Gai Brodtmann (Canberra, Australian Labor Party, Shadow Assistant Minister for Cyber Security and Defence) Share this | Link to this | Hansard source

Australia's Copyright Act originally dates right back to 1968. It was developed before man set foot on the moon, it was developed during the Vietnam War, it was developed during the Cold War, it was developed before the election of the great Gough Whitlam, it was developed before colour television, before digital, before the internet and before feminism. So, given that it's 50 years old, amendments to it to ensure that it keeps up to date with developments of the 21st century are welcome—amendments, of course, that are developed in close consultation with the stakeholders that are affected, that are inclusive and that respond to the needs of stakeholders.

This bill extends the operation of the safe-harbour scheme set out in the Copyright Act 1968 to a broader range of service providers. The existing safe-harbour scheme protects carriage service providers, in particular internet service providers such as Telstra and Optus, from the civil liability they could otherwise be exposed to for hosting or communicating material that infringes copyright. To be able to rely on a legal safe harbour created by the Copyright Act, the carriage service provider needs to demonstrate that they operate a scheme for removing copyright-infringing material if they are notified of such material by a rights holder.

The bill has broad support across many stakeholder groups and it's consistent with Labor's longstanding position on the issue, as communicated to those stakeholders when we had consultations with them. It's generally supported by rights holders and their peak groups also, because it provides a social good without undermining the commercial interests of content creators or their capacity to negotiate effectively with commercial enterprises for the distribution of their copyright materials. As mentioned, there's been extensive consultation on this bill. There's been consultation through a Senate inquiry, through a series of round tables that were conducted by the Department of Communications and the Arts, and through a range of consultation papers on the issue.

The point of what we are discussing today is the fact that we need to ensure that our legislation keeps up to date with the latest developments—that it keeps up to date with the 21st century. That's particularly the case with regard to copyright. One of my concerns—and I've expressed it many, many times in this parliament and elsewhere at conferences—is that I do not believe the government's work on critical infrastructure, particularly the cybersecurity of critical infrastructure, is keeping up to date with the latest developments. When you look at what's happening overseas, particularly in the US, with the protection and cybersecurity of critical infrastructure, it becomes incredibly stark that the government is not serious about protecting our critical infrastructure. The government really does need to lift its game when it comes to critical infrastructure and the cybersecurity of critical infrastructure in this country.

Australia has eight sectors that are deemed critical infrastructure—that is, eight sectors that are vitally important to Australia's social cohesion, its economic prosperity and its public safety. These are banking and finance, communication, energy, food and grocery, health, transport, water services, and Commonwealth government. If you compare that with what's happening overseas, we are very, very underdone in this area. In the United States, they've identified 16 sectors that are vital to their social cohesion, economic prosperity and public safety. In the United Kingdom, they've identified 13 sectors. In Canada, they've identified 10 sectors. In Singapore, they've identified 11 sectors. The sectors recognised by these nations but not currently included in the framework that governs our critical infrastructure include emergency services, information technology infrastructure, chemicals, manufacturing and, in the case of the US, electoral systems. Again, I've been pressing the government to start seriously thinking about including electoral systems in our critical infrastructure framework. We've seen what's happened overseas. We've seen what happened in the US. We've seen what happened in France. It is vitally important that we start taking this seriously not only in those eight sectors but also in expanding our sectors to include electoral systems.

We are so behind in terms of what's happening internationally on critical infrastructure, and I do believe that the government are not focusing enough attention on this, as I've said many, many times. They're not focusing enough attention on getting those sectors updated and broadened, but they also have this spaghetti junction of infrastructure supporting critical infrastructure and also cybersecurity. We've got the Australian Cyber Security Centre looking after cybersecurity, we've got Home Affairs looking after cybersecurity and we've got a Critical Infrastructure Centre looking after critical infrastructure—but, when they were pressed on whether they could include a closer examination of cybersecurity in the context of critical infrastructure and also whether they could broaden out those critical infrastructure sectors, we were told at a conference last year that they're under-resourced.

So here we are, with a government that talks a good game on cybersecurity and comes up with all these dazzling strategies. There's a lot of activity, but the outcomes are very hard to see, particularly in terms of the consolidation of the management of cybersecurity in this country. It's a complete dog's breakfast. It is all over the place, and the government have not consolidated the management of it; they've actually fractured it by having some of it being managed in Home Affairs, some of it being managed in ACSC and some of it being managed in various other parts of government. Trying to get a sense of who's actually managing what in cybersecurity in Australia in 2018 is a very challenging exercise. This government, I fear, has just allowed cybersecurity to be dictated by the personalities of its ministers: 'Okay, I want a bit of that,' 'I want a bit of that,' and, 'I want a bit of that.' That is why it's spread throughout government agencies.

That makes it very challenging when it comes to crises. We saw that with WannaCry. We saw that with NotPetya. In fact, we just celebrated—or not celebrated but went through—the anniversary of NotPetya, and the anniversary of WannaCry was about a month ago. When WannaCry hit, it was the Mother's Day weekend here. It hit the UK, and we were the next phase in terms of the time zone. And what happened here in Australia? I've taken up this point with the minister who had the responsibility for cybersecurity. In terms of communication, I woke up on Saturday morning and heard on the radio that WannaCry had hit. It had taken out the NHS in the UK. It had taken out companies throughout the world and had a significant impact on those private outfits as well as the NHS, the health system in the UK. And what happened? There was just a deafening silence from the government that Saturday when WannaCry hit. You turn on the radio. You hear about this. You think: 'Okay, what should I do? I'm a small business operating from home. What do I do to protect myself? What do I do to get a sense of what this means for me?'

And there's nothing—just a deafening silence from the government. The cyber czar at the time was doing the occasional tweet and the occasional media interview, but in terms of a consolidated communication, a consolidated message, out to the broader Australian community, no-one knew what was going to happen. We'd seen what happened on EHS. We'd seen what had happened to these big multinationals right throughout the word, and here we are in Australia, hearing all this news, wondering, again, 'If it's my small business or my company, what do I do?' and there was nothing—there was nothing from the government. As I said, the cyber czar, Alastair MacGibbon, was out there doing a bit of a tweet and a few media interviews here in Canberra, but that was about the extent of it. I've made this point repeatedly, but the government is not listening. We have got to improve the way that we communicate about cybersecurity in this country and we also need to improve the mechanisms we have in the event there's a cyber threat right throughout the nation.

At the moment, there is no crisis centre. At the moment, there is no one place to call. There is no one-stop shop for someone like a small business sitting here in Canberra, getting up, hearing that news on the Saturday morning and saying: 'What do I do? Where do I go?' There's nowhere to go. There are about five different sites you can go to. You can spend your morning trawling from one site to another. But even then the information that came out didn't really come out in terms of what people should be doing in terms of patching and backing up. It didn't come out till two days later, because everyone was off celebrating—and of course they would do that—with their mothers on Mother's Day. But this was potentially a crisis. No-one knew how this was going to play out in Australia. And the response by the government was underwhelming in the sense that there was really no response.

And so again I encourage this government, I implore this government to start taking communication about cybersecurity seriously and to consolidate the communication so that a small business sitting in Canberra, on a Saturday morning, has one location, one point of truth to go to in the event that there is a cyber crisis—one point of truth, one message that is clear on telling me what I need to do, and when I need to do it by.

With WannaCry we heard about 18 individuals and companies that were affected here in Australia, but that's just what we know about in terms of the reporting. We don't know how badly this affected Australia. Most of those were small businesses. And where did they go for information on it? They went to about 10 different sites if they knew how to navigate their way around the labyrinth that is the cybersecurity governance that this government has set up.

