The headline is a little misleading. It's much more terrifying than that. It isn't just Australia. It is the US, Australia, Canada, UK, and New Zealand all together (known as the "Five Eyes")[1]. Australia is just the country that put the memo together.
> The "Five Eyes", often abbreviated as "FVEY", refer to an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. [1]
In typical fashion, one country takes the lead (also happens with IP rights ratchets), and if/when it pans out, the others "follow that example" / harmonize / pick your particular bureaucratic mechanism and terminology.
Gee, I hadn't heard of that. The Australian prime minister Gough Whitlam only learnt of it when the Attorney-General raided ASIO, Australia's version of the FBI, in 1973. Wikipedia says UKUSA is pronounced yoo-koo-SAH. Rather appropriate - yakuza are "members of transnational organized crime syndicates"...
The article mentions that Australia has no bill of rights which, whilst technically true, doesn't mean we don't have equivalent protections. Some are enshrined in our constitution whilst others are parts of common law and other legislation.
The conclusion they draw from that is right however; a lot of laws can be introduced to our parliament that might not get off the ground elsewhere. It's why we've fervently fought against many other, similar laws that would impinge on our rights and freedoms in the past. I spent a good part of my youth fighting against the Clean Feed legislation (it was a great big Internet filter for Australia, a terrible idea) which was thankfully defeated before it got off the ground.
> The article mentions that Australia has no bill of rights which, whilst technically true, doesn't mean we don't have equivalent protections. Some are enshrined in our constitution
The protections provided by the Australian constitution (as interpreted by the High Court) are quite weak in comparison to those included in the US Bill of Rights, it isn't really a fair comparison.
> whilst others are parts of common law and other legislation.
Anything in common law or legislation isn't worth much, since a single ordinary Act of Parliament is all it takes to cancel them out.
Without knowing much about the Australian system, I suspect the protections in the Constitution are equivalent, but not those in "common law and other legislation". In the US, the protections in the Constitution + Bill of Rights are considered much more fundamental than our common law and other legislation because it requires an amendment to override those protections, and amendments require an enormous level of national consensus to pass.
The High Court of Australia has ruled that Australians have an implied right to political communication and an implied right to protest.
Not specifically pertinent to this legislation but worth pointing out for HN readers who may think we live without protections and freedoms US citizens seem to enjoy.
What the parent doesn't explicitly mention is that there is a government inquiry open RIGHT NOW. You have to get your submissions in by 10th of September (5 days time). Every Australian here needs to make a submission (please).
The parent's link, allows you to post a boilerplate submission with a single click. Far better to write and email your own submission, as form letters tend to get aggregated into one during evaluation. Your own submission only has to be a few lines, even if it just paraphrases a form submission. Uniqueness counts over bulk submissions.
Less time critically, you also need to write to or call your federal MP, but I'd suggest that a personal submission to the inquiry is the most "bang for buck".
I feel like the linked article on ABC has a much more detailed and balanced description of the bill [1].
The Government says that "systemic" weaknesses cannot be demanded. That said, the third part of the demands that can be made, the "technical capability notice", seems ripe for abuse.
At the very least, the acceptance of a bill like this will erode trust in app stores. I would expect to see some sort of checksum verification by users becoming commonplace as people become wary of potential targeted attacks.
> The Government says that "systemic" weaknesses cannot be demanded.
That's because they already have a pre-existing "systemic" weakness that's better than any encryption back door: automatic software updates. If you can replace the software so it gives you the unencrypted data why on earth bother with a breaking the encryption? All they need is a hammer that forces the software companies to write undetectable bugs and silently install them for them, and that's what this legislation provides.
We handed this systemic weakness to them on a platter, and it's been there for years now. Even through it was many years ago, I still recall the horror I felt when my daughter has her phone stolen, and I discovered I could press a button on Google play that would install some spy software to report on the whereabouts of the thief. I'm sort of surprised it took them this long to wake up to it.
It isn't impossible to fix, so I suspect in the long term this loophole will be closed. The key to the fix is in the word "systemic", which translated means someone other than them can't exploit the weakness.
As an aside, they are apparently operating under the assumption they will be able to control who has access to it. Which is to say they believe they can control access to something that will be highly automated thus ultimately controlled by only a few people. They are after all subject to the same attack they are using on us - they will be asking programmers to update their software, software that they undoubtedly will never see because it's "company proprietary". As the saying goes every human has their price. The price the attackers can afford in this case is extraordinary: this system is the key that unlocks every banking password, every bank SWIFT password, every GPG key, every X509 secret key, every email, every boardroom discussion on billion dollar takeovers. They are kidding themselves if they think that can protect this - which is why it is a terrible proposal.
Worse, they don't have the defence we do, which is that the "normal" unmonitored population must be running strong, secure software. We get this unbugged software now from public servers we call app stores. So all you need is something that will compute the hash of the software you downloaded so you can compare it to publicly available one, and won't lie about the result. "Won't lie about the result" translates to "a device that can't be corrupted" which in turn translates to "can't have it's software upgraded". We already have such devices: they are called TPM's. We already know how to use them. Sort of. They work real well in 2FA dongles for example.
Nevertheless it has to be said the primary application of TPM's, secure boot, hasn't been a raging success. But then we haven't had a good reason to make it a success: how many people do you know have been victims of evil maid's? Well, that was nice while it lasted, but now we all about to come face to face with an evil maid from our worst nightmares: someone who can install software updates while your phone is sitting in the safety of your coat pocket without leaving a trace.
So the incentive is now here, the engineering task is well defined. Unfortunately the problem remains hard. We have to surround drivers, IPC, network stack with same high Chinese walls we currently put around apps, and somehow tie this all back to an all seeing TPM. So it's going to take a while. Maybe se4L will get it's day in the sun.
Its interesting to think back when Saudi Arabia and the UAE tried to force Blackberry to fall in line there was global outrage including here about the 'backwardness' of these countries and values of democracy and freedom.
Now just a decade later this 'backward' behavior is now 'normalized'.
This is evidence things are moving too fast for us to fully comprehend or contemplate how far down the slippery slope we may be at the current time and how 'values' and definitions change in just a decade.
I don't know why the Five Eyes countries issued a joint statement the other day (tellingly, via the Aussie government's web site). Modus Operandi for each Five Eyes country since forever is to ship their secrets to another partner so they could claim not to be spying on their own people. All they need is for AUS to have the backdoor and then all data could be channeled that way.
I appreciate that the author mentioned the gross incompetence of our intelligence operation which I presume doesn't get much mention outside the country.
PS: nice original Mac illustration for that article!
40 years ago my parents emigrated from an authoritarian South-East Asian country with a dubious human rights record to come to Australia where their kids could enjoy freedom and opportunity away from all that.
Today, I see this announcement in the news and I am wondering which country I can emigrate to with my own kids because I am disgusted with the increasing authoritarian bent of our government, as well as our plummeting human rights record...
This method won't work for most 'after the event' scenarios, such as the San Bernadino case, because the subjects are often deceased, and so unlikely to be updating the software on their phones or computers, so it can only possibly apply "upon suspicion". ie. pre-crime...
This opens up questions as to how someone becomes 'suspicious' if their communication is already encrypted. And if they're already a person of interest, how many myriad other ways do they have of surveilling them or checking out their activities? Terrorist attacks require non-electronic items that have to be purchased, stored, and constructed in non-electronic places. There are existing ways to surveil people, under warrant. GPS trackers, phone records, bank statements, listening devices, watching devices, IMSI catchers, metadata (which Australia has legislated must be kept by ISP's for a couple of years).
This new legislation feels like a LOT of effort for a very small percentage return over and above those things I've already listed, especially considering:
- How long would it take to develop and deploy a targetted version of a program?
- What's the likelihood of the target updating their program during the useful window of time?
- Is this timeframe going to be of use to law enforcement?
- If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?
- At what point does warranted surveillance become government harassment?
What this looks like from the outside is more psychology than technology:
- Hey Terrorists, we can do these things so, you know, re-think your life's direction
- Chilling effects: encourage paranoia, discourage dissent, even discourage disagreement
>How long would it take to develop and deploy a targetted version of a program?
Not particularly relevant - they can require a targeted version of the program be developed before someone comes under suspicion.
>What's the likelihood of the target updating their program during the useful window of time?
Doesn't matter - they can require a force-push update system be built to silently update a specific customer's app version. The law is broadly enough worded that they can order whatever software is in their way to become broken upon receipt of a court order.
>Is this timeframe going to be of use to law enforcement?
Yes, because the law will allow them to force commercial companies to build automated, scaled systems.
>If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?
We'll never know, because it's designed to be used in secret.
It seems like they are just making it more explicit that companies must cooperate with the police. Isn't it already the case anyway if there is an appropriate court order?
At least they are not suggesting to compromise or limit encryption in any way.
What I fail to understand is how all this would help fighting crime. Criminals and terrorists can easily use end-to-end encryption for the communication. There is plenty of software for that and it's really easy to do nowadays.
Unfortunately it gives them the legal capability to require your startup/IT company/multinational to put development time in at their request to enable your software to give them the access they want.
For example-
get chats in real time
log IP addresses and pass them to gov
open containers stored on your infrastructure
get into the phone or device you have sold to a client previously
These are not interpretations of the legislation- these are the use cases they wrote it to solve.
As ex LEO I get it but the burden on organisations is going to bad for business, not to mention the insecure solutions that are going to get drummed up/coded on the fly to comply with these requests- security nightmare.
There is some reasonable paranoia that this might be a Trojan to enable access in the US. Can't pass legislation in the US? Easy, get your vassal state (AU) to pass it, then ask them to investigate your target and then force people to comply with your vassals state's request.
"yeh I know you can't do that in Texas but you can in Western Australia and we, the US, has a treaty with Australia so you're just going to hand over that data. We'll deliver it to the Aussies for you"
I may be paranoid, but I'm not the only one seeing this angle on it.
Big conspiracies- count me out. Gov is lazy and disorganised. Little conspiracies between gov-buddies ? Absolutely.
IIRC you're allowed to use any crypto you like and fix flaws that are found but you're also required to add flaws if asked to. Well they call it a "technical capability notice" but it includes such things as "Installing, maintaining, testing or using software or equipment given to a provider by an agency." and "Removing a form of electronic protection applied by the provider, if the provider has an existing
capability to remove this protection". You don't have to compromise your crypto you just need to install this black box library that does … something.
>Criminals and terrorists can easily use end-to-end encryption for the communication.
They use applications that take unencrypted plaintext, encrypt it, send it to the recipient's device, decrypt it, and show it as plaintext.
The law is designed to give a staggering amount of authority to use commercial resources to compromise a specific device or installed application in order to read off the plain text before encryption or after decryption and send it to the Australian government. So the "bad guys" would be using what appears to be, say, Signal, except the developers got a notice to send you an app update that swaps out actually encrypting things with "send a copy to the feds and then encrypt things".
Any company developing software or systems that ensures that you have installed what you think you have can be ordered to compromise their systems so that an Australian court order breaks the system. So if your copy of Windows is set up to reject push updates unless they've been signed by Microsoft, well, the Australians can order Microsoft to sign some binaries and push them to you.
What is concerning is I am building a information management system that focuses on privacy and this sort of bill makes a mockery of the entire concept.
Is anyone actively organising against this bill? I feel that ever since the Iraq war protests failed ever time some thing like this happens, people complain a little bit, but don't actually manage to change anything. I was wondering if there are any groups out there that are actively protesting this that I could join, or if not, if any one is interested in forming one? It seems to be an issue that will affect the majority of the readers of HN in a negative way, regardless of your usual political affiliation.
People seem to just express their anger at news facebook pages these days, but are far too apathetic to actually go outside and do something about it.
There also seems to be a growing "anti-complaining" feeling around people's interactions, where it at least appears that a large number of people find it amusing to actively attack those who are highlighting a problem.
And for Australia, about immigration from flooding areas in Southeast Asia, right? Which arguably has follow-on roles in "terrorism". [I use scare quotes because the definition of "terrorism" is so politicized.]
It's also a confusing situation given the cyclical nature of headlines and government concern with Australia's brain drain (all the smart ones leave for better opportunities overseas), and the recent-ish pronouncements of Innovation! through having a specific Department and Minister for Innovation (which has now been decommissioned by the new Prime Minister).
... and the NBN debacle is another nail in Australia's "ability to compete on the world stage" coffin.
... and any lead Australia had in regards to renewable energy projects, investment, and research has been very effectively and efficiently squandered.
I found the Assistance Bill to be relatively palatable although still disagreeable and I have emailed in to the forum saying I think it should not pass.
I was just surprised that it had so much awareness of the concerns around what it was doing.
The most worrying part for me was the enabling of remotely serving a warrant. In other words, if they had a warrant for your device they could hack your device instead of physically recovering it. This would mean their cybersecurity team will be broadening it's capabilities and weaponry in that area.
That is worrying. Much in the same way I don't want police cruising town in armoured vehicles with a small arsenal, I am not too hot on investigators being able to sick the hounds on an unsuspecting network. Collateral is a real issue in the digital world too. What if my org network goes down because a warrant was being served remotely on an employee and their exploits were not precision enough?
Do they think that is this law is introduced that criminals will be using Facebook and Australian hosted communications providers to communicate with one another?
They keep insisting they're not asking for backdoors. Here's what the explanatory bill says:
The type of assistance that may be requested or required under the above powers include (amongst other
things):
* Removing a form of electronic protection applied by the provider, if the provider has an existing
capability to remove this protection.
* Providing technical information like the design specifications of a device or the characteristics of a
service.
* Installing, maintaining, testing or using software or equipment given to a provider by an agency.
* Formatting information obtained under a warrant.
* Facilitating access to devices or services.
* Helping agencies test or develop their own systems and capabilities.
* Notifying agencies of major changes to their systems, productions or services that are relevant to the
effective execution of a warrant or authorisation.
* Modifying or substituting a target service.
* Concealing the fact that agencies have undertaken a covert operation
[+] [-] freedomben|7 years ago|reply
> The "Five Eyes", often abbreviated as "FVEY", refer to an intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States. [1]
[1] https://en.wikipedia.org/wiki/UKUSA_Agreement
[+] [-] pasbesoin|7 years ago|reply
[+] [-] yesenadam|7 years ago|reply
[+] [-] anonymous5133|7 years ago|reply
https://ispydoc.com
[+] [-] davidklemke|7 years ago|reply
The conclusion they draw from that is right however; a lot of laws can be introduced to our parliament that might not get off the ground elsewhere. It's why we've fervently fought against many other, similar laws that would impinge on our rights and freedoms in the past. I spent a good part of my youth fighting against the Clean Feed legislation (it was a great big Internet filter for Australia, a terrible idea) which was thankfully defeated before it got off the ground.
We'll have to do the same for this.
[+] [-] skissane|7 years ago|reply
The protections provided by the Australian constitution (as interpreted by the High Court) are quite weak in comparison to those included in the US Bill of Rights, it isn't really a fair comparison.
> whilst others are parts of common law and other legislation.
Anything in common law or legislation isn't worth much, since a single ordinary Act of Parliament is all it takes to cancel them out.
[+] [-] sanderjd|7 years ago|reply
[+] [-] mceoin|7 years ago|reply
The High Court of Australia has ruled that Australians have an implied right to political communication and an implied right to protest.
Not specifically pertinent to this legislation but worth pointing out for HN readers who may think we live without protections and freedoms US citizens seem to enjoy.
"Similar, but different."
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] DEADBEEFC0FFEE|7 years ago|reply
[+] [-] saagarjha|7 years ago|reply
Claiming that you're not backdooring something doesn't stop it from being a backdoor.
[+] [-] mrmondo|7 years ago|reply
[+] [-] femto|7 years ago|reply
The parent's link, allows you to post a boilerplate submission with a single click. Far better to write and email your own submission, as form letters tend to get aggregated into one during evaluation. Your own submission only has to be a few lines, even if it just paraphrases a form submission. Uniqueness counts over bulk submissions.
The page for the inquiry is:
https://www.homeaffairs.gov.au/about/consultations/assistanc...
The email address for submissions is:
[email protected]
Less time critically, you also need to write to or call your federal MP, but I'd suggest that a personal submission to the inquiry is the most "bang for buck".
[+] [-] ObsoleteNerd|7 years ago|reply
https://www.youtube.com/watch?v=eW-OMR-iWOE
[+] [-] valtism|7 years ago|reply
The Government says that "systemic" weaknesses cannot be demanded. That said, the third part of the demands that can be made, the "technical capability notice", seems ripe for abuse.
At the very least, the acceptance of a bill like this will erode trust in app stores. I would expect to see some sort of checksum verification by users becoming commonplace as people become wary of potential targeted attacks.
[1] http://www.abc.net.au/news/science/2018-08-20/tech-surveilla...
[+] [-] dane-pgp|7 years ago|reply
https://wiki.mozilla.org/Security/Binary_Transparency
[+] [-] rstuart4133|7 years ago|reply
That's because they already have a pre-existing "systemic" weakness that's better than any encryption back door: automatic software updates. If you can replace the software so it gives you the unencrypted data why on earth bother with a breaking the encryption? All they need is a hammer that forces the software companies to write undetectable bugs and silently install them for them, and that's what this legislation provides.
We handed this systemic weakness to them on a platter, and it's been there for years now. Even through it was many years ago, I still recall the horror I felt when my daughter has her phone stolen, and I discovered I could press a button on Google play that would install some spy software to report on the whereabouts of the thief. I'm sort of surprised it took them this long to wake up to it.
It isn't impossible to fix, so I suspect in the long term this loophole will be closed. The key to the fix is in the word "systemic", which translated means someone other than them can't exploit the weakness.
As an aside, they are apparently operating under the assumption they will be able to control who has access to it. Which is to say they believe they can control access to something that will be highly automated thus ultimately controlled by only a few people. They are after all subject to the same attack they are using on us - they will be asking programmers to update their software, software that they undoubtedly will never see because it's "company proprietary". As the saying goes every human has their price. The price the attackers can afford in this case is extraordinary: this system is the key that unlocks every banking password, every bank SWIFT password, every GPG key, every X509 secret key, every email, every boardroom discussion on billion dollar takeovers. They are kidding themselves if they think that can protect this - which is why it is a terrible proposal.
Worse, they don't have the defence we do, which is that the "normal" unmonitored population must be running strong, secure software. We get this unbugged software now from public servers we call app stores. So all you need is something that will compute the hash of the software you downloaded so you can compare it to publicly available one, and won't lie about the result. "Won't lie about the result" translates to "a device that can't be corrupted" which in turn translates to "can't have it's software upgraded". We already have such devices: they are called TPM's. We already know how to use them. Sort of. They work real well in 2FA dongles for example.
Nevertheless it has to be said the primary application of TPM's, secure boot, hasn't been a raging success. But then we haven't had a good reason to make it a success: how many people do you know have been victims of evil maid's? Well, that was nice while it lasted, but now we all about to come face to face with an evil maid from our worst nightmares: someone who can install software updates while your phone is sitting in the safety of your coat pocket without leaving a trace.
So the incentive is now here, the engineering task is well defined. Unfortunately the problem remains hard. We have to surround drivers, IPC, network stack with same high Chinese walls we currently put around apps, and somehow tie this all back to an all seeing TPM. So it's going to take a while. Maybe se4L will get it's day in the sun.
[+] [-] throw2016|7 years ago|reply
Now just a decade later this 'backward' behavior is now 'normalized'.
This is evidence things are moving too fast for us to fully comprehend or contemplate how far down the slippery slope we may be at the current time and how 'values' and definitions change in just a decade.
[+] [-] gumby|7 years ago|reply
I appreciate that the author mentioned the gross incompetence of our intelligence operation which I presume doesn't get much mention outside the country.
PS: nice original Mac illustration for that article!
[+] [-] aussiethrow1234|7 years ago|reply
Today, I see this announcement in the news and I am wondering which country I can emigrate to with my own kids because I am disgusted with the increasing authoritarian bent of our government, as well as our plummeting human rights record...
[+] [-] unknown|7 years ago|reply
[deleted]
[+] [-] throwawayperson|7 years ago|reply
[deleted]
[+] [-] BLKNSLVR|7 years ago|reply
This opens up questions as to how someone becomes 'suspicious' if their communication is already encrypted. And if they're already a person of interest, how many myriad other ways do they have of surveilling them or checking out their activities? Terrorist attacks require non-electronic items that have to be purchased, stored, and constructed in non-electronic places. There are existing ways to surveil people, under warrant. GPS trackers, phone records, bank statements, listening devices, watching devices, IMSI catchers, metadata (which Australia has legislated must be kept by ISP's for a couple of years).
This new legislation feels like a LOT of effort for a very small percentage return over and above those things I've already listed, especially considering:
- How long would it take to develop and deploy a targetted version of a program?
- What's the likelihood of the target updating their program during the useful window of time?
- Is this timeframe going to be of use to law enforcement?
- If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?
- At what point does warranted surveillance become government harassment?
What this looks like from the outside is more psychology than technology:
- Hey Terrorists, we can do these things so, you know, re-think your life's direction
- Chilling effects: encourage paranoia, discourage dissent, even discourage disagreement
[+] [-] ThrustVectoring|7 years ago|reply
Not particularly relevant - they can require a targeted version of the program be developed before someone comes under suspicion.
>What's the likelihood of the target updating their program during the useful window of time?
Doesn't matter - they can require a force-push update system be built to silently update a specific customer's app version. The law is broadly enough worded that they can order whatever software is in their way to become broken upon receipt of a court order.
>Is this timeframe going to be of use to law enforcement?
Yes, because the law will allow them to force commercial companies to build automated, scaled systems.
>If the timeframe is justified, what's the time limit? Is 'suspect' going to have their comms intercepted for the foreseeable future? At what point is the well deemed to be dry?
We'll never know, because it's designed to be used in secret.
[+] [-] tananaev|7 years ago|reply
At least they are not suggesting to compromise or limit encryption in any way.
What I fail to understand is how all this would help fighting crime. Criminals and terrorists can easily use end-to-end encryption for the communication. There is plenty of software for that and it's really easy to do nowadays.
[+] [-] Kostchei|7 years ago|reply
For example-
get chats in real time
log IP addresses and pass them to gov
open containers stored on your infrastructure
get into the phone or device you have sold to a client previously
These are not interpretations of the legislation- these are the use cases they wrote it to solve.
As ex LEO I get it but the burden on organisations is going to bad for business, not to mention the insecure solutions that are going to get drummed up/coded on the fly to comply with these requests- security nightmare.
There is some reasonable paranoia that this might be a Trojan to enable access in the US. Can't pass legislation in the US? Easy, get your vassal state (AU) to pass it, then ask them to investigate your target and then force people to comply with your vassals state's request.
"yeh I know you can't do that in Texas but you can in Western Australia and we, the US, has a treaty with Australia so you're just going to hand over that data. We'll deliver it to the Aussies for you"
I may be paranoid, but I'm not the only one seeing this angle on it.
Big conspiracies- count me out. Gov is lazy and disorganised. Little conspiracies between gov-buddies ? Absolutely.
[+] [-] baylisscg|7 years ago|reply
[+] [-] ThrustVectoring|7 years ago|reply
No, instead they're compromising trust in signed updates from vendors. That's far worse.
[+] [-] ThrustVectoring|7 years ago|reply
They use applications that take unencrypted plaintext, encrypt it, send it to the recipient's device, decrypt it, and show it as plaintext.
The law is designed to give a staggering amount of authority to use commercial resources to compromise a specific device or installed application in order to read off the plain text before encryption or after decryption and send it to the Australian government. So the "bad guys" would be using what appears to be, say, Signal, except the developers got a notice to send you an app update that swaps out actually encrypting things with "send a copy to the feds and then encrypt things".
Any company developing software or systems that ensures that you have installed what you think you have can be ordered to compromise their systems so that an Australian court order breaks the system. So if your copy of Windows is set up to reject push updates unless they've been signed by Microsoft, well, the Australians can order Microsoft to sign some binaries and push them to you.
[+] [-] acutesoftware|7 years ago|reply
What is concerning is I am building a information management system that focuses on privacy and this sort of bill makes a mockery of the entire concept.
[+] [-] GreyZephyr|7 years ago|reply
[+] [-] King-Aaron|7 years ago|reply
There also seems to be a growing "anti-complaining" feeling around people's interactions, where it at least appears that a large number of people find it amusing to actively attack those who are highlighting a problem.
[+] [-] mirimir|7 years ago|reply
And for Australia, about immigration from flooding areas in Southeast Asia, right? Which arguably has follow-on roles in "terrorism". [I use scare quotes because the definition of "terrorism" is so politicized.]
[+] [-] jacques_chester|7 years ago|reply
But the ongoing ritual humiliation of Australian technologists over the past several decades is really tiresome.
[+] [-] BLKNSLVR|7 years ago|reply
... and the NBN debacle is another nail in Australia's "ability to compete on the world stage" coffin.
... and any lead Australia had in regards to renewable energy projects, investment, and research has been very effectively and efficiently squandered.
[+] [-] ehnto|7 years ago|reply
I was just surprised that it had so much awareness of the concerns around what it was doing.
The most worrying part for me was the enabling of remotely serving a warrant. In other words, if they had a warrant for your device they could hack your device instead of physically recovering it. This would mean their cybersecurity team will be broadening it's capabilities and weaponry in that area.
That is worrying. Much in the same way I don't want police cruising town in armoured vehicles with a small arsenal, I am not too hot on investigators being able to sick the hounds on an unsuspecting network. Collateral is a real issue in the digital world too. What if my org network goes down because a warrant was being served remotely on an employee and their exploits were not precision enough?
[+] [-] mrschwabe|7 years ago|reply
[+] [-] nereus|7 years ago|reply
[+] [-] worik|7 years ago|reply
[+] [-] css|7 years ago|reply
[+] [-] aembleton|7 years ago|reply
[+] [-] siruncledrew|7 years ago|reply
[+] [-] geowwy|7 years ago|reply
[+] [-] NoPicklez|7 years ago|reply
Three important things to note technical assistance requests, technical assistance notice and technical capability notice.
[+] [-] steve_taylor|7 years ago|reply
The type of assistance that may be requested or required under the above powers include (amongst other things):
* Removing a form of electronic protection applied by the provider, if the provider has an existing capability to remove this protection.
* Providing technical information like the design specifications of a device or the characteristics of a service.
* Installing, maintaining, testing or using software or equipment given to a provider by an agency.
* Formatting information obtained under a warrant.
* Facilitating access to devices or services.
* Helping agencies test or develop their own systems and capabilities.
* Notifying agencies of major changes to their systems, productions or services that are relevant to the effective execution of a warrant or authorisation.
* Modifying or substituting a target service.
* Concealing the fact that agencies have undertaken a covert operation
[+] [-] lucb1e|7 years ago|reply
Protip for those playing along at home: add a + to a bitly URL to view info, such as the target URL without having to go there.