Friday, 10 July 2020 08:19

Monitor's report says encryption law needs just a couple of changes

Monitor's report says encryption law needs just a couple of changes Image by OpenClipart-Vectors from Pixabay

The Independent National Security Legislation Monitor, Dr James Renwick, says in a 316-page review handed down on 30 June that, with a couple of exceptions, the encryption law, known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, passed by Australia in December 2018, is necessary.

Dr Renwick said the first exception was that schedule 1 of the legislation should be amended to extend technical assistance requests (TARs), technical assistance notices (TANs) and technical capability notices (TCNs) to integrity agencies, including any future Commonwealth Integrity Commission.

The TCN is one way listed in the legislation whereby law enforcement can get industry to aid in breaking encryption.

A TAR allows for voluntary help by a company; its staff will be given civil immunity from prosecution.

An interception agency can then issue a TAN to make a communications provider offer assistance based on existing functionality.

The TCN can be issued by the Attorney-General at the request of an interception agency. This will have to be also approved by the Communications Minister and will force a company to help law enforcement, by building functionality.

However a TCN cannot demand the decryption of information or removal of electronic protection in any system.

The second exception cited by Dr Renwick was in schedule 5 of the legislation where Dr Renwick said one aspect of the voluntary assistance power and corresponding civil immunity in s21A(1) of the Australian Security Intelligence Organisation Act 1979 (Cth) (ASIO Act) was unnecessary and should be amended.

"As to proportionality and proper rights protection, TOLA (the law) will be compliant if, but only if, the central recommendations in this report are implemented," he said. "Most importantly, Schedule 1 should be amended to:

  • "a. remove the power from agency heads to issue TANs and from the Attorney-General to approve TCNs;
  • "b. vest those issuing and approval powers in the Administrative Appeals Tribunal in a way which will preserve and protect both classified and commercial-in-confidence material and allow independent rulings on technical questions such as ‘systemic weakness’ (definitions which, among others, should be amended); and
  • "c. create a new statutory office – the Investigatory Powers Commissioner. The IPC should be a retired judge who will be appointed to the AAT and have access to technical advice. The IPC will assist in approving the issue of TANs and TCNs (as above) while monitoring the operation of Schedule 1 and issuing guidelines. (This can be done with minimal expense.)"

Dr Renwick's report is expected to inform the deliberations of the Parliamentary Joint Committee on Intelligence and Security which has to submit its final report on the law by 30 September.

Only after that will the government consider any changes. A review was instituted by the PJCIS as soon as it was passed, with a reporting date of 3 April 2019. It was expected to make changes that would provide some solace to the technology industry.

But the panel then put off taking any decision, instead asking Dr Renwick to review the law and report back by 1 March. That date was pushed out to 30 June due to the lack of submissions that Dr Renwick received.

In his report, Dr Renwick said he had recommended that there be no change to the way TARs are agreed on between an interception agency and a designated communications provider (DCP) and the manner in which the agreement enables the agency concerned to issue a TAR.

"A related key point is the distinction between TANs and TCNs, which provide technical ‘access’; and warrants (and other similar instruments), which provide ‘content’," he pointed out. "TANs and TCNs do not provide the authority to obtain content from a DCP without an underlying warrant, and the government has submitted that these notices are merely a mechanism to ensure that whatever data is obtained under a lawful warrant is accessible and comprehensible to the interception agency. I have not accepted the government’s argument as to the distinction in this regard."

Dr Renwick noted that his view was that more safeguards were needed in the virtual world. He quoted Professor Peter Leonard from the Law Council of Australia in this regard: "In the digital world, digital trust of citizens is affected by activities that may not relate to their specific digital activities. So we always need to consider, as we look at the digital world, the effect on broader digital trust of citizens, and potentially undermining that trust. Now, often a degree of undermining that trust will be justified in national security or law enforcement, but I do think that you can’t take the digital world as an exact analogue of the physical world, because of that different nature of the digital system."

Subscribe to Newsletter here

WEBINAR 12 AUGUST - Why is Cyber Security PR different?

This webinar is an introduction for cyber security companies and communication professionals on the nuances of cyber security public relations in the Asia Pacific.

Join Code Red Security PR Network for a virtual conversation with leading cyber security and ICT journalists, Victor Ng and Stuart Corner, on PR best practices and key success factors for effective communication in the Asian Pacific cyber security market.

You will also hear a success story testimonial from Claroty and what Code Red Security PR has achieved for the brand.

Please register here by 11 August 2020 and a confirmation email, along with instructions on how to join the webinar will be sent to you after registration.

Aug 12, 2020 01:00 PM in Canberra, Melbourne, Sydney. We look forward to seeing you there!



It's all about Webinars.

These days our customers Advertising & Marketing campaigns are mainly focussed on Webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

For covid-19 assistance we have extended terms, a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.





Guest Opinion

Guest Interviews

Guest Reviews

Guest Research & Case Studies

Channel News