“Im from the government and you’re here to help” — The Assistance and Access Act is a hackers dream

The nine most terrifying words in the english language just got an update.

I’m going to preface this by saying this is purely a thought experiment and that you should NOT try this at home. It is illegal to impersonate a law enforcement officer.

Hackers don’t care about that, so here we go.

Ronald Reagan once said

“The nine most terrifying words in the English language are: I’m from the government and I’m here to help” — Ronald Reagan.

But he didn’t have todays technology to deal with.

Imagine this, you work in a Minister’s Office in Australia. It’s a typical Tuesday afternoon and you are on a tight deadline to get your work done. Suddenly your phone rings, it’s an anonymous number.

“Hi Ben, it’s Joe I work for the Australian Security Intelligence Organisation. I am investigating case number S11341230. Your colleague Stephen is suspected of communicating with a known terrorist group. This is a matter of national security. Under the Telecommunications and Other Legislation Amendment, also known as the Assistance and Access Act, Part IIIBB, Section 29, paragraph 3(aaaa)(ii) we require your help to access Stephen’s data.”

“Sure thing, I just need to check with the legal team.”

“Unfortunately you can not disclose your assistance to anyone including your lawyer. Failure to comply will result in a $50,000 fine and up to 10 years in prison.”

“Ok well can I call you back from a number that I can confirm belongs to ASIO?”

“The identity of ASIO officers, apart from the Director-General, is an official secret. There is no way for you to reach me through the publicly accessible phone numbers as I can not disclose my full name. This is a time sensitive matter of national security. One of our lawyers can serve you with an obstruction order. It would be better for you to comply.”

“All you have to do is open a website from Stephen’s computer and you will have done a great service for your country.”

If you believe Joe then you have to make this decision on your own.

Or at least that’s how it seems.

So which dice would you roll?

Don’t just believe Joe, trust but verify … and checkout the act.

Division 6 — Unauthorised disclosure of information etc.
317ZF Unauthorised disclosure of information

Authorised disclosures — general (3)(e)

“for the purpose of obtaining legal advice in relation to this Part; or”

If you would like to get notified when I publish a new article, please join my mailing list.

Playing at the intersection of privacy and personalisation. Fascinated by the state of trust in a world with leaky data.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store