Home Government Tech Policy Telco bodies, AIIA warn encryption bill could weaken Australia's security
Telco bodies, AIIA warn encryption bill could weaken Australia's security Pixabay Featured

The Federal Government's draft encryption bill could seriously damage Australia’s — and international — cyber security and, would act contrary to its stated aim of increasing security for Australians, a submission jointly made by the telco industry body Communications Alliance, the Australian Information Industry Association and the Australian Mobile Telecommunications Association claims.

Ten public submissions have been posted on the website of the Department of Home Affairs, with a statement that the submitters were agreeable to having these published, and more would follow. The period for public comment on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ended on 10 September after the draft was released on 14 August.

Home Affairs Minister Peter Dutton introduced the bill into Parliament on Thursday last week. The Labor Party has advised caution on proceeding with the bill, while the Greens have said that Australian cyber security "will be significantly diminished by undermining the fundamental principles of end-to-end encryption". The BSA, the software alliance, a group representing dozens of big software companies, apart from Google and Facebook, has urged judicial oversight and a challenge mechanism for the bill.

The three industry bodies said the bill "not only creates a schism between security and safety on the one hand and privacy rights on the other, it also — and potentially even more importantly — creates friction between security/safety for the purpose of law enforcement and crime prevention, and security/safety of electronic products and services and, consequently, for our everyday digital lives".

They described the legislation as being ambiguous in many places, and claimed it lacked definition and clarity in what it was trying to achieve.

"The lack of clarity and detail raises significant concerns around intent, actual implementation and, ultimately, legislative overreach. The extraordinarily broad application to almost any person or organisation that has dealings with electronic products and services, irrespective of their location, and the extremely wide scope of acts and things that can be requested of those actors further increase concerns of legislative overreach," CA, AIIA and AMTA said.

In addition, the three organisations said, the extra-territorial reach of the bill was "unprecedented".

"Not only does it have the potential to generate anti-competitive outcomes and to create disincentives for providers to offer products and services to Australians, it also creates significant risks for Australian providers to breach laws in foreign jurisdictions when they are taking action as a result of the requirements of the Bill," they said.

Under the draft bill, companies will be initially requested to co-operate with law enforcement; if they do not, the pressure will be stepped up to force them to help.

First, there will be a “technical assistance request” that allows voluntary help by a company. The staff of the company will be given civil immunity from prosecution.

Next, an interception agency can issue a “technical assistance notice” to make a communications provider offer assistance.

Finally, a “technical capability notice” can be issued by the Attorney-General at the request of an interception agency. This will force a company to help law enforcement, by building functionality.

CA, AIIA and AMTA said these notice processes were "prone to the exercise of bias" and lacked a mechanism for independent assessment.

"Equally concerning is the lack of strong judicial oversight of a piece of legislation that has the potential to significantly impact on society’s overall security and the privacy of individuals," the trio added.

They said given that the bill sought to traverse new ground and to set international precedents, it was imperative that there was a clearly stated reason as to why it was needed, adding that once consensus was reached, the law should be done right keeping in mind Australia's international obligations and the norms of peer nations.

"It is imperative that the legislation does not weaken existing cyber security structures, carefully balances security and privacy considerations, minimises unintended consequences, and it should be developed within a more holistic framework around cyber security, data retention, network security, interception and privacy."

The submission, made on 7 September, urged "further consultation (and work on the development of practical measures and their implementation" before the bill was introduced into Parliament.

CDAO SYDNEY TURNS 5 IN 2019

With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda

REGISTER HERE!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect