Signal App to Australia: You tried to ban cryptography? How cute! Good Luck with the ban!

[DrMacintosh]

On 12/17/2018 at 8:02 AM, AluminiumTech said:

ignal requires a phone number whereas Telegram doesn't.

Not too sure of that, I have never been able to log into Telegram (or make a new account) without a phone number

[mr moose]

5 hours ago, MrCupHolder said:

 

One thing for sure is though that no-one will now trust IT products coming out of Australia to not have a back door in it and that will likely kill any export of IT products from Australia.

 

 

 

I am trying not to talk about the Australian Laws because there are people here who just argue ad nauseum and refuse to read the actual law.  I have linked to it in other threads, it is actually not that vague at all, it contains very specific language and has limitations attached.  Don't believe everything you read on the internet.

 

And besides, Australia does not manufacturer electronic to that degree, we have it all made in Asia.

[ZacoAttaco]

6 hours ago, MrCupHolder said:

One wonders how much you educated yourself. If you did it properly you'd have know that experts were brought in to advise the govt on this. Can't help that whilst those experts were speaking all the politicians put the fingers in their ears and just went la la la la until they stopped speaking.

Trouble is as I understand it right now the law is so vague that no-one's too sure on exactly what it means.

I educated myself on what the decision meant for the wider tech community and the repercussions of this act. I didn't concern myself with how they got to that decision or the politics behind the decision. I'm prefer to spend more time learning about technology than politics.

[CarlBar]

On 12/17/2018 at 4:09 PM, RejZoR said:

The funny thing is, this crypto thing in Australia was cooked up by clueless politicians who only seen security in Hollywood movies and just think there is this master key for everything and that they can just ask for it on demand. It's almost like no one told them how cryptography actually works.

 

Nope they're very aware of how it works. The point is under australian law having a service where you cannot access the decryption keys is outright illegal.

 

On 12/17/2018 at 5:14 PM, Brooksie359 said:

I mean even if they did try and sue unless they are somehow in Australia they could simply ignore it. 

 

I'm pretty sure there are a whole bunch of international laws in place that would let them collect on any lawsuit. However if they're a non-for profit organisation it may be trickier to go after them.

[mr moose]

2 hours ago, CarlBar said:

 

Nope they're very aware of how it works. The point is under australian law having a service where you cannot access the decryption keys is outright illegal.

Not too sure that is the case, have you got a link?

 

2 hours ago, CarlBar said:

 

I'm pretty sure there are a whole bunch of international laws in place that would let them collect on any lawsuit. However if they're a non-for profit organisation it may be trickier to go after them.

Assuming everything is as bad as people make out and Australia want to go after a company for using some sort of encryption to hide evidence.  Unless that company is only operating inside a non extradition country (one not signed up to our extradition treaty) then they can be extradited to stand trial.  If you want to know how that would likely turn out consider the kimdot com case, almost 6 years later and he is still fighting extradition in NZ.

[Brooksie359]

2 hours ago, CarlBar said:

 

Nope they're very aware of how it works. The point is under australian law having a service where you cannot access the decryption keys is outright illegal.

 

 

I'm pretty sure there are a whole bunch of international laws in place that would let them collect on any lawsuit. However if they're a non-for profit organisation it may be trickier to go after them.

what I meant by ignoring it is just don't comply but also don't try and do business with Australia. it seems like the obvious choice here.

[Septimus]

On 12/17/2018 at 3:58 PM, Froody129 said:

How does Signal compare to Telegram? I switched most of my chats to Telegram and I've been very happy so far

 

On 12/17/2018 at 4:02 PM, AluminiumTech said:

Signal is known to have a more secure protocol but other than that there's not too many major differences.

 

Signal requires a phone number whereas Telegram doesn't. There's a bit different functionality and Telegram groups by default don't use End to End encryption iirc.

Both of you might be interested in this spreadsheet: https://docs.google.com/spreadsheets/d/1-UlA4-tslROBDS9IqHalWVztqZo7uxlCeKPQ-8uoFOU/edit#gid=0

It compares a lot of different messaging services and outlines them very thoroughly.

Signal and Telegram do have differences, but generally speaking, Signal is more secure.

[CarlBar]

13 hours ago, mr moose said:

Not too sure that is the case, have you got a link?

 

 

People in past threads on this linked a whole bunch of stuff about it. Though i perhaps didn;t phrase that the best. What i specifically meant was that if Australia asks your company for access to some specific traffic the company is obligated to provide it. If it cannot do so, regardless of why that is, it's in violation of australian law. Therefore to avoid being found to be acting illegally at a future point a company cannot have an encryption system they cannot work around.

 

13 hours ago, mr moose said:

Assuming everything is as bad as people make out and Australia want to go after a company for using some sort of encryption to hide evidence.  Unless that company is only operating inside a non extradition country (one not signed up to our extradition treaty) then they can be extradited to stand trial.  If you want to know how that would likely turn out consider the kimdot com case, almost 6 years later and he is still fighting extradition in NZ.

 

That gets tricky though when your talking a corporation. Corporate liability laws are complex things and i'm not sure they'd cover this circumstance for australia. And if they try targeting specific non-australian citizens within the company they'd effectively be asking them to violate their own countries laws to comply with australia. Extradition treaty or not most countries are going to pitch a fit over that and tell Australia where to shove it's extradition request. Hell extradition treaties may well have clauses in place about that sort of conflict, i'd be slightly surprised if they did as it's not a situation that was really relevant before. But now, well lets just say this could get interesting real fast.

[mr moose]

5 hours ago, CarlBar said:

 

People in past threads on this linked a whole bunch of stuff about it. Though i perhaps didn;t phrase that the best. What i specifically meant was that if Australia asks your company for access to some specific traffic the company is obligated to provide it. If it cannot do so, regardless of why that is, it's in violation of australian law. Therefore to avoid being found to be acting illegally at a future point a company cannot have an encryption system they cannot work around.

 

That's not true.  the law does not allow any systemic weakening of a security system. they cannot force any company to break encryption if it means breaking the entire system.  If the company is able to provide access to data on a specific person without making data available for anyone else then they have to.  But if they can't there is no obligation to nor is their a consequence.

 

https://www.homeaffairs.gov.au/help-and-support/how-to-engage-us/consultations/the-assistance-and-access-bill-2018

 

 

Quote

These powers cannot be used to introduce so-called ‘backdoors’ or require a provider to disclose communications content or data.

 

What you read before was just these forums doing there usual reaction to the media hype and lobby group responses.

 

no one likes the idea of encryption being made illegal so much that anything that whiffs of it will be treated like it is.

 

 

[LAwLz]

31 minutes ago, mr moose said:

That's not true.  the law does not allow any systemic weakening of a security system. they cannot force any company to break encryption if it means breaking the entire system.  If the company is able to provide access to data on a specific person without making data available for anyone else then they have to.  But if they can't there is no obligation to nor is their a consequence. 

 

https://www.homeaffairs.gov.au/help-and-support/how-to-engage-us/consultations/the-assistance-and-access-bill-2018

 

What you read before was just these forums doing there usual reaction to the media hype and lobby group responses.

 

no one likes the idea of encryption being made illegal so much that anything that whiffs of it will be treated like it is.

You forgot to mention that it does not give clear guidelines for what is and isn't a "systemic weakness". It also doesn't give a clear explanation how disputes whether or not something is a "systemic weakness" will be handled. So if a developer claims something is a systemic weakness, and the government claims it isn't, it may still get implemented.

 

Another really bad thing is that the government can go to individuals at a company, tell them to implement a backdoor, and if they tell anyone else, including their boss at work, they can get 5 years in prison.

