I have migrated to Australia many years ago and I have recently become eligible to become a citizen. However I’ve heard stories of tech companies refusing to hire Australians because of the AA Bill, so I’m holding it off for now. The problem seems to be the provision that a tech worker can be coerced by the Australian Government into creating a backdoor, and they are not authorised to disclose it to their employer. I don’t want to hurt my future employability. On the one hand, if I had my citizenship then I could vote at the next elections, but on the other hand the AA Bill has been supported by all major Australian parties so I feel powerless.
"For example, Australia’s law enforcement could compel Apple to provide access to a customer’s iPhone and all communications made on it without the user’s awareness or consent. An engineer involved would, in theory, be unable to tell their boss about this, or risk a jail sentence."
"The Australian government could demand web developers to deliver spyware and software developers to push malicious updates, all under the cloak of “national security.” The penalty for speaking about these government orders—which are called technical assistance requests (TAR), technical assistance notices (TAN), and technical capability notices (TCN)—is five years in prison."
So developer discusses with his boss. Developer A adds back door. Developer B then patches back door. Boss fires developer A. Developer A then uses this TAR crap to sue government for forcing him to do something and lose his job.
I can’t see the government being able to defend itself. We elect the government to serve the people and the decisions of the government are negatively impacting the people no matter which way you spin it.
And there have to be limitations as to how far an individual could go as to subterfuge, so if your company enforces a 2-person code review and there aren't other authorized Australian nationals at hand, you could point at process preventing you from doing so without others' knowledge (how naive this defense is, I have no idea)
You opt into participating that process by accepting the job, though. So from Australia's perspective, the way to comply with their law is to not take such jobs, and to leave if the process changes prevent you from complying.
I think you're inventing scenarios here that are too unlikely even for a pretty corrupt country. There probably exist laws in a number of countries which would technically jail you for taking some not-explicitly-illegal job. But this is absurd. Unless you're an actual lawyer giving opinion here?
I think if you trust people to not be corrupt you will wind up with corruption. A bad law is one that requires the empowered to not abuse it. A good law can't be abused. Harsh and cynical but true - reducto ad absurdum giving someone the legal power to murder anyone and relying on it to "not be abused" is a law literally bad enough to be causus beli for a civil war.
Can you explain why? It seems like a straightforward application of the law making some activity illegal, when its jurisdiction is explicitly defined as extending beyond the nation's borders. If you forget the border for a moment and just consider it all a single jurisdiction, aren't you basically saying that somebody can break the law and claim immunity from prosecution on the basis that their job requirements demanded that law to be broken?
3. You say we have code review the backdoor will be caught.
Now at this point the following might happen.
4a. make sure your code is reviewed by X.
4b. ok I guess it won't work.
4c. here is the code to put in, it has a very hard to catch bug that we can exploit.
in no way would I expect them to say
4d. well we're going to take you to court because you took a job that makes entering backdoors difficult.
on edit: improved formatting
on 2nd edit: I removed the leading No but, because I can't remember why I started off with that.
Is there a protection that prevents the government from requiring an employee take an action that may be discovered?
Or even a reason? I mean, unless the backdoor has a hard-coded URL like `www.ThisIsAGovernmentBackdoor.gov.au`, then a backdoor wouldn't seem to automatically implicate the government. Then an employer might well assume that the employee is just doing their own hacking. And presumably the employee can't say otherwise, right?
Or does the law say that employees can refuse if they fear discovery? And if so, couldn't employees always just refuse on that basis?
I'm not saying the employees can refuse, I'm saying the employees can say I will be discovered because of this reason. I naively suppose the police are like me in that they do things with a purpose in mind, and if they cannot achieve their purpose by an action they refrain from it as a waste of energy.
If their purpose is to hack company X, are informed that the way they intend to do it will be discovered and expose the tool they were going to use, then I expect they would refrain from doing that and try to find some other way. If they do not refrain then their purpose must not be to hack company X but really just to expose the tool for some reason.
However if they just say I will likely be discovered because of this reason, the police will probably just say "that's a risk we're willing to take!" and go for it.
so it's not that the job requirements demand that law be broken but rather the job requirements are such that the actions being demanded by the law will be ineffective or even worse, be caught out leading to termination of the only Australian 'asset' the government has in the team.
I suppose Australia can attempt to make a law saying any company based in Australia or selling products in Australia or with an internet presence available inside the country of Australia must stop using code review in case you ever hire an Australian citizen we want to put backdoors in your code.
Just imagining it is giving me quite the entertainment value.
Maybe the poster above was referring to the Underhanded C Contest
> The Underhanded C Contest is an annual contest to write innocent-looking C code implementing malicious behavior. In this contest you must write C code that is as readable, clear, innocent and straightforward as possible, and yet it must fail to perform at its apparent function. To be more specific, it should perform some specific underhanded task that will not be detected by examining the source code.
I highly encourage everyone to go look at the hall of fame, it was extremely eye opening when I first did!
Even knowing there is an exploit in the code, I probably would never be able to find most of them. My favorite is 2008's winner who's goal is to write a redaction program to redact text. It doesn't use any buffer/array hacks, the code is very straightforward and simple and small, and it would work in languages other than C. It's a terrifying example of how easy it is to write malicious code that would pass multiple code reviews but still has a backdoor!
Quit making me laugh, buddy. Unfortunately, I think we all know that once they get their office, they do very little to serve the people. Not sure about the case with Australia, but you can't sue the American government unless it lets you. Otherwise, it just claims sovereign immunity. Wrong as that is, it's a very good defense as it keeps them out of court. This might lead the employee to sue the employer ("I was complying with a lawful government order; you can't fire me for that!"), making Australians even more of a liability.
Employee gets fired for introducing a backdoor, but "may or may not have been" subject to one of these assistance notes (the Government won't comment either way, the employee insists they had a Technical Assistance Note). Employee sues the employer for wrongful dismissal because of the alleged unprovable TAN.
I wonder which way that court case would go... sounds like a recipe for deadlock.
Another possible concern is that the employee sues for wrongful termination, alleging they were "just following the law" (which they would have been). The employee shouldn't lose his job for following the law, the company shouldn't have such problems for trying to protect its users, and this whole mess was caused by government intervention.
But yes, it will be interesting to see how the courts rule. Not familiar with Australian law, so if anybody has thoughts about this, please feel free to enlighten me.
Considering the number of times I've seen a developer quickly patch something and deploy their private build to the customer (not maliciously, but because the customer is screaming and needs it right now and wouldn't wait for normal QA process), I don't think it would be terribly difficult for the compromised developer to create a malicious binary outside of the committed codebase.
I believe that is an incorrect interpretation of the law.
The govt can compell an entity to assist in making encrypted information available. But the entity in question is not the individual employee, but the company who owns the product or service.
If you're under the employment (i.e., not a contractor), you can't be an entity, and the employer will definitely know if they've been compelled.
But I do agree the law is stupid and erodes all trust from software owned by an Australian company.
> For the purposes of this Part, the following table defines:
> (a) designated communications provider;
> (b) the eligible activitiesof a designated communications provider
> A person is a designated communications provider if...
... Actually, there's too many to list. But here are a few examples:
> - the person provides an electronic service that has one or more end-users in Australia
> - the person develops, supplies or updates software used, for use, or likely to be used, in connection with: (a) a listed carriage service; or (b) an electronic service that has one or more end-users in Australia
> - the person manufactures or supplies components for use, or likely to be used,in the manufacture of a facility for use, or likely to be used,in Australia
> - the person is a constitutional corporation who: (a) manufactures; or (b) supplies; or (c) installs; or (d) maintains; data processing devices
Note that in the last situation they specifically mention corporations, but that prior situations do not require this. The requirements listed are to be interpreted as an OR not and AND... so ah, that's fun.
So yes, we Australians can be legally required by our Government to perform corporate espionage... and almost no-one in Australia (certainly not the public at large) seems to give a f--k.
Oh, and it's probably worth noting that you need not even be an Australian citizen to be covered, you simply need to have users in Australia. Of course, whether Australia can enforce these laws against non-citizens is another matter.
However, this legislation was specifically put together with co-operation of all members of the five eyes, so there's a reasonable possibility of extradition. The Department of Home Affairs even made a public statement confirming as much. It seems to have since been pulled from their website, but is available at:
Jurisdiction sets no limits to itself, but to other jurisdictions. Australia can request extradition of anyone from anywhere, then it's up to that jurisdiction to decide whether to comply, which may or may not be situational. If the country believes it's a problem, then it would deny the request.
>However, this legislation was specifically put together with co-operation of all members of the five eyes, so there's a reasonable possibility of extradition. The Department of Home Affairs even made a public statement confirming as much. It seems to have since been pulled from their website, but is available at: [PDF link]
I read the PDF and didn't notice any mention of extradition. Am I missing something?
Don't know anything about extradition but the law specifically mentions putting in backdoors to aid foreign nations at their request.
It also notes that this can be for economic espionage too and isn't limited to national security (for the people who like to pretend that's not what their intelligence agencies are doing)
Sorry for the ambiguity. The reference I provided was with regard to the fact the Australian Government has collaborated with other five eyes countries with this legislation, or at least the 'need' for this legislation.
