The headline is a little misleading. It's much more terrifying than that. It isn't just Australia. It is the US, Australia, Canada, UK, and New Zealand all together (known as the "Five Eyes")[1]. Australia is just the country that put the memo together.
> The "Five Eyes", often abbreviated as "FVEY", refer to an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. [1]
In typical fashion, one country takes the lead (also happens with IP rights ratchets), and if/when it pans out, the others "follow that example" / harmonize / pick your particular bureaucratic mechanism and terminology.
There is no need to "pan it out" to other countries. If the law passes in Australia then other 5 Eyes countries can send their data to us, have it decrypted, and then have it sent back to the original country (this is one of the primary things that 5 Eyes exists for -- to allow for this sort of bullshit). Which means that even if such tactics are not legal in your home country, they can outsource the reprehensible shit to us.
Gee, I hadn't heard of that. The Australian prime minister Gough Whitlam only learnt of it when the Attorney-General raided ASIO, Australia's version of the FBI, in 1973. Wikipedia says UKUSA is pronounced yoo-koo-SAH. Rather appropriate - yakuza are "members of transnational organized crime syndicates"...
And is also the department that famously decided to conduct a mock hostage rescue training exercise in a 5-star hotel without obtaining permission or even notifying the hotel management and staff.
When ASIS operators were refused entry into a hotel room, they broke down the door with sledgehammers. The hotel manager, Nick Rice, was notified of a disturbance on the 10th floor by a hotel guest. When he went to investigate, he was forced back into the lift by an ASIS operator who rode the lift down to the ground floor and forcibly ejected Rice into the lobby.
Believing a robbery was in progress, Rice called the police. When the lift started returning to the ground floor, ASIS operators emerged wearing masks and openly brandishing 9mm Browning pistols and Heckler & Koch MP5 submachine guns, two of them with silencers[1]
Wow. Impressive. But still, it was in 1983. Victoria police managed to arrest some of them, with no casualties. And ASIS head John Ryan was eventually forced to resign.
I didn't go to the site, but the part about being able to hack sniper rifles is correct. It wasn't some complex nation-state level hack, it was just standard IoT device with poor security integrated into a rifle. The hack was done on the consumer version of one brand of rifle, thought the Army had ordered some for evaluation purposes. Here's an article about it:
Hopefully this isn't too political of a reply, but this is a great example as to why there is such a lack of interest in "smart guns" -- e.g., weapons that require a fingerprint, a special ring, or some other electronic safety interlock.
Not just because of the potential to be hacked, but also because electronics have a wider variety of failure modes as compared to the mechanical bits, most of which have remained both highly reliable and functionally unchanged over fifty, if not a hundred, years.
Especially when you consider that, at least when it comes to safety, there's so much low-hanging fruit on the education and awareness front.
Regardless of where you stand on the politics, it seems pretty straightforward that, in a country that today has more guns than people, that safety education should be part of school curricula at multiple points.
On that note, we should probably also make sure everybody knows how to properly use a fire extinguisher, and I'm not sure we teach that, either... :/
> “Operating independently from its governments...”
> Are the agencies involved not part of their governments? Am I missing something?
In Britain we'd probably make a distinction between elected government and civil service. I suspect the point being made here is of operation without sufficient legislative/executive oversight, which there seems to be at least some evidence for.
They are, among other things, paid by the government.
They are not independent of it, under no definition of any of those words. Maybe oversight is lax. Maybe oversight is perfect and everything happens exactly as the overseers want it.
None of that changes anything about the truth of the initial claim. "Independent of" is patently false, and an obvious attempt to sensationalise.
The article mentions that Australia has no bill of rights which, whilst technically true, doesn't mean we don't have equivalent protections. Some are enshrined in our constitution whilst others are parts of common law and other legislation.
The conclusion they draw from that is right however; a lot of laws can be introduced to our parliament that might not get off the ground elsewhere. It's why we've fervently fought against many other, similar laws that would impinge on our rights and freedoms in the past. I spent a good part of my youth fighting against the Clean Feed legislation (it was a great big Internet filter for Australia, a terrible idea) which was thankfully defeated before it got off the ground.
