I thought we (Australians) already had something similar to this done a few years ago? I remember being really annoyed that A) they could force us to install a backdoor and B) we can't talk to anyone about it.
I guess this might be slightly different as they are making you install spyware were as last time you just had to leave a backdoor open.
Exactly, it's a very large expansion of powers already permitted under the Assistance and Access Act, etc. This doesn't mean it should be permitted, just as previous legislation shouldn't've been permitted in its proposed form.
This proposed legislation grants much wider powers directly to the Secretary of Home Affairs and allows them to demand the installation of arbitrary software on your systems which reports directly to the ASD (the Australian Signals Directorate - a branch of the Australian military).
The choice of this software, and its configuration, is left to the Secretary's prerogative. There doesn't need to be reason to suspect anything - the system only need be related to operating systems of 'national significance'. This declaration of 'national significance' is, of course, the prerogative of the Secretary - for any reason the Secretary desires.
I am not a legal professional, so my interpretation is based on my honest opinion and, admittedly relatively inexperienced, reading of the legislation. However, I do believe it to be quite clearly spelled out.
Of particular concern to me, as a systems engineer, is the fact that the proposed law does not mandate that the software be compatible with the system in question, nor does it mandate the correctness of the software, nor does it indemnify the organisation against the results of failure, compromise or data loss as a result.
Did they forget about the solarwinds incident already?!
Further, the law does not appear to provide for the reimbursement of debugging issues related to the software installation or provide for a means of technical advisory or support for this software or a pathway to contest the particular software chosen. You could be stuck with a rootkit for which you have no one to ask for assistance in troubleshooting or for workarounds.
This means is that your systems engineers and operations staff could be responsible for months of dealing with kernel panics caused by a mandatory rootkit exfiltrating data from your systems and running arbitrary code in your systems. So much for agility in deployments and systems updates. You can't do anything that might 'break' this software. There isn't even any definition of what it means to maintain the functionality of the software. Theoretically, if you interrupt the connection or the software's operation at all - even for maintenance or accidentally - you could be on the hook for violating the notice.
Should those responsible for the system in question fail to install or maintain the software in providing reports directly to the ASD via an Internet connection they are also mandated to supply, 200 penalty units may be levied. That's the equivalent of $44,000 AUD. Multiple notices under the act may be issued and penalties applied for failure to comply with each notice! It could easily bankrupt an operator should the legislation be used as a politically motivated weapon. Remember, it does not appear to be required that the installation of the software and/or system specified in the notice even be possible. As such, if true, it is absolutely possible the secretary could issue a notice which is impossible to comply with fully.
Please, if you'd be impacted by this legislation, contact your representative and get your organisation to submit a submission to the committee regarding this legislation via the article link.
They've only permitted a few weeks for this feedback! It closes 3 March. They know it's a very short period and they're really trying to get this through under the radar. Don't let them.
Isn't this exactly how you would "legally" implement a digital dictatorship? You effectively give one person the ability to rule by secret decree, with arbitrary (digital) power that doesn't require a warrant, and allows them to target businesses and their customers without any evidence or even suspicion of guilt.
Would the government have sovereign immunity if a business was harmed by bugs introduced by their malware? As you say, the government could simply demand a company solve the halting problem, and fine them into bankruptcy for not complying.
Without an ability to know what is in the code, there is no way to determine if it is proportionate (or even intended) for achieving a lawful aim, and you presumably couldn't launch a judicial review of the executive decision without having to use some sort of secret court. Given that the operation is managed by the military, though, I imagine the government would just say that all the necessary evidence is classified.
Having arbitrary code execution on all services and devices in the country, and preventing any mention of the changes made, gives a digital dictator the ability to plant any evidence they want, exfiltrate any kompromat they want, and make any financial transactions they want against any political target with no paper trail or accountability.
Don't be surprised if Australia then makes a further push for electronic voting systems:
Yes. And with the Minister for Home affairs basically only kept in line by loyalty to the Prime Minister, and having an extremely short list of “checks” to balance this power (basically all of which are the various people, committees and groups that have the right to immediately dismiss the minister) it genuinely scares me that this could pass.
The coalition have already demonstrated that the aren’t above trying to politically profit from what should have just been a regular apolitical national security investigation. Instead they spin the fact the one person found was a Labour MP as proof the opposition are somehow weak and corruptible on matters of national security. Then when the head of the depart doing the investigation makes an extremely rare rebuke, reminding everyone that such investigations are apolitical and do not reflect any differences between political parties, we get senior ministers outright disagreeing ( “respectfully” ) with the head of ASIO and trying to reaffirm that they are somehow different.
These are not the actions of people deserving of trust with power this enormous. I’m not sure I’d trust a genuine could throw thunderbolts and smite me deity with this kind of power, but I definitely don’t trust the current assholes in power and I doubt I’ll trust the next ones or the ones after that…
This might actually be my breaking point, I may have to either get into politics and run for office despite knowing I’m unlikely to succeed, or just have all the difficult conversations with friends and relatives and just fucking leave the country before they start mandating the root kits be installed by default.
Australia is ruled by Capitalists, so its simply how they reinforce there own monopoly. Aussies have no garentees to anything but as long as the general public allow themselves to be placated by reno shows, sports, and relgious blinkering, nothing will change.
As long as you dig up, grow, export, drill, suck, and offer a politican a job in cushy position for retirement, your set.
I'm sorry but the very phrase is nonsense and overly simplistic. Australia is ruled by politicians and those who collude with them, just like nearly anywhere else to one degree or another. Many countries are ruled by definitely non-capitalist leaders and do the exact same things, just as do countries with lots of influence from capitalist leaders (The U.S. for example). Capitalism doesn't automatically make a country authoritarian nor does it specifically provoke crap like this from the Australian government. If anything, it helps fight it to some extent in some cases (while also often helping it). With non-capitalist systems there isn't even the possibility of resources spreading where they could fight the state's overreach too.
What did you move to? I'm moving away from Google and considering alternatives, but Fastmail seems to be the most "reputable" and it's hard to know who to trust.
What does this mean for Atlassian and it's hosted suite of tools? They are stopping the on-premise versions in 2024. It seems to me that this puts Atlassian in the same GDPR pickle that Google is in with respect to FISA.
This is exactly why 'data sovereignty' is a concern for those using hosted cloud services. Atlassian, along with other hosting providers, likely have a policy and a control in place. However, it's absolutely something one should research and understand before using any cloud service.
The Hon. Karen Andrews MP, Minister for Home Affairs ( https://en.wikipedia.org/wiki/Karen_Andrews ), referred the Security Legislation Amendment (Critical Infrastructure Protection) Bill 2022 to the Committee for inquiry and report. They take responsibility for its contents as drafted.
She may have submitted it to the Parliament under her name but this entire document has Michael Pezzullo’s disgusting slimy fingerprints all over it. He’s been the driver behind more than a decade of disgusting authoritarian legislation.
I guess this might be slightly different as they are making you install spyware were as last time you just had to leave a backdoor open.