This is why I simply wrote there's a reasonable possibility of extradition, rather than anything definite.
> the person provides an electronic service that has one or more end-users in Australia
I don’t think this particular clause covers an individual working for a corporation as an employee, as in that case the employee isn’t providing the service the employer is.
It reads to me like that clause is intended to cover people who produce software as sole operators of their business, or perhaps a group of people in a business partnership.
I haven’t read the rest of the act, so maybe there is a stronger clause targeting employees?
If the government can compel a company to do a thing that doesn’t necessarily mean they can compel any particular individual.
You could refuse / quit / abandon the project. Maybe they’ll just find somebody else to do it?
> contracted service provider, in relation to a designated
> communications provider, means a person who performs services
> for or on behalf of the provider, but does not include a person who
> performs such services in the capacity of an employee of the
> provider.
The statute here is always talking about a contracted service provider who has to comply with the compelled "assistance". So as an employee, you do not have to worry about being jailed for non-compliance, as an employee cannot be a "contracted service provider". But you may be fired for non-compliance by your employer (if they choose to fire you because of it), but that's between you and your employer.
I'm certainly not a lawyer, so absolutely may have misinterpreted.
However, what I've quoted above is referring to the definition for a designated communications provider, as opposed to a 'contracted service provider' - the latter of which makes sense not to include employees as they're not 'contractors'. However, technical assistance notices (which are compulsory, as opposed to 'technical assistance requests') can be served to designated communications providers, as covered by 317L.
So the fact employees aren't considered a 'contracted service provider' is therefore not relevant?
Again, just reiterating, not at all a lawyer, however at this moment in time, this is my interpretation of the legislation.
It is completely relevant, since the OP mentions that you as an australian working for a company could be compelled directly as a communications provider.
I'm saying that if you are in the employ of a communications provider or a contracted service provider, you do not have to worry about being compelled directly. I take "the person" to mean an actual person, or a legal person, but the employee of the communications provider is not a person (IANAL, so don't use me as legal advice).
THe law provides a specific provision to say that there are limitations to what the assistance can be:
> 317ZG Designated communications provider must not be required
> to implement or build a systemic weakness or systemic
> vulnerability etc.
But the issue here is whether it's possible to perform the required "assistance" but not introduce systemic weakness or systemic vulnerability. I think it's a logical contradiction, so the law is pretty damn stupid...
Systemic weakness or systemic vulnerability is redefined to not include anything that the notice can require however, rendering that particular exception pointless.
> systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.
The words "systemic weakness" means something completely different to how the industry would use it.
"We don't need you to introduce a Systemic Weakness into the whole class of 'electronics', we just need you to selectively target the specific class 'mobile phones' that are connected to John Doe 3 aka bogey-man-de-jour."
This is now request that your lawyer would happily bill by the hour arguing with their lawyers in front of a judge - to determine whether it's a correct and enforceable interpretation of that shittily written legislation.
Except you aren't allowed to tell your lawyer we asked you to do it.
No. The people who wrote the law (and handed it over to the elected politician) knows quite a lot about it. The politicians who put their face on it are mostly ignorant, if not idiots.
Politicians don't generally come home in the evening and sit down to write their own bills. They rely on "experts" to do it for them. The more we rely on a central regulatory apparatus, the more essential this is. And this is where we run into problem like this, as well as regulatory capture. But the fact remains that they've got to rely on somebody with expertise, yet where can you find such people, and how much can you trust them when they're not publicly responsible (or even known).
i believe an independent contractor is considered a service provider, and so they could be compelled to provide the gov't assistance.
I also believe that these service provider(s) are required to not disclose the fact they've provided assistance. Therefore, apple would do well to not hire any australian company for their contracting purposes (but instead, employ them as an employee).
I am not a lawyer so I wouldn't be able to comment on the meaning of "entity", I hope you are right though, and I also hope that the Australian Government would at least clarify the meaning of the provision and the legal definition of "entity" in this specific case.
Do you know what exactly constitutes a backdoor and how exactly Australian government "orders" their citizen to add this backdoor ?
I less worried about an individual writing backdoor code and more worried about sabotage by giving private keys to government, leaking sensitive data etc. while these are not strictly backdoors in technical sense I guess government can put such things under that broad category.
Another question I have in my mind is whether it would be legal to post "Australian citizens may not apply for this job" under the job posting in USA. Clearly there is a good reason to believe an Australian citizen is not good enough for tech jobs given that he comes with this baggage.
How exactly would this work? Let's say I have been coerced into making a back door, and my company has a policy of enforcing code reviews for every project. Surely, somebody would notice? Or would they count on me to do my best to obfuscate the back door? What if I "don't know" anything about obfuscation?
Good question. I think nobody knows. Most likely what happens is:
* You make the change
* You report back that you made the change and it's now pending in code review
* Your change gets rejected in code review
* Australia tells you to make the change and circumvent code review
* You tell them you have no way to do that; every change goes through code review
* Australia wants to know who reviews your code, and if your code could be reviewed by an Australian
* Your boss asks you why you haven't delivered any changes recently and why are you constantly on the phone explaining the code review process
* Australia contacts a reviewer and tells them to accept your next change or else
* You get fired before you can submit the change again
Thank you for providing a better source - reality is more nuanced than what most news outlets want you to believe, but unfortunately hiring practices are influenced by public discourse, and unfortunately the prevalent message out there is "don't hire Australians"
It might be cheaper foor a business to just not hire Australians than to hire a lawyer and dedicate bizdev time to figuring out the intricacies and nuance
It is not cheaper than getting sued for discrimination. Which would be easily proven in many cases, seeing how many people are more afraid of a potential issue with another country's intelligence agencies then of publicly posting about their plans to violate their own employment laws.
You're bringing up an valid exception validated by law. It's not the default and does not apply to almost all jobs out there. It's also usually applied as "only our nationals" rather than "not those specific other nationals" which would be the case for non-Australian.
I'm not linking specific cases. (partially because you didn't specify which country you're taking any) A quick Google will bring you the specific laws, cases and lots of lawyers specifically advertising themselves to handle those cases.
You can’t be sued for discrimination based on the employees location, which is actually the issue at stake here. Citizenship doesn’t appear to be relevant.
Later posts make it clear the law is actually about country, not citizenship. Non-citizen residents of Australia have the same risk factor as citizens.
No, business hiring is influenced by risk and value. Having any of this language is a risk that's just not worth it, especially because of how ambiguous and surreptitious this is.
It's up to the citizens and their government to rectify such poor legislation.
The fact we have to ask is unacceptable in the first place! The same way you shouldn't have to ask if there is polonium in your tea. Given the easiest and most sensible solution is the same in both cases - dump it because it isn't worth the risk.
I haven't seen a compelling argument that it has extra-territorial effect; on my reading of the amendments it doesn't.
Extending your intelligence laws to cover individuals residing in other countries, who might also be citizens or permanent residents of those countries, can make for awkward dinner table discussion in diplomatic settings.
So hiring Australians working outside of Australia should be OK.
Of course, I'm not a lawyer. Or a spook. Or a diplomat.
1. You likely can't force someone to disclose all their citizenships.
2. In most countries you can't legally discriminate based on nationality. In practice publishing this comment here will likely cause you more trouble if you reject someone now, than Australian government.
3. If you apply this to all... what countries are you left with exactly where the government or LE can't force people to do something?
> 1. You likely can't force someone to disclose all their citizenships.
Yes you can, in some cases; as for instance in some cases, especially IT security, you cannot be a foreign national or have ties to some specific nationality if you do business with local governments. This requires you to know the nationality(ies) of your employees. You can still have them in your team but they cannot work on the project. The Australian law would make this a very good argument to not hire them as they cannot work on any project as they are a possibly compromised.
An example would be SpaceX which only hires US citizens due to DoD contracts.
> 2. In most countries you can't legally discriminate based on nationality. In practice publishing this comment here will likely cause you more trouble if you reject someone now, than Australian government.
I'm pretty sure that in the cryptography and IT security business the value of not having to comply with this law outweighs the cost of any discrimination lawsuits.
Government/DoD security is much different than any random company's it security. Even large corps don't care about nationality for security team, just visa status / employment rules for most projects. (Again, when not related to gov projects)
I honestly don't know how SpaceX does what it does. (Update: they are regulated as working on military stuff so it's the same as DoD rules)
I admire the consistency, but the ammount of posts I see along the lines of "we won't hire Australians anymore" and the absence of posts like "we'll be adding Australia to the list of countries we don't hire from" doesn't fill me with confidence that this is common.
Even before this change plenty of Chinese nationals would likely be employed wherever they were storing data in Australia and MS didn't care about that. I'm not aware of any MS ban on hiring Chinese either. So they were presumably fine with the threat of Chinese nationals inserting back doors, but it's a problem now because it's Australians.
> The problem seems to be the provision that a tech worker can be coerced by the Australian Government into creating a backdoor, and they are not authorised to disclose it to their employer.
> Is this true ? There is no way I am hiring an Australian citizen then.
No. The request or notice is served to the company, not the individual, so the company is not left in the dark.
