Wednesday, March 3, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Watchdog ponders tougher independent oversight for Australia’s encryption laws

February 20, 2020
in Internet Security
Australian industry groups issue wish list of encryption law changes
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

The scrutiny of actions taken by cops and spooks under Australia’s controversial encryption laws should be just as close as that of actions under previous laws, according to the Independent National Security Legislation Monitor (INSLM), Dr James Renwick.

But he hosed down concerns that the use of these new powers had resulted in mass surveillance.

You might also like

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

Malaysia Airlines suffers data security ‘incident’ spanning nine years

Remote work: 5 things every business needs to know

INSLM is conducting an inquiry into the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, generally known as the TOLA Act, or when it was still being considered by parliament, the AA Bill.

Renwick gave clear indications that he would explore this issue in some detail as he opened two days of public hearings in Canberra on Thursday.

“Intrusive surveillance powers, by all means conferred by law and with clear threshold and safeguards, which already apply in the physical world, should in principle apply in the analogous virtual world unless there are good reasons to the contrary,” he said.

“I’m tending to the view that because so much data and content which we don’t know about is contained on our mobile phones and computers, not least because it’s generated by DCPs [designated communications providers] as they seek to monetise our personal information, there should be at least as great scrutiny and safeguards as there were pre-TOLA before for such information is made usable under TOLA.”

Agencies need to obtain a warrant under the Telecommunications (Interception and Access) Act 1979 to begin the process of accessing communications. But currently, they can gain assistance from a DCP under TOLA with the approval of their own agency head.

INSML sees no signs of ‘mass surveillance’

Renwick has looked at the seven known uses of TOLA powers by law enforcement agencies, as well as the unknown number of uses by the Australian Security Intelligence Organisation (ASIO). ASIO gave him access to all documents, “no matter how secret”.

“Nothing I have seen to date suggests there’s been anything like the idea of ‘mass surveillance’ as a result of TOLA,” Renwick said.

“To the contrary, what I have seen to date suggests that TOLA has allowed for pre-existing intrusive powers to be used in a more targeted or limited — and therefore less intrusive — fashion against people who are not persons of interest, because the focus is on persons of interest. And that is an important change.”

Renwick also acknowledged the problems with the definitions of terms such as “systemic weakness”, and even “content” versus “metadata”, saying “there’s not necessarily a bright line” between the two.

“For the purposes of this morning, by content I mean texts, emails, phone calls and pictures,” he said.

“By metadata I mean such things as when an email was sent, the sender and recipients, their locations, how it was sent, how it was stored, and also what websites have been visited, what apps used, and so on”

He suggested that the TOLA Act should have examples of what does and doesn’t constitute a systemic weakness written into the Act itself, rather than have it hidden in regulations or other documents.

Renwick rejected the idea that the encryption debate comes down to a choice between two binary opposites, however.

He cited the comments by the “distinguished” Encryption Working Group (EWG) assembled by the Carnegie Endowment and Princeton University. EWG called for the debate to abandon two straw men.

“These are, first, that we should stop seeking approaches to enable access to encrypted information, but second, that law enforcement will be unable to protect the public unless it can obtain access to all — and I emphasise the word all — encrypted data through lawful process,” Renwick said.

As EWG wrote, “[These are] absolutist positions not actually held by serious participants, but sometimes used as caricatures of opponents.”

Independent “double lock” approval for decryptions?

Renwick suggested independent judicial oversight of the TOLA regime could be provided by a model similar to the UK’s.

The UK’s equivalent law is the Investigatory Powers Act 2016. To obtain access to encrypted communications under the Act, an application must be made to both the Secretary of State for Home Affairs and the independent Investigatory Powers Commissioner’s Office (IPCO).

Under what is known as the “double lock” system, both the Home Secretary and IPCO must give approval.

“Having spent time with both IPCO and security and police agencies in the UK, I can say it’s been very well received, not least because it has raised the level of trust,” Renwick said.

“My conversations … made it clear to me anyway, that IPCO was critical to the UK obtaining a CLOUD Act agreement from the United States. And it’s been said publicly that Australia also seeks such an agreement.”

Renwick suggested that a suitable external body might be the existing Administrative Appeals Tribunal (AAT).

“One possibility is that an application … could go for approval to the Security Division of the AAT, which is accustomed to dealing with highly sensitive or secret information,” he said.

There have been concerns, however, that the AAT might not give similar applications the same attention that would be provided by a judge.

The INSLM’s encryption laws inquiry is due to report by June 30. His analysis will feed into the ongoing review by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which is due to report by September 30.

The PJCIS is also due to report somewhat sooner, on the effectiveness of the mandatory telecommunications data retention regime, by April 30.

Disclosure: Stilgherrian wrote the Encryption Working Group’s country brief on Australia, for which he received an honorarium.

Related Coverage

Credit: Zdnet

Previous Post

Conservatives Bash Steven Spielberg but He’s Right to Stand by His Daughter

Next Post

Gartner’s 2020 Magic Quadrant For Data Science And Machine Learning Platforms Has Many Surprises

Related Posts

Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Linux Mint may start pushing high-priority patches to users
Internet Security

Linux Mint may start pushing high-priority patches to users

March 3, 2021
Next Post
3 Kinds Biases Found In AI Datasets

Gartner’s 2020 Magic Quadrant For Data Science And Machine Learning Platforms Has Many Surprises

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!
Internet Privacy

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

March 3, 2021
6 Ways Machine Learning Can Improve Supply Chain’s Bottom Line
Machine Learning

6 Ways Machine Learning Can Improve Supply Chain’s Bottom Line

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies
Machine Learning

This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Microsoft account hijack vulnerability earns bug bounty hunter $50,000 March 3, 2021
  • New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP! March 3, 2021
  • 6 Ways Machine Learning Can Improve Supply Chain’s Bottom Line March 3, 2021
  • Malaysia Airlines suffers data security ‘incident’ spanning nine years March 3, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates