The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Bill) was introduced into Australia’s Parliament on 20 September 2018. As proposed, the Bill would significantly enhance the powers of the Australian Security Intelligence Organisation (ASIO) and other law enforcement agencies to access information held by providers of communications services and equipment.
The Department of Home Affairs proposed the Bill after a public consultation in August and September 2018. The Department received well over 300 submissions from the public in response to its draft version of the Bill.
The Bill adds a ‘new framework for industry assistance’, in the words of the Department’s Explanatory Document, to the Telecommunications Act, consisting of three key elements:
The Bill would apply to both domestic and international providers across virtually the entire supply chain of communications services and equipment.
The Department notes the Bill includes numerous limitations and safeguards. For example, the requirements of technical assistance notices and technical capability notices must be ‘reasonable, proportionate, practicable and technically feasible’; agencies will still need an underlying warrant or authorisation before issuing notices; and providers cannot be required to build or implement systemic weaknesses or vulnerabilities. The Department also notes the powers granted under the Bill are subject to significant oversight, including limiting the powers to the highest levels of government, additional reporting, and review by the courts.
The Bill is primarily a reaction to the issues encryption poses to law enforcement. The Department noted that 90% of ASIO’s priority cases and over 90% of lawfully intercepted communications involve encryption, and it expects virtually all communications among terrorists and organised crime to be encrypted by 2020.
Introduction of the Bill has caused concerns to privacy advocates. Shortly before the Bill was introduced, a group of 31 international organisations and companies wrote to the government expressing concern that the Bill would undermine encryption and threaten digital security and privacy. The group asserts the Bill includes “overly broad authorities that would undermine cybersecurity and human rights, including the right to privacy; [] fails to provide adequate oversight over these new authorities; [] creates undue secrecy for the use of these new tools; and [] includes an overly broad definition of ‘designated communications providers’.” More recently, in a sharply-worded submission to the parliamentary inquiry, Apple called the Bill “dangerously ambiguous”, saying “this is no time to weaken encryption”. Other commentators have called into question the effectiveness of the safeguards and limitations touted by the Department.
Nevertheless, the government is strongly supported by its allies in the ‘Five Eyes’ group – the governments of the United States, the United Kingdom, Canada, New Zealand, and Australia – that shares intelligence information. Early in September, that group issued a Statement of Principles on Access to Evidence and Encryption that, while professing a commitment to personal rights and privacy, asserted that “[s]hould governments continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions.”
The Bill has been referred to the Parliamentary Joint Committee on Intelligence and Security for inquiry and report.