I repeat, an individual developer who gets a TAR, TAN or TCN instructing him/her to keep silent about the request, can be put in prison for 5 years if they speak out about it.

 

 

This bill is absolutely horrible. It's disgustingly bad.

Apple, Cloudflare, Google, Microsoft, EFF and a ton of other experts, which often disagree with each other violently, all agree that this is bad.

The Digital Rights Watch, Australian Privacy Foundation and the New South Wales Council for Civil Liberties have all recommended that the type of requests the government can ask for should be significantly reduced, and put limits on who can be required to provide assistance.

 

 

Since I suspect that you will just deflect this by saying "our government won't do anything bad" let me ask you this, do you think a bill which makes it illegal, and punishable with several years in prison, for talking to your colleagues about requests to modify security aspects of your program, is a good idea? Because that is part of what this bill does.

 

 

Also, here is a good explanation of why the "it can't create a systemic weakness" part of the bill doesn't actually matter. The bill is full of loopholes around that, and none of those loopholes have been fixed in any revision of the bill.

[mr moose]

26 minutes ago, LAwLz said:

You forgot to mention that it does not give clear guidelines for what is and isn't a "systemic weakness". It also doesn't give a clear explanation how disputes whether or not something is a "systemic weakness" will be handled. So if a developer claims something is a systemic weakness, and the government claims it isn't, it may still get implemented.

 

Another really bad thing is that the government can go to individuals at a company, tell them to implement a backdoor, and if they tell anyone else, including their boss at work, they can get 5 years in prison.

I repeat, an individual developer who gets a TAR, TAN or TCN instructing him/her to keep silent about the request, can be put in prison for 5 years if they speak out about it.

 

 

This bill is absolutely horrible. It's disgustingly bad.

Apple, Cloudflare, Google, Microsoft, EFF and a ton of other experts, which often disagree with each other violently, all agree that this is bad.

The Digital Rights Watch, Australian Privacy Foundation and the New South Wales Council for Civil Liberties have all recommended that the type of requests the government can ask for should be significantly reduced, and put limits on who can be required to provide assistance.

 

 

Since I suspect that you will just deflect this by saying "our government won't do anything bad" let me ask you this, do you think a bill which makes it illegal, and punishable with several years in prison, for talking to your colleagues about requests to modify security aspects of your program, is a good idea? Because that is part of what this bill does.

 

 

Also, here is a good explanation of why the "it can't create a systemic weakness" part of the bill doesn't actually matter. The bill is full of loopholes around that, and none of those loopholes have been fixed in any revision of the bill.

Not having this discussion again.  I have presented the facts, you have even agreed to half of them.

[CarlBar]

7 hours ago, mr moose said:

Not having this discussion again.  I have presented the facts, you have even agreed to half of them.

 

And been shown why they're wrong. if your not going to respond to criticism of your argument don;t expect anyone to take your argument seriously.

 

As further criticism Australian officials came out and stated they specifically don't like end to end encryption, what in the world makes you therefore think they're remotely going to accept that not having such encryption is a systematic weakness.When they introduce the law with the specific notation that they're unhappy with companies doing certain things and wish to change this by introducing a law to force them to do so what in the wide world makes you think they won;t use said law for that purpose.

 

It's like hearing someone say they've bought some green wallpaper and being surprised the next time you go round to their house and find one or more rooms decorated with new green wallpaper.

[mr moose]

2 minutes ago, CarlBar said:

 

And been shown why they're wrong. if your not going to respond to criticism of your argument don;t expect anyone to take your argument seriously.

I have discussed this for pages on the two other threads concerning it.  There is nothing left to discuss.

from about here:

 

Quote

As further criticism Australian officials came out and stated they specifically don't like end to end encryption, what in the world makes you therefore think they're remotely going to accept that not having such encryption is a systematic weakness.

The fact it is written into the law.

 

Quote

When they introduce the law with the specific notation that they're unhappy with companies doing certain things and wish to change this by introducing a law to force them to do so what in the wide world makes you think they won;t use said law for that purpose.

