Andrew Hastie (Canning, Liberal Party) Share this | Hansard source

On behalf of the Parliamentary Joint Committee on Intelligence and Security, I present the committee's Advisory report on the Telecommunications and Other Legislation Amendment Bill 2016.

Report made a parliamentary paper in accordance with standing order 39(e).

by leave—I am pleased to present the committee's Advisory report on the Telecommunications and Other Legislation Amendment Bill 2016. The bill will amend the Telecommunications Act 1997 to manage national security risks of espionage, sabotage and foreign interference to Australia's telecommunication networks and facilities. The task of the Commonwealth government is to provide the Australian people with national and economic security, and this bill is designed to fulfil that very obligation. It will increase the security of telecommunications infrastructure that is so fundamental to the economic prosperity and social wellbeing of all Australians.

The bill introduces a security obligation whereby carriers and carriage service providers will be required to protect telecommunication networks and facilities from unauthorised interference and unauthorised access for the purposes of security. The bill will require certain telecommunications companies to notify the government of changes to telecommunications systems and services that could have a material adverse effect on their ability to meet this national security obligation.

A key objective of the bill is to formalise and strengthen the existing collaborative relationship between government and the telecommunications industry. In doing so the bill aims to provide a more transparent, consistent and enforceable set of security obligations across industry than currently exist. The committee recognises that the bill will implement recommendations made by this committee in earlier reports. In addition, the bill has been subject to extensive consultation over several years, which has addressed many concerns raised by industry stakeholders. The committee examined outstanding concerns around the operation of the proposed framework.

The committee supports the legislative framework that establishes the security of Australia's telecommunications infrastructure as a joint responsibility between government and industry. In its bipartisan report, the committee has recommended that the bill be passed by the parliament and made 12 further recommendations aimed at increasing clarity and certainty for industry, strengthening information sharing between government and industry and improving transparency and accountability. In particular, the committee considered that the 12-month implementation period for the bill will be crucial. The Attorney-General's Department must work closely with industry during this period to ensure that the administrative guidelines that support the legislation are revised and expanded to maximise certainty for industry.

In this regard, the committee has recommended greater clarity be provided with respect to the following: a company's security obligations for over-the-top services, infrastructure that is used but not necessarily owned by a company, infrastructure located in a foreign country but used to carry or store Australian customer information, cloud computing and cloud storage arrangements, and, finally, the sorts of changes to services and systems that will require notification to the government.

Similarly, the implementation period must be used to identify and implement effective mechanisms to share information—particularly threat information—with industry. Early engagement about security risks and the effective sharing of threat information with industry will help telecommunications companies make decisions that consider national security early in the planning process. Early engagement will also provide the government with increased visibility of national security risks.

The committee was concerned that existing laws do not provide the government with sufficient information about where and how data is being stored. To provide greater assurance the committee has recommended that a specific obligation be included within the notification requirement to ensure that industry notifies the communications access coordinator of any new or amended offshoring arrangements for stored data under the Telecommunications (Interception and Access) Act 1979.

Finally, with respect to ensuring transparency and accountability, the committee has recommended that certain key regulatory performance information be included in the annual report presented to parliament and that framework be reviewed after three years to ensure that it is operating effectively. I commend the report to the House.

See this speech in context