A set of key industry players including Optus, Telstra, the Australian Mobile Telecommunications Association, the Australian Information Industry Association and Communications Alliance have voiced their concerns over the government’s proposed ‘decryption bill’.
The Assistance and Access Bill 2018 is currently under review by the Parliamentary Joint Committee on Intelligence and Security (PJCIS), after an exposure draft was released by Angus Taylor in August.
After already copping criticism from the group representing Amazon, Google and Twitter, the telecommunications sector has also voiced concerns over some of the proposed amendments, as more submissions are made public by the Department of Home Affairs.
In a joint submission, Communications Alliance, the Australian Information Industry Association (AIIA) and the Australian Mobile Telecommunications Association (AMTA) said some of the proposed changes – which give law enforcement more power in accessing encrypted information – threaten Australia’s democracy.
“It is a matter of great concern that the combination of these provisions act to enable intelligence and enforcement agencies to use their powers in ways that cannot be reconciled with the values of modern democracies and the rights to individual freedom and privacy that a democracy ought to afford,” the submission states.
The submission also calls into question the impact such changes would have on Australia’s national cyber security capabilities.
“The draft legislation bears the very real risk of severely damaging domestic and international cybersecurity and, therefore, to act contrary to its stated aims,” it says.
“It is key to understand that the Bill not only creates a schism between security and safety on the one hand and privacy rights on the other, it also – and potentially even more importantly – creates friction between security/safety for the purpose of law enforcement and crime prevention.”
It points to some of the “specified acts or things” – specifically the installation and use of special software – a communications provider may be asked to do by the government as a source of concern.
“This is alarming as installing and using software may, albeit unintentionally, actually create a systemic weakness or vulnerability.”
Optus and Telstra
While perhaps less critical than the AIIA, AMTA and Communications Alliance joint submission, two of Australia’s largest telecommunications providers also shared similar concerns.
As “designated communications providers” (DCP), Optus and Telstra each have a vested interest in the outcome of the legislation.
Optus urged the government to “find the right balance between the fundamental principles at stake in the notice.”
While mentioning the tension between “privacy principles and civil liberties”, the telco’s main concerns were around the consultation process.
“If the power of the authorised person to vary a technical assistance request is unfettered, then a service provider is faced with the risk that a variation can be made without prior consultation, leaving it with a commitment to provide assistance it may not have agreed to in the first instance and that it does not have the capability to perform,” Optus said.
Telstra also called for a stronger consultation process, saying the government must make “an assessment on what is reasonable, proportionate, practicable and technically feasible.”
It also asked the government to keep commercial interests in mind, alongside security concerns.
“A TA (technical assistance) notice or a TC (technical capability) notice may require a DCP to supply sensitive technical information, including software source code and service design documentation,” said Telstra.
“Sharing this type of commercially sensitive information could, of itself, present a security risk if it ends up in the wrong hands.
“While there are provisions in the draft Bill obliging agencies to keep information confidential (punishable by imprisonment), this will not provide a commercial remedy to a DCP if their information is compromised.”
The Parliamentary Joint Committee on Intelligence and Security is accepting submissions on the bill until 12 October.