Australia’s Ass Access Bill — An Explainer
Part 1 — The FEAR
Darryl Morris 10-Dec-18
The Australian tech sector is reeling and the global one is gobsmacked. Last Thursday, the Opposition party colluded with the minority Government to pass the encryption breaking, eaves dropping, Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, or more succinctly know as Ass Access. This, after having spent the day arguing for the inclusion of 170 last minute amendments, then dropping them all when the vote came because the government ‘left the building’.
The politics of how this came about is a macabre illustration of the mental sicknesses of our current leaders, as Five Eyes subordinates, and the explosive death rattles of the ruling Liberal Party torn apart by far right-wing members purposefully blowing it up, even when they get their way.
Our Prime Minister, Tony Abbot, I mean, Malcom Turnbull, sorry, Peter Dutton, damn almost, actually I mean Scott Morrision, or ScoMo to his friends, is the current toad in the headlights of self obliteration. The most recent in a stuttering lineage of PM’s trying to spell out ‘Stability’ but getting only as far as ‘Stab’.
To contextualise just how sick and desperate these people are, it was the last sitting day of the year, the government purposely closed Parliament early to avoid a humiliating defeat against a bill to remove refugee kids, many who are sick and suicidal, from off-shore mandatory detention centres. This, from a born again Pentecostal Christian PM who claims to have been “on his knees in tears” over kids on Nauru. The absolute betrayal of them makes one wonder if he was on his knees before God or uber-Nazi Peter Dutton — Minister for Home Affairs.
The question also arises that if the opposition had the support to get kids out of detention, why did they claim not to have the numbers to stop the Ass Access Bill? By all explanatory accounts, they didn’t want to. After a complete capitulation, Opposition leader Bill Shorten even said, “I will take half a win and move forward,” on the basis that the Opposition’s proposed amendments, of the already passed bill, would still be on the table when Parliament resumes next year, if they ask the government nicely.
Australia’s national security legislation is developed by the collaborative efforts of the powerful Parliamentary Joint Committee on Intelligence and Security (PJCIS) consisting of the security agencies; ASIO, ASIS, ASD, DIO, DIGO and ONA and MP’s on both sides of Parliament. This apparatus further collaborates with agencies in the US, UK, Canada and New Zealand to form the Five Eye’s intelligence sharing alliance.
It was after a 2017 meeting of the Fives Eye’s in the UK that our then Prime Minister, Kevin Rudd, no, Julia Gillard, ah damn’it, Tony Abbot, sorry, Malcom Turnbull infamously stated,
“The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.”
and thus began, the War on Maths. (It is probably worth stating that Turnbull was the Chairman of the 90’s ISP Ozemail which might go some way to explaining why his party trashed Australia’s National Broadband Network.)
The PJCIS were desperate to have this bill passed before Christmas clambering on that terrorist activity was highest during the December break and certainly not because next year’s political outlook appears to be a complete train wreck for all parties leading up to a May election.
So while ScoMo and Shorten doff their shining armour, having rendered Australia a safe place for Santa to bug kids bedrooms, lets ask if Australia even has a terrorist problem.
In 45 years there has only been 17 terrorist related deaths. Five of them were the terrorists themselves leaving 12 innocents. Could it be said that our harsh, racist and deadly expensive anti-immigration border policies are working? In that same 45 years, only 15 notable plots were foiled, though admittedly 14 of them have been since 2014. Were they statistically in December?
In contrast, there were up to 210 murders in 2017 alone.
It is hard not to be cynical about the ‘terrorism’ narrative. It seems to have always been a ‘brand’ by which to make more terrorists, aggregate powers and remove civil rights. I guess that’s why they always tack on ‘paedophiles’ also, as if these are the only two evils on Earth.
In 2016 the UK had already passed their own version of the bill, the Investigatory Powers Act, which has predictably been bogged down in court challenges ever since by cashed up corporate legal teams. Learning from this, Ass Access allows security agencies to target and gag innocent individuals who are much less resourced to mount legal challenges in secret courts and force them to perform an ‘act or thing’ even if that is likely to result in the death of a person in another country — 15CC.1(a).
It is this State sponsored sadism that has Aussies like me most horrified.
