling
legislation for law enforcement to institute access to metadata datastreams.

I had thought with the election announced, there'd be some respite from
this rinse/repeat cycle of calling for public submissions. Just when you
thought it was safe to go back in the water.

Kind regards

Paul Wilkins


On Fri, 12 Apr 2019 at 19:29, Robert Hudson  wrote:

>
>
> -- Forwarded message -
> From: ITPA President 
> Date: Wed, 10 Apr 2019 at 20:27
> Subject: Fwd: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME,
> INVITATION TO MAKE A SUBMISSION
> To: 
>
>
> FYI
>
> -- Forwarded message -
> From: Little, Robert (REPS) 
> Date: Fri, 5 Apr 2019 at 13:23
> Subject: PJCIS: REVIEW OF THE MANDATORY DATA RETENTION REGIME, INVITATION
> TO MAKE A SUBMISSION
> To:
>
>
> *PARLIAMENTARY JOINT COMMITTEE ON INTELLIGENCE AND SECURITY*
>
> *REVIEW OF THE MANDATORY DATA RETENTION REGIME*
>
> *INVITATION TO MAKE A SUBMISSION*
> The Parliamentary Joint Committee on Intelligence and Security has
> commenced a review of the mandatory data retention regime proscribed by
> Part 5-1A of the *Telecommunications (Interception and Access) Act 1979
> (TIA Act).* <https://www.legislation.gov.au/Details/C2019C00010> On
> behalf of the Committee I am writing to invite you to make a submission to
> the Committee’s review.
> The mandatory data retention regime is a legislative framework which
> requires carriers, carriage service providers and internet service
> providers to retain a defined set of telecommunications data for two years,
> ensuring that such data remains available for law enforcement and national
> security investigations.
> Section 187N of the TIA Act provides for the review and requires the
> Committee to report by 13 April 2020. Terms of reference are available
> here
> <https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/Dataretentionregime/Terms_of_Reference>
> .
> The Committee has resolved to focus on the following aspects of the
> legislation:
>
>- the continued effectiveness of the scheme, taking into account
>changes in the use of technology since the passage of the Bill;
>- the appropriateness of the dataset and retention period;
>- costs, including ongoing costs borne by service providers for
>compliance with the regime, any potential improvements to oversight,
>including in relation to journalist information warrants;
>- any regulations and determinations made under the regime;
>- the number of complaints about the scheme to relevant bodies,
>including the Commonwealth Ombudsman and the Inspector-General of
>Intelligence and Security;
>- security requirements in relation to data stored under the regime,
>including in relation to data stored offshore;
>- any access by agencies to retained telecommunications data outside
>the TIA Act framework, such as under the Telecommunications Act 1997; and
>- developments in international jurisdictions since the passage of the
>Bill.
>
> *Making a submission*
> The Committee invites written submissions addressing any or all of
> the areas of focus for the Committee’s inquiry. Submissions should clearly
> identify which areas of focus are being addressed.
> Prospective submitters are advised that any submission to the Committee’s
> inquiry must be prepared solely for the inquiry and should not be published
> prior to being accepted by the Committee. Documents do not attract
> parliamentary privilege until they are accepted by the Committee. Documents
> submitted during the election period will be held by the Secretariat and
> provided to the Committee as established in the 46th Parliament.
> Submissions are requested by *1 July 2019*. Further information about
> making a submission to a parliamentary committee inquiry is available here
> <https://www.aph.gov.au/Parliamentary_Business/Committees/House/Making_a_submission>
> .
> Regards
>
> Robert
>
> *Robert Little** |* *Inquiry Secretary*
> *Parliamentary Joint Committee on Intelligence and Security*
> *Department of the House of Representatives*
> PO Box 6021 | Parliament House | Canberra ACT 2600
> Ph. (02) 6277 4589 | *www.aph.gov.au/pjcis* <http://www.aph.gov.au/pjcis>
>
> *Facebook:* @AusHouseofRepresentatives
> <http://www.facebook.com/aushouseofrepresentatives> | *Twitter:* @
> AboutTheHouse <http://twitter.com/abo

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

Thread out.

Kind regards
Paul Wilkins

On Wed, 10 Apr 2019 at 12:03,  wrote:

> OK…
>
>
>
> Tin Eye is for image recognition, not video and it’s more concerned with
> duplication…
>
> From a quick read of their site, it doesn’t appear to be a neural network
> or AI…
>
> Did you bother reading my last post about scalability?
>
> Even if you used an algorithm like NSFW, it will scan one image every 30
> seconds…
>
> So at 25fps, that’s 749 images that could contain something potentially
> “nasty”…
>
> Your argument is so flawed that it’s dangerous, especially given the
> Luddites currently in power…
>
> Again, who is going to pay for the development of said “fingerprinting”
> and infrastructure?
>
> The government? They screamed “financial crisis” and now 6 years later the
> debt has tripled…
>
> They have based their PROJECTIONS of a surplus on the volatile commodities
> market…
>
>
>
> What could possibly go wrong?
>
>
>
> Andy
>
>
>
>
>
>
>
>
>
> *From:* AusNOG  *On Behalf Of *Paul
> Wilkins
> *Sent:* Wednesday, 10 April 2019 11:17 AM
> *To:* ausnog@lists.ausnog.net
> *Subject:* Re: [AusNOG] More legislative interventions
>
>
>
> https://tineye.com/search/f274c3b49edcca9a6d83994a43629445a5ea5a23/
>
>
>
> On Wed, 10 Apr 2019 at 11:12, Matt Palmer  wrote:
>
> On Wed, Apr 10, 2019 at 10:56:12AM +1000, Paul Wilkins wrote:
> > Now I would say that for instance, if the eSecurity Director posts the
> CRC
> > of a file as being "abhorrent violent" content, and your company doesn't
> > expeditiously take down that material, expect problems down the pike. I
> > doubt a CRC check alone is sufficient.
>
> Given that a CRC changes if you modify any bit of the file, and common CRC
> implementations have a space of either 16 or 32 bits (65,536 and ~4 billion
> possible values, respectively), "insufficient" doesn't even begin to
> describe such a scheme.
>
> > I'd say a fingerprinting system to
> > match altered copies of the subject file should be implemented.
>
> Once again with this magical "figerprinting" scheme.  Nothing like what
> you're describing actually exists.  Further, there's no point in each
> company coming up with their own scheme for calculating this magical
> fingerprint, because if the eSecurity Director wants to say "take down
> everything like this fingerprint" they have to use the *same* scheme to
> come
> up with the same fingerprint.
>
> > It doesn't have to work in all cases.
>
> It won't work in *any* case.
>
> > I am not a lawyer. This is not expert advice.
>
> Yes, I think that is quite evident.
>
> - Matt
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
>
> <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=emailclient>
>  Virus-free.
> www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email_source=link_campaign=sig-email_content=emailclient>
> <#m_3456065940764660656_DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

1 - Remove specified file based content and similar copies - doable, and
reckless if not actioned by hosting providers.

2 - Proactively remove unspecified content of abhorrent violent nature -
difficult, not reliable, and moot whether required under the legislation
for hosting providers. Arguably sets a standard above recklessness for
hosting providers. Likely required under the act for social media but not
for hosting providers. Make it a condition of terms of use, and the issue
goes away, imo.

I am not a lawyer. This is not expert advice.

Kind regards

Paul Wilkins


On Wed, 10 Apr 2019 at 11:55, Scott Wilson  wrote:

> I feel like legislation will compel tech companies to implement human
> screening in some capacity, and there will be huge downsides to that - I
> mean, which is more likely:
>
> a) screening team members are offered abundant mental health support
> resources, given follow-through on reporting (that video you flagged last
> year resulted in a conviction and a jail sentence, congratulations!) and
> are limited to short periods...
>
> or:
>
> b) screening team members are a minimum wage disposable/contractor/gig
> economy workforce, desperate for any income, performance tracked to the
> extreme (we require 55 minutes of video content viewed per hour) and
> discarded when they inevitably burn out?
>
> On Wed, 10 Apr 2019 at 11:45, Nick Stallman  wrote:
>
>> I didn't know Tineye could tell if an image was violent or not.
>>
>> The existing systems work for copyright purposes, finding a similar match.
>> This works to some extent currently, and can handle recompression,
>> scaling, etc...
>> It falls apart when an adversary wants to get around it however.
>>
>> But for the case that this legislation is targeting, i.e. taking down
>> violent video, fingerprinting is useless.
>> It's brand new content - completely impossible to detect in advance.
>> You can only remove the content after it's been distributed for quite
>> some time, not pre-emptively which is what the politicians want.
>>
>> On 10/4/19 11:16 am, Paul Wilkins wrote:
>> > https://tineye.com/search/f274c3b49edcca9a6d83994a43629445a5ea5a23/
>> >
>> > On Wed, 10 Apr 2019 at 11:12, Matt Palmer > > <mailto:mpal...@hezmatt.org>> wrote:
>> >
>> > On Wed, Apr 10, 2019 at 10:56:12AM +1000, Paul Wilkins wrote:
>> > > Now I would say that for instance, if the eSecurity Director
>> > posts the CRC
>> > > of a file as being "abhorrent violent" content, and your company
>> > doesn't
>> > > expeditiously take down that material, expect problems down the
>> > pike. I
>> > > doubt a CRC check alone is sufficient.
>> >
>> > Given that a CRC changes if you modify any bit of the file, and
>> > common CRC
>> > implementations have a space of either 16 or 32 bits (65,536 and
>> > ~4 billion
>> > possible values, respectively), "insufficient" doesn't even begin to
>> > describe such a scheme.
>> >
>> > > I'd say a fingerprinting system to
>> > > match altered copies of the subject file should be implemented.
>> >
>> > Once again with this magical "figerprinting" scheme.  Nothing like
>> > what
>> > you're describing actually exists.  Further, there's no point in
>> each
>> > company coming up with their own scheme for calculating this magical
>> > fingerprint, because if the eSecurity Director wants to say "take
>> down
>> > everything like this fingerprint" they have to use the *same*
>> > scheme to come
>> > up with the same fingerprint.
>> >
>> > > It doesn't have to work in all cases.
>> >
>> > It won't work in *any* case.
>> >
>> > > I am not a lawyer. This is not expert advice.
>> >
>> > Yes, I think that is quite evident.
>> >
>> > - Matt
>> >
>> > ___
>> > AusNOG mailing list
>> > AusNOG@lists.ausnog.net <mailto:AusNOG@lists.ausnog.net>
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> >
>> >
>> > ___
>> > AusNOG mailing list
>> > AusNOG@lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> --
>> Nick Stallman
>> Technical Director
>> Email   n...@agentpoint.com <mailto:n...@agentp

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

We need to differentiate between what would meet industry standards of best
practice, and the rather lower threshold of falling into the category of
"recklessness". So company directors can either ask the question now, what
threshold implementation clears the "recklessness" bar, or be faced with
the same question before a court.

Now I would say that for instance, if the eSecurity Director posts the CRC
of a file as being "abhorrent violent" content, and your company doesn't
expeditiously take down that material, expect problems down the pike. I
doubt a CRC check alone is sufficient. I'd say a fingerprinting system to
match altered copies of the subject file should be implemented. It doesn't
have to work in all cases. However it probably should be able to be shown
it catches the majority of unsophisticated attempts to circumvent the
content filter. Anything less, and company directors haven't done their due
diligence.

I am not a lawyer. This is not expert advice.

Kind regards

Paul Wilkins


On Wed, 10 Apr 2019 at 09:32, Bruce Forster  wrote:

> I'd argue that whenever gov.co sticks its fingers into tech on any level
> the outcome is never as expected...
>
>
>
> On Wed, Apr 10, 2019 at 8:06 AM Nick Stallman  wrote:
>
>> The other part is that all the politicians keep whining about the
>> dominance of Facebook and Google.
>> Then they pass a law which effectively cements their dominance in place.
>>
>> Facebook and Google are at a size where they can actually put some
>> serious money and effort in to these kinds of video analysis.
>> Sure it still sucks, but they can at least attempt to do it.
>>
>> If I had a novel idea involving live streaming, I make a start up and it
>> becomes popular.
>> But a small start up in Australia has no hope of approaching the types
>> of analysis that Facebook and Google can do.
>>
>> The politicians just use the same arguments they use with cryptography.
>> "We pass the laws, you guys are smart and have algorithms. We are sure
>> you can figure out how to comply."
>>
>> What the government should be doing is producing the video analysis
>> algorithms themselves.
>> Then the law can state that online companies must use their model to be
>> compliant with the law.
>> The responsibility then falls on to the government, startups are on
>> equal footing as the dominant companies and complying is relatively easy.
>>
>> But that solution is hard (arguably unsolvable at the moment) and when
>> the model inevitably fails the government wouldn't be able to make a
>> bogeyman out of the big tech companies.
>>
>> On 9/4/19 9:33 pm, a...@coastalaudio.com.au wrote:
>> > Let's see this wonderful "fingerprint" Paul...
>> >
>> > Video fingerprinting is used for copyright purposes and is of no use in
>> > detecting "suspect" videos.
>> > The AI algorithm required to do this would require a lot of processing
>> > power.
>> > Just how is a provider supposed to finance the development of said
>> > algorithm...?
>> > And then apply it in real time across an entire network?
>> > The computational power required would be enormous, thus YouTube's
>> abject
>> > failure in this area.
>> >
>> > Open NSFW is an open source neural network that struggles with static
>> > images...
>> > How is a provider supposed to monitor video in real time?
>> >
>> > An interesting Open NSFW talk here -
>> > https://www.youtube.com/watch?v=02Bmt7tksvM
>> >
>> > Andy
>> >
>> >
>> >
>> >
>> > -Original Message-
>> > From: AusNOG  On Behalf Of Peter Fern
>> > Sent: Tuesday, 9 April 2019 2:30 PM
>> > To: ausnog@lists.ausnog.net
>> > Subject: Re: [AusNOG] More legislative interventions
>> >
>> > On 9/4/19 2:22 pm, Paul Wilkins wrote:
>> >> 2 - Ensure you have in place a mechanism to match electronic
>> >> fingerprints of material similar to anything identified in a eSafety
>> >> Commissioner's notice.
>> >>
>> >> By the by, without a mechanism for the eSafety Commissioner to match
>> >> content (a common mechanism for electronic fingerprinting material
>> >> across hosting providers), the eSafety Commissioner will find
>> >> themselves playing whack a mole chasing content specific to each
>> >> hosting provider.
>> > What do you think that looks like, exactly? You've brought up this
>> magical
>> > fingerprint technology multiple times, and been 

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

So best advice I could make specific to hosting providers (not social media
companies) would be, to comply with the legislation:

1 - Update EUAs with a clause that abhorrent violent content breaches the
service agreement.

2 - Ensure you have in place a mechanism to match electronic fingerprints
of material similar to anything identified in a eSafety Commissioner's
notice.

By the by, without a mechanism for the eSafety Commissioner to match
content (a common mechanism for electronic fingerprinting material across
hosting providers), the eSafety Commissioner will find themselves playing
whack a mole chasing content specific to each hosting provider. That's
their obligation, and I somehow think they'll be reluctant to go there.

I'm not a lawyer. This isn't expert opinion.

Kind regards

Paul Wilkins


On Tue, 9 Apr 2019 at 14:02, Paul Wilkins  wrote:

> I'm not sure that the legislation creates a duty to proactively remove
> abhorrent violent content. It imposes a condition of "recklessness". Is it
> reckless to wait for the eSafety Commissioner to issue a written notice
> before addressing the issue?
>
> It's arguable that it's not. If the eSafety Commissioner hasn't provided
> the requisite notice, either they're reckless, or the material's not of
> sufficient gravity that it becomes reckless not to remove it. Or, if the
> eSafety Commissioner is indeed reckless through not issuing a written
> notice, is that justification for a content provider not to remove the
> content? In my non expert opinion, I see nothing in the Act that creates an
> obligation to proactively monitor and censor content. As Narelle says, you
> don't want to be  assessing this stuff. Hosting services provide an IT
> function. They're not, nor should they be required to be content or legal
> experts.
>
> I would say that it would clearly be reckless upon receiving written
> notice from the eSafety Commissioner to not take down the subject material,
> and anything of similar nature identified through an electronic fingerprint.
>
> Also there are no obligations to remove content whatsoever for the
> provision of carriage alone.
>
> I'm not a lawyer. This isn't expert opinion.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Tue, 9 Apr 2019 at 09:50, Narelle Clark  wrote:
>
>>
>> There are good third party clearing houses for some of this stuff.
>> Whether it's cost effective or appropriate for the average Australian ISP
>> in this context. We'll find out I suppose.
>>
>> The Internet Watch Foundation is what we use for .org monitoring and
>> validation.
>>
>> You really don't want your own staff assessing this stuff.
>>
>>
>> Narelle
>>
>> On Tue, 9 Apr. 2019, 5:55 am Scott Weeks,  wrote:
>>
>>>
>>>
>>> 
>>> *474.32 Abhorrent violent conduct*
>>> (1) For the purposes of this Subdivision, a person
>>> engages in abhorrent violent conduct if the person:
>>> (a) engages in a terrorist act ; or
>>> (b) murders another person; or
>>> (c) attempts to murder another person; or
>>> (d) tortures another person; or
>>> (e) rapes another person ; or
>>> (f) kidnaps another person
>>> -
>>>
>>>
>>> You definitely like to lean towards a nanny state
>>> solution.  The obvious question is who gets to
>>> decide what is a terrorist act, or torture, or...
>>>
>>> scott
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> >
>>> >
>>> > ___
>>> > AusNOG mailing list
>>> > AusNOG@lists.ausnog.net
>>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>>> >
>>>
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

I'm not sure that the legislation creates a duty to proactively remove
abhorrent violent content. It imposes a condition of "recklessness". Is it
reckless to wait for the eSafety Commissioner to issue a written notice
before addressing the issue?

It's arguable that it's not. If the eSafety Commissioner hasn't provided
the requisite notice, either they're reckless, or the material's not of
sufficient gravity that it becomes reckless not to remove it. Or, if the
eSafety Commissioner is indeed reckless through not issuing a written
notice, is that justification for a content provider not to remove the
content? In my non expert opinion, I see nothing in the Act that creates an
obligation to proactively monitor and censor content. As Narelle says, you
don't want to be  assessing this stuff. Hosting services provide an IT
function. They're not, nor should they be required to be content or legal
experts.

I would say that it would clearly be reckless upon receiving written notice
from the eSafety Commissioner to not take down the subject material, and
anything of similar nature identified through an electronic fingerprint.

Also there are no obligations to remove content whatsoever for the
provision of carriage alone.

I'm not a lawyer. This isn't expert opinion.

Kind regards

Paul Wilkins


On Tue, 9 Apr 2019 at 09:50, Narelle Clark  wrote:

>
> There are good third party clearing houses for some of this stuff. Whether
> it's cost effective or appropriate for the average Australian ISP in this
> context. We'll find out I suppose.
>
> The Internet Watch Foundation is what we use for .org monitoring and
> validation.
>
> You really don't want your own staff assessing this stuff.
>
>
> Narelle
>
> On Tue, 9 Apr. 2019, 5:55 am Scott Weeks,  wrote:
>
>>
>>
>> 
>> *474.32 Abhorrent violent conduct*
>> (1) For the purposes of this Subdivision, a person
>> engages in abhorrent violent conduct if the person:
>> (a) engages in a terrorist act ; or
>> (b) murders another person; or
>> (c) attempts to murder another person; or
>> (d) tortures another person; or
>> (e) rapes another person ; or
>> (f) kidnaps another person
>> -
>>
>>
>> You definitely like to lean towards a nanny state
>> solution.  The obvious question is who gets to
>> decide what is a terrorist act, or torture, or...
>>
>> scott
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> >
>> >
>> > ___
>> > AusNOG mailing list
>> > AusNOG@lists.ausnog.net
>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>> >
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

*474.32 Abhorrent violent conduct*
(1) For the purposes of this Subdivision, a person engages in abhorrent
violent conduct if the person:
(a) engages in a terrorist act ; or
(b) murders another person; or
(c) attempts to murder another person; or
(d) tortures another person; or
(e) rapes another person ; or
(f) kidnaps another person
.
Kind regards

Paul Wilkins


On Mon, 8 Apr 2019 at 12:31, Karl Auer  wrote:

> On Mon, 2019-04-08 at 11:55 +1000, Paul Wilkins wrote:
> > There should be little cost to service providers in implementing take
> > down notices. Video can now easily be fingerprinted, and repeat
> > postings autoflagged for moderator take down.
>
> Video fingerprints can be avoided by transcoding video, or analog
> copying it, or applying any of a thousand invisible (to humans)
> filters, or in many cases just by snipping out a second here or there.
> It takes almost no technical skill at all. No doubt automated
> recognition of video content will get better, but it certainly is not
> there yet.
>
> Reacting to a take-down notice is not something that can be automated
> in any case. Is the notice genuine? Does it apply to the provider's
> jurisdiction? Is it reasonable? Does it require a legal or a practical
> response? These are not automatable decisions (at least, not yet).
>
> > The Assistance and Access Act was a big deal because it represents a
> > credible threat to the democratic rights to freedom of speech and
> > privacy.
>
> I'm glad we agree on that, at least.
>
> >  The Sharing of Abhorrent Violent Material Act on the other hand, is
> > at worst a distraction, but rather looks like the government doing
> > what they're supposed to do.
>
> Really? Ramming unworkable legislation through in the emotional heat
> following a tragedy, without any public consultation, without any
> discussion with affected parties, without consulting any technical
> experts or seeking any input from civil society?
>
> >  I can't see Voltaire going to the barricades to protect people's
> > rights to propagate murder videos.
>
> Can't speak for Voltaire, but opposition to this legislation has
> nothing to do with "murder videos". If you think it does, you are very
> badly missing the point.
>
> Regards, K.
>
> --
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
>
> GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
> Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

In addition to previous comments, the kind of material that may become
subject to a take down notice, is of such a disturbing character that this
content should already be subject to the fiduciary duties of service
providers, ensuring warnings to those who would find the content
disturbing, and ensure minors can't access it. Now if service providers
aren't doing that, they're either negligent, are preferencing profit over
their civic duty, or in a few cases, directly profiting from hosting
content of a violent nature.

There should be little cost to service providers in implementing take down
notices. Video can now easily be fingerprinted, and repeat postings
autoflagged for moderator take down.

The Assistance and Access Act was a big deal because it represents a
credible threat to the democratic rights to freedom of speech and privacy.
The Sharing of Abhorrent Violent Material Act on the other hand, is at
worst a distraction, but rather looks like the government doing what
they're supposed to do. I can't see Voltaire going to the barricades to
protect people's rights to propagate murder videos.

Kind regards

Paul Wilkins


On Sun, 7 Apr 2019 at 18:35, Chad Kelly  wrote:

> On 4/7/2019 12:00 PM, ausnog-requ...@lists.ausnog.net wrote:
>
> > They don't.  This legislation is grandstanding, using the Christchurch
> tragedy to
> > bolster the Coalition's flagging reputation ahead of the Federal
> election,
> > and isn't intended to actually*work*.  Not that that'll mean it'll get
> > repealed if Labour gets in -- if they threw it out, they'd "look weak on
> > terruh", so it'll stay.  I'll eat my hat if any employee of the big
> social
> > media companies is ever actually charged under this Act, though.
>
> Yeah I doubt anything will actually happen.
> The internet industry was bound to be regulated sooner or later and I
> think that time has now come.
> But I think discussion with industry bodies would of been handy before
> just introducing new laws.
>
>
> --
> Chad Kelly
> Manager
> CPK Web Services
> Phone 03 5273 0246
> Web www.cpkws.com.au
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

I've skimmed the bill, and without apologies, I support the intent, for the
following reasons:

There is much on the internet that is simply not fit for human consumption,
and the state ought to have the power to remove it. Where the bill
specifies abhorrent violent content, I think most sane people realise there
is nothing to gain in allowing this content.

The big social media companies, principally US based, will beef, because
their business model has to align to the 1st amendment. It will *gasp* cost
them money to have to remove this rubbish.

Also why the focus on the rights of media companies to disseminate content
not fit for human consumption? What about the rights of the individuals
involved? The people being kidnapped, raped, tortured, murdered on video
have rights, and those rights extend to not having the video available to
indulge the morbid prurience of the deeply disturbed, 4chan, and others.

The bill explicitly excludes provision of carriage as grounds for being
considered a content provider. So the bill can't actually be used to ban
dark net, regrettable though that may be.

Kind regards

Paul Wilkins


On Thu, 4 Apr 2019 at 12:38, Serge Burjak  wrote:

> Very scary section
>
> (4) The eSafety Commissioner is not required to observe any requirements
> of procedural fairness in relation to the issue of a 3 notice under
> subsection (1).
>
> On Thu, 4 Apr 2019 at 11:22, Paul Wilkins 
> wrote:
>
>>
>> https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/s1201_first-senate/toc_pdf/1908121.pdf;fileType=application%2Fpdf
>>
>> On Thu, 4 Apr 2019 at 10:57, Simon Sharwood 
>> wrote:
>>
>>> So I was in a thing yesterday with a very senior government relations
>>> person from one of the top 3 clouds. And they'd been advised the
>>> legislation had very vague wording, meant that they and all cloud services
>>> had potential liability.
>>>
>>> At least one other major cloud's lobbyists had the same advice. Both
>>> tried to alert the government to the fact they'd cast the net far wider
>>> than anticipated.
>>>
>>>
>>> So some hurried back-channel efforts were made to change the wording of
>>> the legislation to be more specific about social media.
>>>
>>> Those changes weren't made and this government relations pro was
>>> flabbergasted at the haste and lack of consultation.
>>>
>>> He said it just makes it easier for people to fling FUD at the whole
>>> local industry.
>>>
>>>
>>> On Thu, Apr 4, 2019 at 10:47 AM Narelle Clark 
>>> wrote:
>>>
>>>>
>>>> Just to clarify - it was introduced to the Senate and approved last
>>>> night. It will hit the House of Reps today.
>>>>
>>>> And the PJCIS hasn't even seen it.
>>>>
>>>> This is flawed in so many ways, and it will affect our industry
>>>> massively.
>>>>
>>>> Why should anyone build a content related business here? How do we
>>>> protect staff and customers from malicious posting in order to invoke this
>>>> legislation?
>>>>
>>>> Narelle
>>>>
>>>> On Thu, 4 Apr. 2019, 10:43 am Narelle Clark, 
>>>> wrote:
>>>>
>>>>>
>>>>> Parliament has just rushed through more impractical legislation to
>>>>> jail executives of content providers (that would be all of us) if vile
>>>>> content is not removed "expeditiously".
>>>>>
>>>>> Here is some reaction to it...
>>>>>
>>>>> Overview:
>>>>> https://www.abc.net.au/news/science/2019-04-04/facebook-youtube-social-media-laws-rushed-and-flawed-critics-say/10965812
>>>>>
>>>>> Law Council:
>>>>> https://www.abc.net.au/radio/programs/am/start-ups-concerned-about-new-social-media-laws/10969282
>>>>>
>>>>>
>>>>> Scott Farquar:
>>>>> https://www.abc.net.au/radionational/programs/breakfast/rushed-social-media-legislation-is-seriously-flawed/10969482
>>>>>
>>>>>
>>>>> Narelle
>>>>>
>>>> ___
>>>> AusNOG mailing list
>>>> AusNOG@lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>
>>>
>>> --
>>> Simon Sharwood | JargonMaster Corporate Communications |
>>> M +61 (0)414 37 37 26 |
>>> E si...@jargonmaster.com | W www.jargonmaster.com
>>> 24 North Street Marrickville NSW 2204 AUSTRALIA
>>> ABN: 14743763968
>>> Work blog: jargonmaster.wordpress.com
>>> Free/Busy details: http://www.jargonmaster.com/calendar/
>>> I'm a member of  DHBC.org.au and a vExpert
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] More legislative interventions

[Paul Wilkins]

https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/s1201_first-senate/toc_pdf/1908121.pdf;fileType=application%2Fpdf

On Thu, 4 Apr 2019 at 10:57, Simon Sharwood  wrote:

> So I was in a thing yesterday with a very senior government relations
> person from one of the top 3 clouds. And they'd been advised the
> legislation had very vague wording, meant that they and all cloud services
> had potential liability.
>
> At least one other major cloud's lobbyists had the same advice. Both tried
> to alert the government to the fact they'd cast the net far wider than
> anticipated.
>
>
> So some hurried back-channel efforts were made to change the wording of
> the legislation to be more specific about social media.
>
> Those changes weren't made and this government relations pro was
> flabbergasted at the haste and lack of consultation.
>
> He said it just makes it easier for people to fling FUD at the whole local
> industry.
>
>
> On Thu, Apr 4, 2019 at 10:47 AM Narelle Clark  wrote:
>
>>
>> Just to clarify - it was introduced to the Senate and approved last
>> night. It will hit the House of Reps today.
>>
>> And the PJCIS hasn't even seen it.
>>
>> This is flawed in so many ways, and it will affect our industry
>> massively.
>>
>> Why should anyone build a content related business here? How do we
>> protect staff and customers from malicious posting in order to invoke this
>> legislation?
>>
>> Narelle
>>
>> On Thu, 4 Apr. 2019, 10:43 am Narelle Clark,  wrote:
>>
>>>
>>> Parliament has just rushed through more impractical legislation to jail
>>> executives of content providers (that would be all of us) if vile content
>>> is not removed "expeditiously".
>>>
>>> Here is some reaction to it...
>>>
>>> Overview:
>>> https://www.abc.net.au/news/science/2019-04-04/facebook-youtube-social-media-laws-rushed-and-flawed-critics-say/10965812
>>>
>>> Law Council:
>>> https://www.abc.net.au/radio/programs/am/start-ups-concerned-about-new-social-media-laws/10969282
>>>
>>>
>>> Scott Farquar:
>>> https://www.abc.net.au/radionational/programs/breakfast/rushed-social-media-legislation-is-seriously-flawed/10969482
>>>
>>>
>>> Narelle
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> --
> Simon Sharwood | JargonMaster Corporate Communications |
> M +61 (0)414 37 37 26 |
> E si...@jargonmaster.com | W www.jargonmaster.com
> 24 North Street Marrickville NSW 2204 AUSTRALIA
> ABN: 14743763968
> Work blog: jargonmaster.wordpress.com
> Free/Busy details: http://www.jargonmaster.com/calendar/
> I'm a member of  DHBC.org.au and a vExpert
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Well that's pretty much the last straw. There are no new recommendations of
substance, and the matter has been kicked down the road for a report by the
INSLM somewhere in 18 months time.

This rather ominous blather sums up the PJCIS's position:

In the main, the Committee expects that the powers have effective
safeguards and oversight, and expects that they are being used
appropriately by security agencies and law enforcement.

Yet you find buried within the report:

The majority of submitters to the 2018 Bill Review focussed on the proposed
amendments contained in Schedule 1 — the industry assistance measures.
Almost all expressed concerns about the amendments proposed in Schedule 1
or stated direct opposition.

So why go through the charade of a Home Affairs public consultation, 2
further rounds through the PJCIS (and the INSLM to come) only to come to
conclusions disparate to overwhelming opposition by the public, industry,
and human rights groups?

Kind regards

Paul Wilkins


On Thu, 4 Apr 2019 at 10:22, Paul Wilkins  wrote:

>
> https://parlinfo.aph.gov.au/parlInfo/download/committees/reportjnt/024269/toc_pdf/ReviewoftheTelecommunicationsandOtherLegislationAmendment(AssistanceandAccess)Act2018.pdf;fileType=application%2Fpdf
>
> On Sat, 30 Mar 2019 at 13:35, Paul Wilkins 
> wrote:
>
>> It's a curious move for the PJCIS to refer the Assistance and Access Act
>> to the Independent National Security Legislation Monitor. As they say,
>> they've never referred legislation to the INSLM ever before.
>>
>> If the considerable resources at the disposal of the PJCIS, Attorney
>> General's, and the Dep't of Home Affairs haven't been sufficient to produce
>> workable law, then what hope the INSLM?
>>
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Fri, 29 Mar 2019 at 19:05, Robert Hudson  wrote:
>>
>>> 404 for the page on the ACS website..
>>>
>>> On Thu, 28 Mar 2019 at 12:40, Aftab Siddiqui 
>>> wrote:
>>>
>>>> Just for the info. There was an event yesterday "Safe Encryption
>>>> Australia Forum" in Sydney. Some highlights are here.
>>>>
>>>> https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws
>>>>
>>>>
>>>> https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html
>>>>
>>>> Regards,
>>>>
>>>> Aftab A. Siddiqui
>>>>
>>>>
>>>> On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins 
>>>> wrote:
>>>>
>>>>> The silence on the Assistance and Access Act since it passed in
>>>>> December has been deafening. It was firmly understood, on representations
>>>>> by the Liberal Government, that the bill passed was passed as an 
>>>>> expedient,
>>>>> yet now we have the third report from PJCIS due 3rd April, and yet another
>>>>> round of submissions from corporations large and small, industry 
>>>>> luminaries
>>>>> and human rights and legal experts, all saying that basically we're where
>>>>> we were back in September 2018, when Dutton rather disingenuously reported
>>>>> to the House that:
>>>>>
>>>>> "The government has consulted extensively with industry and the public
>>>>> on these measures and has made amendments to reflect the feedback in the
>>>>> legislation now before the parliament."
>>>>>
>>>>> Yet no matter how many submissions are made to how many parliamentary
>>>>> committees, we now seem stuck with a deeply flawed Act, the Liberals are
>>>>> walking backwards on the Labor amendements, while the country's police
>>>>> forces now operate with sweeping interception powers well beyond what's
>>>>> necessary and proportional.
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Paul Wilkins
>>>>>
>>>>>
>>>>> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins 
>>>>> wrote:
>>>>>
>>>>>> ACIC in their submission seem to be making the case, that as police
>>>>>> now have EA powers under the Act to surveil targets, so too should the 
>>>>>> ACIC
>>>>>> have EA powers to surveil the police.
>>>>>>
>>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b=666446
>>>>>>
>>>>>> I think however this too is wrong, and that two wrong

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

https://parlinfo.aph.gov.au/parlInfo/download/committees/reportjnt/024269/toc_pdf/ReviewoftheTelecommunicationsandOtherLegislationAmendment(AssistanceandAccess)Act2018.pdf;fileType=application%2Fpdf

On Sat, 30 Mar 2019 at 13:35, Paul Wilkins  wrote:

> It's a curious move for the PJCIS to refer the Assistance and Access Act
> to the Independent National Security Legislation Monitor. As they say,
> they've never referred legislation to the INSLM ever before.
>
> If the considerable resources at the disposal of the PJCIS, Attorney
> General's, and the Dep't of Home Affairs haven't been sufficient to produce
> workable law, then what hope the INSLM?
>
>
> Kind regards
>
> Paul Wilkins
>
>
> On Fri, 29 Mar 2019 at 19:05, Robert Hudson  wrote:
>
>> 404 for the page on the ACS website..
>>
>> On Thu, 28 Mar 2019 at 12:40, Aftab Siddiqui 
>> wrote:
>>
>>> Just for the info. There was an event yesterday "Safe Encryption
>>> Australia Forum" in Sydney. Some highlights are here.
>>>
>>> https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws
>>>
>>>
>>> https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html
>>>
>>> Regards,
>>>
>>> Aftab A. Siddiqui
>>>
>>>
>>> On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins 
>>> wrote:
>>>
>>>> The silence on the Assistance and Access Act since it passed in
>>>> December has been deafening. It was firmly understood, on representations
>>>> by the Liberal Government, that the bill passed was passed as an expedient,
>>>> yet now we have the third report from PJCIS due 3rd April, and yet another
>>>> round of submissions from corporations large and small, industry luminaries
>>>> and human rights and legal experts, all saying that basically we're where
>>>> we were back in September 2018, when Dutton rather disingenuously reported
>>>> to the House that:
>>>>
>>>> "The government has consulted extensively with industry and the public
>>>> on these measures and has made amendments to reflect the feedback in the
>>>> legislation now before the parliament."
>>>>
>>>> Yet no matter how many submissions are made to how many parliamentary
>>>> committees, we now seem stuck with a deeply flawed Act, the Liberals are
>>>> walking backwards on the Labor amendements, while the country's police
>>>> forces now operate with sweeping interception powers well beyond what's
>>>> necessary and proportional.
>>>>
>>>> Kind regards
>>>>
>>>> Paul Wilkins
>>>>
>>>>
>>>> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins 
>>>> wrote:
>>>>
>>>>> ACIC in their submission seem to be making the case, that as police
>>>>> now have EA powers under the Act to surveil targets, so too should the 
>>>>> ACIC
>>>>> have EA powers to surveil the police.
>>>>>
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b=666446
>>>>>
>>>>> I think however this too is wrong, and that two wrongs don't make a
>>>>> right. The police should never have been given EA powers to break
>>>>> encryption when all they need is legal intercept. And then ACIC too could
>>>>> have LI powers.
>>>>>
>>>>> As I point out in my latest PJCIS submission,
>>>>>
>>>>> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789=666483
>>>>> there's a basic difference between Legal Intercept and Exceptional
>>>>> Access, where EA you need read/modify/write/delete rights, whereas LI is
>>>>> read only.
>>>>>
>>>>> If you restrict access by the police to read only, a very large chunk
>>>>> of the ensuant vulnerabilities go away. Further, the amount of damage the
>>>>> police can do on a magical mystery tour of your data centre is contained.
>>>>>
>>>>> Kind regards
>>>>>
>>>>> Paul Wilkins
>>>>>
>>>>>
>>>>> On Thu, 24 Jan 2019 at 13:27, Robert Hudson  wrote:
>>>>>
>>>>>> The government said they'd consider them, not that they'd implement
>>>>>> them.
>>>>>>
>>>>>> I have very little fa

Re: [AusNOG] Telstra multiple service faults - Chatswood Exchange?

[Paul Wilkins]

I'm interested if there's been any interruption to Cloud Services, where
redundancy is part of the service offering, where this would appear to be a
breach of SLA:

"Cloud connections are built and configured as fully redundant from a
Telstra IP network service to supported cloud provider network edges.
Multiple high capacity ( Nx10G) links are configured as active/ backup – so
any router or link failure along the path triggers failover without
impacting cloud connectivity."

https://cloud.telstra.com/res/pdf/cloud-gateway-technical-guide-international.pdf

Kind regards

Paul Wilkins


On Thu, 4 Apr 2019 at 08:03, Andrew Yager  wrote:

> Did anyone see anything come back overnight?
>
> We're still in darkness…
>
> Andrew
>
> On Wed, 3 Apr 2019 at 21:04, Andrew Yager  wrote:
>
>> Look, given that they send services to Macquarie Park, Ultimo and
>> Alexandria from Chatswood via Parramatta, anything is possible.
>>
>> Maybe the break really is at Victoria Ave in Chatswood and it’s all an
>> elaborate hoax?
>>
>> Anyway - I’m done for now. See you on the other side.
>>
>> A
>>
>> Get Outlook for iOS <https://aka.ms/o0ukef>
>>
>> --
>> *From:* Nathan Brookfield 
>> *Sent:* Wednesday, April 3, 2019 8:54 pm
>> *To:* Simon Sharwood; Andrew Yager
>> *Cc:* Robert Hudson; ausnog@lists.ausnog.net
>> *Subject:* RE: [AusNOG] Telstra multiple service faults - Chatswood
>> Exchange?
>>
>>
>> I love that they’re confusing Victoria Avenue in Chatswood with Victoria
>> Road at Ermington haha….
>>
>>
>>
>> *From:* Simon Sharwood 
>> *Sent:* Wednesday, April 3, 2019 8:44 PM
>> *To:* Andrew Yager 
>> *Cc:* Nathan Brookfield ; Robert
>> Hudson ; ausnog@lists.ausnog.net
>> *Subject:* Re: [AusNOG] Telstra multiple service faults - Chatswood
>> Exchange?
>>
>>
>>
>> Telstra peeps told me a 3rd party cut something on Victoria Road
>> Chatswood and that Telstra can't even start work until 9PM tonight due to
>> the location.
>>
>> It's a big 'un. A real big 'un. Telstra's not quite sure where to
>> start...
>>
>>
>>
>>
>>
>> On Wed, Apr 3, 2019 at 7:56 PM Andrew Yager  wrote:
>>
>> When I first drove past there was literally no one there.
>>
>>
>>
>> A
>>
>>
>>
>> Get Outlook for iOS <https://aka.ms/o0ukef>
>>
>>
>> --
>>
>> *From:* Nathan Brookfield 
>> *Sent:* Wednesday, April 3, 2019 7:48 pm
>> *To:* Andrew Yager; Robert Hudson
>> *Cc:* ausnog@lists.ausnog.net
>> *Subject:* RE: [AusNOG] Telstra multiple service faults - Chatswood
>> Exchange?
>>
>>
>>
>> Looks like they’re working hard at it? Jeez ☹
>>
>>
>>
>> *From:* Andrew Yager 
>> *Sent:* Wednesday, April 3, 2019 7:43 PM
>> *To:* Robert Hudson ; Nathan Brookfield <
>> nathan.brookfi...@simtronic.com.au>
>> *Cc:* ausnog@lists.ausnog.net
>> *Subject:* Re: [AusNOG] Telstra multiple service faults - Chatswood
>> Exchange?
>>
>>
>>
>> https://twitter.com/andrewyager/status/1113356966556868608?s=21
>>
>>
>>
>> Andrew
>>
>>
>>
>> Get Outlook for iOS <https://aka.ms/o0ukef>
>> --
>>
>> *From:* AusNOG  on behalf of Robert
>> Hudson 
>> *Sent:* Wednesday, April 3, 2019 6:03:28 PM
>> *To:* Nathan Brookfield
>> *Cc:* ausnog@lists.ausnog.net
>> *Subject:* Re: [AusNOG] Telstra multiple service faults - Chatswood
>> Exchange?
>>
>>
>>
>> I remember a backhoe incident in the Sydney CBD that cut a mass of
>> fibres...
>>
>>
>>
>> Good times.
>>
>>
>>
>> On Wed, 3 Apr 2019 at 17:43, Nathan Brookfield <
>> nathan.brookfi...@simtronic.com.au> wrote:
>>
>> Cut is no where near Chatswood, it’s at Ermington on Victoria Road.
>> Traffic control is required and the installation of two new pits as well…..
>> Catastrophic sounds about right but they’ve been up against worse.
>>
>>
>>
>> Kindest Regards,
>>
>> Nathan Brookfield (VK2NAB)
>>
>>
>>
>> Chief Executive Officer
>>
>> Simtronic Technologies Pty Ltd
>>
>>
>>
>> *Local:* (02) 4749 4949 *|* *Fax:* (02) 4749 4950 *|* *Direct:* (02)
>> 4749 4951
>>
>> *Web*: http://www.simtronic.com.au *|* *E-mail*:
>> nathan.brookfi...@simtronic.com.au
>>
>>
>>
>

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

It's a curious move for the PJCIS to refer the Assistance and Access Act to
the Independent National Security Legislation Monitor. As they say, they've
never referred legislation to the INSLM ever before.

If the considerable resources at the disposal of the PJCIS, Attorney
General's, and the Dep't of Home Affairs haven't been sufficient to produce
workable law, then what hope the INSLM?


Kind regards

Paul Wilkins


On Fri, 29 Mar 2019 at 19:05, Robert Hudson  wrote:

> 404 for the page on the ACS website..
>
> On Thu, 28 Mar 2019 at 12:40, Aftab Siddiqui 
> wrote:
>
>> Just for the info. There was an event yesterday "Safe Encryption
>> Australia Forum" in Sydney. Some highlights are here.
>>  https://www.innovationaus.com/2019/03/Labor-will-rewrite-encryption-laws
>>
>>
>> https://ia.acs.org.au/article/2019/tech-industry--fix-the-assistance-and-access-bill.html
>>
>> Regards,
>>
>> Aftab A. Siddiqui
>>
>>
>> On Thu, Mar 28, 2019 at 12:33 PM Paul Wilkins 
>> wrote:
>>
>>> The silence on the Assistance and Access Act since it passed in December
>>> has been deafening. It was firmly understood, on representations by the
>>> Liberal Government, that the bill passed was passed as an expedient, yet
>>> now we have the third report from PJCIS due 3rd April, and yet another
>>> round of submissions from corporations large and small, industry luminaries
>>> and human rights and legal experts, all saying that basically we're where
>>> we were back in September 2018, when Dutton rather disingenuously reported
>>> to the House that:
>>>
>>> "The government has consulted extensively with industry and the public
>>> on these measures and has made amendments to reflect the feedback in the
>>> legislation now before the parliament."
>>>
>>> Yet no matter how many submissions are made to how many parliamentary
>>> committees, we now seem stuck with a deeply flawed Act, the Liberals are
>>> walking backwards on the Labor amendements, while the country's police
>>> forces now operate with sweeping interception powers well beyond what's
>>> necessary and proportional.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>>
>>> On Thu, 14 Feb 2019 at 12:03, Paul Wilkins 
>>> wrote:
>>>
>>>> ACIC in their submission seem to be making the case, that as police now
>>>> have EA powers under the Act to surveil targets, so too should the ACIC
>>>> have EA powers to surveil the police.
>>>>
>>>> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b=666446
>>>>
>>>> I think however this too is wrong, and that two wrongs don't make a
>>>> right. The police should never have been given EA powers to break
>>>> encryption when all they need is legal intercept. And then ACIC too could
>>>> have LI powers.
>>>>
>>>> As I point out in my latest PJCIS submission,
>>>>
>>>> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789=666483
>>>> there's a basic difference between Legal Intercept and Exceptional
>>>> Access, where EA you need read/modify/write/delete rights, whereas LI is
>>>> read only.
>>>>
>>>> If you restrict access by the police to read only, a very large chunk
>>>> of the ensuant vulnerabilities go away. Further, the amount of damage the
>>>> police can do on a magical mystery tour of your data centre is contained.
>>>>
>>>> Kind regards
>>>>
>>>> Paul Wilkins
>>>>
>>>>
>>>> On Thu, 24 Jan 2019 at 13:27, Robert Hudson  wrote:
>>>>
>>>>> The government said they'd consider them, not that they'd implement
>>>>> them.
>>>>>
>>>>> I have very little faith at all that without significant pressure
>>>>> being brought to bear, that the government response would be anything more
>>>>> than "we consider them, and decided no, we're happy as we are".
>>>>>
>>>>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins 
>>>>> wrote:
>>>>>
>>>>>> Labor's amendments haven't been forgotten, and will have to be dealt
>>>>>> with eventually, when the time comes for the PJCIS to table their April
>>>>>> recommendations.
>>>>>>
>>>>>> Noone is forgetting th

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Crunch time is 3rd April, when the PJCIS will report back to Parliament. I
expect Labor recommending their same amendments plus whatever washes up
from the latest round of consultation. Then it's up to the Liberals to
either act in good faith, and pass the Labor amendments as per prior
agreement, or, play politics, refuse to pass the agreed amendments, and
scare up the issue. I'd like to think there would be serious political cost
for not honouring the agreement. Unfortunately, the Liberal hard right
Trumpists are the one's invested in the populist theatre of blowing up
public policy grounded in evidence.

Kind regards

Paul Wilkins


On Fri, 29 Mar 2019 at 10:52, Paul Brooks 
wrote:

> On 28/03/2019 5:29 pm, Peter Fern wrote:
> > On 28/3/19 12:33 pm, Paul Wilkins wrote:
> >> The silence on the Assistance and Access Act since it passed in
> December has been
> >> deafening. It was firmly understood, on representations by the Liberal
> Government,
> >> that the bill passed was passed as an expedient, yet now we have the
> third report
> >> from PJCIS due 3rd April, and yet another round of submissions from
> corporations
> >> large and small, industry luminaries and human rights and legal
> experts, all saying
> >> that basically we're where we were back in September 2018, when Dutton
> rather
> >> disingenuously reported to the House that:
> >>
> >> "The government has consulted extensively with industry and the public
> on these
> >> measures and has made amendments to reflect the feedback in the
> legislation now
> >> before the parliament."
> >>
> >> Yet no matter how many submissions are made to how many parliamentary
> committees,
> >> we now seem stuck with a deeply flawed Act, the Liberals are walking
> backwards on
> >> the Labor amendements, while the country's police forces now operate
> with sweeping
> >> interception powers well beyond what's necessary and proportional.
> >
> >
> > Because, of course we are - anyone who thought we'd be anywhere else
> today was
> > living in a fantasy land.  And you can thank Labor for this, on account
> of being
> > completely spineless weasels, almost as much as the Libs for ramrodding
> this
> > disgusting mess through in the first place.  Tech policy in this country
> is an
> > absolute joke.
>
> Looking forward to your submission to the PJCIS, and let us know how your
> meeting with
> your local federal MP goes when you explain all this in words of one
> syllable to her/him.
>
> This week's event was the commercial tech industry waking up to the huge
> economic
> impact, and the distrust and loss of business from international customers
> and
> prospects that will lead to Australian tech firms moving out of Australia,
> and not
> starting up in Australia in the first place. When companies like Senatas
> and Atlassian
> say they will need to move all their operations out of the country to
> avoid the
> suspicion and mistrust, and Microsoft recently that the #AABill is making
> them uneasy
> about storing customer data in Australia, the momentum is building that
> even the
> relevant Ministers can't ignore.
>
> Yes, it would have been great if the bill hadn't been passed back in
> December - but
> that egg has been scrambled, the exercise now is to get it modified or
> cancelled.
>
> There is a template letter to your local MP hosted at
> https://www.dropbox.com/sh/u64wadpyy97sw4f/AACTZ-grqUgUqFClXBmzPk99a?dl=0,
> put
> together by the InnovationAUS crew, to help make it easy to send a
> message. If they
> don't hear the message from the people - and trust me, they aren't reading
> AusNOG -
> they won't change.
>
> Paul.
>
>
>
>
>
>
>
>
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

The silence on the Assistance and Access Act since it passed in December
has been deafening. It was firmly understood, on representations by the
Liberal Government, that the bill passed was passed as an expedient, yet
now we have the third report from PJCIS due 3rd April, and yet another
round of submissions from corporations large and small, industry luminaries
and human rights and legal experts, all saying that basically we're where
we were back in September 2018, when Dutton rather disingenuously reported
to the House that:

"The government has consulted extensively with industry and the public on
these measures and has made amendments to reflect the feedback in the
legislation now before the parliament."

Yet no matter how many submissions are made to how many parliamentary
committees, we now seem stuck with a deeply flawed Act, the Liberals are
walking backwards on the Labor amendements, while the country's police
forces now operate with sweeping interception powers well beyond what's
necessary and proportional.

Kind regards

Paul Wilkins


On Thu, 14 Feb 2019 at 12:03, Paul Wilkins  wrote:

> ACIC in their submission seem to be making the case, that as police now
> have EA powers under the Act to surveil targets, so too should the ACIC
> have EA powers to surveil the police.
>
> https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b=666446
>
> I think however this too is wrong, and that two wrongs don't make a right.
> The police should never have been given EA powers to break encryption when
> all they need is legal intercept. And then ACIC too could have LI powers.
>
> As I point out in my latest PJCIS submission,
>
> https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789=666483
> there's a basic difference between Legal Intercept and Exceptional Access,
> where EA you need read/modify/write/delete rights, whereas LI is read only.
>
> If you restrict access by the police to read only, a very large chunk of
> the ensuant vulnerabilities go away. Further, the amount of damage the
> police can do on a magical mystery tour of your data centre is contained.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Thu, 24 Jan 2019 at 13:27, Robert Hudson  wrote:
>
>> The government said they'd consider them, not that they'd implement them.
>>
>> I have very little faith at all that without significant pressure being
>> brought to bear, that the government response would be anything more than
>> "we consider them, and decided no, we're happy as we are".
>>
>> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins 
>> wrote:
>>
>>> Labor's amendments haven't been forgotten, and will have to be dealt
>>> with eventually, when the time comes for the PJCIS to table their April
>>> recommendations.
>>>
>>> Noone is forgetting that the Act was passed as an interim measure, to
>>> allow law enforcement to deal with the Christmas break with new powers. It
>>> would be a serious breach of faith for the government to renege on the
>>> outstanding amendments.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>>
>>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan 
>>> wrote:
>>>
>>>> Paul Wilkins wrote:
>>>> > Obviously this has been in limbo over the Christmas break. There's 2
>>>> > really important issues, on hold because of this.
>>>> >
>>>> > 1 - When or if the PJCIS will call for public comment on the Act as
>>>> > passed.
>>>> >
>>>> > 2 - The appearance of the Labor amendments.
>>>> >
>>>> > So we probably won't see any developments until Parliament resumes
>>>> > 12th February.
>>>>
>>>> I'll lay money there will be no amendments (passed), there will be an
>>>> attempt to force Apple etc to write in a weakness which will be
>>>> challenged.  There will be many people that will not update their
>>>> iOS/Andriod anytime soon.  Personally I stopped updating the moment
>>>> this
>>>> bill was passed - particularly as there is at least one Apple update
>>>> that stated, "No bug/security fixes"...
>>>>
>>>> What you will most likely find (and the idiots over in the ACT haven;'t
>>>> worked it out yet) is that the terrorists have some very smart people
>>>> "working" for them and they probably already jailbreak their phones and
>>>> install their own messaging software on it.. (not that you need to
>>>> jailbreak when you can use t

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

ACIC in their submission seem to be making the case, that as police now
have EA powers under the Act to surveil targets, so too should the ACIC
have EA powers to surveil the police.
https://www.aph.gov.au/DocumentStore.ashx?id=989cabd1-5e9f-4fc3-a961-9a8b94683e7b=666446

I think however this too is wrong, and that two wrongs don't make a right.
The police should never have been given EA powers to break encryption when
all they need is legal intercept. And then ACIC too could have LI powers.

As I point out in my latest PJCIS submission,
https://www.aph.gov.au/DocumentStore.ashx?id=4d150922-3809-4487-aa2f-f8976f2b3789=666483
there's a basic difference between Legal Intercept and Exceptional Access,
where EA you need read/modify/write/delete rights, whereas LI is read only.

If you restrict access by the police to read only, a very large chunk of
the ensuant vulnerabilities go away. Further, the amount of damage the
police can do on a magical mystery tour of your data centre is contained.

Kind regards

Paul Wilkins


On Thu, 24 Jan 2019 at 13:27, Robert Hudson  wrote:

> The government said they'd consider them, not that they'd implement them.
>
> I have very little faith at all that without significant pressure being
> brought to bear, that the government response would be anything more than
> "we consider them, and decided no, we're happy as we are".
>
> On Thu, 24 Jan 2019 at 13:03, Paul Wilkins 
> wrote:
>
>> Labor's amendments haven't been forgotten, and will have to be dealt with
>> eventually, when the time comes for the PJCIS to table their April
>> recommendations.
>>
>> Noone is forgetting that the Act was passed as an interim measure, to
>> allow law enforcement to deal with the Christmas break with new powers. It
>> would be a serious breach of faith for the government to renege on the
>> outstanding amendments.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan 
>> wrote:
>>
>>> Paul Wilkins wrote:
>>> > Obviously this has been in limbo over the Christmas break. There's 2
>>> > really important issues, on hold because of this.
>>> >
>>> > 1 - When or if the PJCIS will call for public comment on the Act as
>>> > passed.
>>> >
>>> > 2 - The appearance of the Labor amendments.
>>> >
>>> > So we probably won't see any developments until Parliament resumes
>>> > 12th February.
>>>
>>> I'll lay money there will be no amendments (passed), there will be an
>>> attempt to force Apple etc to write in a weakness which will be
>>> challenged.  There will be many people that will not update their
>>> iOS/Andriod anytime soon.  Personally I stopped updating the moment this
>>> bill was passed - particularly as there is at least one Apple update
>>> that stated, "No bug/security fixes"...
>>>
>>> What you will most likely find (and the idiots over in the ACT haven;'t
>>> worked it out yet) is that the terrorists have some very smart people
>>> "working" for them and they probably already jailbreak their phones and
>>> install their own messaging software on it.. (not that you need to
>>> jailbreak when you can use the 'team' functionality in xcode to install
>>> non apple approved apps on your phone.)
>>>
>>> Of course the highly amusing part is how easy it is to plugin to online
>>> services and how easy it is to run your own asymmetric cryptography... I
>>> suspect it would be trivial to put your own encryption over the top of
>>> any of those services/apps that allow such (and some already do -
>>> recently came across a plugin to the mailapp that has a custom
>>> encryption/decryption mechanism which is used by a bank for secure
>>> messaging.  This means as posted elsewhere any interception would have
>>> to be by screen capture and keyboard interception on the device, which I
>>> personally would immediately class as a systemic weakness because if I
>>> were doing it i'd be cut/pasting messages into my own non-internet
>>> connected app for encryption/decryption so you can capture what you want
>>> off imessage, facebook messenger etc... you'd still be getting encrypted
>>> blocks of data.. and if you capture everything you have online banking
>>> passwords and everything else that goes with that and there one thinks
>>> about who else can see the captures
>>>
>>> This is what you get when you have people in charge that have interest
>>> in obtaining data they are not entitled 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Labor's amendments haven't been forgotten, and will have to be dealt with
eventually, when the time comes for the PJCIS to table their April
recommendations.

Noone is forgetting that the Act was passed as an interim measure, to allow
law enforcement to deal with the Christmas break with new powers. It would
be a serious breach of faith for the government to renege on the
outstanding amendments.

Kind regards

Paul Wilkins


On Wed, 23 Jan 2019 at 13:24, Michelle Sullivan  wrote:

> Paul Wilkins wrote:
> > Obviously this has been in limbo over the Christmas break. There's 2
> > really important issues, on hold because of this.
> >
> > 1 - When or if the PJCIS will call for public comment on the Act as
> > passed.
> >
> > 2 - The appearance of the Labor amendments.
> >
> > So we probably won't see any developments until Parliament resumes
> > 12th February.
>
> I'll lay money there will be no amendments (passed), there will be an
> attempt to force Apple etc to write in a weakness which will be
> challenged.  There will be many people that will not update their
> iOS/Andriod anytime soon.  Personally I stopped updating the moment this
> bill was passed - particularly as there is at least one Apple update
> that stated, "No bug/security fixes"...
>
> What you will most likely find (and the idiots over in the ACT haven;'t
> worked it out yet) is that the terrorists have some very smart people
> "working" for them and they probably already jailbreak their phones and
> install their own messaging software on it.. (not that you need to
> jailbreak when you can use the 'team' functionality in xcode to install
> non apple approved apps on your phone.)
>
> Of course the highly amusing part is how easy it is to plugin to online
> services and how easy it is to run your own asymmetric cryptography... I
> suspect it would be trivial to put your own encryption over the top of
> any of those services/apps that allow such (and some already do -
> recently came across a plugin to the mailapp that has a custom
> encryption/decryption mechanism which is used by a bank for secure
> messaging.  This means as posted elsewhere any interception would have
> to be by screen capture and keyboard interception on the device, which I
> personally would immediately class as a systemic weakness because if I
> were doing it i'd be cut/pasting messages into my own non-internet
> connected app for encryption/decryption so you can capture what you want
> off imessage, facebook messenger etc... you'd still be getting encrypted
> blocks of data.. and if you capture everything you have online banking
> passwords and everything else that goes with that and there one thinks
> about who else can see the captures
>
> This is what you get when you have people in charge that have interest
> in obtaining data they are not entitled to.
>
> At least the Queensland police will not get voice recorded giving out
> new locations to abusive ex-husbands, now they can protect themselves by
> just accessing the phone of the wife in hiding..
>
> ... anyone seen my foil hat today I seem to have misplaced it? :P
>
> --
> Michelle Sullivan
> http://www.mhix.org/
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

How annoying.

Fair enough they have new terms of reference, but from the original landing
page it's not obvious there's a new enquiry.

To ensure the process maintains continuity, they need to link through to
the new enquiry from the old landing page. Even APH staff seem confused
where advice I had received from PJCIS 10/12 was call for submissions was
yet to be determined.

I've posted a support ticket so hopefully we'll see an update to the main
page:

https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195

Kind regards


Paul Wilkins


On Thu, 10 Jan 2019 at 01:42, Paul Brooks 
wrote:

> On 9/01/2019 11:18 am, Paul Wilkins wrote:
>
> Obviously this has been in limbo over the Christmas break. There's 2
> really important issues, on hold because of this.
>
> 1 - When or if the PJCIS will call for public comment on the Act as passed.
>
> PJCIS called for further comments on the Act as passed a few days after
> the Act was passed -
>
> They opened a new page on the PJCIS as a new inquiry: 'Review of the
> Telecommunications and Other Legislation Amendment (Assistance and Access)
> Act 2018 with specific reference to Government amendments introduced and
> passed on 6 December 2018'
>
>
> https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/ReviewofTOLAAct
>
> The Government amendments introduced and passed on 6 December 2018 are
> available at this link
> <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query%3DId%3A%22legislation%2Famend%2Fr6195_amend_2ef65c47-7a59-45e1-9427-cf3e7400ef4d%22>.
> A Supplementary Explanatory Memorandum
> <https://parlinfo.aph.gov.au/parlInfo/search/display/display.w3p;query=Id:%22legislation/ems/r6195_ems_b832c54b-6091-41ca-baf4-35bb94a856e8%22>on
> the amendments was also presented to the Parliament.
>
> The Committee will accept submissions on any new matters arising with the
> passage of the Act, and will consider the need for further hearings as the
> inquiry progresses.
>
> There are already two new submissions , from IGIS and Commonwealth
> Ombudsman.
>
> They are specifically looking for comments on wording and construction,
> suggestions on better definitions for 'Systemic Weakness' and on the
> definitions used and passed.
>
>
>
> So we probably won't see any developments until Parliament resumes 12th
> February.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Sat, 15 Dec 2018 at 11:44, Paul Wilkins 
> wrote:
>
>> I guess we should anticipate that the PJCIS will ask for further
>> submissions. Probably they will give as little advance warning as possible
>> to conform to their "accelerated timetable". I would think they'll announce
>> their request for submissions as soon as the Labor amendments are dealt
>> with.
>>
>> The Labor amendments are critical for:
>>
>>- Requirements for judicial review of TCNs/TARs, and avenue of
>>judicial appeal for service providers
>>- Strengthened requirements for necessity and proportionality
>>- Definitions of system vulnerability and systemic weakness (which
>>preclude mass deployment of patched code)
>>
>> These amendments are necessary and reasonable. However for me, the
>> following issues still remain to be resolved:
>>
>> 1 - Granting the  police EA powers  (rather than the intelligence
>> services - ASIO & AFP) goes too far where the police do not require EA.
>> Rather the least intrusive powers that would still enable them to prosecute
>> serious crime, would be Legal Intercept (basically enough powers to get to
>> the clear text, where they are back to where they were before before the
>> "going dark" due to encryption). This means that Police should get a
>> different category of TAN - where there are no write or modify data powers
>> (ie. read only). Any write or modify capabilities they require should be
>> implemented under a duly authorised TCN.
>>
>> 2 - Once there is allowance for differentiation in Police vs Intelligence
>> Services powers, there should similarly be differentiation for the
>> seriousness of crimes investigated. The 3 years for Police services (but
>> limited to Legal Intercept) would still allow the police to investigate
>> cyber stalking, but also many other crimes some have suggested is like
>> using a sledge hammer to crack a nut. Given the more intrusive nature of EA
>> vs Legal Intercept, there should be a higher bar for the Intelligence
>> Services to demand EA powers (say 20 years to life). If they need only
>> Legal Intercept, then the bar could remain at 3 years.
>>
>> 3 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Obviously this has been in limbo over the Christmas break. There's 2 really
important issues, on hold because of this.

1 - When or if the PJCIS will call for public comment on the Act as passed.

2 - The appearance of the Labor amendments.

So we probably won't see any developments until Parliament resumes 12th
February.

Kind regards

Paul Wilkins


On Sat, 15 Dec 2018 at 11:44, Paul Wilkins  wrote:

> I guess we should anticipate that the PJCIS will ask for further
> submissions. Probably they will give as little advance warning as possible
> to conform to their "accelerated timetable". I would think they'll announce
> their request for submissions as soon as the Labor amendments are dealt
> with.
>
> The Labor amendments are critical for:
>
>- Requirements for judicial review of TCNs/TARs, and avenue of
>judicial appeal for service providers
>- Strengthened requirements for necessity and proportionality
>- Definitions of system vulnerability and systemic weakness (which
>preclude mass deployment of patched code)
>
> These amendments are necessary and reasonable. However for me, the
> following issues still remain to be resolved:
>
> 1 - Granting the  police EA powers  (rather than the intelligence services
> - ASIO & AFP) goes too far where the police do not require EA. Rather the
> least intrusive powers that would still enable them to prosecute serious
> crime, would be Legal Intercept (basically enough powers to get to the
> clear text, where they are back to where they were before before the "going
> dark" due to encryption). This means that Police should get a different
> category of TAN - where there are no write or modify data powers (ie. read
> only). Any write or modify capabilities they require should be implemented
> under a duly authorised TCN.
>
> 2 - Once there is allowance for differentiation in Police vs Intelligence
> Services powers, there should similarly be differentiation for the
> seriousness of crimes investigated. The 3 years for Police services (but
> limited to Legal Intercept) would still allow the police to investigate
> cyber stalking, but also many other crimes some have suggested is like
> using a sledge hammer to crack a nut. Given the more intrusive nature of EA
> vs Legal Intercept, there should be a higher bar for the Intelligence
> Services to demand EA powers (say 20 years to life). If they need only
> Legal Intercept, then the bar could remain at 3 years.
>
> 3 - It's still not clear that anything doable under a TCN, cannot be
> compelled under a TAN's write/modify data powers. Hence, there ought to be
> exclusions of a TAN's powers from compelling the implementation of a
> capability for which a TCN can be issued.
>
> 4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from
> serving as "authorisation" under s280 / s313 of the Telecommunications Act
> 1997, sufficient to demand mass access to carrier metadata/ metadata
> datastreams. There is also lawful disclosure of mass metadata under s177 of
> the Telecomms Interception and Access Act 1979. If the police and/or
> intelligence services get access to metadata streams, they will integrate
> this with their other metadata projects, including CCTV and facial
> recognition databases. Which is obviously something some in Law Enforcement
> are advocating for, though I think most citizens would regard this as an
> alarming move towards mass surveillance and a police state.
>
> 5 - Having one agency act as a clearing house for notices and warrant
> data, is still a preferable framework to access by multiple agencies, and
> would provide advantages for economy, efficiency, governance, and the
> secure custody of both warrant data and service provider confidential
> information.
>
> 6 - Journalists and media organisations ought to be able to mount a public
> interest defense against the issue of TANs.
>
> 7 - Any citizen ought to have standing to mount a public interest defense
> against the issue of a TCN.
>
> 8 - An audit trail be mandated for all TAN/TAR actions.
>
> Interested to hear if anyone has comments or other concerns.
>
> Kind regards
>
> Paul Wilkins
>
> On Sat, 15 Dec 2018 at 09:29, I  wrote:
>
>> GCHQ is going for the same thing
>>
>> https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Telstra Gateway Pro DSL modem issues?

[Paul Wilkins]

1 - Does customer know how to save config to non volatile storage?
2 - Update firmware (shellshock etc.) & change credentials / disable remote
access
3 - Replace hardware (failed flash storage)

Kind regards

Paul Wilkins

On Thu, 20 Dec 2018 at 16:39, Narelle Clark  wrote:

> Hi folks
> I've got a customer with a Telstra Gateway Pro DSL modem that is
> repeatedly losing its credentials and Telstra's advice are to do a
> factory reset.
>
> Has anyone else seen this problem?
>
>
> --
>
> Narelle Clark
> narel...@gmail.com
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] [AUSNog] : Re Data Centre Fire Suppression Safety

[Paul Wilkins]

; replaced every 10 years of less and  Co2 bottles to replaced every 3 years.
>>>
>>>
>>>
>>> In my opinion, fire is something that is neglected a lot in DC’s.
>>>
>>>
>>>
>>> AG
>>>
>>>
>>>
>>> Adam Gibson
>>>
>>> *Head of Data Centres*
>>>
>>> Springfield City Group
>>>
>>>
>>>
>>> t: +61 7 3819 
>>>
>>> f: +61 7 3819 9900
>>>
>>> m: +61 4 00 807 822
>>>
>>> e: mailto:a.gib...@springfieldcitygroup.com
>>> 
>>>
>>>
>>>
>>> *From:* AusNOG  *On Behalf Of *Bruce
>>> Forster
>>> *Sent:* Thursday, 13 December 2018 10:36 AM
>>> *To:* chris.f...@inaboxgroup.com.au
>>> *Cc:* ausnog@lists.ausnog.net
>>> *Subject:* Re: [AusNOG] [AUSNog] : Re Data Centre Fire Suppression
>>> Safety
>>>
>>>
>>>
>>> Pretty sure halon is banned, but fm200 is the gas used these days?
>>>
>>>
>>>
>>> https://www.safelife.az/en/index.php/services/firefighting-by-gas.html
>>>
>>>
>>>
>>> Firstly, the most important advantage of the use of chemical gas - it is
>>> safe for people and electronic equipment. During fire fighting gas is used
>>> in a concentration not to be harmful to human health and life. When using
>>> the FM200 gas concentration of oxygen in the room is reduced by 3%. Along
>>> with the fact that such a composition of the air is not sufficient to
>>> continue the fire, it allows people who are there to breathe.
>>>
>>>
>>>
>>> On Thu, Dec 13, 2018 at 10:01 AM Chris Ford <
>>> chris.f...@inaboxgroup.com.au> wrote:
>>>
>>> As a university cadet working for IBM in the late 80s I remember getting
>>> inducted into the Westpac data centres and getting a long explanation of
>>> what to do when the halon system went off – where the breathing gear was,
>>> where the exits were, to basically just drop everything and run.
>>>
>>>
>>>
>>> Have been inducted into a few DCs in the last 3 years and can’t remember
>>> that being part of the induction at all – although given I already knew it
>>> I may have just glossed over that part.
>>>
>>>
>>>
>>> --
>>>
>>> Chris Ford
>>>
>>> Chief Technology Officer
>>>
>>>
>>>
>>> *INABOX GROUP*
>>>
>>> *m* 0401 988 844 *e* chris.f...@inaboxgroup.com.au
>>>
>>> *t* 02 8275 6871 *w* www.inaboxgroup.com.au
>>>
>>>
>>>
>>> *From:* AusNOG  *On Behalf Of *Paul
>>> Wilkins
>>> *Sent:* Thursday, 13 December 2018 10:53 AM
>>> *To:* AusNOG@lists.ausnog.net
>>> *Subject:* [AusNOG] [AUSNog] : Re Data Centre Fire Suppression Safety
>>>
>>>
>>>
>>> Every data centre has a fire suppression system. We're not used to
>>> thinking of this as a hazardous environment, but consequent to two
>>> techs being found dead working on a fire suppression system in Antarctica
>>> <https://www.theguardian.com/world/2018/dec/12/antarctica-two-technicians-dead-mcmurdo-station-ross-island>,
>>> I find myself wondering yet again, why there aren't more stringent controls
>>> around the fire suppression systems in data centres: viz - when you enter a
>>> data centre, how confident can you be you're not going to be quietly
>>> asphyxiated?
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>>
>>>
>>> --
>>>
>>> Regards,
>>>
>>> Bruce
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> ___
>> AusNOG mailing 
>> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

I guess we should anticipate that the PJCIS will ask for further
submissions. Probably they will give as little advance warning as possible
to conform to their "accelerated timetable". I would think they'll announce
their request for submissions as soon as the Labor amendments are dealt
with.

The Labor amendments are critical for:

   - Requirements for judicial review of TCNs/TARs, and avenue of judicial
   appeal for service providers
   - Strengthened requirements for necessity and proportionality
   - Definitions of system vulnerability and systemic weakness (which
   preclude mass deployment of patched code)

These amendments are necessary and reasonable. However for me, the
following issues still remain to be resolved:

1 - Granting the  police EA powers  (rather than the intelligence services
- ASIO & AFP) goes too far where the police do not require EA. Rather the
least intrusive powers that would still enable them to prosecute serious
crime, would be Legal Intercept (basically enough powers to get to the
clear text, where they are back to where they were before before the "going
dark" due to encryption). This means that Police should get a different
category of TAN - where there are no write or modify data powers (ie. read
only). Any write or modify capabilities they require should be implemented
under a duly authorised TCN.

2 - Once there is allowance for differentiation in Police vs Intelligence
Services powers, there should similarly be differentiation for the
seriousness of crimes investigated. The 3 years for Police services (but
limited to Legal Intercept) would still allow the police to investigate
cyber stalking, but also many other crimes some have suggested is like
using a sledge hammer to crack a nut. Given the more intrusive nature of EA
vs Legal Intercept, there should be a higher bar for the Intelligence
Services to demand EA powers (say 20 years to life). If they need only
Legal Intercept, then the bar could remain at 3 years.

3 - It's still not clear that anything doable under a TCN, cannot be
compelled under a TAN's write/modify data powers. Hence, there ought to be
exclusions of a TAN's powers from compelling the implementation of a
capability for which a TCN can be issued.

4 - I'm still not seeing where a TCN, TAN, or TAR, is disallowed from
serving as "authorisation" under s280 / s313 of the Telecommunications Act
1997, sufficient to demand mass access to carrier metadata/ metadata
datastreams. There is also lawful disclosure of mass metadata under s177 of
the Telecomms Interception and Access Act 1979. If the police and/or
intelligence services get access to metadata streams, they will integrate
this with their other metadata projects, including CCTV and facial
recognition databases. Which is obviously something some in Law Enforcement
are advocating for, though I think most citizens would regard this as an
alarming move towards mass surveillance and a police state.

5 - Having one agency act as a clearing house for notices and warrant data,
is still a preferable framework to access by multiple agencies, and would
provide advantages for economy, efficiency, governance, and the secure
custody of both warrant data and service provider confidential information.

6 - Journalists and media organisations ought to be able to mount a public
interest defense against the issue of TANs.

7 - Any citizen ought to have standing to mount a public interest defense
against the issue of a TCN.

8 - An audit trail be mandated for all TAN/TAR actions.

Interested to hear if anyone has comments or other concerns.

Kind regards

Paul Wilkins

On Sat, 15 Dec 2018 at 09:29, I  wrote:

> GCHQ is going for the same thing
>
> https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

[AusNOG] [AUSNog] : Re Data Centre Fire Suppression Safety

[Paul Wilkins]

Every data centre has a fire suppression system. We're not used to thinking
of this as a hazardous environment, but consequent to two techs being found
dead working on a fire suppression system in Antarctica
<https://www.theguardian.com/world/2018/dec/12/antarctica-two-technicians-dead-mcmurdo-station-ross-island>,
I find myself wondering yet again, why there aren't more stringent controls
around the fire suppression systems in data centres: viz - when you enter a
data centre, how confident can you be you're not going to be quietly
asphyxiated?

Kind regards

Paul Wilkins
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

317V, substitute:
unless:
(a) the Attorney-General is satisfied that:
(i) the requirements imposed by the notice are reasonable and
proportionate; and
(ii) compliance with the notice is practicable and technically feasible; and
*(b) an eligible Judge has approved the giving of the notice.*

On Wed, 12 Dec 2018 at 12:39, Paul Wilkins  wrote:

>
> https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf
>
> On Wed, 12 Dec 2018 at 12:25, Paul Brooks 
> wrote:
>
>> @Matt - 'a screen capture and remote access ability', if installed on all
>> phones would surely be a 'systemic vulnerability' in anybody's view, and
>> would be a global disaster if the method of triggering this ability escaped
>> to the wider world. This would be an example of precisely the dangerous and
>> ill-advised exploit that we are all concerned the agencies might ask for in
>> ignorance.   Heck, this is exactly the sort of malware exploit that
>> after-market malware scanners and virus checkers for phones should be
>> looking for to to detect and warn the user if an app or the OS had been
>> compromised and was attempting to do these things. I can see a rapidly
>> growing market for malware checkers!
>>
>> @Paul - where is the requirement for 'judicial approval'? - it doesn't go
>> anywhere near a court.   The TCN can be issued by the Attorney General. If
>> (and only if) the recipient thinks it might be able to be pushed back on,
>> they can ask for a review by a *retired* judge and a tech expert with a
>> high security clearance.  A *retired* judge is not a 'judicial approval',
>> and the easiest place to source the other expert from is from within ASIO -
>> hardly independent.  The AGD chooses the two reviewers, not the recipient.
>> The legislation as passed also doesn't deal with the situation if the two
>> experts disagree on whether it is allowable or not.   And there is no
>> requirement for a warrant to have been issued - the whole point of a TCN is
>> to preemptively create a capability that can be exploited later, on the off
>> chance there will be a future warrant that requires the exploit to be
>> triggered.
>>
>> Paul.
>>
>> On 12/12/2018 12:02 pm, Paul Wilkins wrote:
>>
>> Matt, (IINAL)
>> But it appears on my reading that both 317ZG and more specifically the
>> new 317ZGA would arguably prohibit this.
>>
>> The (pending?) amendments are worth a read. Stronger terms on 317ZG and
>> importantly - *requirement for judicial approval of TCNs*.
>>
>> 317P (5)(2)(d) the designated communications provider has, if reasonably
>> practicable, been consulted and given a reasonable opportunity to make
>> submissions on whether the requirements to be imposed by the notice are
>> reasonable and proportionate and whether compliance with the notice is
>> practicable and technically feasible.
>>
>>
>> On Wed, 12 Dec 2018 at 11:30, Matt Perkins  wrote:
>>
>>> It strikes me that all that will be needed is the phone manufacturers to
>>> put a screen capture and remote access ability on the phones. Then Law
>>> enforcement need to do is read the screens no need to involve the
>>> individual app makers at all.  They are after a wide and non savvy audience
>>> here. Looking over the shoulder of phone users is what we are talking
>>> about. I would say expect to see a boost in convictions of medium size drug
>>> distributors  and  small amateur terror type people.
>>>
>>> These are the same people that used sms before they just want that
>>> capability back.
>>>
>>> Matt
>>>
>>>
>>>
>>> --
>>> /* Matt Perkins
>>>Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>>>Office 1300 133 299 m...@spectrum.com.au
>>>Fax1300 133 255 Level 6, 350 George Street Sydney 2000
>>>   SIP 1300137...@sip.spectrum.com.au
>>>Google Talk mattaperk...@gmail.com
>>>PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
>>> */
>>>
>>> > On 12 Dec 2018, at 8:27 am, Paul Brooks 
>>> wrote:
>>> >
>>> >> On 12/12/2018 3:54 am, Scott Weeks wrote:
>>> >>
>>> >> -
>>> >> The Bill was passed on Thursday
>>> >> -
>>> >>
>>> >>
>>

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

https://parlinfo.aph.gov.au/parlInfo/download/legislation/amend/r6195_amend_96ffec08-558c-4ff9-9448-0a18c21cf1c7/upload_pdf/8627%20CW%20Telecommunications%20and%20Other%20Legislation%20Amendment%20(Assistance%20and%20Access)%20Bill%202018%20Wong.pdf;fileType=application/pdf

On Wed, 12 Dec 2018 at 12:25, Paul Brooks 
wrote:

> @Matt - 'a screen capture and remote access ability', if installed on all
> phones would surely be a 'systemic vulnerability' in anybody's view, and
> would be a global disaster if the method of triggering this ability escaped
> to the wider world. This would be an example of precisely the dangerous and
> ill-advised exploit that we are all concerned the agencies might ask for in
> ignorance.   Heck, this is exactly the sort of malware exploit that
> after-market malware scanners and virus checkers for phones should be
> looking for to to detect and warn the user if an app or the OS had been
> compromised and was attempting to do these things. I can see a rapidly
> growing market for malware checkers!
>
> @Paul - where is the requirement for 'judicial approval'? - it doesn't go
> anywhere near a court.   The TCN can be issued by the Attorney General. If
> (and only if) the recipient thinks it might be able to be pushed back on,
> they can ask for a review by a *retired* judge and a tech expert with a
> high security clearance.  A *retired* judge is not a 'judicial approval',
> and the easiest place to source the other expert from is from within ASIO -
> hardly independent.  The AGD chooses the two reviewers, not the recipient.
> The legislation as passed also doesn't deal with the situation if the two
> experts disagree on whether it is allowable or not.   And there is no
> requirement for a warrant to have been issued - the whole point of a TCN is
> to preemptively create a capability that can be exploited later, on the off
> chance there will be a future warrant that requires the exploit to be
> triggered.
>
> Paul.
>
> On 12/12/2018 12:02 pm, Paul Wilkins wrote:
>
> Matt, (IINAL)
> But it appears on my reading that both 317ZG and more specifically the new
> 317ZGA would arguably prohibit this.
>
> The (pending?) amendments are worth a read. Stronger terms on 317ZG and
> importantly - *requirement for judicial approval of TCNs*.
>
> 317P (5)(2)(d) the designated communications provider has, if reasonably
> practicable, been consulted and given a reasonable opportunity to make
> submissions on whether the requirements to be imposed by the notice are
> reasonable and proportionate and whether compliance with the notice is
> practicable and technically feasible.
>
>
> On Wed, 12 Dec 2018 at 11:30, Matt Perkins  wrote:
>
>> It strikes me that all that will be needed is the phone manufacturers to
>> put a screen capture and remote access ability on the phones. Then Law
>> enforcement need to do is read the screens no need to involve the
>> individual app makers at all.  They are after a wide and non savvy audience
>> here. Looking over the shoulder of phone users is what we are talking
>> about. I would say expect to see a boost in convictions of medium size drug
>> distributors  and  small amateur terror type people.
>>
>> These are the same people that used sms before they just want that
>> capability back.
>>
>> Matt
>>
>>
>>
>> --
>> /* Matt Perkins
>>Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>>Office 1300 133 299 m...@spectrum.com.au
>>Fax1300 133 255 Level 6, 350 George Street Sydney 2000
>>   SIP 1300137...@sip.spectrum.com.au
>>Google Talk mattaperk...@gmail.com
>>PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
>> */
>>
>> > On 12 Dec 2018, at 8:27 am, Paul Brooks 
>> wrote:
>> >
>> >> On 12/12/2018 3:54 am, Scott Weeks wrote:
>> >>
>> >> -
>> >> The Bill was passed on Thursday
>> >> -
>> >>
>> >>
>> >> Damn, I'm gonna need a bigger bag of popcorn!
>> >> Wy bigger.  I can't wait to see how this
>> >> plays out.
>> >
>> > We'll probably never know how this plays out, unless one of the major
>> global brands
>> > pulls out of the Australian market.
>> >
>> > Tech companies doing development in Aust will put in independent code
>> reviews by an
>> > offshore team to protect against onshore employees, or will quietly
>> close Australian
>> > development shops over years.  Some tech companies will move overseas -
>> gradually,
>> > over months and years.   

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

I'm of the opinion it's been a very great opportunity missed, that the
Second Reading of the Bill had not been drafted along the lines of the 173
+ 5 amendments.

Home Affairs had every opportunity to onboard the concerns of the public,
industry, and civil rights bodies prior to the Bill's Second Reading and
the Minister for Home Affairs commending the Bill to Parliament.

If we had been discussing the Bill along such lines several months ago,
there would firstly have been greater public and industry confidence in the
consultation process, but more importantly, we could have had a nuanced and
constructive debate of the Bill's provisions, rather than what's been a
rather ugly object lesson in playing cynical politics which has damaged the
reputation of Australia's ICT industry.

Kind regards

Paul Wilkins

On Wed, 12 Dec 2018 at 12:02, Paul Wilkins  wrote:

> Matt, (IINAL)
> But it appears on my reading that both 317ZG and more specifically the new
> 317ZGA would arguably prohibit this.
>
> The (pending?) amendments are worth a read. Stronger terms on 317ZG and
> importantly - *requirement for judicial approval of TCNs*.
>
> 317P (5)(2)(d) the designated communications provider has, if reasonably
> practicable, been consulted and given a reasonable opportunity to make
> submissions on whether the requirements to be imposed by the notice are
> reasonable and proportionate and whether compliance with the notice is
> practicable and technically feasible.
>
>
> On Wed, 12 Dec 2018 at 11:30, Matt Perkins  wrote:
>
>> It strikes me that all that will be needed is the phone manufacturers to
>> put a screen capture and remote access ability on the phones. Then Law
>> enforcement need to do is read the screens no need to involve the
>> individual app makers at all.  They are after a wide and non savvy audience
>> here. Looking over the shoulder of phone users is what we are talking
>> about. I would say expect to see a boost in convictions of medium size drug
>> distributors  and  small amateur terror type people.
>>
>> These are the same people that used sms before they just want that
>> capability back.
>>
>> Matt
>>
>>
>>
>> --
>> /* Matt Perkins
>>Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>>Office 1300 133 299 m...@spectrum.com.au
>>Fax1300 133 255 Level 6, 350 George Street Sydney 2000
>>   SIP 1300137...@sip.spectrum.com.au
>>Google Talk mattaperk...@gmail.com
>>PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
>> */
>>
>> > On 12 Dec 2018, at 8:27 am, Paul Brooks 
>> wrote:
>> >
>> >> On 12/12/2018 3:54 am, Scott Weeks wrote:
>> >>
>> >> -
>> >> The Bill was passed on Thursday
>> >> -
>> >>
>> >>
>> >> Damn, I'm gonna need a bigger bag of popcorn!
>> >> Wy bigger.  I can't wait to see how this
>> >> plays out.
>> >
>> > We'll probably never know how this plays out, unless one of the major
>> global brands
>> > pulls out of the Australian market.
>> >
>> > Tech companies doing development in Aust will put in independent code
>> reviews by an
>> > offshore team to protect against onshore employees, or will quietly
>> close Australian
>> > development shops over years.  Some tech companies will move overseas -
>> gradually,
>> > over months and years.Net result - lower demand for Australian IT
>> staff, lower
>> > export figures in the DFAT stats over years.
>> >
>> > Many 'component manufacturers or suppliers' will blithely carry on,
>> unaware this might
>> > apply to them at all until they receive a notice
>> >
>> > A massive data breach in 3 years time may not be traced back to a
>> system change caused
>> > as a result of a notice, or if an investigation does uncover the root
>> cause, is likely
>> > to be quietly hushed up.
>> >
>> > It'll take a massive ASIC-website-blocking-like event own-goal to
>> generate demand for
>> > popcorn. That or a majority of politicians starting to listen to
>> experts rather than
>> > agencies and repealing it, and there's precious few Andrew Wilkies
>> around at the
>> > moment so that's even less likely.
>> >
>> > P.
>> >
>> >
>> >
>> >
>> >
>> >>
>> >> scott
>> >>
>> >>
>> >>
>> >>
>> >>
>&g

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Matt, (IINAL)
But it appears on my reading that both 317ZG and more specifically the new
317ZGA would arguably prohibit this.

The (pending?) amendments are worth a read. Stronger terms on 317ZG and
importantly - *requirement for judicial approval of TCNs*.

317P (5)(2)(d) the designated communications provider has, if reasonably
practicable, been consulted and given a reasonable opportunity to make
submissions on whether the requirements to be imposed by the notice are
reasonable and proportionate and whether compliance with the notice is
practicable and technically feasible.


On Wed, 12 Dec 2018 at 11:30, Matt Perkins  wrote:

> It strikes me that all that will be needed is the phone manufacturers to
> put a screen capture and remote access ability on the phones. Then Law
> enforcement need to do is read the screens no need to involve the
> individual app makers at all.  They are after a wide and non savvy audience
> here. Looking over the shoulder of phone users is what we are talking
> about. I would say expect to see a boost in convictions of medium size drug
> distributors  and  small amateur terror type people.
>
> These are the same people that used sms before they just want that
> capability back.
>
> Matt
>
>
>
> --
> /* Matt Perkins
>Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
>Office 1300 133 299 m...@spectrum.com.au
>Fax1300 133 255 Level 6, 350 George Street Sydney 2000
>   SIP 1300137...@sip.spectrum.com.au
>Google Talk mattaperk...@gmail.com
>PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
> */
>
> > On 12 Dec 2018, at 8:27 am, Paul Brooks 
> wrote:
> >
> >> On 12/12/2018 3:54 am, Scott Weeks wrote:
> >>
> >> -
> >> The Bill was passed on Thursday
> >> -
> >>
> >>
> >> Damn, I'm gonna need a bigger bag of popcorn!
> >> Wy bigger.  I can't wait to see how this
> >> plays out.
> >
> > We'll probably never know how this plays out, unless one of the major
> global brands
> > pulls out of the Australian market.
> >
> > Tech companies doing development in Aust will put in independent code
> reviews by an
> > offshore team to protect against onshore employees, or will quietly
> close Australian
> > development shops over years.  Some tech companies will move overseas -
> gradually,
> > over months and years.Net result - lower demand for Australian IT
> staff, lower
> > export figures in the DFAT stats over years.
> >
> > Many 'component manufacturers or suppliers' will blithely carry on,
> unaware this might
> > apply to them at all until they receive a notice
> >
> > A massive data breach in 3 years time may not be traced back to a system
> change caused
> > as a result of a notice, or if an investigation does uncover the root
> cause, is likely
> > to be quietly hushed up.
> >
> > It'll take a massive ASIC-website-blocking-like event own-goal to
> generate demand for
> > popcorn. That or a majority of politicians starting to listen to experts
> rather than
> > agencies and repealing it, and there's precious few Andrew Wilkies
> around at the
> > moment so that's even less likely.
> >
> > P.
> >
> >
> >
> >
> >
> >>
> >> scott
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>>
> >>>
> >>>
> >>> ___
> >>> AusNOG mailing list
> >>> AusNOG@lists.ausnog.net
> >>> http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> >>
> >>
> >> ___
> >> AusNOG mailing list
> >> AusNOG@lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >>
> >>
> >> ___
> >> AusNOG mailing list
> >> AusNOG@lists.ausnog.net
> >> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

The confusion's understandable. Thursday nobody knew what was happening,
and the media reported both that amendments had passed and hadn't passed.

The only way of knowing what's actually transpired is seeing where the Act
is now published, and then checking again it contains the amendments from
the Reps (no, I haven't checked all 173 :)

Kind regards

Paul Wilkins

On Tue, 11 Dec 2018 at 17:46, Karl Auer  wrote:

> On Tue, 2018-12-11 at 17:31 +1100, Paul Wilkins wrote:
> > It's very much active law.
>
> Oh :-(
>
> Well, in that case I was misinformed, and I apologise for promulgating
> the misinformation.
>
> Regards, K.
>
> --
> ~~~
> Karl Auer (ka...@biplane.com.au)
> http://www.biplane.com.au/kauer
> http://twitter.com/kauer389
>
> GPG fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75
> Old fingerprint: A52E F6B9 708B 51C4 85E6 1634 0571 ADF9 3C1C 6A3A
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Telecommunications and Other Legislation Amendment (Assistance and Access)
Act 2018 

Assented to 8 December 2018

It's very much active law.

Includes 173 Government amendments moved in the Reps.

On Tue, 11 Dec 2018 at 17:26, Paul Brooks 
wrote:

> This.
>
> The Bill was passed on Thursday, with the coalition's 173-odd amendments
> created as a result of the PJCIS report agreed to.
>
> It achieved Royal Assent on 8th Dec (Saturday!), and is now law, and the
> agencies can be commencing issuing TARs, TANs and TCNs to us all his week.
>
> This is described
> https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6195
>
> The actual text as passed currently is at
> https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf
>
> There were an additional 6 amendments from Labor, to fix what they saw as
> shortcomings in the other amendments, these are the extra further
> amendments that the ALP think the LNP will allow them to move in the House
> of Reps in February next year, and continue to review in the PJCIS next
> year.
>
> P.
>
>
> On 11/12/2018 4:07 pm, Chris Ford wrote:
>
> > The amendments were not passed.  Labor decided it was too hard to work
> through them, so they just approved it without the amendments.
>
>
>
> 173 Government amendments were moved and passed in the lower house.
>
>
>
> The Opposition said they did not believe the amendments fully reflected
> the PJCIS interim report and that they would seek to amend the bill in the
> Senate. However, when push came to shove they did not move the amendments
> in the Senate. The Greens tried to move them instead, but the ALP voted
> against their own amendments.
>
>
>
>
>
> --
>
> Chris Ford
>
> Chief Technology Officer
>
>
>
> *INABOX GROUP*
>
> *m* 0401 988 844 *e* chris.f...@inaboxgroup.com.au
>
> *t* 02 8275 6871 *w* www.inaboxgroup.com.au
>
>
>
>
>
> ___
> AusNOG mailing 
> listAusNOG@lists.ausnog.nethttp://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Well firstly, it looked like wishful thinking for a long time that Home
Affairs would alter the Bill at all, or take any notice at all of the
public and industry opinions. Yet here we are, with 50 pages of amendments
passed virtually sight unseen on the final sitting day. This was the direct
result of Home Affairs intransigence, in running a consultation process
which meant asking for submissions, then ramming through the Bill they
wanted.

I guess it's interesting to ask who the "government" is. Dutton introduced
the Bill, and his parliamentary eligibility is in question. The government
of today may not be the government that administers this Bill. In fact,
Labor can pass amendments to this Bill even now if they can get the
requisite cross bench support.

I don't think we the People, or industry, need to accept the Bill as it is.
It was only passed as an expedient because the LEAs made the argument it
was better to pass the Bill and subsequently amend, rather then leave them
without the powers over Christmas.

Here is the Bill that passed.
<http://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf;fileType=application%2Fpdf>

Kind regards

Paul Wilkins



On Tue, 11 Dec 2018 at 12:25, Robert Hudson  wrote:

> I think the thought that the government would even consider the amendments
> now that the bill is passed is, at best, wishful thinking, no matter what
> the PJCIS says (and in fact, I'm sure DOHA and the intelligence agencies
> will be petitioning hard to not weaken the powers at all).
>
> On Tue, 11 Dec 2018 at 11:20, Paul Wilkins 
> wrote:
>
>> PJCIS are continuing their work and will report on the amendments *3
>> April 2019*. They are yet to determine if they will seek public comment
>> on the amendments.
>>
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Sat, 8 Dec 2018 at 11:07, Noel Butler  wrote:
>>
>>> On 08/12/2018 09:00, Paul Wilkins wrote:
>>>
>>> Australia's war on encryption: the sweeping new powers rushed into law -
>>> The Guardian, Paul Karp
>>> <https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law>
>>>
>>>
>>>
>>> "Amendments also introduce a new range of safeguards
>>> <https://www.theguardian.com/australia-news/2018/dec/05/coalitions-deal-with-labor-on-cracking-encrypted-messages-what-it-means-for-you>
>>> including the requirement that “technical capability notices” require the
>>> sign-off of both the attorney general and communications minister".
>>>
>>>
>>> roflmfao ... they call this a safe...guard. hahahaha
>>> HAHAHAHAHAHA
>>>
>>>
>>> --
>>>
>>> Kind Regards,
>>>
>>> Noel Butler
>>> This Email, including any attachments, may contain legally privileged
>>> information, therefore remains confidential and subject to copyright
>>> protected under international law. You may not disseminate, discuss, or
>>> reveal, any part, to anyone, without the authors express written authority
>>> to do so. If you are not the intended recipient, please notify the sender
>>> then delete all copies of this message including attachments, immediately.
>>> Confidentiality, copyright, and legal privilege are not waived or lost by
>>> reason of the mistaken delivery of this message. Only PDF
>>> <http://www.adobe.com/> and ODF
>>> <http://en.wikipedia.org/wiki/OpenDocument> documents accepted, please
>>> do not send proprietary formatted documents
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

PJCIS are continuing their work and will report on the amendments *3 April
2019*. They are yet to determine if they will seek public comment on the
amendments.


Kind regards

Paul Wilkins


On Sat, 8 Dec 2018 at 11:07, Noel Butler  wrote:

> On 08/12/2018 09:00, Paul Wilkins wrote:
>
> Australia's war on encryption: the sweeping new powers rushed into law -
> The Guardian, Paul Karp
> <https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law>
>
>
>
> "Amendments also introduce a new range of safeguards
> <https://www.theguardian.com/australia-news/2018/dec/05/coalitions-deal-with-labor-on-cracking-encrypted-messages-what-it-means-for-you>
> including the requirement that “technical capability notices” require the
> sign-off of both the attorney general and communications minister".
>
>
> roflmfao ... they call this a safe...guard. hahahaha
> HAHAHAHAHAHA
>
>
> --
>
> Kind Regards,
>
> Noel Butler
> This Email, including any attachments, may contain legally privileged
> information, therefore remains confidential and subject to copyright
> protected under international law. You may not disseminate, discuss, or
> reveal, any part, to anyone, without the authors express written authority
> to do so. If you are not the intended recipient, please notify the sender
> then delete all copies of this message including attachments, immediately.
> Confidentiality, copyright, and legal privilege are not waived or lost by
> reason of the mistaken delivery of this message. Only PDF
> <http://www.adobe.com/> and ODF
> <http://en.wikipedia.org/wiki/OpenDocument> documents accepted, please do
> not send proprietary formatted documents
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Australia's war on encryption: the sweeping new powers rushed into law -
The Guardian, Paul Karp
<https://www.theguardian.com/technology/2018/dec/08/australias-war-on-encryption-the-sweeping-new-powers-rushed-into-law>

On Fri, 7 Dec 2018 at 14:02, Jim Woodward  wrote:

>
>
>
>
> “Apparently change freezes also apply to national security :)”
>
>
>
> I think this is the most ambitious ask from our political leaders.. “Last
> chance to book in your nefarious plans before Christmas”
>
>
>
> The more I listen to them the more I am convinced they have no clue on how
> reality actually works, this bill is one of the most bone headed bills in
> recent years ^H^H^H^H^H weeks^H^H^H^H^H days^H^H^H^H … never mind…
>
>
>
> --Jim.
>
>
>
>
>
>
>
> *From:* AusNOG  *On Behalf Of *Paul
> Wilkins
> *Sent:* Thursday, 6 December 2018 6:14 PM
> *To:* ausnog@lists.ausnog.net
> *Subject:* Re: [AusNOG] Assistance and Access Bill moves to PJCIS
>
>
>
> "If "there is a need for these powers over the Christmas period," then
> that ship has sailed. Too late, they needed to pass it in September."
>
>
>
> Apparently change freezes also apply to national security :)
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

 of public and industry consultations as
being timely and adequate, incompatible with the facts on the public record
and the express concerns of the public, human rights groups, and industry?*

I assume debate will now continue for the PJCIS to complete its work in
April 2019, though I can't see where this is made explicit in the Act.

*12 - Why the absence of recompense for injury to reputation or to service
providers' business, or other injury consequent to police malfeasance or
misfeasance? The Bill's protections are not comprehensive, and where they
make provision, go only as far as to establish lack of liability for
unlawful disclosures.*

There have been amendments, but still don't go far enough to recompense
those injured by ill considered or ill executed State intervention.

*13 - Why has the government of the day referred this deeply flawed Bill to
the PJCIS, PJCHR, and the SSCSB, for review wasting public time and money,
rather than sending it back to Dep't Home Affairs for a complete overhaul
of it's scope and objectives?*

Mostly because of Dep't Home Affairs intransigence, and of course, the only
reason we've been fortunate to have the Bill amended at all, let's not
forget, is due to the Liberals losing control of the Reps.


Kind regards

Paul Wilkins


On Thu, 6 Dec 2018 at 18:13, Paul Wilkins  wrote:

> "If "there is a need for these powers over the Christmas period," then
> that ship has sailed. Too late, they needed to pass it in September."
>
> Apparently change freezes also apply to national security :)
>
> On Thu, 6 Dec 2018 at 17:33, Paul Wilkins 
> wrote:
>
>> Just checked, and cyber stalking qualifies as it has 3 year max sentence.
>>
>> On Thu, 6 Dec 2018 at 17:21, Paul Wilkins 
>> wrote:
>>
>>> To get a TAN approved, you'll need:
>>>
>>>- to be an interception agency
>>>- to have your TAN approved by the AFP
>>>- the investigation must attach a 3 year sentence
>>>- there *may *need to also be a data / computer warrant. Then again
>>>there may not.
>>>
>>> So no TANs for councils.
>>>
>>> TARs I'm not sure. There's amendments to bring them into line with TANs
>>> but I'd be guessing if their approval is 100% contiguous to TANs.
>>>
>>> Labor wanted to remove both ICACS and the state police, because when you
>>> look at it, there is no Ombudsman oversite of powers exercised by states
>>> under the Telecommunications Act. So it is a surprise to see state police
>>> still will get TANs/TARs under the revised Bill, but they will need AFP
>>> approval, which is definite improvement.
>>>
>>> I can see a need for state police to have Legal Intercept powers, but no
>>> reason it should go as far as the right to modify data.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>> On Thu, 6 Dec 2018 at 17:00, Robert Hudson  wrote:
>>>
>>>>
>>>>
>>>> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins >>> wrote:
>>>>
>>>>> The original 172 page Bill was so obviously deficient in so many
>>>>> areas, it was easier to just say the Bill should be thrown out in its
>>>>> entirety and start over. Now, post 50 pages of amendments, there's still
>>>>> plenty of scope for serious criticism, and the debate around getting the
>>>>> balance right between citizens rights, and the right of the State to 
>>>>> extend
>>>>> judicial writ to cyberspace will continue, but this is in every way a very
>>>>> much improved Bill over the original.
>>>>>
>>>>
>>>> Is it? Have the amendments increased the likelyhood that it will
>>>> actually help law enforcement? Have the amendments helped to ensure that
>>>> criminals continue to use services that are subject to the reach of
>>>> Australian law enforcement agencies?
>>>>
>>>> As Mark Newton pointed out in another forum recently, he was told, face
>>>> to face, by a sitting MP, in that MPs office, that his concerns that the
>>>> agencies that would have access to metadata would increase substantially
>>>> were ill-founded, as were his concerns that the reasons to request metadata
>>>> would increase dramatically. And now local councils have access to
>>>> metadata, and there are close to 1,000 requests for metadata per day.
>>>>
>>>>>
>>>>> I don't see on any of the grounds of criticism of the original Bill,
>>>>> the amendments have gone as far as they need to, 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

"If "there is a need for these powers over the Christmas period," then that
ship has sailed. Too late, they needed to pass it in September."

Apparently change freezes also apply to national security :)

On Thu, 6 Dec 2018 at 17:33, Paul Wilkins  wrote:

> Just checked, and cyber stalking qualifies as it has 3 year max sentence.
>
> On Thu, 6 Dec 2018 at 17:21, Paul Wilkins 
> wrote:
>
>> To get a TAN approved, you'll need:
>>
>>- to be an interception agency
>>- to have your TAN approved by the AFP
>>- the investigation must attach a 3 year sentence
>>- there *may *need to also be a data / computer warrant. Then again
>>there may not.
>>
>> So no TANs for councils.
>>
>> TARs I'm not sure. There's amendments to bring them into line with TANs
>> but I'd be guessing if their approval is 100% contiguous to TANs.
>>
>> Labor wanted to remove both ICACS and the state police, because when you
>> look at it, there is no Ombudsman oversite of powers exercised by states
>> under the Telecommunications Act. So it is a surprise to see state police
>> still will get TANs/TARs under the revised Bill, but they will need AFP
>> approval, which is definite improvement.
>>
>> I can see a need for state police to have Legal Intercept powers, but no
>> reason it should go as far as the right to modify data.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Thu, 6 Dec 2018 at 17:00, Robert Hudson  wrote:
>>
>>>
>>>
>>> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins >> wrote:
>>>
>>>> The original 172 page Bill was so obviously deficient in so many areas,
>>>> it was easier to just say the Bill should be thrown out in its entirety and
>>>> start over. Now, post 50 pages of amendments, there's still plenty of scope
>>>> for serious criticism, and the debate around getting the balance right
>>>> between citizens rights, and the right of the State to extend judicial writ
>>>> to cyberspace will continue, but this is in every way a very much improved
>>>> Bill over the original.
>>>>
>>>
>>> Is it? Have the amendments increased the likelyhood that it will
>>> actually help law enforcement? Have the amendments helped to ensure that
>>> criminals continue to use services that are subject to the reach of
>>> Australian law enforcement agencies?
>>>
>>> As Mark Newton pointed out in another forum recently, he was told, face
>>> to face, by a sitting MP, in that MPs office, that his concerns that the
>>> agencies that would have access to metadata would increase substantially
>>> were ill-founded, as were his concerns that the reasons to request metadata
>>> would increase dramatically. And now local councils have access to
>>> metadata, and there are close to 1,000 requests for metadata per day.
>>>
>>>>
>>>> I don't see on any of the grounds of criticism of the original Bill,
>>>> the amendments have gone as far as they need to, but on all the metrics
>>>> that matter this new Bill represents an honest attempt to accommodate
>>>> issues of privacy, accountability, and the need to maintain security and
>>>> protect service provider property rights against unnecessary or
>>>> disproportionate intrusion by Law Enforcement, and balance those against
>>>> the legitimate interests of the State to enforce the rule of law in
>>>> cyberspace.
>>>>
>>>
>>> I contend that the bill now represents an honest attempt to look like
>>> they're accomodating issues that aren't related to the core fact that the
>>> proposed laws won't actually reduce crime or increase security.
>>>
>>> How explicitly removing state (and potential future federal) ICACs as
>>> agencies able to utilise the powers of the bill is, in any way, reasonably
>>> associated with the phrase "honest attempt" is beyond me.
>>>
>>>>
>>>> From the definitions of systemic vulnerability and systemic weakness it
>>>> would seem to put it beyond question that back doors can only be deployed
>>>> against target devices, not deployed en masse. That said, there needs to be
>>>> a control plane function that allows access to the target device that
>>>> wasn't there before, which still constitutes a potential
>>>> weakness/vulnerability.
>>>>
>>>
>>> I am sure the bill will be successful in stopping the vulnerabi

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Just checked, and cyber stalking qualifies as it has 3 year max sentence.

On Thu, 6 Dec 2018 at 17:21, Paul Wilkins  wrote:

> To get a TAN approved, you'll need:
>
>- to be an interception agency
>- to have your TAN approved by the AFP
>- the investigation must attach a 3 year sentence
>- there *may *need to also be a data / computer warrant. Then again
>there may not.
>
> So no TANs for councils.
>
> TARs I'm not sure. There's amendments to bring them into line with TANs
> but I'd be guessing if their approval is 100% contiguous to TANs.
>
> Labor wanted to remove both ICACS and the state police, because when you
> look at it, there is no Ombudsman oversite of powers exercised by states
> under the Telecommunications Act. So it is a surprise to see state police
> still will get TANs/TARs under the revised Bill, but they will need AFP
> approval, which is definite improvement.
>
> I can see a need for state police to have Legal Intercept powers, but no
> reason it should go as far as the right to modify data.
>
> Kind regards
>
> Paul Wilkins
>
> On Thu, 6 Dec 2018 at 17:00, Robert Hudson  wrote:
>
>>
>>
>> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins > wrote:
>>
>>> The original 172 page Bill was so obviously deficient in so many areas,
>>> it was easier to just say the Bill should be thrown out in its entirety and
>>> start over. Now, post 50 pages of amendments, there's still plenty of scope
>>> for serious criticism, and the debate around getting the balance right
>>> between citizens rights, and the right of the State to extend judicial writ
>>> to cyberspace will continue, but this is in every way a very much improved
>>> Bill over the original.
>>>
>>
>> Is it? Have the amendments increased the likelyhood that it will actually
>> help law enforcement? Have the amendments helped to ensure that criminals
>> continue to use services that are subject to the reach of Australian law
>> enforcement agencies?
>>
>> As Mark Newton pointed out in another forum recently, he was told, face
>> to face, by a sitting MP, in that MPs office, that his concerns that the
>> agencies that would have access to metadata would increase substantially
>> were ill-founded, as were his concerns that the reasons to request metadata
>> would increase dramatically. And now local councils have access to
>> metadata, and there are close to 1,000 requests for metadata per day.
>>
>>>
>>> I don't see on any of the grounds of criticism of the original Bill, the
>>> amendments have gone as far as they need to, but on all the metrics that
>>> matter this new Bill represents an honest attempt to accommodate issues of
>>> privacy, accountability, and the need to maintain security and protect
>>> service provider property rights against unnecessary or disproportionate
>>> intrusion by Law Enforcement, and balance those against the legitimate
>>> interests of the State to enforce the rule of law in cyberspace.
>>>
>>
>> I contend that the bill now represents an honest attempt to look like
>> they're accomodating issues that aren't related to the core fact that the
>> proposed laws won't actually reduce crime or increase security.
>>
>> How explicitly removing state (and potential future federal) ICACs as
>> agencies able to utilise the powers of the bill is, in any way, reasonably
>> associated with the phrase "honest attempt" is beyond me.
>>
>>>
>>> From the definitions of systemic vulnerability and systemic weakness it
>>> would seem to put it beyond question that back doors can only be deployed
>>> against target devices, not deployed en masse. That said, there needs to be
>>> a control plane function that allows access to the target device that
>>> wasn't there before, which still constitutes a potential
>>> weakness/vulnerability.
>>>
>>
>> I am sure the bill will be successful in stopping the vulnerabilities it
>> creates leaking. I mean, if (when, recall just how successfully the NSA
>> managed to keep stuxnet under lock and key) the AFP manage to leak code
>> that allows keylogger installs onto iPhones, no criminal group (or just
>> obnoxious bunch of script kiddies posing as an online hacking group) would
>> be able to take advantage of this - that's not a systemic vulnerability or
>> weakness, right?
>>
>>
>>> "systemic vulnerability means a vulnerability that affects a whole class
>>> of technology, but does not include a vulnerability that is selectivel

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

To get a TAN approved, you'll need:

   - to be an interception agency
   - to have your TAN approved by the AFP
   - the investigation must attach a 3 year sentence
   - there *may *need to also be a data / computer warrant. Then again
   there may not.

So no TANs for councils.

TARs I'm not sure. There's amendments to bring them into line with TANs but
I'd be guessing if their approval is 100% contiguous to TANs.

Labor wanted to remove both ICACS and the state police, because when you
look at it, there is no Ombudsman oversite of powers exercised by states
under the Telecommunications Act. So it is a surprise to see state police
still will get TANs/TARs under the revised Bill, but they will need AFP
approval, which is definite improvement.

I can see a need for state police to have Legal Intercept powers, but no
reason it should go as far as the right to modify data.

Kind regards

Paul Wilkins

On Thu, 6 Dec 2018 at 17:00, Robert Hudson  wrote:

>
>
> On Thu, 6 Dec. 2018, 4:20 pm Paul Wilkins 
>> The original 172 page Bill was so obviously deficient in so many areas,
>> it was easier to just say the Bill should be thrown out in its entirety and
>> start over. Now, post 50 pages of amendments, there's still plenty of scope
>> for serious criticism, and the debate around getting the balance right
>> between citizens rights, and the right of the State to extend judicial writ
>> to cyberspace will continue, but this is in every way a very much improved
>> Bill over the original.
>>
>
> Is it? Have the amendments increased the likelyhood that it will actually
> help law enforcement? Have the amendments helped to ensure that criminals
> continue to use services that are subject to the reach of Australian law
> enforcement agencies?
>
> As Mark Newton pointed out in another forum recently, he was told, face to
> face, by a sitting MP, in that MPs office, that his concerns that the
> agencies that would have access to metadata would increase substantially
> were ill-founded, as were his concerns that the reasons to request metadata
> would increase dramatically. And now local councils have access to
> metadata, and there are close to 1,000 requests for metadata per day.
>
>>
>> I don't see on any of the grounds of criticism of the original Bill, the
>> amendments have gone as far as they need to, but on all the metrics that
>> matter this new Bill represents an honest attempt to accommodate issues of
>> privacy, accountability, and the need to maintain security and protect
>> service provider property rights against unnecessary or disproportionate
>> intrusion by Law Enforcement, and balance those against the legitimate
>> interests of the State to enforce the rule of law in cyberspace.
>>
>
> I contend that the bill now represents an honest attempt to look like
> they're accomodating issues that aren't related to the core fact that the
> proposed laws won't actually reduce crime or increase security.
>
> How explicitly removing state (and potential future federal) ICACs as
> agencies able to utilise the powers of the bill is, in any way, reasonably
> associated with the phrase "honest attempt" is beyond me.
>
>>
>> From the definitions of systemic vulnerability and systemic weakness it
>> would seem to put it beyond question that back doors can only be deployed
>> against target devices, not deployed en masse. That said, there needs to be
>> a control plane function that allows access to the target device that
>> wasn't there before, which still constitutes a potential
>> weakness/vulnerability.
>>
>
> I am sure the bill will be successful in stopping the vulnerabilities it
> creates leaking. I mean, if (when, recall just how successfully the NSA
> managed to keep stuxnet under lock and key) the AFP manage to leak code
> that allows keylogger installs onto iPhones, no criminal group (or just
> obnoxious bunch of script kiddies posing as an online hacking group) would
> be able to take advantage of this - that's not a systemic vulnerability or
> weakness, right?
>
>
>> "systemic vulnerability means a vulnerability that affects a whole class
>> of technology, but does not include a vulnerability that is selectively
>> introduced to one or more target technologies that are connected with a
>> particular person. For this purpose, it is immaterial whether the person
>> can be identified."
>>
>> There's still obvious gaps around the powers and accountabilities of
>> state police.
>>
>> I have to say it looks dangerously like a sensible working position from
>> which to move forward from, while ensuring security services get the powers
>> they say they have an immedi

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

The original 172 page Bill was so obviously deficient in so many areas, it
was easier to just say the Bill should be thrown out in its entirety and
start over. Now, post 50 pages of amendments, there's still plenty of scope
for serious criticism, and the debate around getting the balance right
between citizens rights, and the right of the State to extend judicial writ
to cyberspace will continue, but this is in every way a very much improved
Bill over the original.

I don't see on any of the grounds of criticism of the original Bill, the
amendments have gone as far as they need to, but on all the metrics that
matter this new Bill represents an honest attempt to accommodate issues of
privacy, accountability, and the need to maintain security and protect
service provider property rights against unnecessary or disproportionate
intrusion by Law Enforcement, and balance those against the legitimate
interests of the State to enforce the rule of law in cyberspace.

>From the definitions of systemic vulnerability and systemic weakness it
would seem to put it beyond question that back doors can only be deployed
against target devices, not deployed en masse. That said, there needs to be
a control plane function that allows access to the target device that
wasn't there before, which still constitutes a potential
weakness/vulnerability.

"systemic vulnerability means a vulnerability that affects a whole class of
technology, but does not include a vulnerability that is selectively
introduced to one or more target technologies that are connected with a
particular person. For this purpose, it is immaterial whether the person
can be identified."

There's still obvious gaps around the powers and accountabilities of state
police.

I have to say it looks dangerously like a sensible working position from
which to move forward from, while ensuring security services get the powers
they say they have an immediate need for.

Kind regards

Paul Wilkins


On Thu, 6 Dec 2018 at 13:48, Mark Newton  wrote:

>
>
> On 12/05/2018 11:48 AM, Paul Wilkins wrote:
> > "If this passes I can see similar legislation being introduced in
> > other jurisdictions."
> >
> > I think this legislation and all its warts is going to be a
> > particularly Australian feature.
>
> Exported globally, though.
>
> A 5-eyes power who wants to surveil someone can come to Australia, get
> ASIO or ASD to land a TCN on the target's platform provider, and pass on
> the result.
>
> Example:
>
> CIA wants something from an iPhone user. They can't get it themselves.
> So they take the iPhone user's IMEI to ASD and ask for 5-eyes assistance.
>
> ASD screams "terrorist!" in a TCN sent to Apple, which demands
> production of a compromised version of iOS which keylogs and screenshots
> any encrypted messaging apps which happen to run, and pushed as a silent
> upgrade to that user's phone.
>
> Results flow from Apple to ASD, and ASD passes them back to the CIA.
>
> There is no need for any other 5-eyes nation to pass this law now that
> Australia has it. It's provided 5-eyes with a global capability.
>
>- mark
>
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Remember these are proposed as interim powers.

*Labor members have moved to progress this Bill despite our concerns
because of the evidence from law enforcement and security agencies that
there is a need for these powers over the Christmas period, and because the
proposed amendments deliver adequate oversight and safeguards to prevent
unintended consequences while ongoing work continues.*

Recommendation 11
The Committee recommends that the Bill be amended to allow a designated
communications provider, who has been given a capability notice under
subsection 317W(1) of the Bill in relation to a proposed Technical
Capability Notice (TCN), to *request a binding assessment* of


   - whether the proposed technical capability notice would contravene
   section 317ZG of the Bill
   - the requirements imposed by the notice are reasonable and
   proportionate;
   - compliance with the notice is practicable and technically feasible; and
   - the notice is the least intrusive measure that would be effective in
   achieving the legitimate objective of the notice.

This request would be made in writing to the Attorney - General within a
reasonable time limit specified in the consultation notice.  The Committee
recommends that two persons be jointly appointed to conduct the assessment:

One of these persons should have knowledge that would enable them to assess
whether proposed TCN would contravene section 317ZG of the Bill, and should
be cleared for security purposes to the highest level required by staff
members of ASIO, unless the Attorney - General approves a lower security
level.

The second assessor must be a person who has served as a judge in one or
more prescribed courts for a period of 5 years; and who no longer holds a
commission as a judge of a prescribed court.
Both persons must agree that:

   - The requirements imposed by the notice are reasonable and
   proportionate;
   - Compliance with the notice is practicable and technically feasible; and
   - The notice is the least intrusive measure that would be effective in
   achieving the legitimate objective of the notice.

The report prepared by the technical expert and the retired judge must also
be provided to the Inspector - General of Intelligence and Security (for
oversight of ASIO) and the Commonwealth Ombudsman (for oversight of the
AFP).

On Thu, 6 Dec 2018 at 11:51, Morgan Reed  wrote:

> I note that judicial oversight is still completely lacking...
>
> On Thu, Dec 6, 2018 at 11:40 AM Paul Wilkins 
> wrote:
>
>> Some sensible amendments.
>>
>> Recommendation 4
>> The Committee recommends that the Bill be amended to incorporate
>> recommendations from the *Commonwealth Ombudsman to establish clear
>> authority to inspect and gather information on the exercise of the industry
>> assistance measures* by the Australian Federal Police (AFP), the
>> Australian Criminal Intelligence Commission, and State and Territory
>> interception agencies
>>
>> Recommendation 6
>> The Committee recommends that the Bill be amended to provide that
>> Technical Assistance Notices (TANs) and Technical Capability Notices (TCNs)
>> be subject to *statutory time limits*, and that any extension, renewal
>> or variation of a TAN or TCN also be subject to a statutory time limit
>>
>> Recommendation 7
>> The Committee recommends that the Bill set out a tiered approval system
>> for state and territory initiated Technical Assistance Notices (TANs),
>> under which *TANs would be submitted for approval to the Commissioner of
>> the AFP* before being issued to the recipient.
>> The intention of this process of approval would be to ensure consistency
>> in decision making, and reporting, across jurisdictions.  To give effect to
>> this intention, the Commissioner of the AFP must apply the same statut ory
>> criteria, and go through the same decision - making process, as would apply
>> if the AFP were the original issuing authority
>>
>> Recommendation 8
>> The Committee recommends that the Bill be amended to include a
>> requirement that Technical Capability Notices be *jointly authorised by
>> the Attorney - General and the Minister for Communications*, the latter
>> being able to provide a direct avenue for the concerns of the relevant
>> industry to be considered as part of the approval process
>>
>> Recommendation 9
>> The Committee notes the evidence of the Director - General of the
>> Australian Signals Directorate that a “systemic weakness” is a weakness
>> that “might actually jeopardi se the information of other people as a
>> result of that action being taken”. The Committee also notes the evidence
>> of the Director - General of Security, that the powers in Schedule 1 will
>> not be used to require a designated 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Some sensible amendments.

Recommendation 4
The Committee recommends that the Bill be amended to incorporate
recommendations from the *Commonwealth Ombudsman to establish clear
authority to inspect and gather information on the exercise of the industry
assistance measures* by the Australian Federal Police (AFP), the Australian
Criminal Intelligence Commission, and State and Territory interception
agencies

Recommendation 6
The Committee recommends that the Bill be amended to provide that Technical
Assistance Notices (TANs) and Technical Capability Notices (TCNs) be
subject to *statutory time limits*, and that any extension, renewal or
variation of a TAN or TCN also be subject to a statutory time limit

Recommendation 7
The Committee recommends that the Bill set out a tiered approval system for
state and territory initiated Technical Assistance Notices (TANs), under
which *TANs would be submitted for approval to the Commissioner of the AFP*
before being issued to the recipient.
The intention of this process of approval would be to ensure consistency in
decision making, and reporting, across jurisdictions.  To give effect to
this intention, the Commissioner of the AFP must apply the same statut ory
criteria, and go through the same decision - making process, as would apply
if the AFP were the original issuing authority

Recommendation 8
The Committee recommends that the Bill be amended to include a requirement
that Technical Capability Notices be *jointly authorised by the Attorney -
General and the Minister for Communications*, the latter being able to
provide a direct avenue for the concerns of the relevant industry to be
considered as part of the approval process

Recommendation 9
The Committee notes the evidence of the Director - General of the
Australian Signals Directorate that a “systemic weakness” is a weakness
that “might actually jeopardi se the information of other people as a
result of that action being taken”. The Committee also notes the evidence
of the Director - General of Security, that the powers in Schedule 1 will
not be used to require a designated communications provider to do anything
that jeopardises the security of the personal information of innocent
Australians. Having regard to those assurances, the Committee recommends
that the Bill be amended to *clarify the meaning of the term ‘systemic
weakness’, and to further clarify that Technical Capability Notices (TCNs)
cannot be used to create a systemic weakness*.

Recommendation 11
The Committee recommends that the Bill be amended to allow a designated
communications provider, who has been given a capability notice under
subsection 317W(1) of the Bill in relation to a proposed Technical
Capability Notice (TCN), to *request a binding assessment*

Recommendation 14
The Committee recommends that the Bill include express provision for a
*statutory
review of the Bill’s operation* by the Independent National Security
Legislation Monitor, within 18 months of the Bill commencing

Recommendation 16
The Committee recommends that, once the Bill (as amended) is passed by the
Parliament, the Committee:

   - commences a review of the new legislation;
   - for the purposes of the review, be allowed to hold further public
   hearings; and
   - *complete its review of the new legislation by 3 April 2019*


On Thu, 6 Dec 2018 at 11:20, Paul Wilkins  wrote:

>
> PJCIS have released a unanimous report
> <http://parlinfo.aph.gov.au/parlInfo/download/committees/reportjnt/024247/toc_pdf/AdvisoryReportontheTelecommunicationsandOtherLegislationAmendment(AssistanceandAccess)Bill2018.pdf;fileType=application%2Fpdf>,
> recommending Bill be passed with their amendments.
>
> On Thu, 6 Dec 2018 at 11:15, Jacob Taylor  wrote:
>
>> The current Liberal regime (and I would wager also the near-guaranteed
>> incoming Labor regime) don’t care about such repercussions though.
>>
>> Elections are won in swing seats, and swing seats in this country are
>> blue collar. What resonates with such seats is the perception of “action”,
>> often at the expense of nuance.
>>
>> This whole shambles is roughly equatable to Sydney’s lockout laws -
>> fabricate a moral panic to drum up electoral support for policies that are
>> otherwise indefensible. I believe someone earlier in thread earlier linked
>> to the Wikipedia page for the Four Horsemen of the Infocalypse?
>>
>> Just replace “drunkenness and coward punches” with “terrorists and
>> criminals”.
>>
>> - Jake
>>
>>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

PJCIS have released a unanimous report
,
recommending Bill be passed with their amendments.

On Thu, 6 Dec 2018 at 11:15, Jacob Taylor  wrote:

> The current Liberal regime (and I would wager also the near-guaranteed
> incoming Labor regime) don’t care about such repercussions though.
>
> Elections are won in swing seats, and swing seats in this country are blue
> collar. What resonates with such seats is the perception of “action”, often
> at the expense of nuance.
>
> This whole shambles is roughly equatable to Sydney’s lockout laws -
> fabricate a moral panic to drum up electoral support for policies that are
> otherwise indefensible. I believe someone earlier in thread earlier linked
> to the Wikipedia page for the Four Horsemen of the Infocalypse?
>
> Just replace “drunkenness and coward punches” with “terrorists and
> criminals”.
>
> - Jake
>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Reuben,
Anyone with an interest in FOSS is deeply concerned for the consequences.
eg: the Mozilla submission makes for compelling reading. The specific
concerns with FOSS is that the code base is public domain, where the
inclusion of binary blobs is antithetical to the community trust model.
Overseas developers will need to have a long think before attending
Australian conferences, where their attendance renders them subject to the
Australian jurisdiction. It also makes it difficult for Linux distros and
Linux solutions to bid for government contracts, which will hurt our local
software industry. This has obvious economic repercussions.

Kind regards

Paul Wilkins

On Wed, 5 Dec 2018 at 23:59, Reuben Farrelly  wrote:

> On 5/12/2018 8:33 am, Nick Stallman wrote:
> > Also does this mean that the custom firmware for one or a handful of
> > targets is not a systemic weakness, but if (when) the custom firmware
> > leaks out publicly and can be used criminally, it suddenly does become a
> > systemic weakness?
>
> I wonder how this is all going to play out with license compliance of
> the GPL and other similar licenses, especially if there is talk about
> covertly modifying code or systems.
>
> Are these Government organisations also going to be also inherently
> violating (or forcing other parties to violate) the license terms of the
> GPL if they prohibit distribution of their modified and now vulnerable
> source code?
>
> If a company is instructed by law enforcement to insert a backdoor into
> an authors' code but not be permitted to distribute the source for the
> backdoor along with the original source code, will the author be able to
> sue the company under copyright law?
>
> Does the Australian Government think they are going to be able to
> encourage the likes of Lineage or a budget overseas tablet manufacturer
> to assist in providing private code for law enforcement purposes?
>
> I'm sure most politicians have already considered the licensing aspects
> of this though, so perhaps I need not worry.  Perhaps the law of
> Australia will now trump the law of International Software Licenses too,
> in much the same way it trumps the laws of mathematics.
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Motion for 2nd hearing in Lower House.

On Wed, 5 Dec 2018 at 23:59, Reuben Farrelly  wrote:

> On 5/12/2018 8:33 am, Nick Stallman wrote:
> > Also does this mean that the custom firmware for one or a handful of
> > targets is not a systemic weakness, but if (when) the custom firmware
> > leaks out publicly and can be used criminally, it suddenly does become a
> > systemic weakness?
>
> I wonder how this is all going to play out with license compliance of
> the GPL and other similar licenses, especially if there is talk about
> covertly modifying code or systems.
>
> Are these Government organisations also going to be also inherently
> violating (or forcing other parties to violate) the license terms of the
> GPL if they prohibit distribution of their modified and now vulnerable
> source code?
>
> If a company is instructed by law enforcement to insert a backdoor into
> an authors' code but not be permitted to distribute the source for the
> backdoor along with the original source code, will the author be able to
> sue the company under copyright law?
>
> Does the Australian Government think they are going to be able to
> encourage the likes of Lineage or a budget overseas tablet manufacturer
> to assist in providing private code for law enforcement purposes?
>
> I'm sure most politicians have already considered the licensing aspects
> of this though, so perhaps I need not worry.  Perhaps the law of
> Australia will now trump the law of International Software Licenses too,
> in much the same way it trumps the laws of mathematics.
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Per the APH calendar
<https://www.aph.gov.au/About_Parliament/House_of_Representatives/About_the_House_News/This_week_in_the_House>
they were supposed to kick off with the the Assistance and Access, but
Frydenberg is now talking to Treasury Laws Amendment.