I go back to the critical infrastructure. I again implore the government to do something and start taking the cybersecurity of critical infrastructure seriously. As I said, we are way underdone in terms of the sectors covered in our framework, way underdone by international standards and also way underdone in terms of the cybersecurity management of that critical infrastructure. In the US each sector actually has a guiding council of experts from industry and from government. Say it's the electricity sector. They've got a guiding council of industry experts, government and peak associations who together work out the cybersecurity standards that need to be applied to the electricity sector. They work it out collectively, they come to an agreement, they look at international standards, they look at national standards and they work out what cybersecurity standards should be applied to, say, the electricity sector. We have none of that here. There's work being done on telecommunications, but that's it. We've still got those seven other sectors. As I said, we need to broaden those sectors as well if we are truly to keep up to date about what is happening internationally. There are 16 in the United States, 13 in the United Kingdom, 10 in Canada and 11 in Singapore. And the US also has it for electoral systems, which we should seriously be considering given what has happened internationally.

In terms of this copyright bill, amendments to ensure that legislation keeps up to date with the technology that is around, and keeps up to date with modern values, mores and developments, are vitally important. This is an iterative amendment. There has been consultation with a range of stakeholders, and we do need to ensure that copyright, particularly, keeps up to date with the latest technology.

But I also implore the government to ensure that its treatment of critical infrastructure keeps up to date with the latest developments. I implore the government to start taking the cybersecurity of critical infrastructure seriously: start broadening out the sectors, start implementing some sort of framework for standards in critical infrastructure and drag the critical infrastructure management of this nation into the 21st century, in keeping with the Five Eyes community and other nations in our region.

Ed Husic (Chifley, Australian Labor Party, Shadow Minister for the Digital Economy) Share this | Link to this | Hansard source

I was going to say it is a pleasure speaking on the Copyright Amendment (Service Providers) Bill 2017, but it really isn't, because what we're talking about here is doing the easy part of reform in an area that really demands a lot more. The Minister for Communications has presented something that he knows—after 10 years of debate about what we do on safe harbours within copyright—has failed. In fact, we should probably name this bill not the Copyright Amendment (Service Providers) Bill but the 'copyright amendment (Fifield night sweats) bill', because the communications minister is so fearful of undertaking reform in this space and so unable to get agreement on the need for reform, which he knows needs to happen in this area, that all he'll do is promise another review, make a commitment for something to happen down the track and just hope that, when that point down the track arrives at the present day, he's nowhere near it. He's hoping that, by kicking the can for reform down the road, we can avoid all this.

This legislation does the right stuff. It promotes, obviously, the extension of safe harbours to educational institutions, libraries, archives, key cultural institutions and those organisations assisting persons with a disability. So it's all good stuff. Most of the entities I've just mentioned take a very conservative approach to ensure that there are copyright protections and that the right thing is done for rights holders. But it doesn't really go beyond that.

What does that mean? What it means is that there are a whole stack of Australian firms in this area that are confronted by the spectre of costly litigation and have no comfort extended to them through this bill. It was promised the last time this thing was debated in this place that we'd have a review, and I spoke strongly in favour of local firms that have that legal threat hanging over them. We had the promise of another review, yet again, after all the reviews—I think there have been nearly a dozen different ones—that have occurred over 12 years. And this is the best we got.

The whole issue of current safe harbours was introduced in the Australian context in the Australia-US Free Trade Agreement in 2005. As the Minister for Urban Infrastructure and Cities—who is the Minister representing the Minister for Communications in this place—rightly outlined, the scheme in the Australia-US Free Trade Agreement was intended to provide an alternative to court proceedings for copyright owners when infringing material is hosted, cached or linked by a service provider or where a provider's network services are used to infringe copyright. Even in that space of time, there has been massive change on the ground. Again, this was about providing an alternative to court proceedings for copyright owners, and I'll come back to this point. This was at a time when we did not see the emergence of cloud based platforms that are transforming the way we work right now—and not just what in we're talking about here but in a whole range of areas. This scheme is limited to service providers in a telco sense, but it does absolutely nothing in dealing with firms that are leveraging off cloud, are providing new services and, importantly, are providing incomes for a range of people. It brings them together and creates an income for them all and they are free from some concern that they will have infringed copyright in some way.

The rights holders keep screaming. The more extreme elements of them will always scream—although I do know there are people in the rights holder space who have recognised that times have moved on and that they need to have a much more nuanced and up-to-date view about how to manage this. This is the era of digital platforms. What used to be done in an analogue way is being replaced by digital platforms on a cloud based platform itself. This is changing the game, and we need to have some sort of protection.

There are some great firms here that are doing some important work in generating new income, be it for artists, manufacturers, printers or the like. They have no sense of comfort as a result of what the government has put forward today that they'll be looked after and that they will avoid the spectre of legal action against them. The one that I think of most, particularly on this day, is Redbubble. Redbubble's CEO, Martin Hosking, announced his retirement today after being with the firm since 2006. He has done some terrific work and should be celebrated for his contribution to the Australian economy. Redbubble is a platform that allows artists an alternative mechanism for income generation where they can team up with others. You can get something printed on a range of different material or media, so you're generating income not just for the artist but also others. It could be a printer in Perth, a textiles manufacturer in Melbourne and an artist in Adelaide all working and leveraging off a platform to create an income for them.

Redbubble was recently taken to court by Sony because it was claimed that Redbubble had, through their platform and through someone manipulating some artwork, infringed Sony's copyright of Pokemon. The judge that was ruling in the case declared in favour of Sony, of Pokemon. What was the cost? The cost of nominal damages to Redbubble was one dollar. The reason was that the judge found that Redbubble had been responsible for determining the content originated by artists through its processes, protocols and arrangements with artists. In finding indirect infringement, the judge found Redbubble had complete control over how its system operated and found that Redbubble 'had in place systems to monitor the steps taken by the users of the website' and 'could immediately have taken down or removed infringing material'. So Redbubble had been taking steps. The risk mitigation provided by Redbubble had been taken into consideration by the judge, which then provided for that nominal judgement to be made.

Redbubble made a submission to the bill as it was considered by the Senate. In January this year, they said:

Safe harbours recognise the realities for Australian platforms that host user generated content and provide a fair and effective process for managing infringement on user generated content platforms … Safe harbour protection is critical for the fostering of innovation in the Australian technology sector … safe harbour would promote collaboration between all parties … in the fight against infringement; and … The limited safe harbour extension in the Bill applying only to the education sector and NFP sector will be impracticable to administer.

They made all those points. It's worth noting that over 90 per cent of Redbubble's revenue—this Australian firm—is from customers outside Australia. An Australian firm provides a digital platform and is generating income where 90 per cent of the revenue is from outside Australia. Its website attracts over 20 million visitors per month. There are 10 million artworks and designs displayed on the website from over 600,000 artists. Artists have earned over $100 million from the site, with over 10 per cent of this going to Australian artists. The income they're earning is growing at around 50 per cent a year, a phenomenal growth rate. They're saying, 'If we have mechanisms in place to make sure we deal with copyright infringement quickly, and courts have looked at our process and, after considering what are argued infringements, issued nominal judgements of just a dollar because Redbubble has set itself up in that way, why do we still have the legal spectre hanging over us, the sword hanging over us?' It is because this bill doesn't provide protection for commercial activities that provide a platform for artists to get new forms of income along with a range of other businesses in this country.

Some of the extreme rights-holders argue, 'If Redbubble can't survive here, they can shove off and go overseas.' Is the 'jobs and growth' government going to allow this to happen? Redbubble and similar great Australian firms like Envato and 99designs—whose CEO, Patrick Llewelyn, shared a push-up competition with me in Oakland, California, but that's a story for another time—all could quite easily move offshore if we don't have a legal framework that allows businesses to operate here. People will say, 'They managed one legal challenge, they're fine; they'll just have to stump up to a court.' No, they should not have to face the prospect of funding legal challenges put to them by those who just want to run their businesses into the ground. There should be a legal framework here to protect them.

For those extreme rights-holders who say basically that, if Redbubble have to shut up shop in Australia, they can rack off overseas—this is crazy. As I said before, in an era of digital platforms using the cloud to provide these services Redbubble would move overseas and still provide the same services that rights-holders get upset with, but it would mean the platform's whole stack of technology based jobs here gets snuffed out straightaway. If Redbubble moves, we lose an onshore economic opportunity all because of the extreme purity of the rights-holders that say, 'We will maintain existing arrangements; no changes, no ifs or buts'—which is just nuts. I cannot believe we're at that stage in this country.

