The recommendations come in a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) which is inquiring into the Government’s Assistance and Access Act 2018, which was pushed through the Senate on December 6 last year.
Organisations co-authoring the submission include Communications Alliance, the Australian Industry Group (Ai Group), the Australian Information Industry Association (AIIA), the Australian Mobile Telecommunications Association (AMTA), the Information Technology Professionals Association (ITPA) and Digital Industry Group Inc. (DIGI).
- Create a warrant-based system to provide judicial consent to Notices issued by security agencies to communications providers under the legislation (as was also recommended in the Labor amendments);
- Clearly articulate and narrow the limits of what agencies can request of designated communications providers to reduce the risk of the creation of back-doors by agencies putting national cybersecurity at greater risk;
- Raise the threshold of criminal acts that the legislation can be used to combat and thus avoid less serious activities being captured by the new surveillance capabilities;
- Close a number of ambiguities and loopholes in the legislation, including one that allows the Government to access the metadata of journalists without obtaining a Special Journalist Warrant;
- Reduce the risks flowing from agencies’ power to order that surveillance software be installed in devices or services;
- Strengthen the obligation on Government to consult with communications providers before issuing them with Notices requiring them to take anti-encryption measures; and
- Ensure that providers are not required to comply with the new legislation if doing so would place them in breach with foreign law.
”This bill was rushed through Parliament in flawed condition and we look forward to the Government honouring its public commitment to have further amendments considered, in the interests of the cybersecurity of all Australians,” said Communications Alliance chief executive John Stanton.
ITPA director Robert Hudson said: "The legislation shows a blatant disregard for and misunderstanding of how the Internet works, how online encryption operates and is used to secure millions of legitimate communications every day, and will almost certainly not prevent a single act of terrorism, child abuse or other serious crime that couldn't have been prevented otherwise.
“Instead, the privacy and security of law-abiding citizens is now almost certain to be compromised for commercial, criminal or other non-legitimate purposes as tools prove to be as useful as a chocolate teapot for the purpose they were developed for, and instead are released or leaked into the hands of those who would do us harm."
In other comment on the proposed legislation, Kishwar Rahman, AIIA general manager of Policy, said, “the proposed powers are unprecedented, their remit unnecessarily broad, and whilst the consequences of their use are completely unknown, what is known is that the legislation is likely to cause greater issues than it purports to solve.”
Ai Group chief executive Innes Willox, said: “The extent of the impact of this legislation on industry and the broader community remains paradoxically poorly understood. It is urgent to minimise and clarify these impacts through sensible amendments and engagement with the wide range of affected industries.”