> The article mentions that Australia has no bill of rights which, whilst technically true, doesn't mean we don't have equivalent protections. Some are enshrined in our constitution
The protections provided by the Australian constitution (as interpreted by the High Court) are quite weak in comparison to those included in the US Bill of Rights, it isn't really a fair comparison.
> whilst others are parts of common law and other legislation.
Anything in common law or legislation isn't worth much, since a single ordinary Act of Parliament is all it takes to cancel them out.
That may be true. However, in Australia, all interrogations have to be filmed completely. Law enforcement cannot lie to the interviewees, kidnapping of targets is not allowed. If Any law enforcement fails to do the correct thing in these areas, courts here will throw out the case. We had a relatively high profile "terror" case here which was thrown out for incorrect procedural actions (starting with the kidnapping of the defendant by ASIO).
I also know of cases where law enforcement improprieties have led the police prosecutors to come down on the side of the defendant in question and the improprieties being dealt with by the judge.
So though we do not have constitutional protections a la USA constitution, we do have other protocols in place.
Mind you, irrespective of any specific political affiliation, most of our politicians are all for higher surveillance and control of the population. It has taken cooperation of both government benches and opposition benches to pass the more draconian legislation in recent years. It has been interesting to watch parliament and see that there are very few there who are willing to grow a backbone and actively protect the rights of the citizens of this nation.
None of the draconian terror related legislation has actually been needed as all such activity is covered by normal criminal and civil legislation previously brought into existence. At least one of the draconian pieces of legislation does not require changes to the legislation to have the targets of that legislation changed at whim. All it requires is an administrative change of definition to change the legislative definition of terrorist. Smart work on the part of those who framed the legislation. A new government can designate any group they don't like as terrorists without going before parliament.
So any citizen of Australia that just wants to mind their own business can be easily caught up in the entire mess.
True, they could and at various times this kind of action has been done by various state governments in the past. But the political backlash has been very large. One is able to challenge the validity of such legislation and the government of the day has to show cause as to why this is valid before the courts.
The problem with the currently enacted terror legislation (approved by both sides) is that only an administrative change in a definition is required. This does not (as far as I can ascertain) require this to even go back to parliament for approval.
The point is that we do have certain rights before the courts that they will enforce. These are not constitutional rights but they are there.
The US bill of rights doesnt define the rights. The bill of rights calls out special rights that the govt shall not touch.
The rights are granted to us by our creator aka natural law. The same law used to declare our independence from the crown and an inherent part of the fabric of the US.
Unless you live within 100 miles of the border. Or happen to be carrying too much cash, according to the authority you’re dealing with. Or are dealing with a FISA court. There’s so many exceptions that it’s naive to think the bill of rights is some kind of magic document. The only right left relatively intact is freedom of speech.
The interesting part to me is the lack of a constitutional amendment granting the govt these powers. The only reason the govt has these powers is we let them. Constitutionally they dont have a leg to stand on.
The Constitution and Declaration of Independence are legal documents setting out the foundations of a government and a nationstate, not some divine text from a higher power. The founding fathers were not a group of infallible prophets.
That’s not what geggam is saying. The underlying philosophy of the Bill of Rights as stated by the founders/framers is that the rights are “natural” rights which all are imbued at birth, and that the rights listed are not exhaustive but merely representative. In fact, the founders were wary of a Bill of Rights specifically because by enumerating some of them the list might be seen as complete.
But the notion is that governments do not “grant” these rights, and likewise government can never infringe upon god given rights.
In fact, the founders were wary of a Bill of Rights specifically because by enumerating some of them the list might be seen as complete.
Right, which is why we have the 9th and 10th amendments. Unfortunately they are effectively ignored, along with the Enumerated Powers clause, meaning our government effectively has unlimited power. :-(
No, they weren't infallible. They were however, experienced in human nature and saw tyranny/ death in ways you only imagine.
Ignoring that experience dooms us to repeat the problems.
Assuming your intellect is superior to that which you cannot measure is also a common failure among smart folks. I am sure you dont fall prey to that trap.
Not really -- your bill of rights can explicitly say that it does not cancel out other rights that it did not mention. That's the purpose of the 11th Amendment to the United States constitution.
