Monday, 15 June 2015
Infrastructure and Communications Committee; Report
I am pleased to have the opportunity to make some brief comments in relation to the most recent report of the House of Representatives Standing Committee on Infrastructure and Communications, Balancing freedom and protection. As a former practitioner in this area, I think this inquiry has thrown light on some key issues that affect all of us as users of communications services. From the start, it is important to note the remit, the terms of reference, of this inquiry:
… the Committee will inquire solely into and report on government agency use of section 313—
of the Telecommunications Act 1997—
for the purpose of disrupting illegal online services.
The first point to note in relation to that is that section 313 is contained within part 14 of the Telecommunications Act, which sets out a series of national interest matters which primarily go to the obligations on carriers and carriage service providers to do everything that they can to assist law enforcement agencies in fulfilling their obligations under this act but also in general. It is important to note that part 13 of the act sets out the specific prohibitions against the use and disclosure of certain information that is otherwise protected under the Telecommunications Act. In summary, section 313 puts an obligation on carriers and service providers in connection with the operation of their networks or facilities or their supply of carriage services to do their best to prevent telecommunications networks and facilities from being used in, or in relation to, the commission of offences against the laws of the Commonwealth or of the states and territories. This provision has been in our legislation—obviously in the 1997 act but also in predecessor acts—in some form for as long as I can remember.
This inquiry primarily arose from the issue that happened in 2013 where ASIC mistakenly blocked around a quarter of a million websites due to a misunderstanding of how IP addresses work. In August 2014 ABC online reported:
The corporate regulator has revealed it accidentally blocked access to 250,000 websites because its staff misunderstood a basic feature of internet technology.
… … …
In a submission to a parliamentary inquiry—
looking into which government agencies should have the power to block access to websites, ASIC revealed the staff who ordered the blocks did not realise that suspending access to the site would affect many more hosted on the same internet protocol (IP) address.
… … …
In the process, it blacked out more than 1,000 other sites hosted at the same IP address, including a public education group called Melbourne Free University.
That is, essentially, the genesis for this inquiry. The committee has released its report, and I am pleased to go through a couple of elements of that, because it highlights what I think is the most important outcome, and that is that, while these provisions certainly have an important role to play in fulfilling national interest obligations, the need for greater transparency and accountability, including accountability of who, in a very practical sense, is fulfilling the obligation, must be addressed.
There were 21 submissions to the committee and 23 witnesses. In the inquiries, I can attest to the broad level of expertise but also interest. We had government agencies, as well as ASIC itself, and experts in law enforcement and people with technical and very specific engineering expertise who assisted in this inquiry. It is no accident that the inquiry report contains large slabs of evidence from those witnesses, experts in their field. I will just highlight a couple of items in the report, one of them being from the Australian Federal Police, looking at the use of these provisions to date. In paragraph 2.15 of the report, the AFP noted that it:
… only uses section 313 to disrupt illegal online activity where other mechanisms to prevent the activity have been or are unlikely to be successful.
You clearly see from the AFP's evidence that these provisions are not necessarily the first port of call in conducting their business. The AFP indicated that their use of section 313 was actually not extensive. Between June 2011 and August 2014, the AFP had issued 23 section 313 requests for the purposes of blocking websites used for illegal activity. The majority of these requests were made in relation to the blocking of Interpol's worst-of list in relation to online child exportation material, and I am sure no-one in this parliament would disagree that they are very important provisions to block some of the most heinous crimes that we know to exist.
In some of the committee's conclusions on the need for section 313 to continue, it noted that the protection of privacy was and remains one of the principal aims of the legislation but that what we need is targeted and proportionate use of section 313 around these issues of transparency and accountability. It was the ASIC incident in 2013 that led to questioning of the way in which these provisions are used. To summarise, transparency and accountability to disrupt illegal online services was broadly acknowledged in the evidence that was given to the committee.
The committee considered the use of block pages as being, by and large, essential. Those block pages should identify the agency which made the request, the reason for the request, an agency contact point and review procedures. The committee went on to note in paragraph 4.36:
Avoiding the inadvertent disruption of non-target websites is chiefly the outcome of technological competence and robust administration. Mistakes will be avoided through the use of robust or transparent processes.
I do note that some of the organisations which gave evidence, including Internet Australia, have said that they look forward to assisting the government in framing whole-of-government guidelines as proposed by the committee. As reported by Rebecca Merrett, Internet Australia CEO Laurie Patton said:
We look forward to assisting the government in framing the 'whole of government' guidelines…
Internet Australia welcomed the report, saying it would work with the government to fix the 'flaws' in the current legislation.
These issues of accountability and transparency really do go to the heart of the recommendations of this committee report. It is on this note that I absolutely feel the need to mention the comments made by Senator Scott Ludlam, who I do not think has comprehended the terms of reference here. In his media release of 1 June, he claims that the committee has 'signed off on a committee report that recommends a basic level of technical literacy be applied within departments' and talks about 'an unregulated site blocking regime just getting the nod from a committee that appears to have slept through much of the evidence put to it'. I do not recall seeing the senator's submission for a start. I am happy to be corrected if he put one in. But I do not recall seeing his evidence from the start. The reality is: yes, this is a complex area, but I believe from the senator's comments that he seems to be conflating issues of another bill and another inquiry of substance that will be coming up very shortly on issues of copyright. But this inquiry was looking purely at the blocking of illegal websites.
I know my colleague the member for Chifley will agree with me on this point: too often when these issues are examined we fail to take into account the most important party in this whole matter: consumers. We absolutely need to consider the rights of consumers. Of course, as the very title of this report indicates, it is about balancing. I fear that Senator Ludlam seems to have mistaken this issue of balancing consumer rights with a very legitimate exercise of powers under the Telecommunications Act. Consumers do need to be at the heart of everything from access to content to pricing for IT goods and services. That goes without saying. But to simply go in and say that this has been signed off without any consideration of the evidence is plain wrong.
It is a pleasure to follow my colleague and friend the member for Greenway on this motion. This report looks specifically at section 313 of the Telecommunications Act 1997, which gives Australian government agencies, including state government agencies, the power to get assistance from the telecommunications industry when upholding Australian laws. In this day and age, people are very mindful of the ability governments have to impact on the operation of the internet. The common-sense view is that governments should be entitled to act when they believe there are serious issues, particularly from a law enforcement perspective, that need to be dealt with very quickly. For example, with child abuse on the internet, people doing terrible things, I think the community would expect the government to act quickly.
Elements of the way section 313 operates are very important and we need to make sure that the way the legislation is used by government is continually enhanced, reviewed and, on occasion, improved. I commend the report because it recommends a better way of trying to deal with the operation of this section. It also contains a variety of different reviews. The Communications Alliance are quoted in the report as saying section 313 specifically allows providers to engage with law enforcement agencies when a matter does not fall under any of the other provisions in the act or in the Telecommunications (Interception and Access) Act and that it is also quite a useful provision when, understandably, the law has not kept up with technological development. That is a positive view expressed by members of the Communications Alliance, whom I would commend as providing a sensible, reasoned voice within the sector. However, contrary views are also picked up in the report. For example, Australian Lawyers for Human Rights argues that no government agency or officer should be permitted to disrupt online services on the basis that they are potentially in breach of Australian law. A diversity of views exists. I think the argument there is that, if there is a blind spot within the law, we should correct the blind spot within individual laws. There is probably some merit in that argument but, until such time as that is achieved, you do need to have section 313 operating in the best way possible.
One of the big motivators behind this inquiry is an incident that the member for Chifley referred to in her contribution tonight. Back in March 2013, the Australian Securities and Investments Commission used section 313 on 10 separate occasions to block websites linked exclusively to investment scams, to cold-calling frauds. Good intentions drove ASIC to act in the way that it did. I may be taking a very big leap of faith, but I think that it is a reasonable assumption that ASIC was motivated to act by good reasons. But there were massive unintended consequences. What happened was that nearly 1,000 sites were blocked as a result of ASIC's intervention back in March 2013. It was claimed that there was limited use and careful targeting. But that is simply not based on the evidence. There was inadvertent blocking of over 1,000 legitimate websites, including Melbourne Free University.
In 2013, around 26 March, and again 3 April, ASIC became aware that a serial internet fraud offender was operating fraudulent websites and requested that they be blocked. On 4 April, Melbourne Free University became aware that its website had been blocked, but they did not know by whom or why. When questioned, the ISP revealed only—this is to Melbourne Free University—that the block had been requested by a government agency. There was this massive impact on a number of different websites. A subsequent review of section 313 requests alerted ASIC to a blocked IP address hosting in excess of 250,000 websites. The blocks were removed, but obviously this has forced a great deal of focus on the way in which this section operates.
The committee report does make a number of recommendations about a whole-of-government approach being utilised to ensure that this type of thing does not happen again. It also specifically, I note, in the recommendations picks up on what happened in ASIC, where there was a belief that particular personnel operating within ASIC did not have the capability or understanding and the breadth of knowledge required to undertake this type of action, and that this inadvertently led to those 1,000 sites being blocked. The recommendations in this report indicate that that needs to be addressed so that in every agency there is a person with the technical proficiency to be able to manage this.
Now, why has my interest been activated on this? My colleague the member for Greenway made reference to the fact that other legislation in the copyright realm is coming up that will be debated shortly. That will provide full powers to site block as well. If we have one section of the law that is being activated to block sites and people have experienced massive disruption as result of it, the genuine concern would be that if this other legislation were to come to pass and become reality, enabling blocking to occur for what is believed to be access to sites that are breaching copyright, then there would be a reasonable concern as to whether or not the types of actions that we saw as a result of ASIC's intervention in March 2013 would repeat itself. I think it is a legitimate concern.
You only need to look at recent history. Back in August 2013, BBC Radio Times, with hundreds of other websites, was caught up in a massive block as a result of rights holders pursuing their rights through the courts. The rights holder, in particular the Premier League, had a battle with an unrelated copyright infringing site. The accident occurred because the sites shared the internet protocol address with FirstRowSports, which offered unauthorised streaming of football games. The internet providers had been ordered to block the IP address and, because of a simple error, BBC was blocked. When they approached the actual rights holder to get this overturned, the rights holder indicated that a court action had been enforced and that they were reluctant to actually change the position of blocking, preventing BBC from providing its service to users.
This has happened overseas; this is one of my concerns about site blocking. The power certainly exists for legitimate reasons involving law enforcement. But when it strays beyond that and the capability of certain government agencies to be able to undertake or, for example, other ISPs being required to give effect to court orders or other legal mechanisms, the question does arise, based on previous international and local experience, whether the capability exists. This is why we do need to be mindful that site blocking, if it becomes a reality, does have the potential to go haywire, and it will be interesting to see who will be left with the can and required to clean up as a result.
So coming back to this report, there are some of sensible recommendations here that I think do need to be taken into account by the government. Given Minister Turnbull made reference to the committee, I imagine that he is open to these suggestions being put forward, and it will be interesting to see if actually responds to the report. Other reports that he has had, for example, on IT pricing, he has sat on for nearly two years and done absolutely nothing about it. It will be interesting to see how quickly he actually responds to this, and if he is mindful of some of the recommendations, particularly in the context of outcome upcoming debates we will have on copyright.