Controversial Changes
by Arik Baratz
1. Mandatory retention - 2 years
1.1. Unclear what is to be retained
1.2. Secure destruction not specified
1.3. Technically a hard problem
1.4. Australian companies in Australia
1.4.1. prevent abuse of US patriot act
1.4.2. prevent abuse of UK reg. investigatory powers act
1.5. Cost prohibitive
1.6. Allows unloawful "Fishing expedition"
1.7. Allows unlawful access by employees
1.7.1. Happened in the past
1.7.2. Resulted in homicide
1.8. Analysis of the data set Can yield organisation graphs - legal and illegal
1.8.1. Chilling effect
1.9. Can induce the opposite result
1.9.1. People turning to privacy services, encryption
1.10. Violation of human rights
1.10.1. 2 int'l conventions
1.10.2. The violation is the fact that the retention is arbitrary (as opposed to specific)
1.11. "It's bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers say, these systems cost too much and put us all at greater risk." -- Bruce Schneier
2. Using 3rd party system to access target
2.1. Unreasonable violation of said 3rd party's rights
2.2. May open 3rd party to prosecution due to misattribution
3. Accessing 3rd party premises
3.1. Unreasonable violation of 3rd party's rights
3.2. Violation of human rights conventions regarding arbitrary violation of privacy
4. Disrupt target computer
4.1. Very broad
4.2. Effectively excludes using the computer or information retreived from it as evidence
4.3. Targets computer, not individual
5. Search people independant of premises
5.1. Allows search of bystanders
6. Protecting the identity of officers
6.1. Right to fair trial!
6.2. Officer's credibility cannot be ascertained by the defence
7. Enable ASIS to provide training to cooperating parties
7.1. Unclear if it can be used to train foreign militia
8. Criminalising failure to assist in decryption
8.1. Unclear who the subject is
8.2. If charged
8.2.1. Same as forcing to make a statement
8.2.2. Presumed innocent, cannot defend themselves
8.3. If not charged
8.3.1. Compliance may expose to civil/criminal reprecussions
8.4. Telecom provider
8.4.1. May not be technically possible
8.5. SW / HW developers
8.5.1. May need to provide backdoor
8.5.2. May be exploited by 3rd parties
8.6. May expose commercial in-confidence data
8.7. May expose 3rd party data
8.8. May expose data otherwise under confidentiality
8.8.1. Lawyers
8.8.2. Doctors
8.8.3. Journalists
8.8.4. Diplomats
8.9. Inability to decrypt may constitute refusal
8.9.1. No technical way to differentiate
8.9.2. Can be used to incriminate others