Hacker News new | ask | show | jobs
by jeeeeb 2749 days ago
I was worried about this as well which is why I read the law and commented above.

The short answer is: 1. Non-compliance with a TAN/TCN is a civil not a criminal mater 2. As I stated above the law clearly says that it is a defence for non-compliance if a TAN/TCN would compel you to commit a crime in a foreign country. The issue is whether you can be compelled to commit an act in Australia, which would be a crime in a foreign country. 3. Consideration must be given to your legitimate interests.

In short, if you get a TAN/TCN then seek legal advice.
3 comments
currymj 2748 days ago
It seems like the fine for noncompliance for an individual is 238 "penalty units", which currently corresponds to nearly $50,000 (Australian), unless I misunderstand things. A $50,000 fine is quite serious even for a well-paid software engineer.

I agree that a lot of people seem to be catastrophizing this, but it still seems like a pretty big mess.

If I end up writing a little library and it gets popular, who's to say the spooks won't decide that's where they want the backdoor, and just send me a TAN to the email on my GitHub profile? Very likely not, but it is possible and would cost me at least several thousand dollars in legal bills to figure out how to respond.

Wonder if it will be possible to be insured against receiving such a request for foreigners (and maybe even Australians) who work on software that the Australian government would like to backdoor. To cover any possible fines for noncompliance but also, if you do want to use the "it's a crime in my country" defense, to deal with the complication and expense of hiring an Australian lawyer to represent you.

link
cyphar 2748 days ago
> It seems like the fine for noncompliance for an individual is 238 "penalty units", which currently corresponds to nearly $50,000 (Australian), unless I misunderstand things. A $50,000 fine is quite serious even for a well-paid software engineer.

Note that they can always revoke the request they gave you and request a new one. So they can fine you an infinite amount of money and drive you to bankruptcy if they want to. Now, it's possible this would be seen as an abuse of power but you'd need to go to court over it and you can't afford lawyers nearly expensive as the government's.

> If I end up writing a little library and it gets popular, who's to say the spooks won't decide that's where they want the backdoor, and just send me a TAN to the email on my GitHub profile? Very likely not, but it is possible and would cost me at least several thousand dollars in legal bills to figure out how to respond.

TCN, not TAN.

link
hackerbabz 2746 days ago
Dumb idea here: Can you make a "not for use in Australia" license on free software and then claim that any Australian users are not your responsibility?
link
fit2rule 2748 days ago
Well, I'm working on software systems that are precisely the sort of thing that the Australian government will target with this law (transportation systems), and it is highly likely that these systems will be targeted with a TAN/TCN. In fact, I'm pretty sure that the software segment that I currently work on is going to be hit by this law, and hard, within the next year or so. If I don't get a TAN/TCN request, I'm almost 100% sure that someone within the group of companies I am working, will. And I want none of that.

So I feel strongly enough about the tyranny and evil of the Australian government that it looks like I'm going to be giving up my Australian citizenship.

Oh, wait:

"We will not approve your application to renounce your citizenship if you do not have another foreign citizenship or it is not in Australia’s interests." [emphasis added]

What an extraordinarily evil thing for the Australian government to have done to its citizens.

Well then, some other options:

0. Do the typical Australian thing: "she'll be right mate!", and stick my head in the sand, hoping that ignoring the bad man will make him go away. This seems to work for a lot of Australians, so might work for me. Could be, I'll never be the subject of a TAN/TCN, but then again, why risk it.

1. I could change my profession. However, this would mean that over time, only the types of people who are willing to act as repressive agents of the Australian government would be found in the software industry. This is really a non-savoury outcome, as I have over 30 years in the software industry and am very proud of the good I have done in this field - I would hate to turn it over to such cunts who think its fine to spy for the Australian Fascist Overlords. I know they're out there - people like me are keeping them from taking over, completely.

(A brief moment of brevity for the poor Australians reading this: Fuck. The Australian Government is literally Auntie Jack. If I don't do what she tells me to, she's gonna jump out of my computer and rip my bloody arms off. [1])

2. Do the paperwork: get my second citizenship, abandon the Australian citizenship, do everything I can to protest Australia and never, ever, contribute to its well-being ever again - this means never going back, removing my assets and resources from the Australian economy, and so on. Hmmm.

3. Submit to a TAN/TCN when/if it happens, but somehow sabotage the work such that it doesn't quite work out. The True Aussie Way™.

4. Insist on working only on software that never tracks the user in any way, whatsoever. This would mean quitting my current job, which already involves tracking people (with their full approval) for productive (non-espionage/law-enforcement) purposes, and finding something with a strict no-data policy.

I guess I'm gonna go with #4. Well, #2 seems a bit more appealing, actually.

Please, I beg of you .. let me walk tall in Australia! [2]

--

[1] - https://www.youtube.com/watch?v=KnEOr1MgwTM

[2] - https://youtu.be/8PfDro1UGUo?t=158

link
dwd 2748 days ago
Now would be a good time to protest this by systematically denying Peter Dutton and the rest of these wankers access to any online service.

Sorry, due to your part in voting for that bill, you're now in breach of our terms. Please return your devices as well.

link
mirimir 2748 days ago
But what would you deny? All .gov.au? All .au? Maybe a BGP suitable leak? Whatever, it wouldn't last.
link
dwd 2748 days ago
Just the MPs and targetting their social media accounts would be enough and it wouldn't have to be effective or long term, it just needs to create enough of a media storm to bring it to the attention of the general population.

Mentioning that they may need to shut down services in Australia due to the law might be enough to cause a backlash.

link
macdice 2748 days ago
An easier option than 2 for most Australians: come help build the software industry in New Zealand. It's a 3 hour flight and requires zero paperwork for Aussies to work here (as long as you have no criminal record; so you probably can't move so easily after you disobey one of these requests...).
link
BigJono 2748 days ago
Now that this is through I'm sure the rest of the five eyes nations will at least try and follow suit.

Our left-leaning party voted for this fucking bullshit too, remember. Jacinda Ardern probably isn't going to save you.

link
jeeeeb 2748 days ago
I'd recommend reading the actual law, as passed by parliament. Knowing your rights and legal options under the law and based on that approaching your MP (if you are still registered to vote in Australia) with your concerns to encourage them to address them.

To do that you really need to know what the law actually says and requires. Here is a start: TCN/TAN are not limited to Australian citizens. Revoking your citizenship will not shield you from being issued a TCN/TAN, but will lessen the value of your voice in engineering change.

link
fit2rule 2748 days ago
Pretty simple: there are countries where these activities are highly illegal. I'll become a citizen of one of them instead.
link
jeeeeb 2748 days ago
As I said before: it is a defence for non-compliance if a TAN/TCN would compel you to commit a crime in a foreign country

That has nothing to do with whether you are an Australian citizen or not. If you are a resident in Austria, these laws do not allow the government to compel you to commit a crime in Austria.

link
fit2rule 2748 days ago
But they can compel my colleagues in Australia to do it, and that is still too close to the tyranny to me.

Keep this in mind: The Australian government is still ripping children from their parents.

If software that I am involved in is in any way responsible for assisting that, in any way, I would be more than furious to say the least.

Nope, its Option #2 for me. Australia can go to hell.

link
taneq 2748 days ago
How long until other countries explicitly outlaw complying with TAN/TCNs?
link
marcus_holmes 2748 days ago
Or you could just ensure that you don't have access to production systems in your job. Which you shouldn't have as a developer anyway. And that any code you write is reviewed before it is put into production. Which it should be anyway.

And if they do try it, any of your non-Australian colleagues who review your code can immediately raise the alarm.

The law is ridiculous not only because of all the points they're making, but also because it just doesn't work in a modern, distributed, company. They need to compel the entire dev team to do as they wish to avoid it being stopped at some point, and if just one of those devs are not Australian (or even not living in Australia) then the secrecy part is blown and the company can take preventative action to stop this happening.

Australia has just ensured that every single Australian tech company needs a non-Australian to review its code. An absolute decrease in Australian security. The Law of Unintended Consequences strikes agan.

link
fit2rule 2748 days ago
>Or you could just ensure that you don't have access to production systems in your job.

Okay, so this just pushes the problem onto someone elses plate - the operator/sysadmin. I've known a few Australian operators. The law doesn't specifically target 'only people who can write code' - it applies to anyone who has access to the systems the Australian kooks and spooks want to infiltrate.

link
marcus_holmes 2747 days ago
kinda, but the important bit is that it pushes the problem onto both of them. The dev has to write the code, and then the sysadmin has to deploy it. And they have to communicate to do that. The secret is not so secret any more. By the time everyone else is involved in deploying it, testing it, paying for the extra traffic, etc... it's not a secret any more.
link
cmroanirgo 2747 days ago
Lol for the Auntie Jack reference.

If you're already overseas (including NZ), it should be a pretty easy ride:

"You may be eligible to apply if you ... will acquire citizenship of another country as soon as your application to renounce Australian citizenship is approved" [0]

From what I remember, there's basically an agreement between all countries stating that a stateless person in your borders must be offered safe harbour... or something to that affect, and that might be triggering the "We will not approve your application to renounce your citizenship if you do not have another foreign citizenship" spiel.

Talk to a lawyer to get it straight though.

[0] https://immi.homeaffairs.gov.au/citizenship/give-up-citizens...

link
verroq 2748 days ago
I thought a TAN/TCN also comes with a gag order.
link
jeeeeb 2748 days ago
There are exceptions to this, including for seeking legal advice.

If you think the law effects you then I highly recommend reading the entire text, as passed by parliament: https://parlinfo.aph.gov.au/parlInfo/search/display/display....

link