Sunday, 23 September 2018 06:25

Telco bodies, AIIA warn encryption bill could weaken Australia's security Featured

Telco bodies, AIIA warn encryption bill could weaken Australia's security Pixabay

The Federal Government's draft encryption bill could seriously damage Australia’s — and international — cyber security and, would act contrary to its stated aim of increasing security for Australians, a submission jointly made by the telco industry body Communications Alliance, the Australian Information Industry Association and the Australian Mobile Telecommunications Association claims.

Ten public submissions have been posted on the website of the Department of Home Affairs, with a statement that the submitters were agreeable to having these published, and more would follow. The period for public comment on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 ended on 10 September after the draft was released on 14 August.

Home Affairs Minister Peter Dutton introduced the bill into Parliament on Thursday last week. The Labor Party has advised caution on proceeding with the bill, while the Greens have said that Australian cyber security "will be significantly diminished by undermining the fundamental principles of end-to-end encryption". The BSA, the software alliance, a group representing dozens of big software companies, apart from Google and Facebook, has urged judicial oversight and a challenge mechanism for the bill.

The three industry bodies said the bill "not only creates a schism between security and safety on the one hand and privacy rights on the other, it also — and potentially even more importantly — creates friction between security/safety for the purpose of law enforcement and crime prevention, and security/safety of electronic products and services and, consequently, for our everyday digital lives".

They described the legislation as being ambiguous in many places, and claimed it lacked definition and clarity in what it was trying to achieve.

"The lack of clarity and detail raises significant concerns around intent, actual implementation and, ultimately, legislative overreach. The extraordinarily broad application to almost any person or organisation that has dealings with electronic products and services, irrespective of their location, and the extremely wide scope of acts and things that can be requested of those actors further increase concerns of legislative overreach," CA, AIIA and AMTA said.

In addition, the three organisations said, the extra-territorial reach of the bill was "unprecedented".

"Not only does it have the potential to generate anti-competitive outcomes and to create disincentives for providers to offer products and services to Australians, it also creates significant risks for Australian providers to breach laws in foreign jurisdictions when they are taking action as a result of the requirements of the Bill," they said.

Under the draft bill, companies will be initially requested to co-operate with law enforcement; if they do not, the pressure will be stepped up to force them to help.

First, there will be a “technical assistance request” that allows voluntary help by a company. The staff of the company will be given civil immunity from prosecution.

Next, an interception agency can issue a “technical assistance notice” to make a communications provider offer assistance.

Finally, a “technical capability notice” can be issued by the Attorney-General at the request of an interception agency. This will force a company to help law enforcement, by building functionality.

CA, AIIA and AMTA said these notice processes were "prone to the exercise of bias" and lacked a mechanism for independent assessment.

"Equally concerning is the lack of strong judicial oversight of a piece of legislation that has the potential to significantly impact on society’s overall security and the privacy of individuals," the trio added.

They said given that the bill sought to traverse new ground and to set international precedents, it was imperative that there was a clearly stated reason as to why it was needed, adding that once consensus was reached, the law should be done right keeping in mind Australia's international obligations and the norms of peer nations.

"It is imperative that the legislation does not weaken existing cyber security structures, carefully balances security and privacy considerations, minimises unintended consequences, and it should be developed within a more holistic framework around cyber security, data retention, network security, interception and privacy."

The submission, made on 7 September, urged "further consultation (and work on the development of practical measures and their implementation" before the bill was introduced into Parliament.



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.




Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Webinars & Events