Hacker News new | ask | show | jobs
by jeeeeb 2749 days ago
Non-compliance with a TAN/TCN is a civil mater and the law explicitly states that being required to do an act or thing in a foreign jurisdiction that would contravene the laws of that jurisdiction is a defence for non-compliance.
1 comments
mcherm 2749 days ago
> being required to do an act or thing in a foreign jurisdiction that would contravene the laws of that jurisdiction is a defense for non-compliance

There is no law in the US prohibiting me from creating an alternate login screen for one particular customer just in order to capture their login password. So as a US citizen I have no defense within Australian law against an Australian demand that I capture the password of one of my users... perhaps a parliament member of the Australian opposition.

I can choose to simply ignore the demand. The US will not extradite me for violating a foreign law that does not have an equivalent in US law. But I suppose I can never go on vacation to Australia.

link
jeeeeb 2749 days ago
Are you sure there is no law against this in the US? Isn't this potentially: 1. Circumventing an electronic protection 2. Unauthorised access (if your employer does not authorise the changes) .etc.
link
mcherm 2748 days ago
Yes, I am fairly sure.

> Circumventing an electronic protection

> Unauthorised access

The company providing the protection cannot by definition circumvent it or be unauthorized. If a third party decides to deliver a payload to your browser to discover your Facebook password, then they are violating the DMCS in the US. But if Facebook decides to deliver a payload to your browser to discover your Facebook password that is simply them doing business in a different fashion. This isn't a violation of US law, so refusing it do it would be a violation of Australia's very poorly-considered new law.

link
jeeeeb 2748 days ago
I'm obviously not an expert on US law but I find it very hard to believe that it is legal for an employee of a US company, without the permission of that company to put up a fake login page for particular users and then provide that information to a foreign government.

Now if the TAN/TCN was issued to a US based company that would be a different issue but then you as an individual would not be in violation of it.

Not that that makes it a better law, but I think for people not physically in Australia the risk of being issued an enforceable (under Australian law) TAN/TCN is quite low.

link
rendall 2746 days ago
It is not legal. It would break so many laws that a prosecutor would have a difficult time sorting through them all.
link