After viewing the recommendations handed down by the Parliamentary Joint Committee on Intelligence and Security, Stanton told iTWire they appeared to address a number — but not all — of the issues that had been raised by CA when it testified before the committee.
Labor and the government struck a deal on Wednesday to pass the bill, officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, on Thursday, the last sitting day of Parliament for the year. Some 50 pages of amendments were handed to the various parties early this morning before debate on the bill began.
Stanton said a final opinion depended on how the government responded to the PJCIS' recommendations. "We need, of course, to see how the government responds, whether they accept all recommendations and how they translate that acceptance, or otherwise, into the language of amendments," he said.
There are three ways listed in the bill by which law enforcement can get industry to aid in breaking encryption. A technical assistance request or TAR allows for voluntary help by a company; its staff will be given civil immunity from prosecution.
Or an interception agency can issue a technical assistance notice or TAN to make a communications provider offer assistance based on existing functionality.
Finally, a technical capability notice or TCN can be issued by the attorney-general at the request of an interception agency. This will force a company to help law enforcement, by building functionality.
On Wednesday, Stanton had pointed to some issues around the TANs. Today he said these issues were still not resolved, adding that the best thing would be to remove TANs from the bill altogether.
He also said there needed to be a warrant framework for both TANs and TCNs – "some form of judicial oversight is imperative, given the risks involved". Plus, he added, one also needed to see what kind of definition emerged for the term systemic weakness.
Commenting on some of the recommendations, Stanton said the extension of the systemic weakness prohibition to TARs was a positive. "We welcome any improvement in notification and reporting requirements around notices, but we need to see the detail, particularly regarding extensions or variations of notices (the latter of which have no real controls around them in the current bill."
Regarding the TANs having a tiered approval system when they come from the states, with the AFP commissioner approving them, he said this sounded like an improvement. "But [there] is no substitute for explicit approval by the attorney-general and the need to obtain a warrant, which is what is needed," he added.
Stanton saw the added oversight of the communications minister for a TCN as a positive change.
As to the defining of what a systemic weakness is, he said leaning towards the definition offered by ASD chief Mike Burgess was less ludicrous as a starting point than the definition put forward by Attorney-General Christian Porter, who said on Tuesday: "...it is a weakness that would affect all applications on all devices at any given single point in time".
On the systemic weakness limitation being extended to cover all listed acts or things in the bill, Stanton said it was better than the original draft, which handed a blank cheque to enforcement agencies to order communications providers to do anything the agencies wanted.
Another recommendation was that two people investigate whether a TCN is workable, these being a technically qualified person approved by ASIO and a judge. Stanton said he would prefer that industry play a some kind of role in selecting the tech expert.
But the bigger issue with this was that it did not apply to TANs and this was one of the key remaining problems.
"So, on balance, there are still major problems with this bill, which must be addressed," Stanton said.
"But I have to pay credit to the PJCIS, which has understood and tried to address some of the flaws. The sad part is that the government behaved so poorly in putting pressure on the committee. The PJCIS should have been given time to complete its work."