A look into Corporate fraud in Australia, Stranglehold of Monopolies, Telecommunications Oppression, Biased Law System, Corporate influence in politics, Industrial Relations disadvantaging workers, Outsourcing Australian Jobs, Offshore Banking, Petrochemical company domination, Invisibly Visible.
It's not what you see, it's what goes on behind the scenes.
COMMONWEALTH OF AUSTRALIA (ABN: 122 104 616)
Australia's Prime Minister (CEO) Tony Abbott : "Australia is Open for Business"
29 August 2018
Australian politicians secretly working for a foreign government
the last few years, we’ve discovered just how much trust — whether we
like it or not — we have all been obliged to place in modern technology.
Third-party software, of unknown composition and security, runs on
everything around us: from the phones we carry around, to the smart
devices with microphones and cameras in our homes and offices, to voting
machines, to critical infrastructure. The insecurity of much of that
technology, and increasingly discomforting motives of the tech giants
that control it from afar, has rightly shaken many of us.
But latest challenge to our collective security comes not from
Facebook or Google or Russian hackers or Cambridge Analytica: it comes
from the Australian government. Their new proposed “Access and Assistance”
bill would require the operators of all of that technology to comply
with broad and secret government orders, free from liability, and hidden
from independent oversight. Software could be rewritten to spy on
end-users; websites re-engineered to deliver spyware. Our technology
would have to serve two masters: their customers, and what a broad array
of Australian government departments decides are the “interests of
Australia’s national security.” Australia would not be the last to
demand these powers: a long line of countries are waiting to demand the
same kind of “assistance.”
In fact, Australia is not the first nation to think of granting
itself such powers, even in the West. In 2016, the British government
took advantage of the country’s political chaos at the time to push
through, largely untouched, the first post-Snowden law that expanded not contracted Western domestic spying powers. At the time, EFF warned of its dangers —- particularly orders called “technical capability notices”,
which could allow the UK to demand modifications to tech companies’
hardware, software, and services to deliver spyware or place backdoors
in secure communications systems. These notices would remain secret from
Last year we predicted that the other members of Five Eyes (the
intelligence-sharing coalition of Canada, New Zealand, Australia, the
United Kingdom, and the United States) might take the UK law as a template for their own proposals, and that Britain “… will certainly be joined by Australia” in proposing IPA-like powers.
That’s now happened. This month, in the midst of a similar period of
domestic political chaos, the Australian government introduced their
proposal for the “Telecommunications and Other Legislation Amendment
(Assistance and Access) Bill 2018.” The bill unashamedly lifts its
terminology and intent from the British law.
But if the Australian law has taken elements of the British bill, it
has also whittled them into a far sharper tool. The UK bill created a
hodge-podge of new powers; Australia’s bill recognizes the key new
powers in the IPA and has zeroed in on their key abilities: those of
assistance and access.
If this bill passes, Australia will — like the UK — be able to demand
complete assistance in conducting surveillance and planting spyware,
from a vast slice of the Internet tech sector and beyond. Rather than
having to come up with ways to undermine the increasing security of the
Net, Australia can now simply demand that the creators or maintainers of
that technology re-engineer it as they ask.
It’s worth underlining here just how sweeping such a power is. To
give one example: our smartphones are a mass of sensors. They have
microphones and cameras, GPS locators, fingerprint and facial scanners.
The behavior of those sensors is only loosely tied to what their user
interfaces tell us.
Australia seeks to give its law enforcement, border and intelligence
services, the power to order the creators and maintainers of those tools
to do “acts and things” to protect “the interests of Australia’s
national security, the interests of Australia’s foreign relations or the
interests of Australia’s national economic well-being”.
The “acts and things” are largely unspecified — but they include
enabling surveillance, hacking into computers, and remotely pulling data
from private computers and public networks.
The range of people who would have to secretly comply with these
orders is vast. The orders can be served on any “designated
communications provider”, which includes telcos and ISPs, but is also
defined to include a “person [who] develops, supplies or updates
software used, for use, or likely to be used, in connection with: (a) a
listed carriage service; or (b) an electronic service that has one or
more end users in Australia”; or a “person [who] manufactures or
supplies customer equipment for use, or likely to be used, in
Examples of electronic services may “include websites and chat fora,
secure messaging applications, hosting services including cloud and web
hosting, peer-to-peer sharing platforms and email distribution lists,
As Mark Nottingham, co-chair of the IETF’s HTTP group and member of the Internet Architecture Board, notes,
this seems to include “Everyone who’s ever written an app or hosted a
Web site — worldwide, since one Australian user is the trigger — is a
potential recipient, whether they’re a multimillion dollar company or a
hobbyist.” It includes Debian ftpmasters, and Linux developers; Mozilla
or Microsoft; certificate authorities like Let’s Encrypt, or DNS
This is not an error: when we were critiquing a similarly broad definition in the UK’s IPA, we pointed out
that the wording would allow the authorities to target a particular
developer at a company (while requiring them to not inform their boss),
or non-technical bystander who would not know the impact of what they
were being asked to do. Commentators from close to GCHQ denied this
would be the case and said that this would be clarified in later
documents — but subsequent draft codes of practice
actually doubled down on the breadth of the orders, saying that it was
deliberately broad, and that even café owners who operated a wifi
hotspot could be served with an order.
There are some signs that the companies affected by these orders have
learned the lesson of the IPA, and pushed back during the Assistance
and Access’s preliminary stages. Unlike the UK bill, there are clauses
forbidding Australia from being required to “implement or build [a]
systemic weakness or systemic vulnerability into a form of electronic
protection” (S.317ZG); and preventing actions in some cases that would cause material loss to others lawfully using a targeted computer (e.g. S.199 (3), pg 163.
Companies have an opportunity to be paid for their troubles, and
billing departments can’t be targeted. There is some attempt to prevent
government agencies forcing providers to “make false or misleading
statements or engage in dishonest conduct”(S.317E).
But these are tiny exceptions in a sea of permissions, and easily
circumvented. You may not have to make false statements, but if you
“disclose information”, the penalty is five years’ imprisonment
(S.317ZF). What is a “systemic weakness” is determined entirely by the
government. There is no independent judicial oversight. Even counselling
an ISP or telco to not comply with an assistance or capability order is
a civil offence.
If the passage of the UK surveillance law is any guide, Australian
officials will insist that while the language is broad, no harm is
intended, and the more reasonable, narrower interpretations were meant.
But none of those protestations will result in amendments to the law:
because Australia, like Britain, wants the luxury of broad, and secret
powers. There will be — and can be no true oversight — and the kind of
malpractice we have seen in the surveillance programs of the U.S. and
U.K. intelligence services will spread to Australia’s law enforcement.
Trust and security in the Australian corner of the Internet will
diminish — and other countries will follow the lead of the anglophone
nations in demanding full and secret control over the technology, the
personal data, and the individual innovators of the Internet.
“The government,” says Australia’s Department of Home Affairs web site, “welcomes your feedback” on the bill. Comments are due by September 10th.
If you are affected by this law — and you almost certainly are — you
should read the bill, and write to the Australian government to rethink
this disastrous proposal. We need more trust and security in the future
of the Internet, not less. This is a bill that will breed digital
distrust, and undermine the security of us all.
Source: 27 Aug 2018, Electronic Frontier Foundation (eff.org)