Skip to main content

2018 Assistance and Access Bill

This is a cross post from my less technical blog at https://abeath.blog

Passed the Senate last night, rushed through in a day by a bunch of politicians that probably haven't read any of the submissions or listened to anyone in IT about the impact on privacy these encryption changes will make. Man it makes my blood boil. There was an article on Business Insider about it quoting a software consultant in Melbourne Tom Sulston and he summed it up really well:
1. The bill is bad for security because encryption keeps us safe from criminals. This bill will make it easier for them to hack us.
2: The bill is bad for jobs because software companies will choose not to work in Australia, as this bill is fundamentally incompatible with GDPR.
3: The bill is bad for workers, as it opens up all sorts of penalties if we conscientiously object to being drafted into the security services.
4: The bill is bad for democracy as it will make it easier for a sitting government to access the private communications of journalists, opposition politicians, unions, businesses, et al.
5: The bill is bad for the economy because global consumers will choose digital services that come from countries that are not threatened by Australian legislation.
There are clearly plenty more reasons why the bill is terrible, but these are some big, big problems.
https://twitter.com/tomsulston - see his feed for more stuff
I read this and can't help but agree. If I'm a criminal I would be super happy about this decision. You can be damn sure those guys will find open source software that isn't screwed the Australian Government and lock their shit up tight while the rest of us have defective software and devices allowing all and sundry to mess with our stuff.
This is a sad day indeed for Australia and we are rightfully the laughing stock of the technical world. What is worse is that this Bill was passed in order to stop another Bill being defeated (and this Bill is to get kids of Nauru for medical treatment. I'm not going to comment on that - I'm cranky enough with this other thing). So stupid politics screws the pooch royally here and there's only the House left to amend it.
Saints preserve us (I sound like little old Southerner). I am so disappointed in this decision and despite having written to my local member (I missed out on a submission to the stupid Bill thing) on several occasions I am very unhappy with this result. I'm also pissed at the behaviour of our elected officials trivialising something like this into name calling and bullshit behaviour when it is so important. Telling the opposition leader he is a "a clear and present threat to the safety of Australians" while they are looking at the Bill in order to guilt it through is really not good enough. If the Bill and the reasons behind it are solid, then an ad hominem attack like this is unnecessary and paints those elected in a worse light.
And while I'm on the soap box law enforcement needs to take a good look at themselves too. They're proposing to weaken encryption for everyone in order to catch a few people. Guess what idiots? More people will be negatively affected by this than the positive outcomes. You're weakening my encryption, my wife's and my kids to catch criminals. How about investing in some good old fashioned police work and updating the way you pursue criminals rather than screwing up things for everyone? I wonder if they have even looked carefully out the outcomes of this legislation past the echo chamber they live in. It's very disappointing and once again I'm considering moving to the moon.
Update:
I have to add to this after reading some more stuff about the Bill online. There were 173 amendments put forward to this Bill hours before it passed. The Senate were asked to consider 173 different amendments. I can't highlight this enough. 173 is a shite load. Surely this is an example of how flawed the bill was? Here is one of the Senator's takes on it:
It's fine, they're only asking for 173 amendments to be moved together. 173. Amendments most of us only saw an hour or two ago. 173.
It's a complete shitshow #AAbill #encryption #Auspol
— Senator Jordon Steele-John (@Jordonsteele) December 6, 2018
Twitter....
Come on! Seriously! Further to this, I've looked at the Bill and I'm gravely concerned that the current accreditation we have to have to work with the Government departments might be incompatible with this Bill and I could go to gaol for denying the Government fucking up our security in order to have the accreditation to work with the same Government. Is that not completely stupid? Welcome to Australia....
Rant over.

Comments

Popular posts from this blog

Plone - the open source Content Management System - a review

One of my clients, a non-profit, has a lot of files on it's clients. They need a way to digitally store these files, securely and with availability for certain people. They also need these files to expire and be deleted after a given length of time - usually about 7 years. These were the parameters I was given to search for a Document Management System (DMS) or more commonly a Content Management System (CMS). There are quite a lot of them, but most are designed for front facing information delivery - that is, to write something, put it up for review, have it reviewed and then published. We do not want this data published ever - and some CMS's make that a bit tricky to manage. So at the end of the day, I looked into several CMS systems that looked like they could be useful. The first one to be reviewed was OpenKM ( www.openkm.com ). It looked OK, was open source which is preferable and seemed to have solid security and publishing options. Backing up the database and upgradin

Musings on System Administration

I was reading an article discussing forensic preparation for computer systems. Some of the stuff in there I knew the general theory of, but not the specifics of how to perform. As I thought about it, it occurred to me that Systems Administration is such a vast field. There is no way I can know all of this stuff. I made a list of the software and operating systems I currently manage. They include: - Windows Server 2003, Standard and Enterprise - Exchange 2003 - Windows XP - Windows Vista - Windows 2000 - Ubuntu Linux - OpenSuSE Linux - Mac OSX (10.3 and 10.4) - Solaris 8 - SQL 2005 - Various specialised software for the transport industry I have specific knowledge on some of this, broad knowledge on all of it, and always think "There's so much I *don't* know". It gets a bit down heartening sometimes. For one thing - I have no clue about SQL 2005 and I need to make it work with another bit of software. All complicated and nothing straightforward. Irritating doesn&

elementary OS 5.1 Hera - a review and a revisit

 It's been ages since I used a desktop Linux distribution - being up to my ears in the horror of implementing ISO 27001 doesn't leave you much time to play around with computers - too busy writing policies, auditing and generally trying to improve security to a formally acceptable and risk managed level. I need a quick, small OS though to do the occasional network scan, view the contents of a dodgy file on and for general, low impact activities. I remembered reviewing elementary OS ( elementary.io ) some time ago ( see  https://www.ryv.id.au/2015/01/elementary-os-review.html ) from 2015 so I thought it was worth a revisit.  I downloaded the ISO from their website, forgoing to donation for the moment while I review it. If it turns out I'm going to keep using it, I'll send them some love. The ISO is 1.38GB in size and I booted it in a VMware Player instance. From go to whoa (I won't include the install photos here) it took about 10 minutes with a dual vCPU and 4GB of