 

It's like hearing someone say they've bought some green wallpaper and being surprised the next time you go round to their house and find one or more rooms decorated with new green wallpaper.

No, if the say they like green wall paper and when I visit it's purple I would like to know why? 

[LAwLz]

3 hours ago, mr moose said:

The fact it is written into the law.

While the law contains "it can't be used to create systemic weaknesses" (or however it is worded), I have already given you plenty of examples where there are disagreements whether or not something can be classified as a "systemic weakness". The bill does not make any attempt to give a proper definition, and in the case of disagreements it is up to the Australian government to decide if something is a systemic weakness or not.

On top of that, there is the non-disclosure provision in there which can prevent disputes from ever surfacing. "Implement this for us right now. If you tell anyone you will be sent to jail". How many do you think will go "hmm, I should bring this up to people to see if they think it's a systemic weakness or not" if they received that kind of order?

 

The bill basically goes like this:
Bill author: This can't be used to implement systemic weaknesses.

Me: That sounds good, but what exactly do you mean by systemic weakness?

Bill author: Well we'll figure that later, but for example giving us access to all iCloud data anytime we want would not be systemic.

Me: But that clearly sounds like a systemic weakness to me.

Bill author: Well like I said we don't have a clear definition yet but don't worry. If disputes arise an arbiter will settle the dispute.

Me: Who is the arbiter?

Bill author: Someone working for the government...

 

You: See? It can't be abused because they said so!

 

Again, read this letter from Riana Pfefferkorn. I highly recommend it.

[Ralphred]

This is not the 1st time we've technically inept politicians make laws like this, the US used to have one regarding the size of SSL encryption keys, if you wanted support for keys over a certain size in your browser you had to download it from a server outside the US, and "pretend" to be from another country.

 

What bothers me is the implication that lawmakers believe they have the right to compel me to reveal my communications, are they going to make it illegal for me to whisper something to someone in an environment they can't listen in on?

 

How cute, GLWT does seem an appropriate response from anyone marginally tech literate.

[CarlBar]

4 hours ago, mr moose said:

The fact it is written into the law.

 

 

Where point me to where the law explicitly states that not having end to end encryption is considered a systematic weakness.

 

Simply saying that anything that counts as a systematic weakness cannot be forced on developers means nothing if there is no definition of what a systematic weakness is and the people deciding what counts are both the same people making the request and the same people who have indicated they don;t want end to end encryption regardless of expert advice. If they weren't willing to listen to experts when they drafted the law what in the wide world makes you think they're going to listen to them when it comes to defining what counts as a systematic weakness.

[leadeater]

1 hour ago, CarlBar said:

Simply saying that anything that counts as a systematic weakness cannot be forced on developers means nothing if there is no definition of what a systematic weakness is and the people deciding what counts are both the same people making the request and the same people who have indicated they don;t want end to end encryption regardless of expert advice.

It's not the same people, like other similar governments the judicial system is not under the direct control of the government and neither can the judicial system create or pass laws, this is the principle of separation of powers.

 

An Attorney General cannot overturn a court ruling and cannot make them, the role of the Attorney General is the legal adviser to the government and in Australia is a Minister and a member of the Federal Cabinet.

 

You can, and has been done in the past, put up a legal challenge to an AG's decision on a matter. At no point can you say the same people making the request are the same people who make those kind of determinations, in the literal sense it is not and the not so literal (what you actually meant) would be a breach of trust of the AG's role. The AG advises the government on legal matters based on written laws and case law, and seeks expert opinions on matters to ensure the best advice is given and in practice tends to take the counter view to the governments wishes so there is always an opposing opinion present in the decision making process.

 

The AG is not above the law, courts or judicial system and doesn't even have to be legally trained at all.

[LAwLz]

1 hour ago, leadeater said:

It's not the same people, like other similar governments the judicial system is not under the direct control of the government and neither can the judicial system create or pass laws, this is the principle of separation of powers.