There has been a lot of poor reporting about this law; roughly speaking, there are 3 types of requests for data allowed:
1. Technical Assistance Request - "give me this data please". Optional, no penalty to anyone for not complying.
2. Technical Assistance Notice - "give me this data if you can, or else..". Mandatory, penalty to the company if they can comply but do not comply.. but if the company would have to build a new thing to comply (e.g. they do not have the decryption key and there's no backdoor), then there's no penalty and they do not have to comply.
3. Technical Capability Notice - "give me this data or build a way to give me this data, or else..". Mandatory, and a penalty to the company if they do not comply. If they can't do the thing yet, they need to build a backdoor, unless doing so would introduce a "systemic weakness".
In all cases, it's the company being targeted. Individuals in the company only become liable for penalties if they leak information to people not involved in the investigation.
Yes, it's still a bad law that was rushed through with too little discussion. Yes, there is too much room for interpretation and too little oversight. (And yes, Australian tech companies like Atlassian are lobbying heavily to improve the situation[0][1][2].)
But we're not at the point where it's reasonable to blacklist Australian tech workers yet, thankfully.
Source: I am an engineering manager at Atlassian, a major Australian tech company; there has been a lot of internal discussion and guidance from our founders and legal team about this.
Disclaimer: I am not a lawyer, this is not legal advice, etc. Also, I am an Australian citizen.
I'm confused by the "systemic weakness" exception for the third case. Obviously I need to research this, but it seems that in many cases, a backdoor is, almost by definition, a systemic weakness. Of course, I wouldn't want to argue that point in front of a judge, but it would be useful to have more clarity around this.
So garishly stupid that it can blind a boulder. So vapidly moronic that bits of ooze collected by clams are more intelligent. It's so bad that astronauts on the ISS passing over Canberra need to shield their heads with lead so the radioactive idiocy doesn't fry them.
But don't kid yourself: Australian citizenship is profoundly valuable.
I would not pass it up lightly. I was born to it and I am enormously grateful to have it.
Getting where I am now (Australian permanent resident) has been the hardest thing I have ever done in my life.
It included working casual night-shift jobs while studying to get a uni degree during the day (having an Australian degree improves your score towards a skilled visa).
For a long period I have been separated from my wife and daughter due to visa complications, it was heartbreaking.
In addition I had to give up my role as a start-up co-founder (because in order to maximise your skilled visa score, it's better if you are an employee at an Australian-based company - the start-up I was involved with was legally based overseas).
I haven't even visited my home country (Italy) since 2013, I am still in touch with family and some friends but the reality is that the connection to Italy is slowly fading away and I am long past that phase where you start to call your adoptive country "home".
Becoming an Australian citizen has been the main goal of my life in the past 8 years so I'm not going to pass on it lightly. At the moment, however, I'm taking my time to think about it.
One more piece of Anecdata, Im an Australian who has decided to go for US citizenship, for several reasons but all basically due to a continuous disregard for personal liberties by our government. Australians love being told what to do, seems like 90% of the population are very satisfied to be servants of the ruling class and aspire to nothing else.
Edit: I replied to the wrong comment, meant to reply to the one above this one.
Any australian working in the US that is able to obtain PR or citizenship likely has a well paid job that provides health insurance. While I feel for the folks in the US without coverage, lack of access to affordable health care does not really apply to employed, skilled immigrants. In my experience US health care is the best on the planet, its also the most expensive.
From my perspective, US health care is way above the quality of healthcare in Australia. Price, not so much...
Australia has a very high standard health care system. Probably on a par with the UK and the U.S.
Given that insurance companies will soon be excluding "pre-existing conditions", there's a good chance you can't get insurance under a corporate plan anyway.
It depends on your criteria. But it's a wealthy country with a high standard of living, relatively safe and stable, with well-established democratic and legal systems, has relatively low corruption, safety nets for health and welfare, subsidised education and if you avoid the crocodiles it can be very pleasant in parts.
Canada meets a lot of these criteria, though the climate may not agree with everyone--though at least we don't have a plant that causes you to suicide yourself (gympie-gympie)
This is put out by the Heritage Foundation. You may want to read up on their ideologies before deciding that a rating of "good" from them is something you actually want to achieve.
For example, their affiliations are: Republican Party, Thatcherism, Reaganomics.
I think it's important to have some context here though. I can't speak for the parent commenter, but I am Australian and how I interpreted it was that our democratic system is reasonably mature, functional, and relatively free from large scale corruption.
I think the last point is the big one. Political lobbying, while still a thing, isn't as rampant as in the US for example. Bad power-grab legislation like the bill being discussed still happen, as do bad laws as a result of general incompetence, but in my experience there are far less laws that happen as a result of corporate lobbying.
A good example is the Australian tax system. There is a government provided website for filing your individual income tax return. For the vast majority of people it is prefilled, takes about 5 mins, and it's also free for everyone. Contrast this with the US where companies like Intuit lobby specifically to keep the tax code complex and to require returns prepared online be submitted through one of them so they can collect their fees.
> Bad power-grab legislation like the bill being discussed still happen, as do bad laws as a result of general incompetence, but in my experience there are far less laws that happen as a result of corporate lobbying.
I think I care a bit less about corporate welfare lobbying than infringements on my civil rights. You can fix corporate lobbying if you have real civil rights, but if you don't have the right to communicate privately, the corporations can literally just stop you from organizing, with the littlest nudges (just make the messages of dissent mysteriously not deliver). It might not even be illegal.
Bad news:
This is still the words of a politician, so it's likely they're relatively empty and the changes may be trivial and won't address the fundamental distrust it has sown in Australian-developed and / or operated technologies.
Do you mean tech companies in Australia refusing to hire Australian citizens? Or foreign companies? Because the first is very illegal.
If your home country allows dual citizenship, it doesn't seem like a problem for getting a job outside Australia. If it's not a government job where they'll do security checks, just don't disclose your dual citizenship. I hold dual citizenship, and not that my company has asked or would ask me if I am, I could easily say that I'm not and there isn't a lot they can do. Even governments struggle to determine if someone is a citizen of a foreign country, as we discovered with the dual citizenship debacle in parliament.
If your home country doesn't allow dual citizenship, depending on the risk you're willing to take, you can still become a dual citizen and not notify your home country.
Either way, the benefits of being legally entitled to live in Australia for eternity, as well as the right to participate in the democratic process, outweigh any potential downsides to becoming an Australian citizen, although I've still for a few more years to wait for that.
The Australian tech sector is not that large, an ill-conceived law like this one could potentially worsen the job prospects here, to the point that one may consider working overseas. I'm not saying that it's likely, but at the same time it's not impossible.
So, yes, I was thinking primarily about foreign companies; (by the way, your argument in relation to Australian companies, "Because the first is very illegal", is not bullet-proof, because there are many things in this world that are illegal, and yet they happen).
My home country allows dual citizenship but I don't think that it would be so easy as you say to withhold this crucial piece of information from an employer: given that about half of my CV is made of positions I've held in Australia, I believe it's not that unlikely that a prospective employer may ask about my citizenship status.
Anyway, I haven't taken any decision yet, I'm just basically taking my time. I agree with you about participating in the democratic process, when I evaluate pros and cons of becoming a citizen, that's the biggest pro in my mind. Being entitled to live in Australia, on the other hand, is not a big factor in this decision, because I already have a permanent visa that lets me do that.
> I believe it's not that unlikely that a prospective employer may ask about my citizenship status
I guess that depends on whether you want to lie to a potential employer then, or alternatively renounce your citizenship.
The difference between a PR and a citizenship though is that you have the privilege to live and work in Australia, your PR visa can technically be cancelled on good character grounds, whereas with citizenship you have the right to live and work in Australia. Unlikely to happen I'm sure, but it's there.
You mean the same democratic process that passed this bill when literally 99% of the responses within the consultation period were against it?
Or maybe you're talking about the democratic process where our opposition agreed to pass this bill even though they thought it was badly thought-out and needed amendments which were promised to happen in February but still haven't, in return for our government not allowing doctors to see sick people in our secret offshore prisons that almost nobody supports.
I'm being facetious of course, but as an Australian citizen I haven't felt represented here for a long time.
There's so much ambiguity in this, though. Can't the complying Australian employee simply nudge his/her coworker and say "hey, patch this later" and then it's just a game of back and forth with the Australian government not having their way in the end?
I can't stress enough the potential for harm in any attempt to bypass various laws.
The Australian Government even refused to allow independent Medical Doctors into their off-shore immigration detention centres for fear of the detention conditions being made public.
Australia did nothing to even consider trying to maybe help Julian Assange, an Australian citizen seeking protection from nation-backed harassment, way back when, and two Australian citizens were murdered by the Indonesian Government for drug trafficking (Australia negotiated prior to the event, but no negative action was taken afterwards). These are admittedly both divisive examples - with the intention to point out that it depends on the direction of political winds as to how the Australian Government will react.
Australia is a good place to live and the anecdotes above are specifically chosen as the far end of the bad scale, but if you choose a fight with any of the few specific issues the Government is paranoid about or sensitive to, you may face significant resources aimed at your incarceration.
