[Linux-aus] Seeking feedback - EFA Citizens Not Suspects campaign

[Glen Turner]

> - a proposal for mandatory retention of data...

Oh, you mean a proposal to build a cache of data containing everyone's credit
and other information. Nothing can go wrong with that.

Seriously, the government is essentially betting your money that their security
can stand up to the russian mafia, without even one small slip-up. Given the
number of times those same mafioso penetrated ASIO in their former employment by
the KGB I can't say that I feel at all good about ASIO's track record here.

And that's without considering computer security. Looking through my mailbox
I see requests from LinkedIn, Evernote, and Drupal.org to reset my password.
So even the very best of Silicon Valley have trouble keeping motivated people
out. Let's not build a mountain of treasure for people to attempt to win.

Maybe the government is happy for the record retention to be done by telcos. That
is, your economic security depends upon the skill of companies like Dodo Internet.
Can't say I'm thrilled by that thought either.

LA, as a group of computing professionals and hobbyists, can point out to the
public the sheer difficulty of securing computer-held records. Especially
computers which -- because they are essentially recording the internet -- are
connected to the internet.

LA can also point to the previous failures of the Australian security apparatus
in regulating the internet. Perhaps the most devastating of these was the
provisions of the Wassenaar Arrangement in preventing the deployment of
cryptography in e-mail. The resulting lack of ability to have webs of trust
in everyday e-mail has lead directly to the presence of spam and the effectiveness
of phishing.

> - a proposal to make it a crime to refuse to provide authorities with passwords...

LA could question why such a low bar for computer-carried communications compared
with other communications. The underlying philosophy of free software is that the
freedoms enjoyed in the world outside of computing are worthwhile within the realm
of computing.

There is a significant legal principle here -- that one need not incriminate one's
self -- and again it has to be questioned why the government is setting the bar
lower for computer-held speech than for other speech.

> - a proposal to give ASIO the power to add, modify or delete files on any computer.

I think LA could well raise the point that computers and data networks are complex
and the proposal will inevitably lead to incidents were errors by ASIO will cause
devastating consequences. This risk is why the penalties for computer intrusion are
so high compared with other crimes.

LA could also question if such legislation gives ASIO a cyberwarfare remit against
the citizenry and note that -- due to misuse by ASIO of powers in the past --
other warfare-like powers reside in the Australian Federal Police, not ASIO.

I think both issues fall under the remit of LA: it's members are computing
professionals and hobbyists who have thought closely of the relationship between
freedom and technology; and many of its members have contributed to the
reliability, safety and security of computers which these proposals seeks to
undermine.

I suggest that -- at a minimum -- LA issue a letter of support for EFA's
position. Such letters make it harder for people to paint the EFA as some
sort of loony fringe group.

Of course I think LA should do more. But since I'm a EFA life member I fear
there's a conflict of interest in making such proposals.

-glen
(obviously speaking as an individual, not for my employer, not for EFA)