The defences available against this bill are few and vague. Much of it centres around the definitions of Systemic Vulnerability and Systemic Weakness and the limitations to actions regarding those definitions.
Systemic Vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.
Systemic Weakness means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.
to which there are limitations stating such as,
Designated communications provider must not be requested or required to implement or build a systemic weakness or systemic vulnerability etc. — 317ZG
… where a vulnerability is selectively introduced to one or more target technologies that are connected with a particular person … is likely to, jeopardise the security of any information held by any other person. — 317ZG
If that’s made you ‘WAT?’ you’re certainly not the only one. One must remember that a fundamental purpose of this bill is to ‘discover’ information held by other people who are potentially involved in criminal behaviour. And who is a particular person (targetable), and what makes them different to any other person (not jeopardised), if it’s immaterial whether the person can be identified?
With a warrant it’s possible to bug a house, install a key logger or hidden camera to monitor criminals. I was told (by Sen. Wong) “that only works when you know who the criminals are”.
Given that any access to an encrypted messaging platform is likely to yield all the targeted persons contacts, it would seem impossible to design an act or thing which doesn’t jeopardise the security of any information held by any other person. This goes to show just how incompetent this dragnet-not-a-dragnet law is.
Apart from these ‘limitations’ the only legislated defence offered to a Designated Communications Provider (i.e, you, when you get tapped on the should to perform an act or thing) is:
…if the provider proves that compliance with the requirement in the foreign country would contravene a law of the foreign country — 317ZB.(5)
So, I hope you’re well versed in the laws of all foreign countries given the likelihood you may have no idea which country the target is in. Oh, and you’re still not allowed to tell anyone which would include seeking council in that foreign country.
Is this all just paranoia? I mean, why would they come after little old me? I don’t even work for big surveillance capitalist company ‘X’. I’m a freelancer, or a subcontractor, or PC tech, or a phone repairer.
The fact is, you’re a non-body corporate legal person subject to the definitions in 317C which may be used determine you as a designated communications provider. If you can’t fight back, you’re low hanging fruit and no one’s allowed to hear you scream.
Broadly, this definition encapsulates persons in contact with a target technology in connection with a carriage service provider and/or an electronic service which is likely to be used by a particular person — 317B.
If you are identified by an interception agency as a potential designated communications provider, because you can push a firmware, drop a black box on a network, a PC, or fix Bubba’s broken phone screen, then put simply, life might get tough if you’re a legally weak conscientious objector.
Now that we have some idea of what this acidic cloud of inconsistent law looks like, what can it make us do?
An Act or Thing is any or all among 11 defined in 317E. They amount to actions ranging from simply supplying information to; accessing, modifying, developing, testing, concealing, substituting and covering up actions performed on target technology. You can be forced to perform an act or thing on any target technology anywhere on the globe.
What wields them? There are three instruments written in Division 2, 3 and 4.
- Voluntary Technical Assistance (VTA) — Division 2
Lets call it ‘The Tickler’. They romance you, whisper unmentionable things in your ear. They present their reasonable and proportionate desires. Don’t be scared, it’s all in good faith. You don’t have to do any act or thing they say. It’s ‘voluntary’. But if you don’t….
2. Technical Assistance Notice (TAN)—Division 3
Now you’re on notice. They give you a list, orally or written of the acts and things you must perform within some time frame. Then they own you for 12 months, or longer… if you like it that way — 317MA
3. Technical Capability Notices (TCA) — Division 4
They’ve shown you theirs, now you have to show yours. What can you do for them?
Division 6 covers Unauthorised Disclosure of Information. It’s pretty much what it says on the label. If you squeak without being told to squeak, you get 5 years jail time. A court might let you squeak.
Division 5 covers Compliance and Enforcement and lists penalties for both body corporate and individuals. Here we find that recalcitrant individuals get hit with a fine of 238 penalty units. In Australian federal law, one penalty unit translates to $210, turning it into a fine of $50,000.
If you’re a company, you can hand over a cool $10,000,000.
Don’t feel bad about all the bad things they made you do. 317ZJ grants you immunity from any civil liability for acts or things done under a TAN or TCA, so long as you were ‘compliant’.
Fuck off — I’m not a lawyer.