 

An Attorney General cannot overturn a court ruling and cannot make them, the role of the Attorney General is the legal adviser to the government and in Australia is a Minister and a member of the Federal Cabinet.

 

You can, and has been done in the past, put up a legal challenge to an AG's decision on a matter. At no point can you say the same people making the request are the same people who make those kind of determinations, in the literal sense it is not and the not so literal (what you actually meant) would be a breach of trust of the AG's role. The AG advises the government on legal matters based on written laws and case law, and seeks expert opinions on matters to ensure the best advice is given and in practice tends to take the counter view to the governments wishes so there is always an opposing opinion present in the decision making process.

 

The AG is not above the law, courts or judicial system and doesn't even have to be legally trained at all.

This is all true. But I also want to add to this and explain why it is such a big issue that it is the AG which gets to determine if something is a "systemic weakness" or not. Remember, something classified as not systemic can be a major catastrophe for privacy and security.

 

1) The person determining these things did not need any education or training in computer science or any other relevant IT subject to get to the position they are in.

 

2) The previous attorney general for Australia was the guy who said the laws of Australia were above the laws of mathematics.

 

3) Even if the AG is not under direct control from the government, they are indirectly and they are also heavily involved with and influenced by the government. For example Christian Porter, the current AG, is a member of the Liberal Party. He was elected by the Liberal party to be in the position he is in right now. Just look at Ajit Pai if you don't believe someone corrupt can get into a position of power (the relevance of this is in the next point).

 

4) Security and privacy should not be in the hands of a single person like this. Attorney Generals are not infallible Godly beings, and when the consequences of mistakes can put millions of people at risk then maybe we shouldn't give them that power to begin with? The former Australia AG, George Brandis, did a bunch of bad stuff, such as approving the raid on Bernard Collaery.

 

5) There are other major issues in the bill, such as jail sentence for someone breaking a non-disclose request for implementing spying capabilities into software, and that the government can go after individuals within companies or organizations.

 

6) During the process of approving the bill, people could submit feedback. 15,000 comments from individuals as well as large companies (Google, Microsoft, Apple, Cloudflare) and organizations (EFF, Digital Rights Watch, Australian Privacy Foundation, New South Wales Council for Civil Liberties), and they were all ignored. These were not just "don't do this!" replies either. They were things such as this document outlining exactly which paragraphs should be changed, and why. One of those recommendations are "systemic weakness should be defined", which it still isn't.

Anyway, wanna know where all that feedback went? Into the paper bin. Most of them were not even read.

To give someone a massive amount of power that they don't know how to use, and then go "let's hope he listens to feedback and make the right decision" when his colleagues have clearly demonstrated that they do not give a shit about feedback is not a good argument for this bill.

[mr moose]

8 hours ago, CarlBar said:

 

Where point me to where the law explicitly states that not having end to end encryption is considered a systematic weakness.

 

Simply saying that anything that counts as a systematic weakness cannot be forced on developers means nothing if there is no definition of what a systematic weakness is and the people deciding what counts are both the same people making the request and the same people who have indicated they don;t want end to end encryption regardless of expert advice. If they weren't willing to listen to experts when they drafted the law what in the wide world makes you think they're going to listen to them when it comes to defining what counts as a systematic weakness.

 

I linked to the bill in the thread discussion and it also contains all the pertinent quotes if you don't want to wade through thee entire bill.

 

Also unlike the US and other countries, the government is completely divorced from the judicial system in regard to case brought before it.  The determination of a systemic weakness is defined by the law as any request that does exactly that, weakens the security or privacy measures of any system.  What is not a systemic weakness is weakening the system for selected people within the scope of a court granted warrant. Ergo no one can request a company handover any tool or data that will allow them access to me personally unless the directive specifically targets me.

 

Quote

317ZG  Designated communications provider must not be required to implement or build a systemic weakness or systemic vulnerability etc.