Some of those rights-holders say that I'm anti those copyright protections and want to stop artists, authors or whoever from earning income. That's rubbish. We need to find a sensible middle ground that doesn't just protect artists' income but gives them an opportunity to grow, so that they're not just reliant on grant schemes administered by government to survive but can find new avenues for income growth. Out of $100 million, 10 per cent is generated by Australian artists, with a growth rate of 50 per cent per year. That's huge. We have to not only protect Australian artists and find new incomes for them but also, if we are serious about promoting Australian innovation, provide an area with room to move for these firms to grow.

That absolutely should be the case. No-one who says they are pro-innovation can be timid or quiet in this debate. If you're arguing that you're pro the smarts of Australian industry, that those jobs should be created here more and more and that you want digitally-skilled people to apply their skills to help firms grow, and you are timid, meek or quiet in this argument, you are anti innovation. You are anti the notion of diversifying our economic base through the emergence of new, smarter firms, because you didn't have the guts to stand up against the fevered exclamations of some extreme rights-holders in this debate and you couldn't find the middle ground.

We've got to be pro artists and pro smarts in this debate. We've got to be pro smart firms that are providing opportunities for others to create an income. But, because the communications minister did not have the wit, the wherewithal or the courage in this debate to come up with an alternative way to extend safe harbour protections for great Australian firms, that's what we're missing out on. It's unacceptable, especially from those opposite, who harp on about jobs and growth like they have no other thought in their mind or no other argument that they can express. This should be completely different.

In the time I have left, I would like to say thank you to Martin Hosking for the fact that he has followed through on his vision with his firm. He has capable people taking over from him and exceptionally talented people in that firm in Melbourne that I visited. Martin Hosking is exactly the type of person we should be patting on the back for opening up opportunities for young Australians and creative Australians here in this country. I hope that at some point when he looks back on the successes that he has been able to achieve in this space he'll be able to savour a legislative success that will enable other firms like his to grow and to thrive in this country instead of offshore.

Paul Fletcher (Bradfield, Liberal Party, Minister for Urban Infrastructure and Cities) Share this | Link to this | Hansard source

I rise to sum up debate on the Copyright Amendment (Service Providers) Bill 2017, which is another important step in reforming Australia's copyright law to better facilitate the delivery of fundamental and important digital services to Australians. I should make it clear that this bill is not about cybersecurity issues, so the contribution from the member for Canberra was rather mystifying. Nor is it particularly clear why the shadow Attorney-General said that Labor supports this legislation while the member for Chifley criticised this legislation. In effect, the member for Chifley was saying what the technology and innovation sector wants to hear and the shadow Attorney-General was telling rights holders, such as those in the music industry, what they want to hear. This is typical Labor—walking both sides of the street, divided and confused on what their policy is.

What this bill does is extend the safe harbour scheme in the Copyright Act 1968 to institutions in the educational, cultural and disability sectors. The bill provides regulatory certainty for these institutions by setting out the steps they should take to prevent copyright infringements when they provide important digital services, such as internet access, directory services, hosting social media content or caching user services. It also ensures that these institutions receive protection from liability where these services are provided on the institution's behalf by a third party, such as a cloud service provider. Schools, universities, libraries, museums, archives and organisations assisting those with a disability will have a reduced risk of liability when individuals use their networks or services in a way that infringes copyright. These institutions will therefore have greater flexibility in the way they provide vital online services and support to Australians. For instance, the bill will help nearly 9,500 primary and secondary schools and 41 universities across Australia to more confidently provide digital services to 3½ million school students and over 1.3 million higher education students. It will assist just over 1,630 public libraries to provide essential services to millions of Australians with confidence.

I welcome the cooperation of the opposition and the crossbench in facilitating passage of this non-controversial bill. After nearly 15 years of debate on safe harbour reform, this bill represents the first attempt to push beyond the polarised views of stakeholders and will deliver much-needed and beneficial reform. I would like to thank all involved. I commend the bill to the House.

Question agreed to.

Bill read a second time.