The changes were sought in a submission made to the review of the legislation — known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 — that is being conducted by the Parliamentary Joint Committee on Intelligence and Security. The PJCIS is expected to submit a report to government by 3 April.
Among the firms signing on to the submission were Airtree, Atlassian, Blackbird, Brighte, Culture Amp, Canva, Freelancer, Girl Geek Academy, Safety Culture, Square Peg Capital, Tech Sydney, WiseTech Global and 99designs.
Under the law, there are three ways listed by which the authorities can get industry to aid in gaining access to encrypted material. A technical assistance request (TAR) allows for voluntary help by a company; in this case, its staff would be given civil immunity from prosecution.
Finally, a technical capability notice (TCN) can be issued by the attorney-general at the request of an interception agency; the communications minister of the day would also need to agree. This will force a company to help law enforcement, by building functionality.
One of the changes sought in the submission is the removal of the possibility of issuing a TCN to an individual as this was a major concern for the technology sector.
Such an individual would then face tough penalties if he or she told their fellow workers about it. "It is our understanding after consultation with Home Affairs that this is not the intention of the Act, yet we believe that removing the possibility from the legislation would do a lot to reassure the tech sector that such action will not occur," Alex McCauley, chief executive of StartupAUS, wrote.
The submission also called for narrowing the definition of who could be called a designated communications provider, pointing out that the term encompassed any provider of electronic services with one or more end-users in Australia.
"Effectively, this includes any technology provider that offers technology designed to connect to the Internet, whether or not the service is designed to support communications as a market segment," McCauley said.
The definition should be narrowed to reflect the nature of the services the government was most interested in: communication providers, he said.
A third change sought was the increasing of oversight and fourth was a limit on the use of the powers provided in the law.
McCauley pointed out that there was no bill of rights in Australia to act as a check on the use of such powers. Given that, he said: "The government must include an objective, merits-based review to ensure consistency regarding the exercise of powers under the Act, including further defining key terms that will draw important boundaries around the exercise of powers under the Act and root them in meaningful legal frameworks."
He added that serious offences were defined very broadly in the law. "The result of such a broad definition of serious offence is that rather than the powers under this Act being reserved as a critical measure in times of great need, they will simply fall into regular use as part of the daily toolkit of law enforcement , at significant cost to Australian technology companies, their customers and their products."
And McCauley added: "The definition of ‘serious crime’ should be restricted only to those crimes which are the stated target of the Act, that pose a genuine and serious threat to Australia and its citizens. Further, the ability to exercise powers in furtherance of other countries’ criminal laws should be withdrawn."