Sunday, 23 September 2018 07:32

Privacy, rights groups urge politicians to reject bill Featured

By
Privacy, rights groups urge politicians to reject bill Pixabay

A group of privacy and rights organisations have called on Australian politicians to reject the encryption bill which was introduced into Parliament last week, as it creates insecurity by design which will get in the way of Australian companies who seek to do business in European markets.

The organisations said rejecting the bill was recommended "as this is the most appropriate response to the exposure draft in the opinion of the authors of this submission".

The organisations represented in this submission, among the 10 which have been published by the Department of Home Affairs, are the Australian Privacy Foundation, Digital Rights Watch, Electronic Frontiers Australia, Future Wise, The Queensland Council for Civil Liberties, The New South Wales Council for Civil Liberties, Access Now, and Blueprint for Free Speech.

The Department of Home Affairs said the submitters were agreeable to having their submissions published, and that more would follow. The period for public comment on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ended on 10 September after the draft was released on 14 August.

Home Affairs Minister Peter Dutton introduced the bill into Parliament on Thursday last week. The Labor Party has advised caution on proceeding with the bill, while the Greens have said that Australian cyber security "will be significantly diminished by undermining the fundamental principles of end-to-end encryption".

The BSA, the software alliance, a group representing dozens of big software companies, apart from Google and Facebook, has urged judicial oversight and a challenge mechanism for the bill. And three big organisations representing the telecommunications industry, the mobile device makers and Australian IT organisations have warned that cyber security, at large, would be harmed by the bill.

The rights and privacy groups said they had many concerns with the draft bill, in particular that it:

  • "Introduces a seemingly scopeless definition of 'designated communication providers';
  • "Increases the obligations on communication providers to assist with law enforcement agencies;
  • "Introduces covert computer access warrants enabling law enforcement to search computers and electronic devices without an individual’s knowledge; and
  • "Increases the powers of law enforcement to use and apply the currently available search and seizure warrants."

They highlighted the lack of oversight of new powers granted to the director-general of security, the chief officer of an interception agency and the attorney-general to issue new types of orders which could, both directly and indirectly, force communications and technology companies to provide information about how networks are built and how information is stored, or to directly access encrypted data if they had a key.

"Taking this further, the Bill also grants the power to compel companies to engage in actively building new tools and mechanisms at the request of law enforcement agencies," the submission said.

While the right to challenge such orders in court was possible, the process had not been defined, the group said. And as far as the orders issued by the authorities cited earlier went, there was no restriction apart from the requirement that they be "reasonable and proportionate".

The draft bill contains language that is ambiguous, as iTWire  has pointed out on the day it was issued, specifically the use of the word systemic.

It says: "A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

But the word "systemic" is not defined at any place in the draft.

The rights and privacy bodies also pointed to this lack of specific definitions, saying the draft did not appear to be limited by what “assistance” organisations could be ordered to provide.

"The government claims the legislation specifically forbids activities that would provide a ‘systemic weakness or vulnerability’ into an encrypted system. However, the kind of operation that the government is planning doesn’t require an active creation of a weakness, instead opting for an end-point activation," the submission said.

"Most encrypted services allow you to have multiple devices such as a phone and a computer, which can be end-to-end encrypted between all endpoints. If the government could secretly add a new device to that conversation without your knowledge, it would be building a new door into that encrypted communication."

The scope of the draft bill was so wide, that even companies with little connection to Australia could face fines, the submission claimed. It pointed out that any organisation that did not toe the line on a notice, could be fined $10 million, while an individual could be out of pocket by $50,000 and also face up to 10 years in prison.

The submission contains 35 recommendations. Contributors to the submission included Dr Adam Molnar, Lizzie O’Shea, Dr Monique Mann, Angus Murray, Peter Tonoli, Bruno Watt and Dr Suelette Dreyfus.

LEARN HOW TO BE A SUCCESSFUL MVNO

Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments