Discover and read the best of Twitter Threads about #aaBill

Most recents (24)

What fascinates* me about comments like this is that the Assistance & Access Act has nothing to do with where the hosting is, and everything to do with whether a communication is to or from Australia. Just having customers in Australia triggers the Act. #aabill
I know some people choke at reading 1200 whole words, some of them long, but we spent some time putting some facts into this one: “What’s actually in Australia’s encryption laws? Everything you need to know” (10 Dec 2018)… #aabill
It’s also amusing* that Lemieux’s tweet says “‘if” the law passes. The Assistance & Access Act was passed on 6 December. It’s been law for nearly four months, and is already being used. #aabill
Read 22 tweets
1/ A word on the #AAbill and #encryption more broadly, as it has been flying around a bit today.

Let me be really clear: These powers have been used already - that is, encryption has been requested to be broken #Auspol
2/ This was disclosed by Dept of Home Affairs by citing their submission to the PJCIS, but we'll never know who. Anyone who wants to speak about it is risking jail time under the act #AAbill #encryption #Auspol
3/ It's Home Affairs, Peter Dutton and "we stopped the boats" all over again.

Did they? We'll never know. It's unprecedented new powers and an operational secret #AAbill #encryption #Auspol
Read 5 tweets
Serious question to journalists? 'retiree tax' & 'housing tax' are Liberal campaign slogans. Not actual 'things' at all?

Below says "attack". So what should be reported?

Woohoo! An 'attack slogan' is successful, go you good thing?


"attack slogan" misleading voters?
I'm not asking this to have a go at Bevan, just the priority when it comes to journalism?

Importance of marketing success of campaign
Importance of correctly informing the public as to what they need to know?

Thinking of Trump success? Would think 'reality' more important?
We see many journo's in the states lament they did not take Trump seriously and are now facing the consequences of reporting just the 'marketing' and 'campaign interest' angle.

National leadership is a serious issue, really deserves serious reporting imo.
Read 24 tweets
#lca2019 @attacus_au on the non-consensual use of public tech use, and how to be evade it.

spoiler: reality is already scarier than scifi.

this is a live system adding metadata - pants vs skirt, direction of travel - of pedestrians
@attacus_au #lca2019 @attacus_au this chinese system matches faces to ones it knows, at a public escalator - v high accuracy, e.g. people travel the same way to work
@attacus_au #lca2019 @attacus_au researcher joy buolomwini found her face wasn’t picked up by face classifiers due to her dark skin, so tested a few algorithms. high accuracy: M presenting light skin, low accuracy F presenting dark skin.
Read 19 tweets
1/ Ok, well it's time to lay out my biggest concerns on #aabill. IANAL, but I'm a technologist, entrepreneur, and investor. Please get your own legal advice - keeping in mind much of this will be an expensive fight in the courts...
2/ Scope of the crimes. The #aabill covers crimes of 3+ years state, federal, **and foreign**. Yes, you can get 5 to 10 years jail for refusing to comply with #aabill... for a 3-year crime. Indeed, you can be targeted by #aabill for breaking #aabill.
3/ Scope of the "Designated Communications Provider." People seem to think this only covers messaging. It's much broader than that, covering most software, hardware, and networking. It includes software updates. Yes, an individual can be a DCP.
Read 9 tweets
Australia rushed through an anti-#crypto bill last week. @HRW just released a game that shows what might happen if authorities use the law to gut key security features in the phones & apps we use every day:… #EverydayEncryption #AAbill
Do you shop online or message with friends on WhatsApp or iMessage? Ever shared an intimate photo with your partner? Organized a protest? #Encryption protects that data from malicious hackers & govt snoops #EverydayEncryption
Choose your own adventure: See if you can safely guide a character Fei as she makes choices about her data, and find out how #EverydayEncryption might protect you:…
Read 11 tweets
(Reasonably) educated thread about the options global companies like Apple have going forward now the #aaBill will happen in Australia.

I’ll start with my assumptions then explain their options #Auspol

1. Company will not compromise its core business strategy. Eg: for Apple this is sell devices/storage that are guaranteed to be secure. To point they won’t let the FBI in.
2. If you sell a product in Australia that is *same* as your global product then any engineered vulnerabilities* will impact global product.

*Australia doesn’t want to use term “back door” so let’s call it malware.
Read 6 tweets
No, not really. Not at all. I’ve seen quite a few tweets linking to this story. The Assistance & Access Bill certainly has problems, yes, but the way it’s characterised here is way off mark. In two key ways, I think... #aabill
First, it’s not “do whatever else it takes to decrypt subjects’ messages”. There’s a slab of stuff about having to be “reasonable, proportionate, practicable, and technically feasible”, and considering the likely business impact on the provider and wider public interests. #aabill
Obviously how that would pan out in practice remains to be seen, so expect some lively legal action for that! #aabill
Read 22 tweets
They passed that fucking #AABill anti-encryption law.

We're all fucked.


Here's a great example: some bright fuckwit at Police HQ thinks
"🤔 Hmm I need to see that person's bank transactions because they might, maybe, possibly a terrorist! (actually I dunno ¯\_(ツ)_/¯)...
Hey, Bank; you must insert a back door so I can access their accounts. And you can't tell anyone."

Now there's a huge gaping fucking hole in the fence around our online banking for anyone (not just Fuckwit Policeman #1) to gain access to our bank accounts.
Here's another one: some bright spark is inevitably going to ask Apple to make a back door into their iPhones.
Read 12 tweets
Now Senator Jordan Steele-John is speaking on the #aabill in the Senate…
The lies and the stupidity that has strewn forth from the opposition were laughable and sickening. It showed for all to see the depths to which they will stoop to avoid any possible imputation that they might be do anything other than be in a lock step with the government.
This is a piece of legislation dreamed up by a sinister public servant (Michael Pezzullo) driven by a bankrupt government and a laughable opposition. BUT I WARN YOU NOW. THERE IS A WHOLE INTERNET OUT THERE AND YOU ARE BEING WATCHED. THE INTERNET REMEMBERS.
Read 5 tweets
If you’re just tuning in to #auspol, let me catch you up on the high-stakes poker game the Govt and Opp have going here:

Coalition has a choice: prevent Labor & x-bench amended bill that would get #kidsoffnauru from reaching the Reps for a vote (which it would likely lose) – but in doing so also prevent final passage of #aabill (#encryption).
At the moment, parliamentary procedures are being used in Senate by Coalition, Bernardi & Hanson to delay getting to point where #kidsoffnauru amendments are voted on. Some filibustering going on, though Senate President is trying to curtail it.
Read 5 tweets
So, the #aabill passes, what does that mean?

I'm going to hypothesise and talk slightly outside my area of expertise, but bear with me
Does this mean encryption is going to be broken in Australia?
Nah, probably not. If you want to intercept end-to-end encrypted messages (iMessage, WhatsApp, Signal etc), the easier place to do this is at the endpoints, not in the middle
Back-dooring all the various messenger apps would be a massive, global change, and would involve authorities playing whack-a-mole as their targets move to new apps and protocols
Read 10 tweets
Ok. A third thread updating where things are at on the #aabill...
Since my last thread, the government came back to the negotiating table in the PJCIS and agreed to a series of amendments to the bill designed to prevent the issuance of Technical Capability Notices that could undermine strong encryption.
These amendments have been intensely negotiated with the government in a process that has been far from ideal, which is why Labor also secured agreement to continue scrutiny of the Bill through the PJCIS into 2019 and via the Independent National Security Legislation Monitor.
Read 25 tweets
Now amendments 1-173 to the #AAbill are being moved TOGETHER AS A BLOCK. THAT IS ONE HUNDRED AND SEVENTY THREE AMENDMENTS WILL BE MOVED AS A BLOCK. This is shoddy lawmaking in the extreme.…
The explanatory memorandum on these amendments has just been tabled. About 11 minutes before the complex and exhausting amendments are debated and voted on. Get in the bin @AustralianLabor Get In The Bin.
Labor got the amendments at 6.30 am, and they were put online after 9 am. Tony Burke is explaining why he is an invertebrate and should get in the bin.
Read 5 tweets
And now @WilkieMP is up to speak on the #aabill…
It is a bad idea to build a known vulnerability into encryption software says @WilkieMP To design a vulnerability, a weakness, access, is an invitation to wrongdoers to find the key and eavesdrop or see what people thought was a secure communication #aabill
What will our security partners and our business partners think of that? I think it is a reasonable conclusion to draw that there will be concern in other countries and business with operations in Australia with vulnerabilities in our ICT.
Read 8 tweets
Ed Husic now explains how the UK took its time to discuss this kind of legislation, unlike Oz with #AAbill. Provides helpful analogy - If you cut a tiny hole in the mozzie net and expect to not get bitten - you are foolish. And then Labor cuts the hole. Idiots.
Ed Husic explains that he opposed metadata legislation and is incredulous at the scope creep and scale (350,000 requests) of metadata - even by local councils! He describes judicial oversight under this bill as tissue tough. Right you are Ed.
Most of the government are so technically incompetent that if they can use the TV remote control it's a great tech achievement for them, says Ed Husic. This sensible guy certainly has a tech clue but will vote this shit law through because misled by invertebrate @markdreyfusQCMP
Read 3 tweets
HOORAY - now @AdamBandt will speak some sense - the #AAbill undermines our tech industry and civil liberties. Once you create a door into otherwise secure and encrypted communications, you cannot know who else will access it.…
He explains that in other countries, the threat of secure communications no longer being secure has outweighed the perceived 'benefits'. In requiring weakness by law, you lose control over who can exploit that weakness.
There is no such thing as requiring companies to unlock encryption that doesn't create systemic weakness. What the #AABill does is not only request tech companies to assist, but to actively change their software and product.
Read 7 tweets
Invertebrate @markdreyfusQCMP currently speaking on the #AABill in the House of Reps…
Invertebrate @markdreyfusQCMP explains how shoddy the process on this bill has been, its lack of definitions, and how important encryption is. This doublespeak comes immediately prior to weakening encryption and Australia's tech sector. The hypocrisy is astounding and vile.
Invertebrate @markdreyfusQCMP confesses that there is still discussion underway about what "systemic weakness" is. Labor is about to pass this bucket and amendments are still being hammered out. It's a debacle and Not How Gravely Important Laws Should Be Made You Idiots. #AAbill
Read 4 tweets
Debate on #aabill getting underway in the House of Reps. You can watch here.…
Shadow AG Mark Dreyfus security of the community must be "paramount" in parliament and Labor has shown it puts national security ahead of partisan politics.
He says national security agencies must be given powers they need to keep Australians safe, but must be proportionate, and with appropriate oversight.
Read 13 tweets
I've been talking to/listening to a lot of very smart tech people tonight, about #AAbill. Without exception, they are all furious, horrified, scared, or all three. Genuine fears this could hobble Aus tech industry, and surveillance used for far more than just serious crime
As a starting point, read @dobes clear explainer on what's going on and what the bill could mean…
Second, the claimed need to rush this through before Christmas is a moot point - it will take more than a month for anything to even change, and that's taking for granted that tech companies will agree to do so
Read 6 tweets
The amendments recommended from the committee in regards to the #aaBill are not sufficient and should be not be passed, When the government and @AustralianLabor have failed to tell the public why there is the immediate need for this bill. I am strongly worried.
That the passage of this bill will have grave consequences for the industry and all industries that rely on technology, given that evidence provided showed that...
1) Applications expected to be targeted such as WhatsApp are not under Australian jurisdiction and 2) Encryption used such as End-To-End encryption CAN NOT BE BROKEN WITH OUT WEAKENING THE ENCRYPTION ITS SELF OR BUILDING BACKDOORS that would threaten every Australian
Read 11 tweets
I’ve been asked for some talking points for non-technical people (like MPs, fr’instance) to demonstrate why the #aabill is no good.

Here’s a thread with my top 5. Please plagiarise and re-mix to your heart’s content.

1 of 5
1: The bill is bad for security because encryption keeps us safe from criminals. This bill will make it easier for them to hack us.

2: * The bill is bad for jobs because software companies will choose not to work in Australia, as this bill is fundamentally incompatible with GDPR.

Read 6 tweets
The #aabill is incredibly short-sighted & luddite. Even if the AU Gov. can coerce tech companies to backdoor encrypted messaging platforms, nothing's going to stop people from resorting to using free & opensource #crypto software like @GnuPG! #auspol 1/
Popular #crypto software is trusted because it's been written & vetted by members of a decentralized #opensource community which you can't coerce. If you want to make it illegal to possess @GnuPG in Australia because you can't backdoor it, then you'll kill the IT industry. 2/
Software devs/engineers use #crypto daily to safeguard the apps & systems we code & run against malicious tampering. The #InfoSec community also needs to be confident it can discuss and coordinate responses to security vulnerabilities before they can be patched in private. 3/
Read 11 tweets
@mcannonbrookes Here’s my device maker’s and app writer’s guide to implementing #AABill in #ozcyber. The answer is a little nuanced & depends on what you’re trying to get at. I’ll also mention how you can protect yourself against it down below.
@mcannonbrookes The dirty way is to implement backdoors, in essence a backdoor-API. That API would need to be exposed, and would technically violate all encryption standards I know off and make the app/device un-certifiable for use in regulated industry.
@mcannonbrookes The cleanest way is for them to take a copy or a derived key for the encryption used. Like physical keys, they’d need to keep them somewhere safe; they can be copied; and they're easy to find.
Read 11 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!