Home Open Sauce ASD mythbuster Burgess spreads some myths of his own

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

ASD mythbuster Burgess spreads some myths of his own Pixabay

It is somewhat ironic that the director-general of the Australian Signals Directorate, Mike Burgess, has chosen to vent about so-called myths around the new encryption law, when the man himself has been spreading a myth about 5G technology.

Burgess released a statement on Wednesday, listing seven myths which, he said, had been spread about what is officially known as the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018. (Burgess calls it the TOLA Act). But in trying to shoot them down, he appears to have advanced some myths of his own.

First to the 5G business: Burgess was quoted by The Australian in October as saying in what many dubbed a major speech: “The distinction between core and edge collapses in 5G networks. That means that a potential threat anywhere in the network will be a threat to the whole network."

This was advanced as justification for banning Chinese telecommunications companies Huawei and ZTE from a role in Australia's 5G rollout.

But this was proven false, when a 5G trial in Auckland, conducted jointly by Huawei and New Zealand telco Spark used a Huawei 5G NR (New Radio on both the C-band and mmWave) and a 4G Radio Access Network, both of which were deployed by using dedicated hardware connected to the Cisco Evolved Packet Core, with each component isolated.

The ASD then claimed that Burgess' reference was to more "mature" 5G implementations. That isn't correct either. You can read the claims and the refutation here.

But to the matter at hand: myths. The first one that Burgess claimed was being spread was that the information of individuals is no longer safe. In support of this, he stated the bleeding obvious: "If you are using a messaging app for a lawful purpose the legislation does not affect you."

I have done my fair share of writing and commenting on the encryption law, but have never seen any claim like this. Not sure where Burgess got that one.

unicorn big

The second myth Burgess says is being spread is that agencies get unfettered power under the law. As warrants can give one access to phone calls, there is no difference if they allow access to encrypted communications, runs his argument.

There are three new powers in the law which force individuals or companies/organisations to build in backdoors into devices or software. Fines or prison beckon for those who resist. And this is not extreme power?

What can law enforcement gain from encrypted content that it cannot deduce from metadata – which, few will inform the public, cannot be encrypted? (Emphasis mine).

As to unfettered power, let me digress a bit. When Australia passed the metadata retention law in 2015, we were assured that only the 20 or so agencies authorised to access it would be allowed to do so. But last month, Communications Alliance chairman John Stanton provided a list of some 80 agencies which had sought access. Open slather would be a gross understatement.

Who's to guarantee a repeat won't occur with this law too?

Flying in the face of statements from variously highly qualified technical experts, Burgess claims that the security of the Internet is not under threat because of the law. But when vulnerabilities are introduced, they are accessible both to the law-abiding citizen and the crook. Claiming that such vulnerabilities are "highly targeted" is a red herring, because nobody can predict the impact of a software change and all its possible ramifications.

A hint to Burgess: just call your counterparts at the NSA and ask them about the Shadow Brokers.

While tech companies themselves have been saying that the law will force them offshore, Burgess dismisses this, saying that Australia is not the first to pass such a law, the UK went first. True, but the UK has a bill of rights, which Australia lacks. Also, some part of the UK bill has now been struck down. And though the UK bill was passed in 2016, it has yet to be used. Why, one wonders. [iTWire has a story this morning from an unnamed firm which is planning to move operations from January.]

The next myth being spread, avers Burgess, is, "There is no way to be sure that the communications of Australians won’t be jeopardised." Here he cites oversight from the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman as mitigating factors, as also the review by former judicial officials and a techie who is certified by ASIO. Why not have a sitting judge? And why have a techie certified by ASIO – who is almost certain to be an ex-ASIO man/woman? Since when did the Commonwealth Ombudsman have oversight of intelligence agencies?

The next myth is, again, one I have never heard: that ASD will be able to spy on Australians. ASIO is doing an excellent job of that, along with all the other law enforcement agencies we have. This, again, seems to be a red herring.

The final myth that Burgess set out to bust is that the reputation of Australian tech companies will suffer. Here he tries to draw a difference between what Australia has meted out to Huawei and the impact that the law will have on Australia. Others, like Andrew Hastie, the head of the Parliamentary Joint Committee on Intelligence and Security, have run a similar argument based on the reasoning that Australia is a democracy and China is a dictatorship.

But this reasoning is fallacious as pointed out by Francis Galbally, the chairman of encryption technology firm Senetas, a company which exports a sizeable portion of the $3.2-billion-odd Australian tech exports each year. During a hearing of the PJCIS, he responded to Hastie, saying: "With respect, Chair, you say there's no equivalent, and I agree, it's not equivalent, but I can tell you other countries take a different view. At the moment, as we stand in the world, Australia is regarded as the most trustworthy country in the world for cyber security products, bar none.

"There are countries in the world that don't trust the US. There are countries in the world that don't trust Israel. There are countries that don't trust Singapore. There are countries in the world that don't trust other countries for all sorts of reasons. Australia stands up as the most trustworthy.

"That's why we've been able to sell our products into more than 40 countries around the world. That's why even eastern European countries use our products for their secret service protection; we're trusted. This bill gives a perception of mistrust, and whatever you say, whether it's really going to apply to us or not or whether there's a democracy or not, it gives a perception of mistrust."

Trust. Perhaps Burgess should spend some time trying to understand that concept.


With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Guest Opinion


Sponsored News