The Australian government has released the draft Assistance and Access Bill 2018, legislation intended to help law enforcement agencies bypass encrypted communications. homeaffairs.gov.au/about/consulta… I’ll live-tweet my reading of it in this thread. #aabill
The Bill is a messy 176 pages, because it amends a bunch of Acts. The Explanatory Document is 110 pages. There’s also an Industry Fact Sheet, a document about Limitations and Safeguards, and three documents about how the search warrants will work. Much joyous reading! #aabill
I’ll start with the Explanatory Document, because it explains (der!) what the legislation is meant to do, and points to the relevant bits in the Bill. It’s also less likely to make my brain explode. #aabill
“The Government welcomes public comment on the exposure draft. Please submit any comments to AssistanceBill.Consultation@homeaffairs.gov.au by 10 September 2018.” #aabill
The usual framing about encryption thwarting law enforcement sets the scene. #aabill 
What does the Bill do? It does this. The key part in my view is bringing device manufacturers into the process of intercepting communications. Last year I speculated about how this might be done. zdnet.com/article/austra… #aabill
Telcos must already provide “such help as is reasonably necessary” to law enforcement and national security agencies. That’s being broadened to include a bunch of other stuff. #aabill
The “limitations and safeguards” section is long. Demands made must be “reasonable, proportionate, practicable and technically feasible” [defined by who?] and they need a warrant. #aabill
“Systemic weaknesses or vulnerabilities cannot be implemented or built into products or services.” That’s the wording meant to exclude backdoors in encryption or anything else. Obviously we must read that bit of the Bill very closely indeed. #aabill
There’s more. “Agencies cannot prevent providers from fixing existing systemic weaknesses... Core interception and data retention will not be extended... Industry must be consulted about new capabilities.” I’ll come back to this later. #aabill
Here’s a diagram of how the Industry Assistance Process is meant to work. So many things to be defined! #aabill
Then there’s 7 pages on extending the warrant powers under the Surveillance Devices Act 2004, the ASIO Act, the Crimes Act 1914, the Customs Act 1901, and also the ASIO assistance powers. How that part of the Bill is written will be critical, I suspect. #aabill
The rest of the Explanatory Document details every single section of the Bill, explaining what Act it’s amending and why. This snippet, for example, gives ASIO the power to take a computer away from premises to do something. Couldn’t they do this before? #aabill
The Bill itself inserts the words “removing a computer or other thing from premises for the purposes of doing any thing specified in the warrant in accordance with this subsection, and returning the computer or other thing to the premises;” into the ASIO Act. Amendments! #aabill
Analysing all that has to happen on several levels. Is the policy reasonable, proportionate etc? Does the legislative strategy accurately reflect the policy? And does the wording of the Bill actually achieve the desired effect? That takes a lot of time. #aabill
Then there’s the stage we skip over pretty much every single time. Sure, some law enforcement operations may be hampered by encryption. But how big a problem is that really? We only see hand-waving. What are we trading off? That discussion never happens. #aabill
OK, I’m taking a break for a bit. I need to read more closely and take notes, but I’ll return to this thread later this morning. #aabill
Apparently I’ll be talking about the Assistance and Access Bill on @abccanberra at 1010 AEST. That’s just over an hour from now. You can listen at abc.net.au/radio/canberra… or on the ABC Listen app. #aabill
This radio spot is coming up in just a few minutes. #aabill
And that radio spot is done. It was a more discursive discussion of digital surveillance than I was expecting, but it got me thinking. #aabill
“You Could Go To Jail For 10 Years For Refusing To Unlock Your Phone” by @joshgnosis buzzfeed.com/joshtaylor/enc… #aabill
@joshgnosis “Canberra gives ‘decryption’ another crack with draft legislation” by @ashabeeeee zdnet.com/article/canber… #aabill
That’s all from me on the Assistance and Access Bill for a couple hours. I have to write some words about it. Back in a bit. #aabill
“When’s a backdoor not a backdoor? When the Oz government says it isn’t” by @R_Chirgwin theregister.co.uk/2018/08/14/oz_… #aabill