On Wed, 5 Dec 2018 at 12:20, Robert Hudson  wrote:

> If Australia passes this into law, we become the source of data for the
> others. We just do the dirty work for them.
>
> Why have a dog and do your own barking? Why spy on your citizens when
> Australia can do it for you?
>
> On Wed, 5 Dec. 2018, 11:49 am Paul Wilkins  wrote:
>
>> "If this passes I can see similar legislation being introduced in other
>> jurisdictions."
>>
>> I think this legislation and all its warts is going to be a particularly
>> Australian feature.
>>
>> The UK have RIPA already, which will probably become enforceable law
>> after Brexit but there the notices require judicial approval. Europe is a
>> no go due to GDPR and America has the 2nd Amendment, so surveilling
>> citizens is a non starter.
>>
>> So far I've not seen any mention the interim law will have a sunset
>> clause. Let's see, but if there's to be new legislation after the election,
>> we may get a very different result.
>>
>> Without a sunset clause, political reality, we'll have to wear a botched
>> job.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Wed, 5 Dec 2018 at 10:30, Mark Andrews  wrote:
>>
>>>
>>>
>>> > On 5 Dec 2018, at 9:54 am, Ross Wheeler  wrote:
>>> >
>>> > On Wed, 5 Dec 2018, Mark Andrews wrote:
>>> >
>>> >> More than likely they will get the app developer to make
>>> >> a custom version,
>>> >
>>> > I wonder if they pay the app developer for this "service"?
>>> > If the developer is outside Australian jurisdiction, how can they
>>> “persuade"
>>> > the developer to comply? And what's to stop the developer telling all
>>> and
>>> > sundry what the changes were?
>>>
>>> If this passes I can see similar legislation being introduced in other
>>> jurisdictions.  Also “you cannot sell to Australians” with enforced
>>> removal from app stores is likely to happen.  From the government’s
>>> perspective removal of the app is just as good as a compromised app.
>>>
>>> >> Most people will update when they are told the app is out of date.
>>> >
>>> > After this legislation passes, I think a great many people - especially
>>> > those doing things that may bring them to the attention of authorities
>>> -
>>> > will be highly suspicious of "updates" of all sorts.
>>>
>>> They still have to communicate with the rest of the world which is moving
>>> on.
>>>
>>> >> We are training people to update regularly to close security holes.
>>> >
>>> > Or, to open new ones, as the case may soon be.
>>>
>>> In general updating is the safer thing to do despite the small
>>> risk of new bugs being introduced especially if it update is
>>> billed as a maintenance release.
>>>
>>> >> Alternatively they will covertly install the updated version
>>> >> on the device.
>>> >
>>> > If they have the ability to do that now, why are the extra powers
>>> required?
>>>
>>> Reverse engineering a fake app to make it behave like the original app is
>>> difficult and error prone.  Much simpler to get the developer to add the
>>> covert logging capability to the existing app.
>>>
>>> > R.
>>>
>>> --
>>> Mark Andrews, ISC
>>> 1 Seymour St., Dundas Valley, NSW 2117, Australia
>>> PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

APH calendar
<https://www.aph.gov.au/About_Parliament/House_of_Representatives/About_the_House_News/This_week_in_the_House>
shows the Bill scheduled for debate tomorrow.

Last media release from PJCIS
<https://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Intelligence_and_Security/TelcoAmendmentBill2018/Media_Releases>
28 Nov, they would hear evidence from security agencies as to the urgency
of the Bill.

Push meets shove?

Kind regards

Paul Wilkins


On Tue, 4 Dec 2018 at 11:16, Paul Wilkins  wrote:

> This morning I don't know what to think.
>
> Somehow a confidential submission, by the AFP no less, to the PJCIS has
> leaked.
>
> So the government needs to pass new powers so police can investigate
> serious crime, including I suppose where it's the government that leaks.
>
> Or on the other hand, if the government can't maintain the security of
> their own papers, how can the public and industry ever rely on government
> for the security of their business and personal data?
>
> By the way, where you see Liberals arguing police need the same powers as
> ASIO and AFP, this actually is not correct. The intelligence services need
> Exceptional Access powers. I see no reason for the extent of judicial writ
> for the police to go anything beyond Legal Intercept. Which requires a
> different set of powers, different technical implementations, and
> diminished consequences for data security, and different rules of evidence.
>
> How you avoid a dozen different agencies all kicking in the doors on data
> centres without stepping on each others toes is an exercise for the reader.
>
> Kind regards
>
> Paul Wilkins
>
> On Mon, 3 Dec 2018 at 15:31, Mark Smith  wrote:
>
>> On Mon, 3 Dec 2018 at 11:17, Paul Wilkins 
>> wrote:
>> >
>> > Well obviously taking the time to read and consider the public and
>> industry submissions is preferable to pronouncements of "extensive"
>> consultation, then trying to second guess what's on the 5 Eyes' "Letter to
>> Santa" so we can push the Bill through before Christmas.
>> >
>> > There does need to be a settlement between the State's need to enforce
>> the rule of law, and citizen rights of privacy and private property. The
>> problem is if you say it can't be done at all, governments will simply
>> proceed without your input.
>> >
>> > So I think EA is going to happen, regardless.
>>
>> Until the legislation is passed, EA hasn't happened.
>>
>> > So we need a debate how that can be accommodated, minimising the
>> adverse impacts, while maximising the benefits for national security, and
>> coming to some kind of settlement with Law Enforcement that preserves
>> citizens rights. Of course, this isn't possible under the current Dep't
>> Home Affairs' timeline, though if Labor stalls the Bill, that will be some
>> welcome respite.
>> >
>>
>> Nobody is obligated to spend any time on something the government
>> proposes unless it becomes law.
>>
>> If you want to work on the idea of EA it is up to you, however this is
>> not a EA development forum, so I think any ideas you have regarding
>> the mechanics are off-topic for this list.
>>
>>
>> > While we're at it, suggestions that EA could be achieved by pushing the
>> onus for EA authentication to service provider mechanisms, is deeply
>> flawed, but the security experts pushing this will get the ear of
>> governments if no one else has anything constructive to say.
>> >
>> > Kind regards
>> >
>> > Paul Wilkins
>> >
>> >
>> > On Sun, 2 Dec 2018 at 14:38, Mark Smith  wrote:
>> >>
>> >> On Sun, 2 Dec 2018 at 13:17, Paul Wilkins 
>> wrote:
>> >> >
>> >> > “We have said we are willing to pass a bill by Thursday, which gives
>> appropriate powers, these powers, to national security agencies with
>> appropriate oversight to target criminals and people who are being
>> investigated for child sex crimes."
>> >> > Penny Wong
>> >> > So that's settled. Without Labor's support, the Bill can't proceed.
>> The Liberal's are too invested to compromise, and they need this in play
>> only for the politics. So 50/50 the Bill is sunk, or we get ASIO/AFP
>> powers, a sunset clause, and a considered bill somewhere down the track.
>> >> >
>> >>
>> >> Not properly considered, because the politicians aren't listening to
>> >> the information security technology experts about how feasible it is
>> >> to build this securely.
>> >>

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

This morning I don't know what to think.

Somehow a confidential submission, by the AFP no less, to the PJCIS has
leaked.

So the government needs to pass new powers so police can investigate
serious crime, including I suppose where it's the government that leaks.

Or on the other hand, if the government can't maintain the security of
their own papers, how can the public and industry ever rely on government
for the security of their business and personal data?

By the way, where you see Liberals arguing police need the same powers as
ASIO and AFP, this actually is not correct. The intelligence services need
Exceptional Access powers. I see no reason for the extent of judicial writ
for the police to go anything beyond Legal Intercept. Which requires a
different set of powers, different technical implementations, and
diminished consequences for data security, and different rules of evidence.

How you avoid a dozen different agencies all kicking in the doors on data
centres without stepping on each others toes is an exercise for the reader.

Kind regards

Paul Wilkins

On Mon, 3 Dec 2018 at 15:31, Mark Smith  wrote:

> On Mon, 3 Dec 2018 at 11:17, Paul Wilkins 
> wrote:
> >
> > Well obviously taking the time to read and consider the public and
> industry submissions is preferable to pronouncements of "extensive"
> consultation, then trying to second guess what's on the 5 Eyes' "Letter to
> Santa" so we can push the Bill through before Christmas.
> >
> > There does need to be a settlement between the State's need to enforce
> the rule of law, and citizen rights of privacy and private property. The
> problem is if you say it can't be done at all, governments will simply
> proceed without your input.
> >
> > So I think EA is going to happen, regardless.
>
> Until the legislation is passed, EA hasn't happened.
>
> > So we need a debate how that can be accommodated, minimising the adverse
> impacts, while maximising the benefits for national security, and coming to
> some kind of settlement with Law Enforcement that preserves citizens
> rights. Of course, this isn't possible under the current Dep't Home
> Affairs' timeline, though if Labor stalls the Bill, that will be some
> welcome respite.
> >
>
> Nobody is obligated to spend any time on something the government
> proposes unless it becomes law.
>
> If you want to work on the idea of EA it is up to you, however this is
> not a EA development forum, so I think any ideas you have regarding
> the mechanics are off-topic for this list.
>
>
> > While we're at it, suggestions that EA could be achieved by pushing the
> onus for EA authentication to service provider mechanisms, is deeply
> flawed, but the security experts pushing this will get the ear of
> governments if no one else has anything constructive to say.
> >
> > Kind regards
> >
> > Paul Wilkins
> >
> >
> > On Sun, 2 Dec 2018 at 14:38, Mark Smith  wrote:
> >>
> >> On Sun, 2 Dec 2018 at 13:17, Paul Wilkins 
> wrote:
> >> >
> >> > “We have said we are willing to pass a bill by Thursday, which gives
> appropriate powers, these powers, to national security agencies with
> appropriate oversight to target criminals and people who are being
> investigated for child sex crimes."
> >> > Penny Wong
> >> > So that's settled. Without Labor's support, the Bill can't proceed.
> The Liberal's are too invested to compromise, and they need this in play
> only for the politics. So 50/50 the Bill is sunk, or we get ASIO/AFP
> powers, a sunset clause, and a considered bill somewhere down the track.
> >> >
> >>
> >> Not properly considered, because the politicians aren't listening to
> >> the information security technology experts about how feasible it is
> >> to build this securely.
> >>
> >> Legislating the impossible doesn't make it possible.
> >>
> >>
> >>
> >>
> >> > Kind regards
> >> >
> >> > Paul Wilkins
> >> >
> >> > On Sun, 2 Dec 2018 at 13:00, Paul Wilkins 
> wrote:
> >> >>
> >> >> Scott Morrison 'blew up' bipartisan compromise on encryption, says
> Labor
> >> >>
> >> >> Government and opposition locked in battle over laws to allow
> security and intelligence agencies access to encrypted telecommunications
> >> >>
> >> >>
> >> >> On Sat, 1 Dec 2018 at 11:39, I  wrote:
> >> >>>
> >> >>> Paul Wilkins wrote:
> >> >>> Parliamentary Calendar is showing the Bill listed for deb

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Well obviously taking the time to read and consider the public and industry
submissions is preferable to pronouncements of "extensive" consultation,
then trying to second guess what's on the 5 Eyes' "Letter to Santa" so we
can push the Bill through before Christmas.

There does need to be a settlement between the State's need to enforce the
rule of law, and citizen rights of privacy and private property. The
problem is if you say it can't be done at all, governments will simply
proceed without your input.

So I think EA is going to happen, regardless. So we need a debate how that
can be accommodated, minimising the adverse impacts, while maximising the
benefits for national security, and coming to some kind of settlement with
Law Enforcement that preserves citizens rights. Of course, this isn't
possible under the current Dep't Home Affairs' timeline, though if Labor
stalls the Bill, that will be some welcome respite.

While we're at it, suggestions that EA could be achieved by pushing the
onus for EA authentication to service provider mechanisms, is deeply
flawed, but the security experts pushing this will get the ear of
governments if no one else has anything constructive to say.

Kind regards

Paul Wilkins


On Sun, 2 Dec 2018 at 14:38, Mark Smith  wrote:

> On Sun, 2 Dec 2018 at 13:17, Paul Wilkins 
> wrote:
> >
> > “We have said we are willing to pass a bill by Thursday, which gives
> appropriate powers, these powers, to national security agencies with
> appropriate oversight to target criminals and people who are being
> investigated for child sex crimes."
> > Penny Wong
> > So that's settled. Without Labor's support, the Bill can't proceed. The
> Liberal's are too invested to compromise, and they need this in play only
> for the politics. So 50/50 the Bill is sunk, or we get ASIO/AFP powers, a
> sunset clause, and a considered bill somewhere down the track.
> >
>
> Not properly considered, because the politicians aren't listening to
> the information security technology experts about how feasible it is
> to build this securely.
>
> Legislating the impossible doesn't make it possible.
>
>
>
>
> > Kind regards
> >
> > Paul Wilkins
> >
> > On Sun, 2 Dec 2018 at 13:00, Paul Wilkins 
> wrote:
> >>
> >> Scott Morrison 'blew up' bipartisan compromise on encryption, says Labor
> >>
> >> Government and opposition locked in battle over laws to allow security
> and intelligence agencies access to encrypted telecommunications
> >>
> >>
> >> On Sat, 1 Dec 2018 at 11:39, I  wrote:
> >>>
> >>> Paul Wilkins wrote:
> >>> Parliamentary Calendar is showing the Bill listed for debate Wed 5th
> December. Not sure by what process it gets listed.
> >>>
> >>> Perhaps the appointment for debate is the equivalent of a mention in
> the court process and it will be returned to the committee.
> >>>
> >>> Rob
> >>>
> >>>
> >>>
> >>>
> >>> ___
> >>> AusNOG mailing list
> >>> AusNOG@lists.ausnog.net
> >>> http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

“We have said we are willing to pass a bill by Thursday, which gives
appropriate powers, these powers, to national security agencies with
appropriate oversight to target criminals and people who are being
investigated for child sex crimes."
Penny Wong
So that's settled. Without Labor's support, the Bill can't proceed. The
Liberal's are too invested to compromise, and they need this in play only
for the politics. So 50/50 the Bill is sunk, or we get ASIO/AFP powers, a
sunset clause, and a considered bill somewhere down the track.

Kind regards

Paul Wilkins

On Sun, 2 Dec 2018 at 13:00, Paul Wilkins  wrote:

> Scott Morrison 'blew up' bipartisan compromise on encryption, says Labor
> <https://www.theguardian.com/australia-news/2018/dec/02/scott-morrison-blew-up-bipartisan-compromise-on-encryption-says-labor>
>
> Government and opposition locked in battle over laws to allow security and
> intelligence agencies access to encrypted telecommunications
>
>
> On Sat, 1 Dec 2018 at 11:39, I  wrote:
>
>> Paul Wilkins wrote:
>> Parliamentary Calendar
>> <https://www.aph.gov.au/About_Parliament/House_of_Representatives/About_the_House_News/This_week_in_the_House>
>>  is showing the Bill listed for debate Wed 5th December. Not sure by
>> what process it gets listed.
>>
>> Perhaps the appointment for debate is the equivalent of a mention in the
>> court process and it will be returned to the committee.
>>
>> Rob
>>
>>
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Scott Morrison 'blew up' bipartisan compromise on encryption, says Labor
<https://www.theguardian.com/australia-news/2018/dec/02/scott-morrison-blew-up-bipartisan-compromise-on-encryption-says-labor>

Government and opposition locked in battle over laws to allow security and
intelligence agencies access to encrypted telecommunications


On Sat, 1 Dec 2018 at 11:39, I  wrote:

> Paul Wilkins wrote:
> Parliamentary Calendar
> <https://www.aph.gov.au/About_Parliament/House_of_Representatives/About_the_House_News/This_week_in_the_House>
>  is showing the Bill listed for debate Wed 5th December. Not sure by what
> process it gets listed.
>
> Perhaps the appointment for debate is the equivalent of a mention in the
> court process and it will be returned to the committee.
>
> Rob
>
>
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Parliamentary Calendar
<https://www.aph.gov.au/About_Parliament/House_of_Representatives/About_the_House_News/This_week_in_the_House>
is showing the Bill listed for debate Wed 5th December. Not sure by what
process it gets listed.

Which is inconsistent with media releases by PJCIS that they will stick to
the existing timetable. As PJCIS have a hearing the previous day, it would
be strange for Parliament to have their final report first thing next
morning.

The Liberals on the PJCIS may by majority force a report, and maybe ready
by the 5th, but whether the minority Labor report will be ready by then is
yet to be seen.

Kind regards

Paul Wilkins

On Sat, 1 Dec 2018 at 10:46, I  wrote:

>  Other good points made on Friday were that products made here (physical
> and intellectual) would be regarded as inferior because it would be unknown
> whether they could be relied on.
>
> And if the new version of software might have calculated vulnerabilities
> people would be loathe to update and trust newer software keeping faulty or
> poorly secured versions.
>
> And why did the Duttonists think this was a good idea and that we were the
> only ones to think of it when not even Russia had implemented it.
>
> Rob
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

I don't need to make the EA arguments, when a no less august body than the
IAB has made them in their PJCIS submission. (Though my PJCIS submissions
do refer to EA mechanisms, so to suggest at this stage I'm not aware of EA
is to demonstrate you've arrived late to the debate).

Those opposed to EA should consider whether a limited Bill restricted to
ASIO/AFP and terrorism/child abuse should be lightly dismissed.

The industrial scope of the present Bill ensures that EA mechanisms will be
implemented. On the other hand, application of powers restricted to
ASIO/AFP and terrorism/child abuse is of such limited scope that
interventions would be specific to each investigation. Depending of course
on the final form of the Bill. This could only go as far as, given a
warrant, a requirement to then assist getting the data retrieved under the
warrant to law enforcement. Hence it could mean either no EA, or EA only in
such specific circumstances that the intervention goes only as far as
supporting the existing warrant regime rather than extending it. In some
people's opinions, including mine, this meets the requirements of necessity
and proportionality. Such a dramatic reduction in scope is a huge gain in
terms of reduced security impacts of the legislation, and realistically,
I'm not sure the Bill can be blocked in its entirety. I've always said I
support the extension of judicial writ to the cyber realm, and I see no
reason to alter that position.

Kind regards

Paul Wilkins
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Apparently PJCIS may be considering limiting the Bill to exercise by ASIO
and the AFP only, and limiting scope of crimes to only terrorism and child
abuse related. That would be of huge assistance in allaying public concerns
its a stalking horse for mass surveillance. Further, such limited purview
would mean there simply isn't the industrial scale of activity as
anticipated in the current Bill's scope. Such a light touch approach would
greatly mitigate the security and economic impacts.

Now before people start complaining that such a move would still enable
invasions of privacy, consider, "first they came for the terrorists and
child abusers" said no one ever.

Kind regards

Paul Wilkins

On Fri, 30 Nov 2018 at 15:10, Paul Wilkins  wrote:

> Hastie, Senator Bushby, Julian Leeser, Jim Molan, some pretty
> disappointing stuff from them all this morning. For shits and giggles, you
> can read the proceedings and where PJCIS members ask questions, try to
> guess their political alignment from the questions asked.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Fri, 30 Nov 2018 at 10:11, I  wrote:
>
>>
>> Watch live
>> https://www.aph.gov.au/Watch_Read_Listen
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Hastie, Senator Bushby, Julian Leeser, Jim Molan, some pretty disappointing
stuff from them all this morning. For shits and giggles, you can read the
proceedings and where PJCIS members ask questions, try to guess their
political alignment from the questions asked.

Kind regards

Paul Wilkins


On Fri, 30 Nov 2018 at 10:11, I  wrote:

>
> Watch live
> https://www.aph.gov.au/Watch_Read_Listen
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

There's a lot of different sections and different Acts that interact, in
complex ways with multiple double negations making it a bit of a head
twist, and I don't believe anyone can say with certainty how the courts
would rule on an attempt by the AG to use TCN/TANs to access metadata
datastreams. I believe it's both possible, and that the Bill should have
stronger protections to discourage law enforcement going down this path at
some point.

TCNs can't compel data retention (we've already been there). However, they
certainly can, (IMHO) compel implementation of providing access to metadata
datastreams as a service.

Once you have the capability to transfer datastreams, then you only need to
turn them on. That can happen either under a TAN/TAR direction from a law
enforcement agency, where the agency decides it's necessary. There's also
no reason a carrier cannot voluntarily provide the datastream. There is no
protection under the law that requires law enforcement to have a warrant to
access metadata. Where law enforcement can compel the provision of metadata
as a service, a request to provide it voluntary comes with the implication
that if it's not provided, law enforcement will be back with a TAN to
compel compliance.

I go through this in excruciating detail in my supplementary submission,
which is now up on the PJCIS website.

Kind regards

Paul Wilkins

On Wed, 28 Nov 2018 at 16:48, Paul Brooks 
wrote:

> On 28/11/2018 3:42 pm, Paul Wilkins wrote:
>
>
> I'm less concerned that the State may ask a judge for a computer warrant,
> than I am the Attorney General issuing TCNs to access carrier metadata
> datastreams and using that for mass surveillance, or law enforcement then
> forcing patches on service providers for my phone/television to enable the
> mike and camera's for surveillance because I've triggered some kind of
> Minority Report scenario, because, you know, they're doing their job and in
> the AG's opinion it's reasonable.
>
> Much as I hate to defend something that is indefensible on other grounds,
> part of this particular concern seems to be already protected.
>
> See Sect 317(T) (the bit regarding TCNs)
>
> Part (10):
>
> 'A technical capability notice has no effect to the extent (if any) to
> which it requires a designated communications provider to keep, or cause to
> be kept:
>   (a)information of a kind specified in or under section 187AA
> of the Telecommunications (Interception and Access) Act 1979;  or
>  (b)documents containing information of that kind;
> relating to any communication carried by means of a service to which Part
> 5 1A of the Telecommunications (Interception and Access) Act 1979 applies.
> Note:Part 5 1A of the Telecommunications (Interception and Access) Act
> 1979 deals with data retention.'
>
> In other words - they can't issue a TCN to keep more metadata. Or to be
> sent a stream of metadata.
>
> Also Part (2):
>
> 'The specified acts or things must:
> (a)  be directed towards ensuring that the designated
> communications provider *is capable* of giving listed help to ASIO, or an
> interception agency, in relation to:
>(i)the performance of a function, or the exercise
> of a power, conferred by or under a law of the Commonwealth, a State or a
> Territory, so far as the function or power relates to a relevant objective;
> or
>(ii)a matter that facilitates, or is ancillary or
> incidental to, a matter covered by subparagraph (i); or
>(b)be by way of giving help to ASIO, or an interception agency,
> in relation to:
>(i)the performance of a function, or the exercise
> of a power, conferred by or under a law of the Commonwealth, a State or a
> Territory, so far as the function or power relates to a relevant objective;
> or
>(ii)a matter that facilitates, or is ancillary or
> incidental to, a matter covered by subparagraph (i).
>
> '
>
> In other words - they can ask you to do something to make sure you are
> *capable* of giving help under some other law. But you don't have to
> actually do the thing under that other law to satisfy the TCN, they'll
> issue you a separate warrant or request to actively use that capability,
> under that other law, if they need you to actively use it in practice.
>
> The TCN is to require you to make sure you have an easily undoable buckle
> on your belt, in case they have to ask you to bend over under another law,
> and to ensure you can't reply 'Sorry, I cant do that' when they do ask you
> to bend over under that other law. But they can't ask you to actually bend
> over in the TCN itself.
>
> Of course, this all relies on them not asking, or if they do, on the
> recipient of the n

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Paul,
Yes and no. 'The rights of service providers to manage their own affairs'
should be subject to the rule of law. With the important qualification that
per the Dec'n Human Rights, any intrusion by the state of private property
(both a service provider's code base and data centres are private property)
must be necessary, proportionate, and subject to the rule of law. Service
providers have a right to insist that any intrusion is specific, non
arbitrary, and for due process, should not be subject to determination by
Law Enforcement, but should be a question for, and appealable to, the
judiciary. Service providers (and 3rd parties) should be adequately
compensated for any damage done to their interests because of Law
Enforcement malfeasance or misfeasance.

Much of what's considered legitimate activities in the Bill is subject to
arbitrary interpretation by Law Enforcement, or sufficiently vague that Law
Enforcement has an open license. A rule based system is predicated on
everybody knowing what the rules are, a priori, and then going from there.
The vague and open ended drafting of the Bill allows Law Enforcement ample
scope to make it up as they go (to the point, illegally obtained evidence
would still be admissable).

Kind regards

Paul Wilkins




On Wed, 28 Nov 2018 at 12:05, Paul Brooks 
wrote:

> On 28/11/2018 10:27 am, Paul Wilkins wrote:
>
>
>
> I do think (and it's not a generally popular position) that the internet
> does need to, and is going to be, regulated. This doesn't however justify
> measures that are unnecessarily invasive of citizens' rights, such as right
> to privacy and the right of service providers to manage their own affairs.
> I support the need for law enforcement to have powers to pursue terrrorists
> and serious crime in the context of increasing use of encryption, but this
> isn't that bill.
>
> Apart from 'the rights of service providers to manage their own affairs',
> this is spot on. ('right of service providers to manage their own affairs'
> has never been a thing, service providers have always been subject to
> regulation and external management, and the recent ACCC, ACMA and TIO
> crack-downs on RSPs in the name of improving end-customer experience is
> more of this - much as the current Banking Royal Commission has came from
> boards and executives thinking there was 'rights of banks to manage their
> own affairs' to the detriment of banking customers - but this is a
> digression)
>
> Worth looking through the most recent Paris Call for Trust and Security in
> Cyberspace released at the IGF held earlier this month.
>
>
> https://www.diplomatie.gouv.fr/en/french-foreign-policy/digital-diplomacy/france-and-cyber-security/article/cybersecurity-paris-call-of-12-november-2018-for-trust-and-security-in
>
> https://www.diplomatie.gouv.fr/IMG/pdf/paris_call_text_-_en_cle06f918.pdf
>
> and some words from Andrew Sullivan, President of the Internet Society on
> the same topic:
>
>
> https://www.internetsociety.org/blog/2018/11/we-wont-save-the-internet-by-breaking-it/
>
> "It is, of course, true that governments should protect their citizens,
> and that they are the only ones in a position to offer such protections. It
> does not follow that every protective measure a government tries is one
> that will work. Some of them may even do harm.
>
>
> .
>
> None of this, of course, means that every regulation that could possibly
> touch something connected to the Internet is automatically wrong. Many
> services that we use on the Internet (virtually every social media service,
> for instance) are closed systems that really operate *on top of* the
> Internet. It is possible that effective social responses to some of the
> challenges arising from those systems can be addressed in part through
> appropriate regulatory frameworks. But hasty action, unilateral movement,
> and attempts to legislate values along national lines are as likely to
> break the Internet as they are to address social issues arising from
> Internet use.
>
>
> There is absolutely a place for national regulation of Internet activities
> - nobody can expect the government to take a hands-off approach. We have
> that now at the most fundamental level in the way that IP addresses and
> domain names, as forms of electronic addressing, are ultimately conducted
> under the authority of DOCA, devolved to be operated by APNIC and auDA
> respectively under license.
>
> Similarly, governments will seek to regulate the things that people do on
> top of the Internet, to protect the people say from online bullying,
> posting revenge-porn photos, anti-SPAM measures - much as they do for
> telephone services, such as the DoNotCall Register. To expect otherwise is
> unrealistic. Some of it is actually good to have.
>

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Let's not forget that without the State there could be no internet. So
there needs to be an accomodation between the rights of the individual and
the rights of the State. Part of the terms are dictated by political
reality, but there are also moral questions as to the right of the State to
interfere with individual liberty. In some ways, as I've said before, this
isn't ontologically new territory, but goes back to Rousseau's notion of
the social contract, that the individual surrenders the absolute liberty
of  anarchy, for the security benefits conferred by the state under the
rule of law.

