Friday, 01 February 2019 05:57

Encryption law: definition of a computer is rather broad, say academics Featured

Encryption law: definition of a computer is rather broad, say academics Pixabay

The debate over the Federal Government's recently passed encryption law is dead serious for the most part, but Melbourne University academics Dr Chris Culnane and Associate Professor Vanessa Teague found something to laugh at in the way the legislation has defined the word "computer".

In a submission to the fresh review that is taking place on the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, Culnane and Teague, who made detailed submissions to the Parliamentary Joint Committee on Intelligence and Security last year, claimed that the definition of 'computer' which had been added to the Surveillance Devices Act was "just funny".

"[According to] 36 Subsection 6(1) (definition of computer) computer means all or part of:

  • "(a) one or more computers; or
  • "(b) one or more computer systems; or
  • "(c) one or more computer networks; or
  • "(d) any combination of the above," they said.

And they added: "So 'computer' could mean 'all or part of one or more computers', which could mean 'all or part of one or more (all or part of one or more computers)s' which could mean 'all or part of one or more (all or part of one or more (all or part of one or more computer networks)s)s, which could mean 'all or part of one or more (all or part of one or more (all or part of one or more (all or part of one or more computer system)s networks)s)s', which could go on forever without telling us much about what 'computer' means."

Culnane and Teague said it could also be interpreted to mean anything on the same network of networks, "which would mean a 'computer access warrant' covers anything on the Internet".

"Next time the Australian parliament chooses to interfere with the most complex logical systems that have ever been devised, we recommend giving at least one computer scientist the opportunity to read the legislation before it is passed through both houses of parliament," they added.

But their submission was not limited to jocularity, also pointing out what they termed were "two examples that show that this legislation is draconian in its provisions and nonsensical in its drafting".

One of these, they said, was the definition of the term "systemic weakness". The definition added the law reads: "systemic weakness means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person."

Culnane and Teague said this allowed "law enforcement to demand modifications that undermine the cyber security of millions of people, as long as something less than 'a whole class of technology' is affected. It addresses concerns about others' security by simply defining the issue away".

A second point they raised concerned forcing a person with knowledge of a computer system to compulsorily assist in an investigation.

"A person who refuses to assist can be jailed for five years. A similar provision now added to the Surveillance Devices Act (2004) allows the innocent person to be jailed for 10 years. There is no exclusion for jeopardising the information or security of others," the two academics pointed out.

"We would like to know whether any MP or Senator stood up in Parliament and seriously advocated jailing innocent Australian technologists, mathematicians, or engineers for refusing to undermine the security of critical Australian infrastructure.

"We are not lawyers, and have heard some more expert legal scholars say that this is probably not the way this clause was intended. If that is the case, it should be repealed and replaced with something that more closely resembles what the MPs of a democracy should support."

The encryption bill became law on 6 December but just 12 days later, the PJCIS said it would begin a fresh review.

The new review has asked for submissions and will submit a report by 3 April.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments