In a 57-page submission to an inquiry into the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018, Home Affairs said some in the IT industry were also claiming that, due to these concerns, investors had been reluctant to invest in the domestic communications and tech markets.
The department said its communications materials would:
- "accurately communicate the intended purpose and effect of the legislation;
- "address the core concerns of industry and investors; and
- "provide practical examples for how the key measures and safeguards will operate, and the potential impact on different stakeholders."
It also claimed that the new law did not impose any standing obligations on industry or require changes in business practices or product development.
"[The law does not] undermine the security of devices or networks, allow for the construction of decryption capabilities or so-called ‘backdoors’, require companies to jeopardise information security for innocent users or require employees of companies to work in secret without their employer’s knowledge," the submission said.
A review of the encryption law was begun by the Parliamentary Joint Committee on Intelligence and Security as soon as it was passed, on 6 December 2018, with a reporting date of 3 April. It was expected to provide some solace to the technology industry.
But the PJCIS kicked the issue down the road, asking the Independent National Security Legislation Monitor, Dr James Renwick, to review the law and report back by 1 March 2020. The PJCIS will then submit a report to Parliament by 13 April 2020.
The Commonwealth Ombudsman has recommended that the power given to Home Affairs Minister Peter Dutton to redact its reports on the law be removed, but the Home Affair submission defended this by saying it had been created to protect "sensitive information" provided by industry from public disclosure.
"The AFP has raised concerns regarding the need to continue to protect sensitive information from public disclosure in the event of a legislative amendment to remove this power. The Department understands an alternative to the Minister’s redaction power may be to undertake conditional vetting between the Ombudsman and agencies prior to publication. This will leverage the constructive relationships shared by law enforcement agencies and the Ombudsman," the submission said.
It brushed aside the numerous concerns expressed by both Australian and foreign individuals and entities, saying, "International companies and investors looking to engage in the domestic market should have confidence that the legislation establishes no standing obligations on industry, and does not, or indeed cannot, undermine the security of products and devices."
It claimed the law was "supported by strong safeguards and oversight measures that protect business interests and the privacy of Australians, maintains the security of the digital ecosystem and ensure the powers are exercised responsibly".
And it concluded that, "The operation of the Assistance and Access Act to date indicates that overall, the current key settings afford an appropriate balance between the operational needs of agencies, the protection of civil liberties and the interests of providers."