Just make sure your ass is thrice covered if you're going to go up against it...
Australia's public image of being a "larrikin" place - all beer on the beach and shrimp on the barbie, is at odds with its incredibly authoritarian attitudes. I'm always amazed at Aussie enthusiasm for the "smack of firm government" and their hatred of anyone breaking the rules.
It's really strange that of all the former British settler colonies, the one that's the most republican in attitude is also the one that's most enthusiastic about maintaining the surveillance/police state parity with UK. Canada and NZ are doing much better.
The thing that's most odd about this is if you consider the history of the cause of settlement of Australia... the first settlers weren't exactly renowned for following the rules... that's why they were there in the first place.
You need to look at our country from a historical point of view. We have a lot of cultural ties with the UK. Australia did not become a country until 1901 and no it wasn't a penal colony for that whole time, There was a lot of migration primarily from the UK - to this day UK is one of our largest source of permanent migrants.
Most of Australia's laws, our parliamentary system etc was based on UK Westminster system. In the early years of our country most people were very pro British Empire. There was enormous social pressure on people to go and "fight for the empire" during World War 1 lots and lots of Australian went and fought and died in Europe, then the same thing happened in World War 2, except suddenly the Japanese were threatening us (A lot of people don't know the Japanese bombed Australia cities during WW2) and most of our military was over in Europe and Northern Africa after the fall of Singapore Australia realized how vulnerable we were and that British could not be counted on to defend us, which caused a strategic realignment behind US and things like the ANZUS treaty etc.
To this day there is still a lot of positive British sentiment in Australia. A lot of people here really like the Queen it's a little bizarre, not so evident in the city but if you go into regional country towns it is pretty pro monarchy. When I was in high school the Queen visited my area and it was crazy big parades huge event I have never seen another politician of any sort anywhere in the country get the kind of reception she did. Most people here are completely cynical about politicians but they love the queen - weird.
Australia's (and Australians') attachment to the monarchy is one of those things that will change dramatically over the next twenty-odd years as the 60+ year-old set, who have anachronistic romantic notions of the monarchy, die off.
The "royal weddings" (good lord, kill me now) do their little bit in fluffing up pro-monarchy anachronistic romantic notions in some of the younger set, but nowhere near the amount needed to sustain the 'no to a republic' vote even in the next ten years.
My assumption is that a lot of these same monarchists are fundamentally racist as a direct result of the various wars, which is semi-understandable. Humans don't tend to change their minds beyond a certain age, no matter the changing context.
There's a quote somewhere about "beliefs don't change, their proponents die out". I'm finding it applies in almost universal contexts.
> Australia's (and Australians') attachment to the monarchy is one of those things that will change dramatically over the next twenty-odd years as the 60+ year-old set, who have anachronistic romantic notions of the monarchy, die off.
Also the general opinion appears to be that we'd rather be a Republic than have Charles as our king ;)
I've had long discussions with techie friends about this, and none of us can see a way that the government could actually force a dev to do anything in a way that doesn't immediately tip off the rest of the team.
I mean, your code is stored in a shared repo, right? So pushing a commit with the government-mandated changes to the shared repo is "informing others". But not pushing it means it'll never get to Prod.
Most places review code commits routinely, so how is a dev supposed to get their government-mandated changes into Prod without anyone seeing them?
If your Australian co-worker stops pushing their commits to the repo and starts trying to make changes to Prod without going through review, it's also a strong signal that something might be going on here...
In fact, if this legislation posed any kind of threat to your business, then your software development processes are broken and you're vulnerable to a ton of other, more likely, threats.
The legislation was written by a shower of technically-incompetent career politicians, with absolutely zero understanding of (or interest in) how software development works. This is the same mob of idiots of pronounced "the laws of mathematics are all very well, but we're in Australia so we obey Australian laws" when discussing their plans to break cryptography.
It's unenforceable, ridiculous, and will get changed before it ever gets used.
But as a startup tech co-founder dealing with encrypted documents, and an Australian citizen, I'm not planning to launch in Australia until it's fixed, and leaving Australia until it's fixed.
Really? It took me about 10 seconds to come up with this: "Hey tech dude, we need a version of iOS that unlocks the encryption on this device. Be a good boy and send us an IPSW that we can install on this nasty person's phone will you?"
You don't need to release it to the public. Build it on your local device and hand it to them. Nobody needs to know.
The number of people with access to the private keys that sign iOS updates must be very limited - I wouldn't be surprised if you needed at least two people actively involved in signing every update.
On top of that, Apple is heavily siloed, and somebody working on the Calendar app won't have information on the operation of Secure Enclave, the chip that deals with authenticating fingerprints, passcodes, Apple Pay etc.
So it would be more like "Hey tech dude, can you sneak a change to the compiler your company uses to build iOS, to have it compile a backdoor into iOS, then surreptitiously login to the relevant machines and place your new compiler?"
If a developer in Apple has access to the signing keys for iOS and can decrypt anything at all on a production device, then Apple is totally screwed.
It simply cannot work like this, because a single rogue employee can (and would have by now) posted it on a forum/wikileaks/something, simply because they could.
Please note that the legislation you are referencing is completely unrelated to the Assistance and Access Act. It's talking about journalistic warrants (warrants on journalists not by journalists) which are their own shitstorm, but a very different topic.
The Assistance and Access Act does have the same "existence or nonexistence" wording as the law you referred to, so you're not wrong that a warrant canary for a notice under the new legislation would be a criminal offense. But there is no blanket law against warrant canaries per se, it's done explicitly in each new law about secret warrants.
Unauthorised disclosure of information about a notice (or gained from a notice) is punishable with 5 years imprisonment -- which means that if you're suspected of being a whistleblower they can use this new legislation against you too (anything punishable with over 3 years imprisonment can be investigated in this fashion).
I wouldn't risk it. There are ways to legally provide aggregated information about the number of notices received in a 6-month period.
Also, talk to your representative and explain your concerns and push for it to be scrapped (though when I talked to the Labor senators' staffers they brushed me off and said that I wasn't interested in being informed when I disagreed with their party line). Federal elections are coming up, they're more likely to at least pretend to listen to you.
There are many scenarios where the Australian Government ends up not having it their way. For example a very likely scenario is: your commit which contains a backdoor goes to code review and then someone asks you "what is this". In theory you would say that you are not allowed to explain for legal reasons. Yet that commit is not going to be deployed.
I imagine that the government would begin at the executive level and ask "who else needs to know" and then work down the list to compel individuals or teams as required.
Similar processes already exist for other legal/police requests. If this legislation is used, companies like Telstra will have dedicated teams to comply with requests.
If your new Australian Citizen hire can build back doors into your software you've got bigger issues than hiring. Though I could see real risk associated with an Australian-based team for a global company or an Australian-based supplier.
I wouldn't advise this. Defying or subverting a lawful order can itself be a crime and you can bet the Crown Prosecutor and the Judge have seen far more attempts than you have.
Can you imagine what would happen if there was a public case where a person got 5 years for letting the world know that the Australian government tried to force them to backdoor software? You don't really even need proof, because if he's sent to prison then his claim is true.
Right now the risk from Australia is theoretical. After that there could actually be bans from other governments about using software made in Australia.
I imagine the person would go to prison for up to 5 years and the government would chest-thump about Being Tough On Baddies.
If anything they would like it to happen. If being exposed as a stupid law was enough to scare off the major parties, it wouldn't have been made law in the first place.
The problem seems to be the provision that a tech worker can be coerced by the Australian Government into creating a backdoor, and they are not authorised to disclose it to their employer.
As I read it, the law requires warrants and court enforcement. I don't think you can be required to backdoor code in secret or held to account by the security agencies not to inform your employer. I would be very surprised if tat was legal and uncontestable.
I do expect you can be informed by your employer you have to backdoor code.
I do not expect you can have an extra-territorial obligation placed on your work conducted outside Australia. If you are working inside australia remotely I think its complex.
I think the EFF should fund your case. Take citizenship and help fight this.
> I don't think you can be required to backdoor code in secret or held to account by the security agencies not to inform your employer.
This law gave the government the power to do just that. Details of implementing a backdoor in secret is close to impossible, as any developer would know. There was a post[1] made by "Alfie John" (alfiedotwtf) that outlines a scenario in which a developer is presented with a Technical Capability Notice (TCN).
> I do not expect you can have an extra-territorial obligation placed on your work conducted outside Australia. If you are working inside australia remotely I think its complex.
Australian citizens, regardless of their location are obliged to comply with these requests.
If you are presented with a TAR, TAN or TCN, you have the option to seek legal council in private or risk fines of up to AUD$7.3 million.
You risk imprisonment if you reveal details about the notice to anyone other than those who are included in the notice or to seek legal council (this is an exception within the law).
Australian citizens, regardless of their location are obliged to comply with these requests.
Extra-territorial law application is very complex. KP is one of the few places where you can routinely expect to be prosecuted in Australia for breaches overseas. or FGM. Or, more recently the war in Syria but bear with me: do you not also recognize that there is a huge reluctance to try and enforce the law in that last regard? because it turns out simply being somewhere is not neccessarily a good basis to declare you broke the law, noting that few if any of the people seeking to come home took up arms, and specifically took up arms against Australia or her allies.
They also have to serve the request on you. Simply issuing it doesn't make it binding surely? You have to be formally notified.
Lastly, since you can reveal it to your lawyer, I would argue that it implies they believe it could be mis-applied, or you can have a case in law to contest its applicability.
And, included in the notice begs the question: do we have any indication aside from hypothetically speaking, that a TAR/TAN/TCN has or can be drafted which doesn't include the employer and IPR holder in the notice?
> Extra-territorial law application is very complex. KP is one of the few places where you can routinely expect to be prosecuted in Australia for breaches overseas. or FGM. Or, more recently the war in Syria but bear with me: do you not also recognize that there is a huge reluctance to try and enforce the law in that last regard? because it turns out simply being somewhere is not neccessarily a good basis to declare you broke the law, noting that few if any of the people seeking to come home took up arms, and specifically took up arms against Australia or her allies.
To be honest, what you have written doesn't seem to be related and/or your point is lost. However, I will try to underline my comment with the following:
If you are issued with a TAR, TAN or TCN and you reside overseas you must comply or face extradition under an extradition treaty - unless you are fortunate enough to reside in a country that does not have an extradition treaty with Australia and that country is unlikely to make deals in secret with the Australian Government. Or, you are fortunate enough to have a secondary citizenship and subsequently renounce your Australian citizenship.
> They also have to serve the request on you. Simply issuing it doesn't make it binding surely? You have to be formally notified.
If you are issued this notice, you are able to refuse under 317ZB and incur 238 penalty units or $49,980 as an individual, or 47,619 penalty units or $9,999,990 as a corporate body. There is no limit to the number of subsequent notices that are able to be issued of the same nature. In reality this means, if it is important enough, the government will continue to issue notices until you comply.
> do we have any indication aside from hypothetically speaking, that a TAR/TAN/TCN has or can be drafted which doesn't include the employer and IPR holder in the notice?
The law stipulates that a person is considered to be a "designated communications provider" under 317C.
See also, all relevant sections detailing: "an employee of a designated communications provider" and "an employee of a contracted service provider of a designated communications provider".
317ZF dictates that disclosure outside of seeking legal council incurs a penalty of 5 years imprisonment.
I'm not sure where you received your information from, but most of what you have said is contradictory to the law that was passed. Have you read the Assistance and Access Bill?
I'm not sure how much you have noticed about the Huawei executive/heir extradition process in Canada? It isn't a simple process. The govt has to establish that the alleged crime is also a crime in Canada. It is a similar process in most civilized countries. No guarantees in Thailand or the the Gulf states etc.
Don't get me wrong, it is terribly done legislation, but there is no chance it would work against someone overseas, even after they return. You'd only be in trouble if you were in Australia when served with a notice, went to the US and told the internet, and then came home.
Thanks for the cluestick. This is unworkably bad, and I look forward to Ed Husic making good on his promise to amend the law. I had not read the bill, I have only read commentaries.
I can't believe the law officer of the land permitted a bill to be drafted which requires this kind of behaviour because it feels like even resigning from your employer would be a breach of the act, since you cannot disclose you have been served with a notice in resigning. But, if you deliberately insert or attempt to insert subverting code, you are implicitly undermining the integrity of your employers code.
I repeat what I said before: This feels like a legal minefield which a competent defense could drive a tank through. Just because it passed the chambers doesn't make it right, we have the kind of system which permits the high court to overturn manifestly unjust law.
Not to implicitly believe everything said in defence of this bill could you comment on:
This law can compel employees to work in secret without the knowledge of their organisation
Media reporting that has proposed this scenario is incorrect and misleading. The industry assistance framework is concerned with getting help from companies not people acting in their capacity as an employee of a company. Requests for assistance will be served on the corporate entity itself in line with the deeming service provisions in section 317ZL. A notice may be served on an individual if that individual is a sole-trader and their own corporate entity.
A company issued a notice can disclose information about it under paragraph 317ZF(3)(a) in connection with the administration or execution of that notice. This allows an employer to disclose information to their employee and vice versa in the normal course of their duty.
Additionally, a company may disclose statistical information about the fact that they have received a notice consistent with subsection 317ZF(13). Further, companies and their specified personnel may disclose notice information for the purposes of legal proceedings, in accordance with any requirements of law or for the purpose of obtaining legal advice. The notices themselves are therefore not ‘secret’ but information about their substance is controlled to protect sensitive operational and commercial information.
The same page says this:
Penalties for individuals in the legislation are for the purpose of potential enforcement proceedings against sole-traders and individuals acting as businesses.
Which means by intent (but possibly not in words in the act) the idea was not to exclude telling your employer: the point is that sole traders and individuals can be compelled the same way companies can.
Which I read, probably hopelessly optimistically, as that a requirement would almost never be placed on you, and not simultaneously on your employer: They know you are being asked to modify the code. The chance of being unable to "disclose" to your employer here feels quite limited.
I am not a lawyer. But, I think we can all agree the track record for the Attorney General in Australia fucking it up to coin a phrase, is remarkably high.
so This law gave the government the power to do just that. Is in my non-lawyer opinion, HIGHLY contestable. I would expect somebody like Atlassian to do just that: take it up to them, pony up, and contest the legality of this.
An employee has liabilities for things done to their employers code which causes material harm. I think the canary in the mine would be huge here: resign, do not cause your employers product to be backdoored, you cannot be obligated to introduce bugs.
Could you reasonably argue that you can’t implement this feature without your boss finding out?
Let’s say I work at a place that requires mandatory peer code review. I won’t be able to slip something by my (non Australian) reviewer. Surely I could reasonably argue that the government’s request to insert a backdoor without telling anyone is impossible to comply with. How would the government be able to verify my claim that that’s the case?
How confident are my fellow American citizens that the American government doesn't effectively have the same power? I mean if someone showed up at your house in a black Suburban with an official-looking letter that seemed like a court order that you provide them with a backdoor and threatening you with all manner of charges if you go public. How confident are you you could walk away cleanly from that any other way?
Well I assume the first thing you do if you cop a notice is talk to a lawyer, and if the government's request is illegal, the American lawyer will tell you so. Since this legislation, the Australian lawyer is going to have to tell you to just do it.
The difference is the court order. In Australia, the individuals in the black car could show up with none of that and you'd still have to comply.
The Aussie politicians that voted for this are hurting everybody. A mining based economy with less business coming its way because of laws like this one.
The American government does theoretically have this power, but it's not like any major player is refusing to do business with Americans yet because the downside to that is massive. It's possible it could come to that eventually.
Australia is a target for retribution here because the policy is newer and they're a smaller player.
Saying "it is unfair I can't get away with crime too" is not a defense. And many in fact /are/ already refusing to do so. Witness many privacy laws which explicitly bar storage of citizen data in US jurisdictions - granted some have cynical "so they can access it" motivations. It was why Microsoft of all corporations, one which has been enough of a toady to be caught with NSA in variable names sued hard to demand warrant protection.
The main point for me is not whether or not they can actually coerce me, but whether or not this is going to affect my employability. I have seen in various news articles reporting that, apparently, companies based in the USA and EU are currently wary of hiring Australian developers because of this law.
Regarding your point, my understanding (I'm not a lawyer so I may be wrong) is that, in general, the law of a country applies to residents only while they are residing in the country, and it ends being applicable after they leave the country. For citizens this is certainly not the case, e.g. even though I haven't been to Italy since 2013, as a citizen I still have some rights and obligations.
The text is actually neutral on such questions. In theory, I think it could be applied to anyone in the world, regardless of citizenship or residence. However, in practice people with no connection to Australia would be likely to just ignore it.
A law enforcement officer (or another person on the officer’s behalf) may apply to an eligible Judge or to a nominated AAT member for an order (the assistance order) requiring a specified person to provide any information or assistance that is reasonable and necessary to allow the law enforcement officer to do one or more of the following:...
You have a point that they'd have more leverage against Australian citizens, especially if they don't have alternative citizenships (so that they need passport renewals) or intend to travel to Australia in future.
So, how exactly would anyone get a back door past code review? There are practices and processes that make this infeasible regardless of the Australian Government's belief they can coerce anyone.
Every company I've felt have been worth working for in the past 10 years have had rigorous code review practices that would obstruct my ability to integrate any code without oversight.
Actually you can be compelled whether you are a citizen or not, you just have to be in the country. So unless you have to give up your prior citizenship there is no reason not to proceed.
So please apply, and then maybe one day you can vote against those who support it.
That's one of the biggest things that lawmakers here couldn't seem to understand - tech companies have high mobility across borders. Even if a law has no teeth, why would Microsoft store data in Australia when the next country over can still serve data for the region? It just creates too much risk, from a privacy and PR standpoint.
Startups will be more adverse to founding in Australia as well. It just creates a black mark on their record from the start. These data laws were very poorly planned by the Australian Government.
I think that "high mobility across borders" is an assumption based on existing trade regulations. From recent developments it's clear countries can and do force companies to do things they don't want, and companies will do it because they can't or won't lose access to consumers in those markets.
Of course, if nobody else does this, this means you may have older software on your systems or less priority in development roadmaps or whatever as your country is an edge case, and you can probably say goodbye to market leadership and have to coast on your existing advantages. However, if everybody begins to cartelize the Internet, you may not lose as much in comparison to everybody else, since you will no longer be the edge case but the common case, and it will be a bad time to start a company or store data anywhere you go at any time. Companies will simply have to live with the geopolitical reality. In this sense, the Internet devolves into a suboptimal Nash equilibrium, where everybody has data localization laws and nobody will want to loosen up because storing your citizen's information on servers in another country will leave your citizens vulnerable. If this happens, the large homogeneous markets with a single language, government, and economy (U.S/China) may have an advantage.
This is sad, and I hope they reverse this law. An open Internet is good for economic and societal dynamism (and as a civilization is tautological to organized chaos, slowing that down weakens said civilization), and I wouldn't know how to work backwards to where the Internet should be. In the meantime, maybe this will lift some open source, decentralized communications means past some threshold of viability.
> Apple has begun storing Russian user data in Russia in compliance with Russian data storage laws
I don't see how this is inherently bad.
First of all Russia's intelligence agencies get access to any data belonging to Russian citizens anyway, simply because those citizens are under Russian legislation.
I don't know the details, however note that the GDPR also imposes restrictions on exporting the data of EU citizens outside the EU.
For example exports are only allowed in countries or territories that have enough safeguards for the protection of that data.
This is important for privacy, for example if our local security agencies mishandle my data, I can sue them, I can vote for the opposition, I can convince other people to do the same, etc, however if a foreign agency mishandles my data, like those of Australia, I can do absolutely nothing about it.
And from the state's point of view, having access to the data of your citizens is also a matter of national security. I can definitely see why a rival of the USA wouldn't want the data of its citizens stored on servers located in the USA.
---
Companies that want access to the Australian market will succumb to Australian demands of course.
The problem for Australia however is that their local companies will get hurt in the international marketplace.
For example Fastmail, which competes with Google by promising better privacy, is now in a very awkward situation of having to explain how this bill is affecting them and what they are doing about it. In a market dominated by Google, hurting your local companies that compete with Google is downright stupid and will have an effect on their economy.
The Trump Administration also passed a law that affects companies that store data overseas so that they can get that data, after big companies fought such subpoenas.
Australia's lawmakers just need to amend the law so that it doesn't matter where the data is stored, as long as the company operates within their nation's borders.
I'd like to see how the Australian government handles things when MS cancels all their Windows and Office licenses.
Some customers demand to know which jurisdiction their data is stored in, so it isn't as simple as "move it somewhere friendlier".
You have control if you are running your own services on top of the main cloud providers, but if it is in O365 or GMail/GApps it used to be a different story, and this precluded their use by a bunch of .au organisations (universities, Govt departments) early on.
So now some of these orgs that need to have data stored in .au for privacy reasons (among other reasons) are subject to these new badly formed laws in some kind of twisted catch-22.
They clearly don't give a fuck about the tech industry. They sell coal and talk about stopping boats, throwing the word "pedophile" in there every now and then.
Technologists need to understand that governments do not form policies, legislate and operate in isolation. There is cooperation. Tax and trade treaties are another example.
See [1] for commentary about the international agenda in this case.
Heard of FAANG minus Amazon (they don't work here) datacenters in Russia? There is none, as well as data storages here. Everyone gives 0f about this law, only huge targets have fines of ~$1M yearly.
My understanding of the law is that the Australian government can demand assistance from Microsoft as long as Microsoft provides services to Australians. The location of the data is actually irrelevant.
Encryption isn't illegal due to the bill. In fact encryption law itself hasn't changed. The bill gives the government the ability to compel someone to circumvent encryption (backdoors, spyware etc.) if technically feasible while acting to service a warrant.
It is much worse than banning encryption as it is silent subterfuge and forcing the hand of citizens who would otherwise just be going about their day.
Laws should be able to stop people from doing certain things but forcing people to do something they had no business doing in the first place is insane.
> A technical assistance request (TAR): Police ask a company to "voluntarily" help, such as give technical details about the development of a new online service.
> A technical assistance notice (TAN): A company is required to give assistance. For example, if they can decrypt a specific communication, they must or face fines.
> A technical capability notice (TCN): The company must build a new function to help police get at a suspect's data, or face fines.
This approach is ripe for abuse. Even if a company is served with a TAN and "can't technically decrypt" then a TCN can force them to downgrade/backdoor the platform security to comply. The TAR seems token at best.
Thought experiment: Company gets served with a TCN. They task Jolene (Snr Programmer) to implement the backdoor. She does so in a way that spews information far and wide in a highly visible manner. What are the consequences for Jolene and/or the company, especially when the spooks cry foul and Jolene's lawyer/Company replies with something along the lines of "I guess she's just incompetent and did a bad job. Sorry. But we did comply with your TCN."
Jolene and some people from the company go to jail for exposing the Gestapo overreach.
The govt talks about being tough on baddies, coal keeps being sold, there's no pedophiles in my house and wow, it's Sunday so lets all watch the footy!!
It's incredible to watch the degree to which intelligence wants and needs are dictating the coming regulatory environment of internet & tech generally.
Losing access to an information stream due to routing or encryption. Matching allies' and rivals' levels of information access (a la prism). Denying them access... From the perspective of the spooks (asio, in this case) these are equivalents to exposing a microphone in Bin Laden's proverbial cave.
Meanwhile, FB & Google's revenue streams are, at this point so big and so tightly coupled with creepy ad-tech/spyware that the economy depends on privacy intiatives failing. Narrowing down a list of FB users who are >n% likely to sign up to a new candy subscription is a lot like producing a list of >n% likely to march in charlottesville or support some specific jihad. Colaboration is inevitable.
Lets not underestimate where these roads are leading.
Aussie entrepreneurs aren't too happy about this law or some of the other ones, eg. the immigration laws.
One friend (health related ml/ai) is moving from Australia to Thailand next week. He is PISSED the Aussie government wouldn't let him hire one guy who was already in the country but not a citizen. That cost 6 other domestics their job. They were sent packing last week.
He's not the first and he certainly won't be the last to move his company overseas because of the govts anti biz policies.
Australians have very few constitutionally guaranteed rights (compared to countries such as the US). The Constitution only gives us the right to vote, the right to a trial by jury, and freedom of religion (and a few others). But many more rights, including extensive privacy rights, exist in statute law and elsewhere.
The main argument against adding more rights to the Constitution, is: "we don't want to end up with obsolete rights that do more harm than good, and that are virtually impossible to get rid of, like the US with its right to bear arms".
The U.S. actually goes a step further... the only rights the constitution actually spells out are the rights of government. Most encroachments have been under the guise of "interstate commerce" or "taxation" in general...
> The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.
As to the bill of rights, so long as the police are armed and can act with impunity... imho, the populace should be able to be armed. I don't personally own a firearm... I also don't spew racist rhetoric. I am a strong believer in all civil rights.
Maybe if the police in America wasn't armed to the teeth and scared of being blown away by armed populace they wouldn't act like they do. For a country who keeps guns to hold governments accountable, your government is just a unaccountable as everyone else; if not more so.
The police weren't armed like today back in the 1950's, and guess what, individuals had MORE guns as a general population. The militarization of the police, less training, less acting as part of the communities they serve, etc. It's about conflict of personality and very little to do with real danger.
We've also been around for longer than anyone else with a modern democracy, and our goal is longevity of a sustainable relationship between the people and their government.
We have some issues in our country right now, but I have a good feeling we'll get them worked out in the next few years.
Many of our laws and rights are in place not for short term feelings about safety between people and police, but for long term safety of the people from a tyrannical government. And that tyrannical government might take hundreds of years to begin to form in a democracy... But the bill of rights and ability of the people to feel secure without their government's support, keeps the government from getting too power-hungry or separating too far from the will of the people.
> We've also been around for longer than anyone else with a modern democracy
No, we haven't. In fact, we copied it largely from the UK. (We didn't like the fact that as a colony we didn't get representation in the national legislature or the full range of rights citizens in the UK itself had, but, hey, the US does the same thing. Initially, and still partially, even to it's capital district.
We've got the oldest surviving written Constitution, sure, but that's a different issue.
The US has a very different system in a lot of ways. The UK doesn't have a formal constitution, its executive is subject to the legislature in a way it isn't in the US, one house, etc. The UK is a parliamentary democracy and the US is a republic. Also, the UK wasn't a democracy in any meaningful sense in 1776. The History Of Parliament Online is a very useful resource (https://www.historyofparliamentonline.org/research/constitue...). Out of some 6 million people in 1776 that lived in Britain, approximately 100,000 had the right to vote, most of which were in a small segment (i.e. the ability to vote was highly geographically concentrated).
The UK doesn't have a single written document that lays out the Constitution, but I wouldn't necessarily call the Constitution informal.
> its executive is subject to the legislature in a way it isn't
True.
> one house,
The UK still has a bicameral, not unicameral, legislature, though it now has priority in the lower house (unlike the US, which retains greater power in the undemocratic upper house, a feature it copied from the UK which has since shed it.)
> The UK is a parliamentary democracy and the US is a republic.
The UK is a representative democracy with a ceremonial monarch and the US is a representative democracy without a ceremonial monarch; the absence of a monarch is the sum total of the difference indicated by “republic”.
> Also, the UK wasn't a democracy in any meaningful sense in 1776.
Neither, though, was the US in 1776, or 1789, for much the same reason: the colonies had imported and retained (in some cases added to) the kinds of restrictions on the franchise found in the UK, and kept them past the revolution and Constitution, which left decision of who could vote to the States (and, while not in the federal government, also often had even more stringent property, etc., requirements for office holders.)
The UK did and still does have a written constitution, it's just not entirely written, and what's written is spread across multiple documents--the Magna Carta being one of the obvious ones. The US is not that different. Much of the US Constitution, especially the Bill of Rights, was copied verbatim from the written parts of the English constitution. And even conservative American jurists who reject Substantive Due Process regularly recognize unwritten constitutional rules and norms, especially those deriving from English constitutional norms.
Aside from federalism (where states maintained some sovereignty), the most fundamental constitutional differences between the US and the UK relate to judicial review and parliamentary supremacy. But it didn't become clear until 1803 in Marbury v. Madison that the US would follow a different path. If Congress was the final arbiter of legislative constitutionality (as many believed in 1789, and some conservatives argue to this day), there would be little if any functional difference between the US and UK constitutional systems. Indeed, now that US Senators are directly elected, but for Marbury v Madison even federalism would be little different than UK's so-called devolution. Japan nominally has judicial review, but their supreme court has zero inclination to strike down legislation so in practice the Japanese legislature has similar constitutional powers as the UK parliament.
> Also, the UK wasn't a democracy in any meaningful sense in 1776.
One could argue that UK is still not a democracy now. House of lords, Queen's hard and soft power, traditions, no legally binding referendum that can be done without government or parliament.
When the US Constitution was adopted the UK monarch still had enough power that it couldn't reasonably be considered a democracy. The exact point when the UK became a modern democracy is open to debate as power gradually devolved from the monarch to Parliament, but US democracy has absolutely been around longer. There's no legitimate historical debate on that.
And very little of the US governmental system was copied from the UK. A parliamentary system is just totally different from what we have.
Yeah, Madison researched every form of government in history, including native American government systems, as the backdrop for his constitutional work. To say we just copied the UK is not a true assessment in any sense.
Australia’s constitution doesn’t quite operate in the same way, but the Australian federal government’s powers are enumerated in the constitution much like in the US constitution - as you say, governments are given positive rights by the constitution, and restricted in their power in other areas.
Yeah, but the problem is that the Constitution says that you can't infringe on the right to bear arms, and telling me that I can't have a mutated anthrax grenade is, technically, infringing on my right to bear arms. The only reason we're still alive is that lawyers don't parse words in the way that engineers do.
Of course “they” would say that. Easier to sell than enshrining rights in the constitution makes it impossible for us to encroach on those rights ;) tin foil stay strong
We don't actually have a constitutional freedom of religion in Australia. The first election I ever voted in this was a proposed change to the constitution and it was voted down. If the Australian government want it could establish a state religion and ban the rest - not that this would ever happen in practice.
I think the way it is worded in the Constitution is that the Commonwealth Government (i.e national government) can't make laws enforcing/restricting a religion. I.e can't ban/mandate a religion Australia wide. But where it falls down is there is nothing stopping the individual States from doing so (i.e New South Wales, Victoria, Queensland etc could make state laws banning religions).
I think that is one of the main problems with our constitution the states have a heap of power. I believe it is due to the history of federation where the six states came together to form Australia. There was a bunch of compromises required to get everyone on board, which is why you have things like Tasmania having the same number of Senators as NSW despite the huge disparity in total population.
Because of all the state provisions it is very difficult to make changes to the constitution. It requires a referendum with an overall national majority and a majority of all the states is also needed. That's why borderline referendums never seem to pass only the ones that are overwhelming supported ever get up (depending on your pov this is a feature not a bug).
Yes establishing a state religion is a power retained by the states. The states were independent countries before federation and so they retain a great deal of power.
In practice this is not something that we have to worry about here in Australia. The high court has rule in a few case an implied right to freedom of religion in the constitution in much the same way they have done so for freedom of speech - although freedom of speech seems to be under far more attack of late here.
This is exactly how the American constitution worked originally, as well, and for all the same reasons. Many things in it are compromises, and the Federalist Papers say as much in some of the rationales.
You can't protect rights and freedoms from intrusion by the government by statute, which is kinda the whole point of having a constitution. If it's just a law saying the government can't do something, then it'll do that by first repealing that law - if all you need is a simple majority, the votes are always there.
The reason why the US constitution is so hard to amend is because of how high the bars are for the process - 2/3 in the House and in the Senate to submit amendments, and 3/4 of all state legislatures to ratify them. Or if going via state convention, then 2/3 of all state legislatures to request it, but still 3/4 to ratify anything that comes out of it.
I don't think it was a bad system originally, back before the 14th Amendment - since originally all those restrictions were on what the federal government can do, not on what the states can do. Between the states and their citizens, it was supposed to be taken care of by their respective state constitutions, which are generally much easier to amend - and even if they didn't, they wouldn't block other states from experimenting. With 14A, and the gradual incorporation of various constitutional protections on state level via it, the process to amend it needs to be more democratic IMO, and acknowledge the people, not just the states.
I think it's the splitting of government power that secures people's rights, not the fact that the Constitution needs many votes to amend. Because someone still has to enforce the Constitution; of course it's going to be the government. Your rights are just words if the government doesn't care.
There is no explicit general prohibition on laws impairing that specific right the way there is some other rights, but the existence of the right is explicit, among other places in Amendment XV, Sec. 1: “The right of citizens of the United States to vote shall not be denied or abridged by the United States or by any State on account of race, color, or previous condition of servitude.” This explicitly states that the right exists, and then goes on to prohibit denying or abridging it on an enumerated set of bases. (There's two other voting rights amendments following the same pattern.)
This implies that the right can be denied for other reasons, which would mean that it's not an inherent right of citizens. And, indeed, courts do not consider e.g. restrictions on voting for citizens with criminal records to be unconstitutional.
And it's not like it's a new invention. I mean, women couldn't vote back when 15A was passed, and they still couldn't vote after. It wasn't a surprise, either - many suffragists opposed 15A even before it was ratified for this exact reason, because its wording made it clear that it wasn't covering sex.
To add to dragonwriter's post, there is also the 17th amendment:
"The Senate of the United States shall be composed of two Senators from each State, elected by the people thereof, for six years; and each Senator shall have one vote. The electors in each State shall have the qualifications requisite for electors of the most numerous branch of the State legislatures."
It's exceptionally clear that it's an explicit right to vote for the election of senators.
Involuntary voting means that religious and other special interest groups cannot easily use their organizations to out-vote the more apathetic citizens. And therefore serious parties must target the center, or close to it, with policy.
I see this as an advantage of compulsory voting over other systems. Especially when voting is quick and painless, usually taking no more than 10 or 20 mins on a weekend every three years or so.
By the time and effort spent going to vote, I bet nobody will just cast a null vote.
Compulsory voting is more democratic. The USA should make voting compulsory!
Ditto with the brexit referendum! If only they made it compulsory, brexit would have probably not passed (presumably many people just didn't expect brexit to win, and so didn't bother going to vote).
Also it's only sorta compulsory in a sense, you can just never register and never have to vote. but if you do register you will get fined if you don't vote. the amount of unregistered voters is about 4% of the population. so at it's worst it's atleast more representative then some other democracies.
I find this funny because the SCOTUS basically can change the Constitution whenever they want.
The second amendment only states that the United States itself has a right to bear arms in order to defend itself (have a Militia)[0]. It didn't provide citizens the right to personal protection by guns until a 2008 Supreme Court case [1].
You find it funny because you have a misunderstanding over what the constitution says. It doesn't say that the state has external threats and so needs a militia, which is what would be implied by your 'state defending itself' reading. It says a militia is necessary to secure a free State, and so we can't infringe the right to bear arms. That doesn't just mean external threats, and in fact is rooted in the idea that the people are the defense of their community and the holders of their government.
That means it's not about the State defending itself, it's about the people defending the free State. The Heller case simply extended the existing individual right to own guns in order to protect their free State to that of protecting your person and home.
SCOTUS didn't change the Constitution however they wanted. That's ridiculous. They applied existing law to a situation they were asked to judge.
My point is that the original intent of the amendment was not for citizens to bear arms for their self-defense. Guns (muskets) at the time were not thought to be used for protection because they were not very accurate and were slow to reload, making them ineffective against intruders. Multiple books and records show that the founding fathers/federalists/etc. only regarded the second amendment in a military context.
> The Heller case simply extended the existing individual right to own guns in order to protect their free State to that of protecting your person and home.
This is what I am saying is "funny" - While the decision was well-informed and carefully thought out, the SCOTUS did effectively change the constitution by changing what some text meant. It's not different than case law being the biggest precedent for regular legal proceedings.
This is more a debate of whether or not the Constitution should be interpreted based on the original intent of those who wrote it. SCOTUS has shown that they think we should adapt to the times and that the United States can progressive deal with issues, and I believe it worked out in a positive manner for the specific 2008 case granting citizens more rights and freedoms.
"... shall not be infringed" because of the need for a "well regulated militia," not for said militia.
It's an example of why the right is needed. Especially given the people raised a violent coup against their own government. These people were not in favor of disarming the public in general... to interpret it otherwise would be effectively changing the law.
Well regulated also essentially meant "competent" then as well. So it could be interpretted as "so our militia can have enough firearms practice to shoot straight and know how to fire, maintain, and reload the right to have gund shall not be infringed".
Essentially like a justification for public schools and compulsory education being "literacy is essential to function be an informed citizen which is needed for self government". Just like how merely being able to shoot well isn't enough to be a good soldier but it is important.
"well regulated" meant able able-bodied male of adult age. Your definition is likely far more constrained. "practice" in this sense is not generally mentioned, as they were required to own a conventional firearm for the time.
As to "training," there wasn't a regimen of regular firearms training per-se. It was generally considered common knowledge to know how to load and fire one's musket. As to any comparison of modern training, it seems to me like today's police, at least in major cities like NYC receive less training than a typical gun owner outside major cities.
I meant it as unconstrained actually - the rationale and the right are separate things. Essentially unrestricted for the sake of practicality.
Thus two separate points.
1. It is important to have a populace capable of using firearms.
2. The right to bear arms shall not be infringed.
Of course the interpretations are for better or worse living in practice regardless of plain text - freedom of the press still applies to internet and unfortunately the special pleading of obscenity laws have survived for centuries.
It's like you haven't even seen The Castle, where this very constitutional issue is discussed. Acquisition of property must be on just terms with suitable compensation. Similar to the US 5th amendment.
While I agree with you in theory, it's worth remembering the only reason The Castle has a happy ending is because someone who was already wealthy offered to help out people (for free) who weren't.
The first is that a lot of agricultural land is leasehold, not freehold.
The second is that below a certain depth, the Crown owns what's underground and has the right to go through your property to get to its property, whether directly or by leasing it to a mining company.
This happens in a lot of countries and is a problem. That doesn’t mean that rights to private/personal property aren’t guaranteed by law in Australia, just that the law is skirted by monied interests. The farmers you talk about would likely be able to fight this in court if they had means - but such is the nature of late capitalism, money buys you political power and legal clout.
I’m sure an argument can be made that privacy extends from property, but that argument would have to be fleshed our and defended - I’m not sure I can accept at face value a point about there not being a right to property in Australia (essentially incorrect) because privacy is being eroded (which in any case sounds like faulty reasoning).
I’m fairly certain it’s still the case that you can’t be compelled to incriminate yourself in a court. Of course you have clearly unjust laws like those concerning the Building/Construction Commission in which an ad hoc court can compel you to give evidence against yourself, but this is an abberation which has not had the opportunity to be challenged in the High Court AFAIK, and it will likely be abolished when Labor comes back into power.
You can be compelled to give evidence against yourself in a royal commission. This is one of the reasons royal commissions are popular - that and they employ an army of lawyers and QCs.
I suppose what I meant to say was ‘in a criminal case’. You can be compelled to give evidence against yourself in non-criminal cases in the US too, the fifth amendment provides for protection only in criminal cases. I’m not sure if you can be compelled to give evidence against yourself in criminal cases in Australia, but in any case, royal commissions are not criminal cases, they’re commissions with quasi-judicial Powers (mainly because they have the power to compel people to do produce evidence, etc.)
No you can’t be compelled to give evidence against yourself in a normal criminal case. You can be compelled to give evidence in a royal commission hearing and that evidence can be used to prosecute you in a subsequent criminal case.
“Section 6DD of the Act provides that, where a witness is compelled by a summons to give evidence to the Royal Commission, that evidence isn’t admissible against a natural person in any civil or criminal proceedings in any court of the Commonwealth, or of a state or territory. It is, however, admissible against a corporation. ”
Interesting. There is this very relevant paragraph which makes the immunity rather moot.
However, evidential immunity under s 6DD doesn’t protect clients (who have been compelled to give evidence to the Royal Commission) from a regulator, such as ASIC, using their evidence as a springboard to gather secondary or derivative evidence, and using that derivative evidence against them.
For what it’s worth, email is not a private protocol/platform - some degree of encryption-at-rest and privacy-respecting SOPs can give services like Fastmail a fairly good screen against private malicious actors, but you should never count on email as a means of communication to have any decent way of protecting you from state surveillance, especially when you live under the jurisdiction of the state surveilling you.
Though that’s not to say that we should accept these laws as they apply to email services lying down. Any reason to refuse to use the services of Australian companies when foreign services of similar quality exist gives those Australian companies all the more reason to press the government to reform these laws on the grounds that they’re losing valuable business for negligible gain to national interest. If the government doesn’t listen to individual constituents, it might listen to companies which are hurting in their back pockets.
I'm aware. It's the principle of the thing that bothers me. I'd love to do business with Fastmail but I don't want my communications flowing through a surveillance state that has no due process.
I recently moved to Fastmail and couldn't be happier.
Like others have said, you really should never count on email being a private medium. I switched mainly to remove my email from Google's sources of data collection on me: this is the level of privacy that is important to me. If I wanted to hide from state sponsored actors I wouldn't be using email at all.
A nice side effect of moving to Fastmail is being able to use their amazing Web UI, which is so much faster and more responsive than Gmail's super bloated interface.
There was a thread I made about ProtonMail v FastMail and this one point came up at the top. However ProtonMail’s inability to support standard clients without an awkward bridge app seems to take edge off it.
> ProtonMail’s inability to support standard clients without an awkward bridge app
Isn't that one of the pros of Protonmail? All the data is encrypted and decrypted on the client. There is no way to have mail apps access the data without a piece of software that handles the encryption.
No, most of the email you’ll send and receive will be seen unencrypted by ProtonMail’s servers because that’s just how the email protocol works, which means an intelligence agency like the NSA can still see most if not all of your communication.
In other words ProtonMail is not actually end-to-end encrypted which makes it snake oil.
It’s interesting that this point has to be explained on HN time and time again, as HN’s audience should understand end to end encryption.
I guess it’s just the way you look at it, and maybe even what your priorities are in choosing an email service. To me at least, I’m thoroughly disinterested in an email service which doesn’t implement IMAPS.
ProtonMail's bridge program is a bit of a kludge, and their proprietary protocol (rather than seeking IETF standardization) prevents implementing the protocol in the MUA.
I'd love to have a privacy-respecting mail hoster, but the ProtonMail bridge program is too unattractive to make the switch.
(Which is not to say that IMAP itself isn't a mess, but MUAs have gotten it to work, and we'd like for whatever other protocol we move to instead to also be an open standard.)
Unless this is just a boycott of Australian tech services altogether based purely on principle, then it looks like the encryption laws might have actually helped you out on this one. They don't impact fastmail because fastmail already has access to your emails. So if you want an email provider that doesn't (protonmail?) then you almost made quite the mistake!
Who could have guessed that laws which turn encryption into a legal quagmire in Auatralia would make companies that do encryption things less interested in working in Australia ...
Here are my thoughts on jurisdictional sovereignty, in terms of your data, and how an American company calling out Australia is the pot calling the kettle black.
My employer (S&P 100 sized) is rapidly deciding to move away from all Atlassian products including Jira. If enough people stop doing business with Australian tech companies, this law will likely be punted. Money talks, politicians run.
What? Of course everybody has some laws they dislike that are stupid. To get a sampler, check out @crimeaday on Twitter (https://twitter.com/CrimeADay).
> Good thing those folks in Australia have retained the ability to fight their govt via the right to bear arms.... right ?
Why would violence be an appropriate response by Australians to disagreements with their country's laws?
For that matter, given how many Americans disagree with their own country's governance, shouldn't the Tree of Liberty be soaked in the blood of tyrants and patriots by now?
Or is the 2A crowd just too busy shooting at schools, mosques and watermelons to fit it into their agenda?
Not sure you comprehend the fact your right to free speech and the ability to put whatever content you want online is protected by the laws that bind the govt and protect your right to bear arms.
If anything is relative to HN the foundations of free speech and the citizens rights is at the forefront.
All governments, regardless of their nature, all civil societies and all bodies of law, from the hardest fascist dictatorships to the freest democracies, claim legitimacy by and execute enforcement through a monopoly on violence.
Pretending the US is any different in this regard is silly.
I don't think you understand what the monopoly on violence actually is.
It doesn't mean the government is the only agent capable of committing violence, rather, that the government determines what forms of violence, and under what circumstances, are legal, and that the enforcement of laws and contracts are always backed up by an implicit threat of violence through incarceration or worse.
The Second Amendment being legal doctrine adopted by the government is an example of that monopoly being extended to the people - yet the same government that passed the Second Amendment also put down Shay's Rebellion. That's the monopoly on violence.