I'm less concerned that the State may ask a judge for a computer warrant,
than I am the Attorney General issuing TCNs to access carrier metadata
datastreams and using that for mass surveillance, or law enforcement then
forcing patches on service providers for my phone/television to enable the
mike and camera's for surveillance because I've triggered some kind of
Minority Report scenario, because, you know, they're doing their job and in
the AG's opinion it's reasonable.

In the case of the computer warrant, Law Enforcement have to allege a
specific breach of the criminal code, and establish evidentiary grounds
this crime is being committed to a judge's satisfaction. Much in the
Assistance and Access Bill leaves Law Enforcement as the decision makers as
to what and how is to be investigated. It is actually possible to
simultaneously want to see the rule of law be enforced, but without
establishing the machinery of a police state.

Kind regards

Paul Wilkins


On Wed, 28 Nov 2018 at 13:43, Mark Smith  wrote:

> On Wed, 28 Nov 2018 at 11:29, Scott Weeks  wrote:
> >
> >
> >
> > --- paulwilkins...@gmail.com wrote:
> > From: Paul Wilkins 
> >
> > I do think (and it's not a generally popular position) that
> > the internet does need to, and is going to be, regulated.
> > 
> >
> >
> > No.  Absolutely does not need to be and cannot be anyway,
> > unless you do a China.  Maybe this is what they're jealous
> > of?  Total control over the media and all information.
> > Like, you know, the Dark Ages...
> >
>
> I agree.
>
> I wonder what Paul specifically thinks needs to be regulated. If it is
> a general view, rather than a specific one, then Paul has
> authoritarian beliefs (in other words, just the idea that somebody can
> do something without first seeking and being given permission is an
> anathema).
>
> The fundamental and most significant benefit of the Internet has been
> that its architecture has permitted permissionless innovation, through
> application protocol transparency in the network. To deploy a new
> application or service over the Internet, you do not have to seek
> permission of a telco for them to carry your traffic.
>
> IPv4 NATs have significantly limited the Internet's transparency,
> which is why people have been creating an ad hoc and more transparent
> virtual overlay network over the Internet using UDP - "UDP over IPv4 –
> a stepping stone to IPv6?" -
> https://blog.apnic.net/2017/03/24/udp-ipv4-stepping-stone-ipv6/ .
>
> Regards,
> Mark.
>
>
>
>
> > scott
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > > ___
> > > AusNOG mailing list
> > > AusNOG@lists.ausnog.net
> > > http://lists.ausnog.net/mailman/listinfo/ausnog
> > >
> >
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> >
> >
> > ___
> > AusNOG mailing list
> > AusNOG@lists.ausnog.net
> > http://lists.ausnog.net/mailman/listinfo/ausnog
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

In a time of ever growing populism and increasing power in the hands of
demagogues, it's no less true then it ever was that in a democracy, you get
the government you deserve.

There is a very obvious political advantage to the Liberal Trumpists to
make ambit law enforcement claims. Any win is gravy, and every setback,
they can use as a wedge to beat up the threat of terrorism.

I do think (and it's not a generally popular position) that the internet
does need to, and is going to be, regulated. This doesn't however justify
measures that are unnecessarily invasive of citizens' rights, such as right
to privacy and the right of service providers to manage their own affairs.
I support the need for law enforcement to have powers to pursue terrrorists
and serious crime in the context of increasing use of encryption, but this
isn't that bill. This Bill represents gross overreach, and has grave
deficiencies in its drafting across governance and accountability for the
use of police powers, beyond the adverse economic impacts for Australia
consequent to undermining security. I'm fairly certain too at some point it
will be argued the vague drafting grants law enforcement a mandate to
gather carrier metadata
<https://www.aph.gov.au/DocumentStore.ashx?id=7dec86a0-3a58-4d53-b0b4-6df5c918335e=660759>
and establish mass surveillance.

The Bill should be set aside, but I fear the PJCIS will try to stitch
together some sort of compromise leaving Australians with very diminished
citizen rights compared to Europe.

Kind regards

Paul Wilkins




On Wed, 28 Nov 2018 at 08:56, Mark Newton  wrote:

> Their real target is the same as it was in the 2008-2010 censorware fight:
>
> They want to make it clear that this is not territory which is
> unregulated; that they can and will interfere with it if and when it suits
> them.
>
> I doubt they even know how and when that interference will happen at this
> stage. But that isn’t important. It’s all about the agencies sticking their
> thumb onto an industry segment and saying, “We’re in charge of this.”
>
>- mark
>
>
>
> On 28 Nov 2018, at 8:25 AM, Robert Hudson  wrote:
>
>
>
> On Tue, 27 Nov 2018 at 16:04, Mark Newton  wrote:
>
>>
>> On Nov 23, 2018, at 4:46 PM, Robert Hudson  wrote:
>>
>>
>> On Fri, 23 Nov 2018 at 14:47, Paul Brooks 
>> wrote:
>>
>>> In theory no - this bill doesn't weaken encryption, and explicitly
>>> doesn't allow any
>>> changes that would weaken encryption.
>>>
>>
>> They say that - but I don't believe them.  I don't think they even
>> understand what they're suggesting (or if they do understand, they're
>> relying on others not understanding, or not caring).
>>
>>
>> I think it’s dangerous to assume they don’t know what they’re asking for.
>>
>
> To clarify - I was speaking of the politicians.
>
>>
>> MPs probably don’t know, that’s true. But they aren’t the source of these
>> Bills: No has ever climbed out of bed in the morning and thought, “Y’know
>> what ASD needs? Unencrypted access to SnapChat. Let’s make it happen.”
>>
>
> I agree entirely.
>
>>
>> MPs also aren’t in charge. PJCIS reliably decides whatever the
>> bloody-hell ASIO and ASD want them to decide. The belief that there are a
>> bunch of level-headed independent-minded politicians *making decisions* is
>> crazy, there’s never been any evidence that that’s true.
>>
>
> I think you may have missed highlighting the ludicrous notion of *level-headed
> independent-minded politicians*.  I'd put a smiley there, but the current
> state of our political leadership (if one could call it that) is so abysmal
> that it's no laughing matter.
>
>>
>> These Bills are drafted by the intelligence agencies themselves, and they
>> know precisely what they’re demanding, they know precisely what the flow-on
>> effects will be, and they’ve judged that for their own purposes, the
>> cost/benefit analysis works in their favor.
>>
>
> This is the bit that I don't get.
>
> They *must* know the effective outcomes of the TAN/TCN/TAR activities is
> to introduce systemic weakness in the encryption processes they touch.  The
> attack vectors against encryption (be it data at rest or data in flight)
> are so narrow (given that they're asking for this, we can, I believe,
> safely assume that they're not able to brute force things at this stage) as
> to effectively mean "a way to retrieve the keys" or "a back door" - both
> processes, once established, immediately introduce exactly the kind of
> weaknesses the proposed bill supposedly protects against (noting the
> incredibly low standard of proof that needs to be produced here).
>
> And 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

As they say, a week is a long time in politics.

PJCIS is holding a Top Secret briefing with ASIO as to whether they need to
expedite the Bill, but in context, it's not like rising use of encryption
is news to anyone. The sudden urgency to pass the Bill at this late stage
has every appearance of interference with PJCIS doing its job.

With Julia Banks' announcement she will move to the crossbenches, I will
take plenty of 6 to 4 against Dutton (MP?) getting his way and passing the
Assistance and Access Bill before Christmas.

Kind regards

Paul Wilkins


On Tue, 27 Nov 2018 at 09:52, Michelle Sullivan  wrote:

> Paul Wilkins wrote:
> > If Dutton is in fact ineligible to sit, then so too is his motion to
> > introduce the Bill to Parliament. Or such is the stuff of dreams?
>
> You are correct, if he is ineligible .. and *if he was at the time of
> the introduction* then it should be challenged as not validly
> introduced.. this will not be automatic though.
>
> Michelle
> >
> > Kind regards
> >
> > Paul Wilkins
> >
> > On Tue, 27 Nov 2018 at 09:39, Paul Wilkins  > <mailto:paulwilkins...@gmail.com>> wrote:
> >
> > Seems Dutton is about to get a lesson in constitutional law:
> >
> > S44 (iv)  holds any office of profit under the Crown, or any
> > pension payable during the pleasure of the Crown out of any of the
> > revenues of the Commonwealth; or
> >
> > shall be incapable of being chosen or of sitting as a senator or a
> > member of the House of Representatives.
> >
> > Kind regards
> >
> >
> > Paul Wilkins
> >
> > On Mon, 26 Nov 2018 at 10:34, Paul Wilkins
> > mailto:paulwilkins...@gmail.com>> wrote:
> >
> >
> > After the Department Home Affairs sitting on this Bill for
> > over a year and conducting industry consultation they claim is
> > confidential (ie: they have no one who'll go on record
> > supporting the Bill) suddenly it's a priority, and the
> > Minister for Home Affairs writes a wheedling letter to PJCIS
> > to pass the Bill before Christmas.
> >
> > The lack of public and industry consultation, the vague and
> > poor drafting, and then a sudden push to pass the Bill in a
> > couple of weeks, rather suggest a deliberate strategy to pass
> > a Bill that's out of all proportion to the need to combat
> > terrorism and serious crime in the context of rising use of
> > encryption.
> >
> > Rising use of encryption is hardly news to anyone. After all,
> > a rising tide lifts all boats.
> >
> >
> >
> https://www.aph.gov.au/DocumentStore.ashx?id=a46f0ed4-fc0d-4e95-bbd3-ef8fafe419ab=663130
> >
> >
> > Kind regards
> >
> > Paul Wilkins
> >
> > On Sun, 25 Nov 2018 at 13:56, Paul Wilkins
> > mailto:paulwilkins...@gmail.com>>
> > wrote:
> >
> > /"In practice, if they balls-up the change request given
> > to the device manufacturer or app/website developer,
> > anything could happen."/
> >
> > Then you recall the obligation under the
> > Telecommunications Act 1997 for carriers to "do their best
> > to  protect networks and facilities". No such obligation
> > attaches to the Crown under the powers of the  Assistance
> > and Access Bill 2018.
> >
> > So, even if in the cases of misfeasance, non feasance, or
> > malfeasance on the part of the Crown or its  agents in the
> > implementation of TCNs/TANs/TARs, and their impact on
> > carriers businesses, liability rests, not with the Crown
> > as you might ingenuously assume, but with the carrier who
> > unwittingly acted as directed.
> >
> > Kind regards
> >
> > Paul Wilkins
> >
> > On Sun, 25 Nov 2018 at 06:38, Scott Weeks
> > mailto:sur...@mauigateway.com>>
> > wrote:
> >
> >
> >
> > ---
> > ...the drafting certainly seems loose enough for a future
> > government to establishthe machinery of a police state.
> > ---
> >
> > I'm seeing this in *NOG lists and elsewhere all over the
> > world.  It's going t

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

If Dutton is in fact ineligible to sit, then so too is his motion to
introduce the Bill to Parliament. Or such is the stuff of dreams?

Kind regards

Paul Wilkins

On Tue, 27 Nov 2018 at 09:39, Paul Wilkins  wrote:

> Seems Dutton is about to get a lesson in constitutional law:
>
> S44 (iv)  holds any office of profit under the Crown, or any pension
> payable during the pleasure of the Crown out of any of the revenues of the
> Commonwealth; or
>
> shall be incapable of being chosen or of sitting as a senator or a member
> of the House of Representatives.
>
> Kind regards
>
>
> Paul Wilkins
>
> On Mon, 26 Nov 2018 at 10:34, Paul Wilkins 
> wrote:
>
>>
>> After the Department Home Affairs sitting on this Bill for over a year
>> and conducting industry consultation they claim is confidential (ie: they
>> have no one who'll go on record supporting the Bill) suddenly it's a
>> priority, and the Minister for Home Affairs writes a wheedling letter to
>> PJCIS to pass the Bill before Christmas.
>>
>> The lack of public and industry consultation, the vague and poor
>> drafting, and then a sudden push to pass the Bill in a couple of weeks,
>> rather suggest a deliberate strategy to pass a Bill that's out of all
>> proportion to the need to combat terrorism and serious crime in the context
>> of rising use of encryption.
>>
>> Rising use of encryption is hardly news to anyone. After all, a rising
>> tide lifts all boats.
>>
>>
>>
>> https://www.aph.gov.au/DocumentStore.ashx?id=a46f0ed4-fc0d-4e95-bbd3-ef8fafe419ab=663130
>>
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Sun, 25 Nov 2018 at 13:56, Paul Wilkins 
>> wrote:
>>
>>> *"In practice, if they balls-up the change request given to the device
>>> manufacturer or app/website developer, anything could happen."*
>>>
>>> Then you recall the obligation under the Telecommunications Act 1997 for
>>> carriers to "do their best to  protect networks and facilities". No such
>>> obligation attaches to the Crown under the powers of the  Assistance and
>>> Access Bill 2018.
>>>
>>> So, even if in the cases of misfeasance, non feasance, or malfeasance on
>>> the part of the Crown or its  agents in the implementation of
>>> TCNs/TANs/TARs, and their impact on carriers businesses, liability rests,
>>> not with the Crown as you might ingenuously assume, but with the carrier
>>> who unwittingly acted as directed.
>>>
>>> Kind regards
>>>
>>> Paul Wilkins
>>>
>>> On Sun, 25 Nov 2018 at 06:38, Scott Weeks 
>>> wrote:
>>>
>>>>
>>>>
>>>> ---
>>>> ...the drafting certainly seems loose enough for a future
>>>> government to establishthe machinery of a police state.
>>>> ---
>>>>
>>>> I'm seeing this in *NOG lists and elsewhere all over the
>>>> world.  It's going to be an interesting next buncha years!
>>>>
>>>> scott
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ___
>>>> AusNOG mailing list
>>>> AusNOG@lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>>
>>>> ___
>>>> AusNOG mailing list
>>>> AusNOG@lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Seems Dutton is about to get a lesson in constitutional law:

S44 (iv)  holds any office of profit under the Crown, or any pension
payable during the pleasure of the Crown out of any of the revenues of the
Commonwealth; or

shall be incapable of being chosen or of sitting as a senator or a member
of the House of Representatives.

Kind regards


Paul Wilkins

On Mon, 26 Nov 2018 at 10:34, Paul Wilkins  wrote:

>
> After the Department Home Affairs sitting on this Bill for over a year and
> conducting industry consultation they claim is confidential (ie: they have
> no one who'll go on record supporting the Bill) suddenly it's a priority,
> and the Minister for Home Affairs writes a wheedling letter to PJCIS to
> pass the Bill before Christmas.
>
> The lack of public and industry consultation, the vague and poor drafting,
> and then a sudden push to pass the Bill in a couple of weeks, rather
> suggest a deliberate strategy to pass a Bill that's out of all proportion
> to the need to combat terrorism and serious crime in the context of rising
> use of encryption.
>
> Rising use of encryption is hardly news to anyone. After all, a rising
> tide lifts all boats.
>
>
>
> https://www.aph.gov.au/DocumentStore.ashx?id=a46f0ed4-fc0d-4e95-bbd3-ef8fafe419ab=663130
>
>
> Kind regards
>
> Paul Wilkins
>
> On Sun, 25 Nov 2018 at 13:56, Paul Wilkins 
> wrote:
>
>> *"In practice, if they balls-up the change request given to the device
>> manufacturer or app/website developer, anything could happen."*
>>
>> Then you recall the obligation under the Telecommunications Act 1997 for
>> carriers to "do their best to  protect networks and facilities". No such
>> obligation attaches to the Crown under the powers of the  Assistance and
>> Access Bill 2018.
>>
>> So, even if in the cases of misfeasance, non feasance, or malfeasance on
>> the part of the Crown or its  agents in the implementation of
>> TCNs/TANs/TARs, and their impact on carriers businesses, liability rests,
>> not with the Crown as you might ingenuously assume, but with the carrier
>> who unwittingly acted as directed.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>> On Sun, 25 Nov 2018 at 06:38, Scott Weeks  wrote:
>>
>>>
>>>
>>> ---
>>> ...the drafting certainly seems loose enough for a future
>>> government to establishthe machinery of a police state.
>>> ---
>>>
>>> I'm seeing this in *NOG lists and elsewhere all over the
>>> world.  It's going to be an interesting next buncha years!
>>>
>>> scott
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

After the Department Home Affairs sitting on this Bill for over a year and
conducting industry consultation they claim is confidential (ie: they have
no one who'll go on record supporting the Bill) suddenly it's a priority,
and the Minister for Home Affairs writes a wheedling letter to PJCIS to
pass the Bill before Christmas.

The lack of public and industry consultation, the vague and poor drafting,
and then a sudden push to pass the Bill in a couple of weeks, rather
suggest a deliberate strategy to pass a Bill that's out of all proportion
to the need to combat terrorism and serious crime in the context of rising
use of encryption.

Rising use of encryption is hardly news to anyone. After all, a rising tide
lifts all boats.


https://www.aph.gov.au/DocumentStore.ashx?id=a46f0ed4-fc0d-4e95-bbd3-ef8fafe419ab=663130


Kind regards

Paul Wilkins

On Sun, 25 Nov 2018 at 13:56, Paul Wilkins  wrote:

> *"In practice, if they balls-up the change request given to the device
> manufacturer or app/website developer, anything could happen."*
>
> Then you recall the obligation under the Telecommunications Act 1997 for
> carriers to "do their best to  protect networks and facilities". No such
> obligation attaches to the Crown under the powers of the  Assistance and
> Access Bill 2018.
>
> So, even if in the cases of misfeasance, non feasance, or malfeasance on
> the part of the Crown or its  agents in the implementation of
> TCNs/TANs/TARs, and their impact on carriers businesses, liability rests,
> not with the Crown as you might ingenuously assume, but with the carrier
> who unwittingly acted as directed.
>
> Kind regards
>
> Paul Wilkins
>
> On Sun, 25 Nov 2018 at 06:38, Scott Weeks  wrote:
>
>>
>>
>> ---
>> ...the drafting certainly seems loose enough for a future
>> government to establishthe machinery of a police state.
>> ---
>>
>> I'm seeing this in *NOG lists and elsewhere all over the
>> world.  It's going to be an interesting next buncha years!
>>
>> scott
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

*"In practice, if they balls-up the change request given to the device
manufacturer or app/website developer, anything could happen."*

Then you recall the obligation under the Telecommunications Act 1997 for
carriers to "do their best to  protect networks and facilities". No such
obligation attaches to the Crown under the powers of the  Assistance and
Access Bill 2018.

So, even if in the cases of misfeasance, non feasance, or malfeasance on
the part of the Crown or its  agents in the implementation of
TCNs/TANs/TARs, and their impact on carriers businesses, liability rests,
not with the Crown as you might ingenuously assume, but with the carrier
who unwittingly acted as directed.

Kind regards

Paul Wilkins

On Sun, 25 Nov 2018 at 06:38, Scott Weeks  wrote:

>
>
> ---
> ...the drafting certainly seems loose enough for a future
> government to establishthe machinery of a police state.
> ---
>
> I'm seeing this in *NOG lists and elsewhere all over the
> world.  It's going to be an interesting next buncha years!
>
> scott
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Just this moment submitted my supplementary submission to PJCIS, the most
important point being that TCNs/TANs look to be able meet the criteria
under 313(3)c and 280(1)(b) of the Telecommunications Act 1997, that would
allow Law Enforcement to demand access to carrier metadata streams. Mass
surveillance may not be the stated purpose of the legislation, but the
drafting certainly seems loose enough for a future government to establish
the machinery of a police state. The arguments are made in full in the
submission for anyone interested.

Now I think that exhausts my sense of civic purpose for the foreseeable
future.

Kind regards

Paul Wilkins


On Sat, 24 Nov 2018 at 12:17, Paul Wilkins  wrote:

> s/Fourth Amendment
>
> On Sat, 24 Nov 2018 at 12:15, Paul Wilkins 
> wrote:
>
>> It's a very good question how, when anyone who knows what they're talking
>> about opposes the Bill
>>  as an effective and reasonable approach to fighting terrorism and
>> serious crime in the context of increasing use of encryption, why is the
>> Home Affairs Department foisting this ill considered and poorly developed
>> Bill on the Nation?
>>
>> I think partly it's cultural cringe. The NSA surveil their citizens, and
>> when ministers attend 5 Eyes conferences, they want to be just as macho.
>> But of course, the NSA have a clue, and they're resourced. It's still
>> dazzling that the NSA could have been in breach of the 1st Amendment for as
>> long as they were. In Australia we don't have a Bill of Rights, because
>> government has always observed the Westminster convention that we'll
>> respect the traditions of democracy - until they choose not to.
>>
>> It's not so important whether those pushing the Bill on us understand the
>> technical consequences. They're taking advice from people they trust.
>> Dutton comes from the Queensland Police, and Hastie, the PJCIS Chairman,
>> was a Dutton supporter in the rolling of Turnbull. It's the mandarins
>> within Home Affairs or the Police who are telling the government this is
>> within their capability. As far as I can see, the few submissions
>> supporting the Bill are from police organisations.
>>
>> I think we're beyond Dutton or Hastie caring if the Bill is good for the
>> nation. They're effectively riding a tiger where they've accused anyone
>> opposing the Bill to be weak on terrorism. So instead of a sensible public
>> discussion of how to enable legal intercept for encrypted communications,
>> we're getting the Liberal Trumpists using the Bill as a blunt object to
>> wedge Labor on terrorism and that's all that matters.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Fri, 23 Nov 2018 at 17:21, Mark Smith  wrote:
>>
>>>
>>>
>>> On Fri., 23 Nov. 2018, 16:46 Robert Hudson >>
>>>>
>>>>
>>>> On Fri, 23 Nov 2018 at 14:47, Paul Brooks <
>>>> pbrooks-aus...@layer10.com.au> wrote:
>>>>
>>>>> On 23/11/2018 11:37 AM, Alex Samad wrote:
>>>>> > Wondering what the implications of this bill and the recent China
>>>>> was stealing our
>>>>> > traffic
>>>>> >
>>>>> > So in theory could china steal / sniff our traffic and because of
>>>>> these weakening of
>>>>> > encryption allow china to snope on our stuff
>>>>> >
>>>>> > A
>>>>> In theory no - this bill doesn't weaken encryption, and explicitly
>>>>> doesn't allow any
>>>>> changes that would weaken encryption.
>>>>>
>>>>
>>>> They say that - but I don't believe them.  I don't think they even
>>>> understand what they're suggesting (or if they do understand, they're
>>>> relying on others not understanding, or not caring).
>>>>
>>>>>
>>>>> This bill seeks to bypass encryption entirely by giving the agencies
>>>>> easier access to
>>>>> get into devices and the back-end databases of apps and websites, to
>>>>> see what is
>>>>> stored in there -bypassing unlock codes, PINS, thumbprint readers etc
>>>>> on devices for
>>>>> example. So for traffic being sniffed 'in the middle' the information
>>>>> is still
>>>>> sent/received as fully encrypted - and man-in-the-middle snooper won't
>>>>> see anything.
>>>>> But if the authorities get hold of your phone or PC, they'll have
>>>>> easier access to
>>>>> look into 

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

s/Fourth Amendment

On Sat, 24 Nov 2018 at 12:15, Paul Wilkins  wrote:

> It's a very good question how, when anyone who knows what they're talking
> about opposes the Bill
>  as an effective and reasonable approach to fighting terrorism and serious
> crime in the context of increasing use of encryption, why is the Home
> Affairs Department foisting this ill considered and poorly developed Bill
> on the Nation?
>
> I think partly it's cultural cringe. The NSA surveil their citizens, and
> when ministers attend 5 Eyes conferences, they want to be just as macho.
> But of course, the NSA have a clue, and they're resourced. It's still
> dazzling that the NSA could have been in breach of the 1st Amendment for as
> long as they were. In Australia we don't have a Bill of Rights, because
> government has always observed the Westminster convention that we'll
> respect the traditions of democracy - until they choose not to.
>
> It's not so important whether those pushing the Bill on us understand the
> technical consequences. They're taking advice from people they trust.
> Dutton comes from the Queensland Police, and Hastie, the PJCIS Chairman,
> was a Dutton supporter in the rolling of Turnbull. It's the mandarins
> within Home Affairs or the Police who are telling the government this is
> within their capability. As far as I can see, the few submissions
> supporting the Bill are from police organisations.
>
> I think we're beyond Dutton or Hastie caring if the Bill is good for the
> nation. They're effectively riding a tiger where they've accused anyone
> opposing the Bill to be weak on terrorism. So instead of a sensible public
> discussion of how to enable legal intercept for encrypted communications,
> we're getting the Liberal Trumpists using the Bill as a blunt object to
> wedge Labor on terrorism and that's all that matters.
>
> Kind regards
>
> Paul Wilkins
>
>
> On Fri, 23 Nov 2018 at 17:21, Mark Smith  wrote:
>
>>
>>
>> On Fri., 23 Nov. 2018, 16:46 Robert Hudson >
>>>
>>>
>>> On Fri, 23 Nov 2018 at 14:47, Paul Brooks 
>>> wrote:
>>>
>>>> On 23/11/2018 11:37 AM, Alex Samad wrote:
>>>> > Wondering what the implications of this bill and the recent China was
>>>> stealing our
>>>> > traffic
>>>> >
>>>> > So in theory could china steal / sniff our traffic and because of
>>>> these weakening of
>>>> > encryption allow china to snope on our stuff
>>>> >
>>>> > A
>>>> In theory no - this bill doesn't weaken encryption, and explicitly
>>>> doesn't allow any
>>>> changes that would weaken encryption.
>>>>
>>>
>>> They say that - but I don't believe them.  I don't think they even
>>> understand what they're suggesting (or if they do understand, they're
>>> relying on others not understanding, or not caring).
>>>
>>>>
>>>> This bill seeks to bypass encryption entirely by giving the agencies
>>>> easier access to
>>>> get into devices and the back-end databases of apps and websites, to
>>>> see what is
>>>> stored in there -bypassing unlock codes, PINS, thumbprint readers etc
>>>> on devices for
>>>> example. So for traffic being sniffed 'in the middle' the information
>>>> is still
>>>> sent/received as fully encrypted - and man-in-the-middle snooper won't
>>>> see anything.
>>>> But if the authorities get hold of your phone or PC, they'll have
>>>> easier access to
>>>> look into your sent/received message stores and read whats in there,
>>>> which is stored
>>>> in your device un-encrypted.
>>>>
>>>
>>> The tools the authorities have access to will invariably fall into the
>>> hands of others.
>>>
>>
>>
>> Or be abused by those who have official access to them.
>>
>>
>> "Queensland in court fight with domestic violence victim whose details
>> leaked by policeman"
>>
>> https://www.theguardian.com/australia-news/2018/aug/21/queensland-in-court-fight-with-domestic-violence-victim-whose-details-leaked-by-policeman
>>
>>
>> "NSA SEXINT IS THE ABUSE YOU’VE ALL BEEN WAITING FOR"
>>
>> http://cyberlaw.stanford.edu/blog/2013/11/nsa-sexint-abuse-you
>> ’ve-all-been-waiting
>>
>>
>>
>>>
>>>>
>>>> In practice, if they balls-up the change request given to the device
>>>> manufacturer or
>>>> app/website developer, anything could happen.
>>>>
>>>
>>> Yep.  Aside from the direct ramifications, it's the indirect and
>>> unintended consequences that REALLY have the potential to be damaging.
>>>
>>>>
>>>> P.
>>>> ___
>>>> AusNOG mailing list
>>>> AusNOG@lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

It's a very good question how, when anyone who knows what they're talking
about opposes the Bill
 as an effective and reasonable approach to fighting terrorism and serious
crime in the context of increasing use of encryption, why is the Home
Affairs Department foisting this ill considered and poorly developed Bill
on the Nation?

I think partly it's cultural cringe. The NSA surveil their citizens, and
when ministers attend 5 Eyes conferences, they want to be just as macho.
But of course, the NSA have a clue, and they're resourced. It's still
dazzling that the NSA could have been in breach of the 1st Amendment for as
long as they were. In Australia we don't have a Bill of Rights, because
government has always observed the Westminster convention that we'll
respect the traditions of democracy - until they choose not to.

It's not so important whether those pushing the Bill on us understand the
technical consequences. They're taking advice from people they trust.
Dutton comes from the Queensland Police, and Hastie, the PJCIS Chairman,
was a Dutton supporter in the rolling of Turnbull. It's the mandarins
within Home Affairs or the Police who are telling the government this is
within their capability. As far as I can see, the few submissions
supporting the Bill are from police organisations.

I think we're beyond Dutton or Hastie caring if the Bill is good for the
nation. They're effectively riding a tiger where they've accused anyone
opposing the Bill to be weak on terrorism. So instead of a sensible public
discussion of how to enable legal intercept for encrypted communications,
we're getting the Liberal Trumpists using the Bill as a blunt object to
wedge Labor on terrorism and that's all that matters.

Kind regards

Paul Wilkins


On Fri, 23 Nov 2018 at 17:21, Mark Smith  wrote:

>
>
> On Fri., 23 Nov. 2018, 16:46 Robert Hudson 
>>
>>
>> On Fri, 23 Nov 2018 at 14:47, Paul Brooks 
>> wrote:
>>
>>> On 23/11/2018 11:37 AM, Alex Samad wrote:
>>> > Wondering what the implications of this bill and the recent China was
>>> stealing our
>>> > traffic
>>> >
>>> > So in theory could china steal / sniff our traffic and because of
>>> these weakening of
>>> > encryption allow china to snope on our stuff
>>> >
>>> > A
>>> In theory no - this bill doesn't weaken encryption, and explicitly
>>> doesn't allow any
>>> changes that would weaken encryption.
>>>
>>
>> They say that - but I don't believe them.  I don't think they even
>> understand what they're suggesting (or if they do understand, they're
>> relying on others not understanding, or not caring).
>>
>>>
>>> This bill seeks to bypass encryption entirely by giving the agencies
>>> easier access to
>>> get into devices and the back-end databases of apps and websites, to see
>>> what is
>>> stored in there -bypassing unlock codes, PINS, thumbprint readers etc on
>>> devices for
>>> example. So for traffic being sniffed 'in the middle' the information is
>>> still
>>> sent/received as fully encrypted - and man-in-the-middle snooper won't
>>> see anything.
>>> But if the authorities get hold of your phone or PC, they'll have easier
>>> access to
>>> look into your sent/received message stores and read whats in there,
>>> which is stored
>>> in your device un-encrypted.
>>>
>>
>> The tools the authorities have access to will invariably fall into the
>> hands of others.
>>
>
>
> Or be abused by those who have official access to them.
>
>
> "Queensland in court fight with domestic violence victim whose details
> leaked by policeman"
>
> https://www.theguardian.com/australia-news/2018/aug/21/queensland-in-court-fight-with-domestic-violence-victim-whose-details-leaked-by-policeman
>
>
> "NSA SEXINT IS THE ABUSE YOU’VE ALL BEEN WAITING FOR"
>
> http://cyberlaw.stanford.edu/blog/2013/11/nsa-sexint-abuse-you
> ’ve-all-been-waiting
>
>
>
>>
>>>
>>> In practice, if they balls-up the change request given to the device
>>> manufacturer or
>>> app/website developer, anything could happen.
>>>
>>
>> Yep.  Aside from the direct ramifications, it's the indirect and
>> unintended consequences that REALLY have the potential to be damaging.
>>
>>>
>>> P.
>>> ___
>>> AusNOG mailing list
>>> AusNOG@lists.ausnog.net
>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>> ___
>> AusNOG mailing list
>> AusNOG@lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

Unfortunately, we're being played, by the Trumpist rump in the Liberal
Party.

Problem for the rest of the Liberals is that they're expected to fall into
line behind a minority of the party.

The PJCIS will hear and consider Human Rights arguments, because they're
not all Liberals, and not all the Liberals on the PJCIS are invested in
blowing up our democratic institutions.

Morrison can't pass this Bill without Labor's support and hopes to wedge
them on terrorism.

I can't see that Labor are especially invested in this Bill passing. As
things look today, it will be a Labor government administering it, and they
are more likely to want to pass their own rather than have to deal with the
Human Rights gaps, mass surveillance implications, technical anomalies, and
broken multi agency framework.

Kind regards

Paul Wilkins



On Thu, 22 Nov 2018 at 16:48, Paul Brooks 
wrote:

> Forget Human Rights arguments...or the next few sessions of PJCIS...
>
> PM urges parliament to pass encryption law (within two weeks)
> https://www.9news.com.au/2018/11/22/14/44/pm-urges-parliament-to-pass-encryption-law
>
> Australian PM insists on encryption-busting Bill being passed in next
> sitting fortnight
>
> https://www.zdnet.com/article/australian-pm-insists-on-encryption-busting-bill-being-passed-in-next-sitting-fortnight/
>
>
> (Paul, FWIW, I raised the Human Rights arguments last time I was in
> Canberra. The UN Declarations of Human Rights include paragraphs enabling
> governments to curtail those human rights if needed to catch criminals,
> prevent crime, protect citizens. They be more what you'd call 'guidelines',
> than actual rules. The Govt thinks they are doing this to catch criminals
> and protect the public, and that these laws are perfectly compatible with
> the UN Human Rights ideas - despite the UN Rapporteur suggesting otherwise)
>
>
>
> On 22/11/2018 3:01 PM, Paul Wilkins wrote:
>
> "And FWIW, I've found arguments that lean towards demonstrating the
> measures are impractical, infeasible, risky, or likely to cause
> embarassment tend to be more powerful than arguments leaning on philosophy
> - arguments like "you shouldn't even be wanting to do this because we're a
> liberal democracy" aren't likely to wash as much as 'if thats what you're
> trying to achieve, doing like that won't work or is very risky because...'"
>
> Both technical criticisms and the human rights criticisms are valid, with
> perhaps a slight tilt towards the technical, because governments are less
> likely to try to do something impossible rather than unlawful. Because of
> our status as signatory to the Declaration of Human Rights, there are
> limits that invasions of the right to privacy and the right to private
> property, must be necessary and proportionate. The Department of Home
> Affairs will do themselves no favours to create an evidentiary framework,
> only to be thrown out by the courts because the evidentiary chain was
> unlawful.
>
> Kind regards
>
> Paul Wilkins
>
> On Thu, 22 Nov 2018 at 14:34, Paul Wilkins 
> wrote:
>
>> *"it's going to our government"*
>>
>> Well actually no. Not since Wentworth. The government can't pass bills
>> without either Labor or the cross benchers, so it's highly risorous the
>> Home Affairs Minister thinks this an opportune time to give the PJCIS the
>> hurry along.
>>
>> He also presents himself and department as unanswerable to the PJCHR, who
>> go to volumes in their criticisms.
>>
>> On Thu, 22 Nov 2018 at 10:43, Bradley Silverman <
>> bsilver...@staff.ventraip.com> wrote:
>>
>>> *"no thinking person" - *That's the problem, it's not going to thinking
>>> people, it's going to our government...
>>> [image: VentraIP Australia logo]
>>>
>>>
>>> *Bradley Silverman *Technical Operations \\ VentraIP Australia
>>> *M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au
>>>
>>>
>>> On Thu, Nov 22, 2018 at 10:17 AM Paul Wilkins 
>>> wrote:
>>>
>>>> I can't agree that whether the Bill passes at this stage comes down to
>>>> simple numbers along party lines.
>>>>
>>>> 1 - The Bill is simply too far reaching in consequences for parliament
>>>> to wave it through. With power comes responsibility. The Bill is attracting
>>>> huge condemnation internationally, and those supporting the Bill risk
>>>> looking like chumps. It's a bit like global warming, no one who knows what
>>>> they're talking about thinks this is a good idea.
>>>>
>>>> 2 - The Department for Home Affairs put this Bill together, and Dutton
>&

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

*"it's going to our government"*

Well actually no. Not since Wentworth. The government can't pass bills
without either Labor or the cross benchers, so it's highly risorous the
Home Affairs Minister thinks this an opportune time to give the PJCIS the
hurry along.

He also presents himself and department as unanswerable to the PJCHR, who
go to volumes in their criticisms.

On Thu, 22 Nov 2018 at 10:43, Bradley Silverman <
bsilver...@staff.ventraip.com> wrote:

> *"no thinking person" - *That's the problem, it's not going to thinking
> people, it's going to our government...
> [image: VentraIP Australia logo]
>
>
> *Bradley Silverman*Technical Operations \\ VentraIP Australia
> *M: *+61 418 641 103 | *P:* +61 3 9013 8464 | ventraip.com.au
>
>
> On Thu, Nov 22, 2018 at 10:17 AM Paul Wilkins 
> wrote:
>
>> I can't agree that whether the Bill passes at this stage comes down to
>> simple numbers along party lines.
>>
>> 1 - The Bill is simply too far reaching in consequences for parliament to
>> wave it through. With power comes responsibility. The Bill is attracting
>> huge condemnation internationally, and those supporting the Bill risk
>> looking like chumps. It's a bit like global warming, no one who knows what
>> they're talking about thinks this is a good idea.
>>
>> 2 - The Department for Home Affairs put this Bill together, and Dutton
>> arrived at the tail end of the process. Although he might like to distance
>> himself from the legislation, the buck ultimately stops with him as he
>> introduced and commended the Bill to the House.
>>
>> 3 - The Bill is more Trumpist than Liberal. Even if it's bad law and bad
>> for Liberal Democracy, it's good politics for the Liberal Trumpists.
>>
>> 4 - If Labor knocks it back in the Lower House, I can't see it getting
>> through without some sort of deal being struck with one of the cross
>> benchers. Because no thinking person sees this Bill as a good move, there
>> will be no Lower House deal without a serious quid pro quo. Then there
>> would need to be another deal in the Upper House, with differently aligned
>> cross benchers.
>>
>> Kind regards
>>
>> Paul Wilkins
>>
>>
>> On Wed, 21 Nov 2018 at 22:44, Bryan O'Reilly <
>> br...@telcoindependent.com.au> wrote:
>>
>>> Hi Paul,
>>>
>>>
>>>
>>> I’m looking forward to your Lunchtime Lecture next week on this topic!
>>>
>>>
>>>
>>> Kind regards,
>>>
>>> Bryan O'Reilly
>>> Founder - Telco Independent Consulting
>>> www.telcoindependent.com.au
>>>
>>> 0419 632 098
>>>
>>> 30+ years experience to provide YOUR business with independent advice.
>>>
>>>
>>>
>>> FaceBook; https://www.facebook.com/TelcoIndependent/
>>>
>>> LinkedIN; https://www.linkedin.com/in/bryanoreilly/
>>>
>>>
>>>
>>> [image: rsz_rsz_1rsz_screen_shot_2016-11-03_at_33423_pm]
>>>
>>>
>>>
>>> Important:
>>> This message may contain confidential or privileged information. If you
>>> are not the intended recipient of this message, you must not take any
>>> action based on the contents herein, except to advise us of the error and
>>> destroy the message.
>>>
>>> Any documents or other information that may be in this email is
>>> copyright © Telco Independent Consulting 2018.
>>>
>>>
>>>
>>>
>>>
>>> *From:* AusNOG  *On Behalf Of *Paul
>>> Brooks
>>> *Sent:* Wednesday, 21 November 2018 5:18 PM
>>> *To:* ausnog@lists.ausnog.net
>>> *Subject:* Re: [AusNOG] Assistance and Access Bill moves to PJCIS
>>>
>>>
>>>
>>> Thanks Rob.
>>> In the latest, Dutton wants to speed up the Bill and have it passed
>>> "next week", and has apparently asked the PJCIS to cut short its
>>> evaluation, according to reporting of an interview on Sky News.
>>>
>>> Dutton tries to speed up encryption bill
>>> <https://www.itnews.com.au/news/dutton-tries-to-speed-up-encryption-bill-515862>
>>>
>>> (Point of clarification - that bit about smart and dumb criminals was
>>> while trying to explain the difference between a system having a capability
>>> that can be used by the operator to implement a "act or thing", and an
>>> operator actually using that capability in a particular instance against a
>>> particular target - and that the existenc

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

I can't agree that whether the Bill passes at this stage comes down to
simple numbers along party lines.

1 - The Bill is simply too far reaching in consequences for parliament to
wave it through. With power comes responsibility. The Bill is attracting
huge condemnation internationally, and those supporting the Bill risk
looking like chumps. It's a bit like global warming, no one who knows what
they're talking about thinks this is a good idea.

2 - The Department for Home Affairs put this Bill together, and Dutton
arrived at the tail end of the process. Although he might like to distance
himself from the legislation, the buck ultimately stops with him as he
introduced and commended the Bill to the House.

3 - The Bill is more Trumpist than Liberal. Even if it's bad law and bad
for Liberal Democracy, it's good politics for the Liberal Trumpists.

4 - If Labor knocks it back in the Lower House, I can't see it getting
through without some sort of deal being struck with one of the cross
benchers. Because no thinking person sees this Bill as a good move, there
will be no Lower House deal without a serious quid pro quo. Then there
would need to be another deal in the Upper House, with differently aligned
cross benchers.

Kind regards

Paul Wilkins


On Wed, 21 Nov 2018 at 22:44, Bryan O'Reilly 
wrote:

> Hi Paul,
>
>
>
> I’m looking forward to your Lunchtime Lecture next week on this topic!
>
>
>
> Kind regards,
>
> Bryan O'Reilly
> Founder - Telco Independent Consulting
> www.telcoindependent.com.au
>
> 0419 632 098
>
> 30+ years experience to provide YOUR business with independent advice.
>
>
>
> FaceBook; https://www.facebook.com/TelcoIndependent/
>
> LinkedIN; https://www.linkedin.com/in/bryanoreilly/
>
>
>
> [image: rsz_rsz_1rsz_screen_shot_2016-11-03_at_33423_pm]
>
>
>
> Important:
> This message may contain confidential or privileged information. If you
> are not the intended recipient of this message, you must not take any
> action based on the contents herein, except to advise us of the error and
> destroy the message.
>
> Any documents or other information that may be in this email is copyright
> © Telco Independent Consulting 2018.
>
>
>
>
>
> *From:* AusNOG  *On Behalf Of *Paul
> Brooks
> *Sent:* Wednesday, 21 November 2018 5:18 PM
> *To:* ausnog@lists.ausnog.net
> *Subject:* Re: [AusNOG] Assistance and Access Bill moves to PJCIS
>
>
>
> Thanks Rob.
> In the latest, Dutton wants to speed up the Bill and have it passed "next
> week", and has apparently asked the PJCIS to cut short its evaluation,
> according to reporting of an interview on Sky News.
>
> Dutton tries to speed up encryption bill
> <https://www.itnews.com.au/news/dutton-tries-to-speed-up-encryption-bill-515862>
>
> (Point of clarification - that bit about smart and dumb criminals was
> while trying to explain the difference between a system having a capability
> that can be used by the operator to implement a "act or thing", and an
> operator actually using that capability in a particular instance against a
> particular target - and that the existence of the capability isn't and
> shouldn't be secret, even if the actual use in response to a warrant was
> still kept a secret.  That distinction has been difficult for the committee
> to understand without a simple illustration.)
>
>
> Paul.
>
>
> On 21/11/2018 2:00 PM, Robert Hudson wrote:
>
> (Not necessarily a direct response to Paul's email, just additional data
> for the thread).
>
>
>
> Traditional media are starting to pick this up, and they're just parroting
> the govt position. Macquarie Radio news at 8am ran a story on it this
> morning, and it was all about Dutton saying he wants the legislation passed
> quickly so they can catch more terrorists.
>
>
>
> Other than the point well made by Paul Brooks that the only criminals who
> will be caught by this are the dumb ones (there was a link made between
> this proposed legislation and three potential terrorists were were arrested
> - without this legislation in place), and the smarter criminals (ie those
> capable of tieing their own shoe laces) will simply use software that is
> not subject to the legislation, there is an extension - to break the
> encryption WILL involve creating vulnerabilities (there's simply no way
> around this), and those vulnerabilities will then be available for
> criminals (the bar may be higher than shoelaces, maybe they can button
> their own shirts as well) to exploit and compromise data that is
> legitimately encrypted.
>
>
>
> In summary - there is no upside to this proposed legislation as far as
> encryption goes, and there is a significant potential downside.
>
>

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

I'm wondering when the other shoe will drop that the Bill enables mass
collection and analysis of metadata without any further legislation needed.
Or the implications that metadata from multiple sources (phone
towers/CCTV/Social Media), lays the foundations for the establishment of
the machinery of a police state. Of course, this will make prosecution of
crime straightforward (the police will only need to correlate crime against
a database of the public's electronic fingerprints). However, such powerful
machinery can be used for oppressive purposes, and the Bill is absent the
checks and balances consistent with the traditions and institutions of
Liberal Democracy.

If one were cynical you might think the Bill's outrageous overreach is
deliberate, a Trumpist ploy to enrage the unthinking. And when we see
critics of the Bill slandered for being weak on terrorism, maybe not so
wide of the mark or so cynical.

Kind regards

Paul Wilkins


On Wed, 21 Nov 2018 at 04:15, Scott Weeks  wrote:

>
>
> On Tue, 20 Nov 2018 at 18:12, Christian Heinrich
>  wrote:
> >
> https://www.news.com.au/national/victoria/news/victoria-police-arrest-three-people-allegedly-planning-a-terror-attack-in-melbourne/news-story/e6a92273b37dce750937e1e0f86a7dcd
> > has quoted Mr Dutton on WhatsApp again but from my reading WhatsApp
> > was not used in this specific case?
>
> This has now been alleged within
>
> https://www.news.com.au/technology/gadgets/mobile-phones/unacceptable-risk-the-secret-way-terrorists-and-criminals-are-communicating/news-story/731ca32e7432601d6b3ce5ca4f34bf80
> -
>
>
> These stories read like gov't scare tactics.  Scare people
> enough and they'll 'give up liberty for a little safety'.
> They do not read like objective journalism.'
>
> How did they catch everyone without eliminating privacy
> anyway?  Good ol' police work?
>
> scott
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> ___
> AusNOG mailing list
> AusNOG@lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
___
AusNOG mailing list
AusNOG@lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog

Re: [AusNOG] Assistance and Access Bill moves to PJCIS

[Paul Wilkins]

This list was intended to highlight salient concerns, and not as a summary
of the areas of real concern. A more complete summary of concerns would
look more like:

1 - Why is there no judicial oversite of these sweeping police powers?
2 - Scope of powers go beyond terrorism and serious crime when it's not
supposed to.
3 - It supports the establishment of the machinery of mass surveillance
when it's not supposed to.
4 - It weakens the Internet's security, when it's not supposed to.
5 - Why are there no limits to ensure issue of TCNs/TANs/TARs are necessary
and proportionate to the human right to privacy, unrevokeable per the
Declaration of Human Rights.
6 - Why the deliberate exclusion/incompatibility of the provisions of the
Privacy Act 1988?
7 - Why are there no limits to ensure issue of TCNs/TANs/TARs are necessary
and proportionate to service providers rights private property,
unrevokeable per the Declaration of Human Rights.
8 - When Police Powers lie with the States, what constitutional head of
power supports the Bill's  scope, without enabling legislation from the
States conferring power? The Constitution confers national security powers,
but the scope of the Bill's police powers exceeds this remit.
9 - Why has the Bill overlooked the obvious alternative of powers spread
across a dozen Law Enforcement Agencies, which is to centralise in one
single agency, providing for greater data security, governance, efficiency,
and accountability.
10 - Why the lack of provisions for accountability for the exercise of
police powers, and checks and balances commensurate to the reach of
sweeping police powers, quite incompatible with the democratic institutions
and traditions of Liberal Democracy?
11 - Why the deliberately curtailed public consultation process and attempt
to ambush both the public and government with this Bill by Dep't Home
Affairs, and representations of public and industry consultations as being
timely and adequate, incompatible with the facts on the public record and
the express concerns of the public, human rights groups, and industry?
12 - Why the absence of recompense for injury to reputation or to service
providers' business, or other injury consequent to police malfeasance or
misfeasance? The Bill's protections are not comprehensive, and where they
make provision, go only as far as to establish lack of liability for
unlawful disclosures.
13 - Why has the government of the day referred this deeply flawed Bill to
the PJCIS, PJCHR, and the SSCSB, for review wasting public time and money,
rather than sending it back to Dep't Home Affairs for a complete overhaul
of it's scope and objectives?

Kind regards

Paul Wilkins

On Sat, 17 Nov 2018 at 13:10, Paul Wilkins  wrote:

> These are all good points.
>
> Home Affairs put up this Bill on the premise it's needed to fight
> terrorism and serious crime in the context of increasing use of encryption.
> Unfortunately, this isn't that bill.
>
> Home Affairs seem rather uninterested in explaining why the remit of this
> Bill goes well beyond this:
>
> 1 - Why is there no judicial oversite of these sweeping police powers?
> 2 - Scope of powers go beyond terrorism and serious crime when it's not
> supposed to.
> 3 - It supports the establishment of the machinery of mass surveillance
> when it's not supposed to.
> 4 - It weakens the Internet's security, when it's not supposed to.
> 5 - Why are there no limits to ensure issue of TCNs/TANs/TARs are
> necessary and proportionate to the human right to privacy, unrevokeable per
> the Declaration of Human Rights.
> 6 - Why are there no limits to ensure issue of TCNs/TANs/TARs are
> necessary and proportionate to service providers rights private property,
> unrevokeable per the Declaration of Human Rights.
>
> Unfortunately the way the Bill's drafted, the only limit on the use of the
> Bill's powers is the Dep't Home Affairs.
>
> There's also the very interesting constitutional question, how, when
> Police Powers lie with the States, what constitutional head of power
> supports the Bill's scope, without enabling legislation from the States
> conferring power.
>
> Kind regards
>
> Paul Wilkins
>
> On Sat, 17 Nov 2018 at 10:34, Scott Weeks  wrote:
>
>>
>>
>> It's still Friday here, so I am looking like I'm working
>> while reading these posts as I only have an hour and a
>> half to go before happy hour starts...  ;-)
>>
>>
>> --- christian.heinr...@cmlh.id.au wrote:
>> From: Christian Heinrich 
>>
>> Also
>>
>> https://www.smh.com.au/national/nsw/are-encrypted-phones-allowing-criminals-to-get-away-with-murder-20150523-gh82gv.html
>> which was 55 devices and 800 clients.
>>
>> Therefore the TAC et al are overkill within the context of the
>> Australian population of 25,000,000+
>> ---