Burgess released a statement on Wednesday, listing seven myths which, he said, had been spread about what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. (Burgess calls it the TOLA Act). But in trying to shoot them down, he appears to have advanced some myths of his own.
First to the 5G business: Burgess was quoted by The Australian in October as saying in what many dubbed a major speech: “The distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network."
This was advanced as justification for banning Chinese telecommunications companies Huawei and ZTE from a role in Australia's 5G rollout.
But to the matter at hand: myths. The first one that Burgess claimed was being spread was that the information of individuals is no longer safe. In support of this, he stated the bleeding obvious: "If you are using a messaging app for a lawful purpose the legislation does not affect you."
I have done my fair share of writing and commenting on the encryption law, but have never seen any claim like this. Not sure where Burgess got that one.
The second myth Burgess says is being spread is that agencies get unfettered power under the law. As warrants can give one access to phone calls, there is no difference if they allow access to encrypted communications, runs his argument.
There are three new powers in the law which force individuals or companies/organisations to build in backdoors into devices or software. Fines or prison beckon for those who resist. And this is not extreme power?
What can law enforcement gain from encrypted content that it cannot deduce from metadata – which, few will inform the public, cannot be encrypted? (Emphasis mine).
As to unfettered power, let me digress a bit. When Australia passed the metadata retention law in 2015, we were assured that only the 20 or so agencies authorised to access it would be allowed to do so. But last month, Communications Alliance chairman John Stanton provided a list of some 80 agencies which had sought access. Open slather would be a gross understatement.
Who's to guarantee a repeat won't occur with this law too?
Flying in the face of statements from variously highly qualified technical experts, Burgess claims that the security of the Internet is not under threat because of the law. But when vulnerabilities are introduced, they are accessible both to the law-abiding citizen and the crook. Claiming that such vulnerabilities are "highly targeted" is a red herring, because nobody can predict the impact of a software change and all its possible ramifications.
A hint to Burgess: just call your counterparts at the NSA and ask them about the Shadow Brokers.
While tech companies themselves have been saying that the law will force them offshore, Burgess dismisses this, saying that Australia is not the first to pass such a law, the UK went first. True, but the UK has a bill of rights, which Australia lacks. Also, some part of the UK bill has now been struck down. And though the UK bill was passed in 2016, it has yet to be used. Why, one wonders. [iTWire has a story this morning from an unnamed firm which is planning to move operations from January.]
The next myth being spread, avers Burgess, is, "There is no way to be sure that the communications of Australians won’t be jeopardised." Here he cites oversight from the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman as mitigating factors, as also the review by former judicial officials and a techie who is certified by ASIO. Why not have a sitting judge? And why have a techie certified by ASIO – who is almost certain to be an ex-ASIO man/woman? Since when did the Commonwealth Ombudsman have oversight of intelligence agencies?
The next myth is, again, one I have never heard: that ASD will be able to spy on Australians. ASIO is doing an excellent job of that, along with all the other law enforcement agencies we have. This, again, seems to be a red herring.
The final myth that Burgess set out to bust is that the reputation of Australian tech companies will suffer. Here he tries to draw a difference between what Australia has meted out to Huawei and the impact that the law will have on Australia. Others, like Andrew Hastie, the head of the Parliamentary Joint Committee on Intelligence and Security, have run a similar argument based on the reasoning that Australia is a democracy and China is a dictatorship.
But this reasoning is fallacious as pointed out by Francis Galbally, the chairman of encryption technology firm Senetas, a company which exports a sizeable portion of the $3.2-billion-odd Australian tech exports each year. During a hearing of the PJCIS, he responded to Hastie, saying: "With respect, Chair, you say there's no equivalent, and I agree, it's not equivalent, but I can tell you other countries take a different view. At the moment, as we stand in the world, Australia is regarded as the most trustworthy country in the world for cyber security products, bar none.
"There are countries in the world that don't trust the US. There are countries in the world that don't trust Israel. There are countries that don't trust Singapore. There are countries in the world that don't trust other countries for all sorts of reasons. Australia stands up as the most trustworthy.
"That's why we've been able to sell our products into more than 40 countries around the world. That's why even eastern European countries use our products for their secret service protection; we're trusted. This bill gives a perception of mistrust, and whatever you say, whether it's really going to apply to us or not or whether there's a democracy or not, it gives a perception of mistrust."
Trust. Perhaps Burgess should spend some time trying to understand that concept.