NZ Bill of Rights Act 1990, s28: "An existing right or freedom shall not be held to be abrogated or restricted by reason only that the right or freedom is not included in this Bill of Rights or is included only in part." [1]
Without knowing much about the Australian system, I suspect the protections in the Constitution are equivalent, but not those in "common law and other legislation". In the US, the protections in the Constitution + Bill of Rights are considered much more fundamental than our common law and other legislation because it requires an amendment to override those protections, and amendments require an enormous level of national consensus to pass.
But even so, having something in the constitution is of relatively little protection if the judiciary and government are in favour of an idea.
For example, the bill of rights talks about "right of the people to be secure ... against unreasonable searches and seizures" and yet asset forfeiture is still a legal option. Actual practices surrounding plea bargains also look to run counter to the spirit of the BoR, but I mean what do I know.
I don't see how having a bill of rights helps. The only matter of import, and the only protection, is an engaged and motivated voting public. Constitutional amendment might provide a thin layer of protection against short-term rogue actors, but the creeping surveillance state is not rogue by any means, it seems to be a point of international consensus over many decades.
In Australia (unlike the US), constitutional amendments are decided by both a majority vote in both houses of parliament and by referendum where the public votes and a double majority (majority of people in the majority of states, and the majority of people in the country) must vote YES in order for a referendum to pass. And in Australia voting is compulsory so there's no question about election turnout spoiling the result.
So in Australia it is very hard to get a constitutional amendment to pass, and politicians have very little say in whether the amendment will pass (they can block it by voting against it but they cannot force it to pass). Only 8 (out of 44) have passed in the past 117 years that we have been a country.
As for Australia having a bill of rights, I think it would be an improvement (especially if it was anything like the Swiss constitution) but I don't know whether our bill of rights would be ridiculously watered down (not to mention that the US bill of rights is like the 10 commandments -- many people know a couple but don't know all of them and forget that the majority of them are not really relevant today).
If your point is that it's harder to pass an amendment in Australia than the US, based on your description, I would disagree. The US system requires more than a majority vote by representatives, in a couple different ways. The Australian system does sound more democratic.
I would still argue that it is harder to pass amendments in Australia, based on the simple fact that America passed 10 constitutional amendments in the first 2 years of the US Constitution being active (which is more than Australia has passed in 117 years) and that of the 33 amendments that have been proposed 27 of them were accepted (which is a much higher success rate than Australia's 8 passed out of 44 proposed).
So while purely looking at the proportion of YES votes needed and ignoring who is casting the votes, you might be able to argue it could be harder to get something passed in the US because in Australia it requires a super-majority of the public (which is generally a smaller percentage than a majority of 3/4ths of states) which means that it is not purely the role of the government to decide the rules that restrict the government's power. This means that the concern of a constitutional bill of rights in Australia being "pointless" because it would be easy for the government to overturn doesn't make much sense.
It's true that any codified protection of individual rights is worth nothing without people motivated, either in- or extrinsically, to uphold them.
But the power of such shape public opinion, and even people's sense of their, and their country's, identity.
The US, for example, has long had a strain of something akin to "patriotism to the constitution". It's a collective narrative that makes people believe in those rights (and the rule of law). And even those that do not share that believe have historically been motivated to play along, because it was the only way to stay what's called "acceptable company" (or "electability").
Of course we're currently running an experiment if that mechanism still works when 47% of the voting population and half the elected representatives decide to try something else for a change. Currently, it's only parts of the judiciary, and of the media, holding everything up. we'll see how it ends.
> I suspect the protections in the Constitution are equivalent,
No, Australia has nothing like the Bill of rights, even if some bits of the constitution cover the same ground very partially.
To give a flavour of this, our constitution prohibits an established church using language very similar to the US 1st Amendment. But the silence about freedom of speech is deafening.
In the '90s the High Court decided there had to be an implied right to freedom of speech inherent in the political system which is itself implied by the constitution. But since it is not explicit, they still restrict it to only political speech. And (since it really did require a strong judicial activism) many in our legal community are against even this much enforcement of fundamental rights.
When I said "equivalent", I didn't mean in the sense of having the same protections in the Constitution, but rather that in the sense that its protections are equivalently difficult to amend as those in the Bill of Rights.
Common law rests heavily on stare decisis. The precedent set in Australian Communist Party v Commonwealth is not likely to be overturned, as far as free political speech and organisation goes.
The High Court of Australia has ruled that Australians have an implied right to political communication and an implied right to protest.
Not specifically pertinent to this legislation but worth pointing out for HN readers who may think we live without protections and freedoms US citizens seem to enjoy.
What the parent doesn't explicitly mention is that there is a government inquiry open RIGHT NOW. You have to get your submissions in by 10th of September (5 days time). Every Australian here needs to make a submission (please).
The parent's link, allows you to post a boilerplate submission with a single click. Far better to write and email your own submission, as form letters tend to get aggregated into one during evaluation. Your own submission only has to be a few lines, even if it just paraphrases a form submission. Uniqueness counts over bulk submissions.
Less time critically, you also need to write to or call your federal MP, but I'd suggest that a personal submission to the inquiry is the most "bang for buck".
Speaking of The Juice Media, I recommend watching their last Rap News, "Fate of the INTERNET - Feat. Dan Bull"[1]. It does a very good job summarizing the power struggle over the internet.
The real question’s not which one of these paths to chase;
but whether you can pursue them all, in a balanced way,
so that they keep each other in check with restraint
without letting any one of them dominate.
Decentralize and federate everything, and it becomes very difficult to even propose crap like this FVEY backdoor stupidity. If the protocol de facto forces everyone to act as peers instead of relying on central points of failure, abuse of power at any one point has limited reach.
"Reasonable and Appropriate" indeed. Funny how satirical pieces like these oft act as the best ways for the general public to understand the scope of proposed changes by a government (or lobbying efforts by companies or NGOs) - see also John Oliver, Colbert, et al.
I feel like the linked article on ABC has a much more detailed and balanced description of the bill [1].
The Government says that "systemic" weaknesses cannot be demanded. That said, the third part of the demands that can be made, the "technical capability notice", seems ripe for abuse.
At the very least, the acceptance of a bill like this will erode trust in app stores. I would expect to see some sort of checksum verification by users becoming commonplace as people become wary of potential targeted attacks.
> The Government says that "systemic" weaknesses cannot be demanded.
That's because they already have a pre-existing "systemic" weakness that's better than any encryption back door: automatic software updates. If you can replace the software so it gives you the unencrypted data why on earth bother with a breaking the encryption? All they need is a hammer that forces the software companies to write undetectable bugs and silently install them for them, and that's what this legislation provides.
We handed this systemic weakness to them on a platter, and it's been there for years now. Even through it was many years ago, I still recall the horror I felt when my daughter has her phone stolen, and I discovered I could press a button on Google play that would install some spy software to report on the whereabouts of the thief. I'm sort of surprised it took them this long to wake up to it.
It isn't impossible to fix, so I suspect in the long term this loophole will be closed. The key to the fix is in the word "systemic", which translated means someone other than them can't exploit the weakness.
As an aside, they are apparently operating under the assumption they will be able to control who has access to it. Which is to say they believe they can control access to something that will be highly automated thus ultimately controlled by only a few people. They are after all subject to the same attack they are using on us - they will be asking programmers to update their software, software that they undoubtedly will never see because it's "company proprietary". As the saying goes every human has their price. The price the attackers can afford in this case is extraordinary: this system is the key that unlocks every banking password, every bank SWIFT password, every GPG key, every X509 secret key, every email, every boardroom discussion on billion dollar takeovers. They are kidding themselves if they think that can protect this - which is why it is a terrible proposal.
Worse, they don't have the defence we do, which is that the "normal" unmonitored population must be running strong, secure software. We get this unbugged software now from public servers we call app stores. So all you need is something that will compute the hash of the software you downloaded so you can compare it to publicly available one, and won't lie about the result. "Won't lie about the result" translates to "a device that can't be corrupted" which in turn translates to "can't have it's software upgraded". We already have such devices: they are called TPM's. We already know how to use them. Sort of. They work real well in 2FA dongles for example.
Nevertheless it has to be said the primary application of TPM's, secure boot, hasn't been a raging success. But then we haven't had a good reason to make it a success: how many people do you know have been victims of evil maid's? Well, that was nice while it lasted, but now we all about to come face to face with an evil maid from our worst nightmares: someone who can install software updates while your phone is sitting in the safety of your coat pocket without leaving a trace.
So the incentive is now here, the engineering task is well defined. Unfortunately the problem remains hard. We have to surround drivers, IPC, network stack with same high Chinese walls we currently put around apps, and somehow tie this all back to an all seeing TPM. So it's going to take a while. Maybe se4L will get it's day in the sun.
Its interesting to think back when Saudi Arabia and the UAE tried to force Blackberry to fall in line there was global outrage including here about the 'backwardness' of these countries and values of democracy and freedom.
Now just a decade later this 'backward' behavior is now 'normalized'.
This is evidence things are moving too fast for us to fully comprehend or contemplate how far down the slippery slope we may be at the current time and how 'values' and definitions change in just a decade.
I don't know why the Five Eyes countries issued a joint statement the other day (tellingly, via the Aussie government's web site). Modus Operandi for each Five Eyes country since forever is to ship their secrets to another partner so they could claim not to be spying on their own people. All they need is for AUS to have the backdoor and then all data could be channeled that way.
I appreciate that the author mentioned the gross incompetence of our intelligence operation which I presume doesn't get much mention outside the country.
PS: nice original Mac illustration for that article!
40 years ago my parents emigrated from an authoritarian South-East Asian country with a dubious human rights record to come to Australia where their kids could enjoy freedom and opportunity away from all that.
Today, I see this announcement in the news and I am wondering which country I can emigrate to with my own kids because I am disgusted with the increasing authoritarian bent of our government, as well as our plummeting human rights record...
This method won't work for most 'after the event' scenarios, such as the San Bernadino case, because the subjects are often deceased, and so unlikely to be updating the software on their phones or computers, so it can only possibly apply "upon suspicion". ie. pre-crime...
This opens up questions as to how someone becomes 'suspicious' if their communication is already encrypted. And if they're already a person of interest, how many myriad other ways do they have of surveilling them or checking out their activities? Terrorist attacks require non-electronic items that have to be purchased, stored, and constructed in non-electronic places. There are existing ways to surveil people, under warrant. GPS trackers, phone records, bank statements, listening devices, watching devices, IMSI catchers, metadata (which Australia has legislated must be kept by ISP's for a couple of years).
This new legislation feels like a LOT of effort for a very small percentage return over and above those things I've already listed, especially considering:
- How long would it take to develop and deploy a targetted version of a program?
- What's the likelihood of the target updating their program during the useful window of time?
- Is this timeframe going to be of use to law enforcement?
- If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?
- At what point does warranted surveillance become government harassment?
What this looks like from the outside is more psychology than technology:
- Hey Terrorists, we can do these things so, you know, re-think your life's direction
- Chilling effects: encourage paranoia, discourage dissent, even discourage disagreement
>How long would it take to develop and deploy a targetted version of a program?
Not particularly relevant - they can require a targeted version of the program be developed before someone comes under suspicion.
>What's the likelihood of the target updating their program during the useful window of time?
Doesn't matter - they can require a force-push update system be built to silently update a specific customer's app version. The law is broadly enough worded that they can order whatever software is in their way to become broken upon receipt of a court order.
>Is this timeframe going to be of use to law enforcement?
Yes, because the law will allow them to force commercial companies to build automated, scaled systems.
>If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?
We'll never know, because it's designed to be used in secret.
It seems like they are just making it more explicit that companies must cooperate with the police. Isn't it already the case anyway if there is an appropriate court order?
At least they are not suggesting to compromise or limit encryption in any way.
What I fail to understand is how all this would help fighting crime. Criminals and terrorists can easily use end-to-end encryption for the communication. There is plenty of software for that and it's really easy to do nowadays.
Unfortunately it gives them the legal capability to require your startup/IT company/multinational to put development time in at their request to enable your software to give them the access they want.
For example-
get chats in real time
log IP addresses and pass them to gov
open containers stored on your infrastructure
get into the phone or device you have sold to a client previously
These are not interpretations of the legislation- these are the use cases they wrote it to solve.
As ex LEO I get it but the burden on organisations is going to bad for business, not to mention the insecure solutions that are going to get drummed up/coded on the fly to comply with these requests- security nightmare.
There is some reasonable paranoia that this might be a Trojan to enable access in the US. Can't pass legislation in the US? Easy, get your vassal state (AU) to pass it, then ask them to investigate your target and then force people to comply with your vassals state's request.
"yeh I know you can't do that in Texas but you can in Western Australia and we, the US, has a treaty with Australia so you're just going to hand over that data. We'll deliver it to the Aussies for you"
I may be paranoid, but I'm not the only one seeing this angle on it.
Big conspiracies- count me out. Gov is lazy and disorganised. Little conspiracies between gov-buddies ? Absolutely.
> sounds like asking a phone company to tap a phone, which is pretty well established?
That is exactly what they are asking for. In fact, the legalisation enabling them to gather the data and under what conditions (the authorisation required, like a court order) isn't being changed. This new piece of legislation just extends who they can force to collect it form them. It use to be the telco's, which was originally just phone taps but then extended to internet data. They are now extending that to software companies. (Also cloud providers like SpiderOak and "secure email" companies.)
In a few words this extension allows them to order a software company to (with suitable compensation of course):
1. Develop / assist in developing an undetectable tap / bug for them, and
2. Surreptitiously install it for them via an over the air update.
This extends their reach from phone calls to any device that auto-installed software updates / patches. Whether you consider the ability to install a "phone tap" into your phone, tv, car, router, wifi camera, pc, robot vacuum, modem, that can read all the data on there, enable the microphone and camera, monitor the GPS and other sensors, read keystrokes, fingerprints and other authentication data to be roughly as intrusive as someone monitoring your phone calls is I guess a mater of taste.
IIRC you're allowed to use any crypto you like and fix flaws that are found but you're also required to add flaws if asked to. Well they call it a "technical capability notice" but it includes such things as "Installing, maintaining, testing or using software or equipment given to a provider by an agency." and "Removing a form of electronic protection applied by the provider, if the provider has an existing
capability to remove this protection". You don't have to compromise your crypto you just need to install this black box library that does … something.
>Criminals and terrorists can easily use end-to-end encryption for the communication.
They use applications that take unencrypted plaintext, encrypt it, send it to the recipient's device, decrypt it, and show it as plaintext.
The law is designed to give a staggering amount of authority to use commercial resources to compromise a specific device or installed application in order to read off the plain text before encryption or after decryption and send it to the Australian government. So the "bad guys" would be using what appears to be, say, Signal, except the developers got a notice to send you an app update that swaps out actually encrypting things with "send a copy to the feds and then encrypt things".
Any company developing software or systems that ensures that you have installed what you think you have can be ordered to compromise their systems so that an Australian court order breaks the system. So if your copy of Windows is set up to reject push updates unless they've been signed by Microsoft, well, the Australians can order Microsoft to sign some binaries and push them to you.
What is concerning is I am building a information management system that focuses on privacy and this sort of bill makes a mockery of the entire concept.
Is anyone actively organising against this bill? I feel that ever since the Iraq war protests failed ever time some thing like this happens, people complain a little bit, but don't actually manage to change anything. I was wondering if there are any groups out there that are actively protesting this that I could join, or if not, if any one is interested in forming one? It seems to be an issue that will affect the majority of the readers of HN in a negative way, regardless of your usual political affiliation.
People seem to just express their anger at news facebook pages these days, but are far too apathetic to actually go outside and do something about it.
There also seems to be a growing "anti-complaining" feeling around people's interactions, where it at least appears that a large number of people find it amusing to actively attack those who are highlighting a problem.
Ask someone who was an environmentalist for a couple of decades if shooting the messenager is a new or growing phenomena. It definitely isn’t, and is always at its peak issue makes people feel powerless, and they know that it would take personal sacrifice to make a difference. Few people like being told that rough seas are ahead, and the only way to make it through is with extensive teamwork, compromise, and putting aside petty personal issues.
Of course it’s often enhanced by orgsnizations which benefit from the status quo. For a long time being in favor of EV’s fell into the “tree hugger” category of ridicule and censure, and only when it became possible to adopt the tech without significant personal sacrifice did that change. The idea of organizing people and exercising mass political power is obviously hard, potentially risky, and involves more than making a 5 minute video or paragraph of posting. If people have already chosen not to do that, they tend to resent the people loudly reminding them that there is another way they simply chose to ignore.
And for Australia, about immigration from flooding areas in Southeast Asia, right? Which arguably has follow-on roles in "terrorism". [I use scare quotes because the definition of "terrorism" is so politicized.]
It's also a confusing situation given the cyclical nature of headlines and government concern with Australia's brain drain (all the smart ones leave for better opportunities overseas), and the recent-ish pronouncements of Innovation! through having a specific Department and Minister for Innovation (which has now been decommissioned by the new Prime Minister).
... and the NBN debacle is another nail in Australia's "ability to compete on the world stage" coffin.
... and any lead Australia had in regards to renewable energy projects, investment, and research has been very effectively and efficiently squandered.
I found the Assistance Bill to be relatively palatable although still disagreeable and I have emailed in to the forum saying I think it should not pass.
I was just surprised that it had so much awareness of the concerns around what it was doing.
The most worrying part for me was the enabling of remotely serving a warrant. In other words, if they had a warrant for your device they could hack your device instead of physically recovering it. This would mean their cybersecurity team will be broadening it's capabilities and weaponry in that area.
That is worrying. Much in the same way I don't want police cruising town in armoured vehicles with a small arsenal, I am not too hot on investigators being able to sick the hounds on an unsuspecting network. Collateral is a real issue in the digital world too. What if my org network goes down because a warrant was being served remotely on an employee and their exploits were not precision enough?
Do they think that is this law is introduced that criminals will be using Facebook and Australian hosted communications providers to communicate with one another?
They keep insisting they're not asking for backdoors. Here's what the explanatory bill says:
The type of assistance that may be requested or required under the above powers include (amongst other
things):
* Removing a form of electronic protection applied by the provider, if the provider has an existing
capability to remove this protection.
* Providing technical information like the design specifications of a device or the characteristics of a
service.
* Installing, maintaining, testing or using software or equipment given to a provider by an agency.
* Formatting information obtained under a warrant.
* Facilitating access to devices or services.
* Helping agencies test or develop their own systems and capabilities.
* Notifying agencies of major changes to their systems, productions or services that are relevant to the
effective execution of a warrant or authorisation.
* Modifying or substituting a target service.
* Concealing the fact that agencies have undertaken a covert operation
I wonder if the bureaucrat(s) or technocrat(s) who originally wrote or co-wrote this bill, has a technology background or is a white label lawyer from one of the big legal firms who often write legislation for the Australian Parliament on an expensive consulting basis? Or just an in-house lawyer from the A-G's office - whose expertise is purely legal rather than technological?
Many of these clauses are so vague ("Providing technical information like the design specifications...") that they show either a fundamental lack of practical technology knowledge, or, are deliberately vague so that the arms of the Orwellian Australian federal government octopus can create the intended backdoor without explicitly calling it a backdoor. Maybe both are true?
Was it William Shakespeare who once proffered: is a backdoor by another, obfuscated name, still a backdoor?
the bill is so brazen, I keep wondering if they mean for it to not pass. Like they put it out there just to appease some organisation that they are 'at least trying'. Hopefully it doesn't backfire a'la Brexit
""Should governments continue to encounter impediments to lawful access to information ... we may pursue technological, enforcement, legislative or other(!) measures"
Translation: Fuck your sovereignty, we'll use violence to get what we want.
I strongly doubt any tactical military response. They'd use pressure from the other countries, most likely the US given the country-of-origin of the biggest tech companies.
Australia doesn't interfere with sovereignty to a fault. Julian Assange, The Bali 9, Peter Greste. So it'll be interesting if there's any Australian response to the James Ricketson situation in Cambodia.
> The "Five Eyes", often abbreviated as "FVEY", refer to an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. [1]
[1] https://en.wikipedia.org/wiki/UKUSA_Agreement