Yes but a single request can include an unlimited number of targets.

They can literally ask for all communications of every one of your users.

It would be very hard for that to pass the proportionality test in the law. I know it's tempting to go for the worst case dystopian scenarios but it's actually important not to go overboard. Politicians and other people with a say immediately stop listening once they hear that. This law is extremely problematic even with a conservative interpretation, so I think we should stick with that.

What proportionality test?

Lets go with how the law is actually written.

Say they decide hn is a den for hackers. I mean, it's right there in the name!

Hacking attracts a >3yr sentence - hence, we need the data of all hn users, they're all potential hackers!

The bill states:

The Director General of Security or the chief officer of an interception agency must not give a technical assistance notice to a designated communications provider unless the Director General of Security or the chief officer, as the case requires, is satisfied that:

    (a) the requirements imposed by the notice are reasonable and 
        proportionate; and
    (b) compliance with the notice is:
      (i) practicable; and
      (ii) technically feasible

So I don't believe intercepting en masse the communications of all the visitors to a web site purely based on its name would be seen as "reasonable and proportionate".

When thinking about such unprecedented powers, I prefer to consider the worst-case scenario of the laws as written, rather than what seems currently acceptable.

Because even if the current government is harmless, the next regime might not be, and these powers are basically the equivalent of a nuclear bomb with respect to privacy. They move the pendulum far away from what many would consider reasonable for a free society.

These laws just seem so rife with loopholes and ambiguities that even as an honest law-abiding citizen with nothing of interest to hide, I find them honestly terrifying.

If they're doing these things for legitimate reasons then there would be little reason to be against having reasonable limits to scope, reasonable oversight, accountability, as well as real reporting on the actual number of citizens whose data has been accessed.

The fact these concerns and all the consultation submissions from experts in both legal and technology issues have been ignored makes me strongly fear the whole law has not taken citizens right to privacy into account at all, and that is a terrifying proposition.

I agree with all of your sentiments, I just don't think that tactically this approach results in a useful outcome.

In what way does downplaying the possible consequences help tactically?

I'm hoping that if more people realize the implications of this horrible law, there's more chance of the lobotomized public actually exerting some pressure on our supposed representatives to actually represent us.

It's unlikely given the media has been painfully silent on the horrible implications of this terrible law.

Asking for a backdoor is never reasonable. This law is rife for abuse the way it's worded.

Just to add to this, it is also a requirement to give consideration to the privacy expectations of the Australian community and the legitimate interests of the communications provider.

However, there is no guidelines on how these judgements should be made and what is / isn't acceptable. Effectively it will be left to the courts to decide through legal disputes.

I thought that decision was made by a "retired judge" and a "technology expert". Is that correct?

The person requesting the spying is the one who decides if it's proportionate.

Yes, really.