[MLB-WIRELESS] A letter I got....

Clae clae at tpg.com.au
Thu Nov 14 05:54:59 EST 2002


Ugh.  Groan,  Argh.

Jon, your input here would be pretty helpful, I think


At 4:36 PM +1100 12/11/02, Andrew Griffiths wrote:
>Steven Haigh wrote:
>>Got a letter today from the Attorney-General's Department....
>
>Uh oh... How about we invite whomever onto this list for the 
>duration of this discussion?

how about NOT, until we know what we are doing?

>>  it follows:
>>  --- Begin Letter ---
>>Dear Mr Haigh
>>      WIRELESS BROADBAND INTERNET ACCESS PROVIDERS
>>OBLIGATIONS UNDER SECTION 313 OF THE TELECOMMUNICATIONS ACT 1997
>>  I understand Melbourne Wireless is operating or intending to 
>>operate a wireless broadband network to facilitate access by 
>>customers to the Internet and/or the PSTN.

not our primary purpose, and we need to stress that.
this is obviously a form letter though.

>  > I am writing to all wireless broadband access
>>providers to inform them of their obligations under section 313 of 
>>the /Telecommunications Act 1997/.
>>  Under the Act, carriers and carriage service providers

These are quite specific legal terms, and the easiest way to avoid 
this whole headache is to make sure that we are not either of those 
things.  This might curtail our activities a little or a lot, but if 
we choose to cross that line, then we *must* comply with the 
practises this letter is talking about.   Or huge fines, go to jail, 
close down the network etc.

Legal advice time folks.

>>must do their best to prevent telecommunications networks and 
>>facilities from being used to commit offences.
>
>Does this mean we have to monitor everything? (Censorship). If so, 
>how about when people see material they do not agree with and so on.

Ugh ugh ugh.  I believe it means at a minimum, data logs, tap points 
and a Responsible Person to handle warrant requests.  As in, *any* 
data transitting the network has to be tappable, and supplied at very 
short notice in a useable form when a warrant is served.

We are going to need Help with this - I suggest VicNet.

>What about cryptography?

The compliance requirements for ISPs IIRC are based on reasonable 
effort - no-one expects you to break a PGP-encrypted stream.  They 
have their own computers for that :-)

>They must also give the authorities such help as is reasonably 
>necessary for the purposes of enforcing the criminal law and laws 
>imposing pecuniary penalties; protecting the public revenus;
>
>Myself, so long as it is of a criminal nature (such as some person 
>going around breaking into computers and using our network for a 
>launch pad) and not something commerical related (like pirating), I 
>don't mind so much.

Me neither, except in so far as we are being drafted as unpaid police deputies.

>and safeguarding national security.
>
>"They" seem to through this one around; possibly because its hard to 
>refute. However, at what line is freedom and safety drawn?

Wherever the Attorney-General of the day says it is.  Or a judge at a 
warrant hearing.  Or an ASIO agent acting on his or her "reasonable 
suspicion".

>  > This may help include

I think they mean "This help may include"

>>provision of interception services, including services in executing 
>>an interception warrant under the /Telecommunications 
>>(Interception) Act 1979/.
>
>Mmmmkay.. I rememeber a draft of a Law/something mentioning the 
>various security people would like all the (cryptographic) keys used.
>
>So lets say I had an account on some box, and some .gov agency 
>wanted to break into this box (assuming they have whatever is needed 
>to say they can) does this mean, for example, I might have to hand 
>over SSH keys or whatever?

Probably, if the warrant was drawn wide enough.

>And if SSH, why not say, GPG keys?
>
>And if you don't comply (for the public's safety of course) why not 
>jail  time?

Obstruction of justice.  Contempt of court.  Aiding and abetting 
terrorists.  Take your pick.

>If I can find a link to what they where proposing a while ago, 
>you'll find I'm not joking.

ASIO has the legal right to enter your box right now, remove, copy, 
alter and add whatever they like, and hide all trace of their entry. 
Welcome to the 21st century.

>>  An Overview of these obligations, including a link to the manual 
>>'Telecommunications and Law Enforcement', is available at the 
>>Australian Communications Authority website:
>>  http://www.aca.gov.au/licence/public_interestobligations.htm
>
>  An officer from my office, the Australian Security Intelligence 
>Organisation or a law enforcement agency may have already made 
>contact with you to discuss details of the services offered by your 
>company
>
>Company? AFAIK, we are not a commerical entity. Does anyone know if 
>this changes anything wrt .gov agencys?

Some things.  Depends how we play it.

>>and the assistance that may be requested. If not, you should expect 
>>contact to be made in the near future. Specific issues to be 
>>discussed will include:
>>  a.    architecture/technical details of the service being offered, 
>>the customer base and distribution, and roll out plans;

It occurs to me that all these laws and procedures start from the 
presumption of a one-to-many topology.  The technical task of 
implementing this in a true many-to-many peered topology is a long 
way from trivial, and it looks like somethig they have not even 
considered.

Another argument against MW-owned equipment?  Or an argument for it?

Things we need to stress are the novel network topology, the 
distributed ownership, and the non-commercial nature.  If we even 
are/become a "carrier".

>  b.    the nature of subscriber and historical traffic
>>data that might be
>>requested, the information that might be provided as part of the 
>>request, and the format in which the information can be provided;
>>  c.    the telecommunications interception warrant process;
>
>And people will have to keep secrets about this and thusly will 
>create distrust in our/the community.

Is that required?  Who knows?  Presumably for security-related warrants.

>>d.    identifiers for each service;
>>  e.    technical implementation facilities, and interception 
>>product delivery arrangements;
>>  f.    service level agreements; and
>>  g.    physical security arrangements and security clearance 
>>requirements for the handling of classified information.
>
>Does this mean people running an access point / backbone whatever 
>have an agreement with melb-wireless, or does the various .gov 
>agencies make there own arrangements with said person?

This is a legal and technical bowl of spaghetti, which we can either 
tackle head on, which will possibly fundamentally alter the nature of 
our network, and our little community, or we can avoid it altogether 
by making sure we are not a "carrier" or providing "carriage 
service'.  This could rule out internet access, or just restrict the 
conditions under which we can add it to the network.

>>  I would appreciate your advice of the most appropriate point of 
>>contact within your organisation. If you have any queries, please 
>>do not hesitate to contact myself or <name withheld>, (xx) 
>>xxxx.xxxx or email her at: xxx at xx.xxx.xx <mailto:xxx at xx.xxx.xx>
>>  Yours sincerely
>>   Joan Sheedy
>>A/g Agency Coordinator.
>>  --- End Letter ---
>>   Any comments on this? I'm not sure if I like what it's implying.....

Imply be damned.  This is fact.

>Myself included... I can see this as being problematic and headache 
>causing. Why do I get the feeling that its time to leave .au?

What, and go where?  The US?  The UK?  Singapore?  It's the same or 
worse all over.  The "terror" threat has given the (in)security 
establishment the opportunity to go to Santa Government with their 
Christmas list, and get most of it fulfilled.

>(Someone read to me a quote when talking about various things 
>happening, "The Jews who could see what was happening left Germany 
>as quickly as possible" or something like that..)

"when they came for the trade unionists, I did nothing, because I was 
not a unionist"
etc, ending in
"when they came for me, there was no-one left to do anything"

End of my comments.

Clae.

>>Signed,
>>Steven Haigh
>>http://wireless.org.au
>>(Visit https://wireless.org.au to install our Root Certificate.)
>
>This can possibly be seen as overreacting, but when I read in the 
>paper that "People shouldn't question the government over how its 
>acting" and so on, it starts to really worry me.
>
>For example, the recent article in the Herald Sun about "kids going 
>to libraries to look at pr0n", and people saying we should install 
>filters. (Which
>   1) Don't work (Moving targets)
>	The only solution is to white list sites? Now, would this be 
>possible with all the content on the 'net?
>   2) Are not open (I've read many reports saying that various 
>filtered places do not agree with the creaters political beliefs and 
>thereforce are blocked, amongst other things)
>   3) Do not have an easy recourse of removing said blocked sites.
>   4) And people sign agreements saying they won't bring up 
>"objectionable material" at the library.
>)
>
>Well, lets get this discussion rolling..
>
>Andrew Griffiths.
>

-- 
-the lord is my shepherd, I shall not want - aum namah shivayam - 
allah u akhbar -
          - in memoriam for the people of all nations and faiths 
killed in Bali -

To unsubscribe: send mail to majordomo at wireless.org.au
with "unsubscribe melbwireless" in the body of the message



More information about the Melbwireless mailing list