Home Government Tech Policy Privacy, rights groups urge politicians to reject bill
Privacy, rights groups urge politicians to reject bill Pixabay Featured

A group of privacy and rights organisations have called on Australian politicians to reject the encryption bill which was introduced into Parliament last week, as it creates insecurity by design which will get in the way of Australian companies who seek to do business in European markets.

The organisations said rejecting the bill was recommended "as this is the most appropriate response to the exposure draft in the opinion of the authors of this submission".

The organisations represented in this submission, among the 10 which have been published by the Department of Home Affairs, are the Australian Privacy Foundation, Digital Rights Watch, Electronic Frontiers Australia, Future Wise, The Queensland Council for Civil Liberties, The New South Wales Council for Civil Liberties, Access Now, and Blueprint for Free Speech.

The Department of Home Affairs said the submitters were agreeable to having their submissions published, and that more would follow. The period for public comment on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ended on 10 September after the draft was released on 14 August.

Home Affairs Minister Peter Dutton introduced the bill into Parliament on Thursday last week. The Labor Party has advised caution on proceeding with the bill, while the Greens have said that Australian cyber security "will be significantly diminished by undermining the fundamental principles of end-to-end encryption".

The BSA, the software alliance, a group representing dozens of big software companies, apart from Google and Facebook, has urged judicial oversight and a challenge mechanism for the bill. And three big organisations representing the telecommunications industry, the mobile device makers and Australian IT organisations have warned that cyber security, at large, would be harmed by the bill.

The rights and privacy groups said they had many concerns with the draft bill, in particular that it:

  • "Introduces a seemingly scopeless definition of 'designated communication providers';
  • "Increases the obligations on communication providers to assist with law enforcement agencies;
  • "Introduces covert computer access warrants enabling law enforcement to search computers and electronic devices without an individual’s knowledge; and
  • "Increases the powers of law enforcement to use and apply the currently available search and seizure warrants."

They highlighted the lack of oversight of new powers granted to the director-general of security, the chief officer of an interception agency and the attorney-general to issue new types of orders which could, both directly and indirectly, force communications and technology companies to provide information about how networks are built and how information is stored, or to directly access encrypted data if they had a key.

"Taking this further, the Bill also grants the power to compel companies to engage in actively building new tools and mechanisms at the request of law enforcement agencies," the submission said.

While the right to challenge such orders in court was possible, the process had not been defined, the group said. And as far as the orders issued by the authorities cited earlier went, there was no restriction apart from the requirement that they be "reasonable and proportionate".

The draft bill contains language that is ambiguous, as iTWire  has pointed out on the day it was issued, specifically the use of the word systemic.

It says: "A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

But the word "systemic" is not defined at any place in the draft.

The rights and privacy bodies also pointed to this lack of specific definitions, saying the draft did not appear to be limited by what “assistance” organisations could be ordered to provide.

"The government claims the legislation specifically forbids activities that would provide a ‘systemic weakness or vulnerability’ into an encrypted system. However, the kind of operation that the government is planning doesn’t require an active creation of a weakness, instead opting for an end-point activation," the submission said.

"Most encrypted services allow you to have multiple devices such as a phone and a computer, which can be end-to-end encrypted between all endpoints. If the government could secretly add a new device to that conversation without your knowledge, it would be building a new door into that encrypted communication."

The scope of the draft bill was so wide, that even companies with little connection to Australia could face fines, the submission claimed. It pointed out that any organisation that did not toe the line on a notice, could be fined $10 million, while an individual could be out of pocket by $50,000 and also face up to 10 years in prison.

The submission contains 35 recommendations. Contributors to the submission included Dr Adam Molnar, Lizzie O’Shea, Dr Monique Mann, Angus Murray, Peter Tonoli, Bruno Watt and Dr Suelette Dreyfus.

REASON TO CHOOSE TENDA MESH WIFI

Our Mesh WiFi system MW3 is the first in Australia market with price below AUD$200 for a set of three.

· Best valued product
· Strong signal covering up to 300m2 for MW3 and 500m2 for MW6
· Aesthetically pleasing and light weigh (blend into any room deco)
· Wireline backhauls supported
· Product units are pre-paired and easy to setup
· Not requiring phone number or email address to set up
· Wall penetration (better than other similar brands)
· Seamless WiFi roaming
· User friendly app with controls to setup a guest network, parental controls for disabling groups of devices you allocate to individuals, QoS and more

CLICK FOR MORE INFO!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect