Sunday, 23 September 2018 07:32

Privacy, rights groups urge politicians to reject bill Featured

Privacy, rights groups urge politicians to reject bill Pixabay

A group of privacy and rights organisations have called on Australian politicians to reject the encryption bill which was introduced into Parliament last week, as it creates insecurity by design which will get in the way of Australian companies who seek to do business in European markets.

The organisations said rejecting the bill was recommended "as this is the most appropriate response to the exposure draft in the opinion of the authors of this submission".

The organisations represented in this submission, among the 10 which have been published by the Department of Home Affairs, are the Australian Privacy Foundation, Digital Rights Watch, Electronic Frontiers Australia, Future Wise, The Queensland Council for Civil Liberties, The New South Wales Council for Civil Liberties, Access Now, and Blueprint for Free Speech.

The Department of Home Affairs said the submitters were agreeable to having their submissions published, and that more would follow. The period for public comment on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ended on 10 September after the draft was released on 14 August.

Home Affairs Minister Peter Dutton introduced the bill into Parliament on Thursday last week. The Labor Party has advised caution on proceeding with the bill, while the Greens have said that Australian cyber security "will be significantly diminished by undermining the fundamental principles of end-to-end encryption".

The BSA, the software alliance, a group representing dozens of big software companies, apart from Google and Facebook, has urged judicial oversight and a challenge mechanism for the bill. And three big organisations representing the telecommunications industry, the mobile device makers and Australian IT organisations have warned that cyber security, at large, would be harmed by the bill.

The rights and privacy groups said they had many concerns with the draft bill, in particular that it:

  • "Introduces a seemingly scopeless definition of 'designated communication providers';
  • "Increases the obligations on communication providers to assist with law enforcement agencies;
  • "Introduces covert computer access warrants enabling law enforcement to search computers and electronic devices without an individual’s knowledge; and
  • "Increases the powers of law enforcement to use and apply the currently available search and seizure warrants."

They highlighted the lack of oversight of new powers granted to the director-general of security, the chief officer of an interception agency and the attorney-general to issue new types of orders which could, both directly and indirectly, force communications and technology companies to provide information about how networks are built and how information is stored, or to directly access encrypted data if they had a key.

"Taking this further, the Bill also grants the power to compel companies to engage in actively building new tools and mechanisms at the request of law enforcement agencies," the submission said.

While the right to challenge such orders in court was possible, the process had not been defined, the group said. And as far as the orders issued by the authorities cited earlier went, there was no restriction apart from the requirement that they be "reasonable and proportionate".

The draft bill contains language that is ambiguous, as iTWire  has pointed out on the day it was issued, specifically the use of the word systemic.

It says: "A technical assistance notice or technical capability notice must not have the effect of:

"(a) requiring a designated communications provider to implement or build a systemic weakness, or a systemic vulnerability, into a form of electronic protection; or

"(b) preventing a designated communications provider from rectifying a systemic weakness, or a systemic vulnerability, in a form of electronic protection." (emphasis added)

But the word "systemic" is not defined at any place in the draft.

The rights and privacy bodies also pointed to this lack of specific definitions, saying the draft did not appear to be limited by what “assistance” organisations could be ordered to provide.

"The government claims the legislation specifically forbids activities that would provide a ‘systemic weakness or vulnerability’ into an encrypted system. However, the kind of operation that the government is planning doesn’t require an active creation of a weakness, instead opting for an end-point activation," the submission said.

"Most encrypted services allow you to have multiple devices such as a phone and a computer, which can be end-to-end encrypted between all endpoints. If the government could secretly add a new device to that conversation without your knowledge, it would be building a new door into that encrypted communication."

The scope of the draft bill was so wide, that even companies with little connection to Australia could face fines, the submission claimed. It pointed out that any organisation that did not toe the line on a notice, could be fined $10 million, while an individual could be out of pocket by $50,000 and also face up to 10 years in prison.

The submission contains 35 recommendations. Contributors to the submission included Dr Adam Molnar, Lizzie O’Shea, Dr Monique Mann, Angus Murray, Peter Tonoli, Bruno Watt and Dr Suelette Dreyfus.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Sam Varghese

Web Analytics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News