Argue better

[Asday]

I'm not an Australian citizen, and so don't have a dog in the fight, but was made aware of the site by a colleague.

I read the first paragraph and I'm already inclined to disagree with you. From what I understand, the bill is a bad thing for sure, but the opening paragraph leans on:

• Feelings;
• "Won't somebody please think of the children";
• And ad hominem.

It all seems very childish.

[brandonjmatthews]

I'm inclined to agree, the ALP weren't the ones who filibustered over Nauru bill amendments, that was the LNP. I think the opening paragraph would be better spent briefly introducing our concerns before jumping into them. I would also suggest that this letter be directed to the LNP as well as it was originally their policy.

[terencehuynh]

With regards to the LNP stuff - I've mentioned this on Twitter, but I'll mention it here: LNP is a lost cause and ideally deserve their own letter in their own right detailing our concerns. Labor had issues with the bill, expressed those issues, and still let it through.

I am a bit weary about changing the open letter's contents because it has been viewed widely and people have signed it with that particular version of the text. If you want to make a change, I suggest you open a PR and hopefully the rest of the community agrees.

[MatthewKing]

I do agree that the LNP are a lost cause on this issue, but I also think that this open letter could benefit from addressing the fact that they need to accept a heavy share of the blame for this bill. A casual, uninformed reader could perhaps come away from reading the letter with the impression that it is mostly an "ALP fail", whereas in reality it's a "LNP and ALP fail".

Is it possible to alter the open letter's contents in a way that preserves the original intent (and thus not be seen as a "bait and switch" on the original signatories) while still addressing the fact that the LNP need to share a lot of the blame here?

Perhaps a better structure would be something like:

• Section 1. "Dear LNP" - Address the community frustration with the LNP for moving this bill.
• Section 2. "Dear ALP" - Address the community frustration with the ALP for supporting this bill (this is basically what is already present; no change really needed).
• Section 3. Arguments this bill (again, this is basically what is already present; no change really needed).

[Twistie]

I agree with @brandonjmatthews and @MatthewKing above - even if you've written off the LNP, you're allocating the blame with this page to the ALP, who are (usually) slightly less bastards and less to blame for this garbage bill. I could imagine some of my older relatives seeing this and immediately using it to help justify their support for the LNP - because the ALP killed the Australian tech industry.

[terencehuynh]

Given the focus of the letter is the ALP, I think it should stay on that (the domain is alp.fail after all).

That's not to say we shouldn't direct energy attacking the LNP too. This letter is just targeted towards the ALP.

[parsect]

indeed this is alp.fail for a reason. The way I see it is we have always known and most people do that lib/nat are morons with no clue. Until now there was still some doubt about ALP. By passing this legislation and the way they did it ALP have earned a severe bollocking and this site comes some way to expressing that. Kudos to @terencehuynh for buying the domain and putting together a slap in the face message that balances what they need to know while still being polite enough. Please don't nice it down.

[cailyoung]

Bill wouldn’t have passed the Senate without the ALP’s support, therefore they are just as responsible here as the coalition.

[Asday]

I think we instantly went off-course.

I don't know who ALP or LNP are, and I don't care. My point is the open letter is written childishly, not that it's directed at the wrong people.

Open with what is objectively wrong with what happened, who it affects, and how it can be corrected.

[brandonjmatthews]

I only mentioned ALP and LNP at first because it tied into the inaccuracies and wording of the first paragraph. The suggestion that we direct it at LNP as well wasn't intended to take us off course and wasn't the main point of my comment. I agree it should open objectively with facts, not feelings, however as @terencehuynh said, it may be too late to change too much of the wording as it has been signed as it is.

[cailyoung]

I think given that the signatories added their signature to this letter with its current wording it would be potentially deceptive to radically alter it after the fact.

Speaking for myself, I am personally fine with the tone.

There are many other places that a more structured argument can be made.

[cailyoung]

Perhaps a second page with a more concrete argument and a link from the letter would achieve this without invalidating the signatures?

[parsect]

@cailyoung a link to a mainstream petition on say change.org with less confronting wording where anyone including those not on twitter or with no git fu can sign. If it is done quickly enough there will be 10,000s of signatures and it will get coverage.

[gregdavisd]

An IT worker could be faced with having to do espionage without the ability to contact a lawyer. That doesn't mean they'll have no legal advice because there could be an existing pool of knowledge that applies. Approach this by going down the rabbit hole, a code of conduct could be made for handling these notices. At a minimum a tech company should have two teams, one to make systems that compromise privacy and another team that will oversee everything and make as much objections as possible. Effectively, each operation would have a prosecution and a defence team.

On the tech side gathered intelligence should be subject to deniable authentication https://en.wikipedia.org/wiki/Deniable_authentication. That means multiple parties will have to be happy before gathered intelligence could be considered verified. I.e. the attacking team would have to be happy that their systems were running without error and the defence team would have to be happy that no breaches were made before they add the missing pieces to verify the intelligence.

Possibly the most important part would be producing a price charter for services to the police. An IT worker or organisation could have their reputation ruined and become the target of terrorists groups and criminals. So the idea that such work would be performed under a voluntary arrangement or under threat of jail time is ridiculous.

Upfront costs: For a particular service, 25% of the value of the company plus a paid insurance policy to cover potentially lost revenue from attacks being exposed by police or the legal system. To be paid upfront otherwise no work will be done.

All these expenses have risk factored into them, i.e. the risk that an organisation could be ruined or an IT worker could find themselves unemployed for the rest of their lives.
For a system to unlock a chat room should be $100,000 per request, plus $10,000 per line of text recovered. A line of text would be everything up to the EOL or 60 characters. So a particularly long line of text could count as multiple lines.

To recover an image should cost at least $1,000,000.

Minimum of $250,000 per team, attack team, defence team, compliance team etc., for auditing and authentication, non-refundable, this cost could be higher if it requires more effort to perform.

Any other costs people can think of would be up for discussion. The government should also pay relocation and security expenses if a worker is compromised and has to go into hiding.

[cyphar]

(I'm not a lawyer.)

This is part of what I was getting at with #98. There needs to be a better argued statement of what the issues are with the bill, and why technology companies rightly are feeling very nervous about it. Unfortunately I've seen quite a lot of people spreading incorrect opinions on a law, which is quite dangerous since it can result in our legitimate concerns not being taken seriously.

Here is an example in this thread (and I've seen it said elsewhere):

An IT worker could be faced with having to do espionage without the ability to contact a lawyer.

This is simply not true. There is common law that legal advice is generally something you have access to, even under gag orders, because of attorney-client privilege. Not only that, but the law explicitly says that you can contact a lawyer about a notice to get legal advice under §317ZF(3)(e).

Possibly the most important part would be producing a price charter for services to the police.

For TCNs there is an "acceptable costs negotiator" §317T(12). Maybe there should be a charge for other notice types, but you are forgetting that after a capability has been provided the police could just subpoena the information (or get a new-fangled "computer access warrant" which was passed in the same law).

I also, as an Australian, don't think it's at all reasonable that large companies like Facebook get paid such exorbitant amounts of money by our government. I'd much prefer my taxes go towards more useful things for our society, rather than a form of business insurance for companies like Facebook which make more than enough money already (and many of them make said money by violating our privacy).

Remember that when the government pays for something, it's not coming out of their salaries -- it's coming out of your taxes (and the other economic instruments that governments can use).

The government should also pay relocation and security expenses if a worker is compromised and has to go into hiding.

Why would a worker have to go into hiding? They were obeying a legal order from the government. Yes, this is a problem for many reasons, but the worker didn't commit a crime and now needs to go into protective custody -- quite the opposite, they were obeying a law (one that I happen to disagree with, but it is a law).

---

As a signatory, I signed it because I agreed with the general point. If it's necessary for us to drop all the signatories in order to give a better argument (which we should be giving -- the current open letter is not good at arguing the point) then we should drop them, write a better argument and ask people to re-sign it.