             (1)  A technical assistance notice or technical capability notice must not have the effect of:

                     (a)  requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

                     (b)  preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection.

             (2)  The reference in paragraph (1)(a) to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to implement or build a new decryption capability in relation to a form of electronic protection.

             (3)  The reference in paragraph (1)(a) to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection includes a reference to one or more actions that would render systemic methods of authentication or encryption less effective.

 

This is what the decision to issue a technical assistance notice must consider:

 

   

Quote

 

  In considering whether the requirements imposed by a technical assistance notice or a varied technical assistance notice are reasonable and proportionate, the Director‑General of Security or the chief officer of an interception agency, as the case requires, must have regard to the following matters:

                     (a)  the interests of national security;

                     (b)  the interests of law enforcement;

                     (c)  the legitimate interests of the designated communications provider to whom the notice relates;

                     (d)  the objectives of the notice;

                     (e)  the availability of other means to achieve the objectives of the notice;

                      (f)  the legitimate expectations of the Australian community relating to privacy and cybersecurity;

                     (g)  such other matters (if any) as the Director‑General of Security or the chief officer, as the case requires, considers relevant.

 

The AG's directives in capabilities notices can only be approved if they are:

 

 

Quote

 

The Attorney‑General must not give a technical capability notice to a designated communications provider unless:

                     (a)  the Attorney‑General is satisfied that the requirements imposed by the notice are reasonable and proportionate; and

                     (b)  the Attorney‑General is satisfied that compliance with the notice is:

                              (i)  practicable; and

                             (ii)  technically feasible.

 

 

So if it is impossible to decrypt a message, then it is not technically feasible and the notice can be revoked.  Also the carrier or service provider is allowed to make submissions to the AG regarding any notice before the decision to issue the notice.  The law basically says the AG has to consult with the service provider regarding the feasibility of said action before he is allowed to ask for it.

 

The Bill as passed:

https://www.legislation.gov.au/Details/C2018B00180

[leadeater]

7 hours ago, LAwLz said:

Even if the AG is not under direct control from the government, they are indirectly and they are also heavily involved with and influenced by the government.

I think you may have misunderstood the AG's role, they are part of the government as they are a Minister and a member of the Federal Government(usually, but not required), that put's them rather far up the food chain in that regard. It's only the judicial system that is not under the control of the government.

 

So while the AG is acting for/within the government they still have to give the best and most correct legal advice they can because if they do not a company does have the right, most likely will, put up a legal challenge to a decision and drag the government through the court system and potentially win and if that were to happen could have serious consequences to this law. The AG can't go round rubber stamping everything or be the 'yes man' just like any lawyer you seek council from or employ can't.

 

The AG's role is also a bit conflicting since as they are part of the government but also form part of the oversight of them and are also a point of contact for the public to lodge complaints etc. They serve an important role for the public which is why they have to be careful to not destroy that trust.

 

The reason why this bill has the AG as the decision maker is because they are the legal arm of the government and they are the one to make such legal determinations, this isn't unique to this bill and would be common across all other bills where there is such a need.

[mr moose]

10 minutes ago, leadeater said:

I think you may have misunderstood the AG's role, they are part of the government as they are a Minister and a member of the Federal Government, that put's them rather far up the food chain in that regard. It's only the judicial system that is not under the controller of the government.

 

So while the AG is acting for/within the government they still have to give the best and most correct legal advice they can because if they do not a company does have the right, most likely will, put up a legal challenge to a decision and drag the government through the court system and potentially win and if that were to happen could have serious consequences to this law. The AG can't go round rubber stamping everything or be the 'yes man' just like any lawyer you seek council from or employ can't.

 

The AG's role is also a bit conflicting since as they are part of the government but also form part of the oversight of them and are also a point of contact for the public to lodge complaints etc. They serve an important role for the public which is why they have to be careful to not destroy that trust.

 

The reason why this bill has the AG as the decision maker is because they are the legal arm of the government and they are the one to make such legal determinations, this isn't unique to this bill and would be common across all other bills where there is such a need.

 

The law actually states that the courts have ultimate rule over this law in any way they seem fit including considering what is in the interests of the public.

 

 

Quote

 

731ZFA  Powers of a court

             (1)  In a proceeding under, or arising out of:

                     (a)  this Part; or

                     (b)  any other provision of this Act, so far as that other provision relates to this Part; or

                     (c)  the Regulatory Powers (Standard Provisions) Act 2014, so far as that Act relates to this Part;

a court may make such orders as the court considers appropriate in relation to the disclosure, protection, storage, handling or destruction, in the proceeding, of:

                     (d)  technical assistance notice information; or

                     (e)  technical capability notice information; or

                      (f)  technical assistance request information;

if the court is satisfied that it is in the public interest to make such orders.

             (2)  The powers conferred on a court by subsection (1) are in addition to any other powers of the court.

 

 

 

[LAwLz]

2 hours ago, leadeater said:

I think you may have misunderstood the AG's role, they are part of the government as they are a Minister and a member of the Federal Government(usually, but not required), that put's them rather far up the food chain in that regard. It's only the judicial system that is not under the control of the government. 

 

So while the AG is acting for/within the government they still have to give the best and most correct legal advice they can because if they do not a company does have the right, most likely will, put up a legal challenge to a decision and drag the government through the court system and potentially win and if that were to happen could have serious consequences to this law. The AG can't go round rubber stamping everything or be the 'yes man' just like any lawyer you seek council from or employ can't.

 

The AG's role is also a bit conflicting since as they are part of the government but also form part of the oversight of them and are also a point of contact for the public to lodge complaints etc. They serve an important role for the public which is why they have to be careful to not destroy that trust.

 

The reason why this bill has the AG as the decision maker is because they are the legal arm of the government and they are the one to make such legal determinations, this isn't unique to this bill and would be common across all other bills where there is such a need.

1 hour ago, mr moose said:

The law actually states that the courts have ultimate rule over this law in any way they seem fit including considering what is in the interests of the public.

 

Just want to add that while both of these posts are true, they do not counter any of my issues I have with the bill.

[mr moose]

29 minutes ago, LAwLz said:

 

Just want to add that while both of these posts are true, they do not counter any of my issues I have with the bill.

But I don't think we are ever going to agree or disagree on the finer points.  There is always another layer we can go to to substantiate our views.

[leadeater]

2 hours ago, LAwLz said:

Just want to add that while both of these posts are true, they do not counter any of my issues I have with the bill.

I just wanted to give a better insight in to the role of the AG in a typical commonwealth country, our legal systems are all founded on the British system since we were all colonies at one point. It just appeared to me there was need to for that extra information so it would be better known how the AG fits in, their role in government and why they would be specified in the bill.

 

It looked to me like it was thought that the AG was the highest legal authority of Australia, which isn't the case, or decisions made by the AG couldn't be challenged.

 

It's not support for the bill though I can see why Australia want it or something like it. Currently it's too easy for a company to not comply to a court order or an information request from the Government on the grounds that they are a secure service when they do have the technical capabilities to provide something or without great effort be able to obtain and supply the requested information on a user without impacting other users. Of course not every service is going to be able to do something like that and I've also never heard of a perfect bill either and I'm sure every internet company and foundation with a vested interest or otherwise in this could find something to object to no matter how many drafts, alterations and re-writes Australian law makers go through. This bill is just so directly counter to those companies it makes it their duty to oppose it, I'm not at all surprised if every company that has major operations on or through the internet oppose it.

 

Not that there isn't more legitimate issues with the bill or parts people can raise sound concerns with but at this point, since it has passed, I consider that line of discussion moot. Now we just have to wait and see what actually happens and move from a what if to a what has discussion type