The problem with the bill is its loose language, which lends itself to a myriad interpretations, allowing every Tom, Dick and Harry to poke their fingers in and meddle with encryption. That will not make things any safer, even if it is in the hands of anti-terror agencies.
The bill needs to be junked. It will require such an enormous rewrite to ensure it does not have the reverse of the effect it is intended to have, that throwing it out with the garbage is the least difficult option.
Under the bill, companies will be initially requested to co-operate with law enforcement; if they do not, the pressure will be stepped up to force them to help.
Next, an interception agency can issue a “technical assistance notice” to make a communications provider offer assistance.
Finally, a “technical capability notice” can be issued by the attorney-general at the request of an interception agency. This will force a company to help law enforcement, by building functionality.
There are no judges involved in the picture. When one mentions attorney-general, what is the picture that comes to mind? Ah, yes, George Brandis. The man who did not know what metadata is.
Let's step through a possible scenario. Say citizen A is running an e-commerce website and the spooks discover that criminal A and child molester B frequent that site and buy stuff there. The spooks will turn up at the door of citizen A one fine day and hand him a notice, telling him he has to insert a certain script into his site, in order to collect information about the two criminals.
How citizen A does it is of no import. If he refuses, he will have to pay a massive fine. And he cannot talk about it to anyone, else he will go to jail for five years.
Or let's take the case of a big commercial outfit, for argument's sake, Google. One fine day, spooks turn up at the company's offices in Sydney and tell the top brass that they need information from the Pixel phone used by alleged terrorist A. They ask Google to take care of it.
What does the company do? You can't make one Pixel phone vulnerable; code that can exploit one phone, will be able to exploit all. And code of this nature has a funny way of becoming public without any prompting. Just ask the NSA.
Does Google go to court? After how many such requests do the company's top bosses sit down and wonder whether it is worth the trouble to do business in a small market like Australia?
For local companies that sell hardware and software outside the country — or even within — it will be a very hard problem. The moment the bill passes into law, they will get inquiry after inquiry about whether they can guarantee their products are safe and do not have any backdoors.
Their competitors will have a field day – as many US security companies did when the mainstream media in their country spread disinformation about Kaspersky Lab. In the end, all these companies are in business for the money and they have to protect their bottomline.
When some companies raised the issue of Australian companies being put in the same position as Canberra has put the Chinese telecommunications firm Huawei, the tendency of the man heading the Parliamentary Joint Committee on Intelligence and Security, Andrew Hastie, has been to point out that there is no equivalence in the character of the two governments or institutions.
But this reasoning is fallacious as pointed out by Francis Galbally, the chairman of encryption technology firm Senetas. During last Friday's hearing of the PJCIS, he responded to Hastie, saying: "With respect, Chair, you say there's no equivalent, and I agree, it's not equivalent, but I can tell you other countries take a different view. At the moment, as we stand in the world, Australia is regarded as the most trustworthy country in the world for cyber security products, bar none.
"There are countries in the world that don't trust the US. There are countries in the world that don't trust Israel. There are countries that don't trust Singapore. There are countries in the world that don't trust other countries for all sorts of reasons. Australia stands up as the most trustworthy.
"That's why we've been able to sell our products into more than 40 countries around the world. That's why even eastern European countries use our products for their secret service protection; we're trusted. This bill gives a perception of mistrust, and whatever you say, whether it's really going to apply to us or not or whether there's a democracy or not, it gives a perception of mistrust."
That's the one thing Labor needs to understand.