Scott Ludlam (WA, Australian Greens) Share this | Hansard source

I will speak briefly to each of the three blocks of amendments proposed by the Greens because I have already indicated their intent and recorded the opposition of the government, courtesy of the minister, and the support of the opposition for the concept but not for the actual amendments themselves—which is curious and rather unfortunate. I will foreshadow at this stage that I will not call a division on each of the three blocks of amendments that I seek to move but record the Greens support for them. I move Greens amendment (1):

(1)    Schedule 1, page 3 (line 14), after “network”, insert “, including:

                   (i)    measures to protect the technical integrity and security of the network such as intrusion detection or responding to denial of service attacks; and

                  (ii)    automatic monitoring to ensure network traffic operates as intended and any misconfiguration, failure or user error is readily identified and rectified; and

                 (iii)    automatic or manual copying or recording of communications for purposes such as quarantining, analysing and filtering for malicious content, virus and Trojan protection; and

                 (iv)    installation of automated solutions for network maintenance and protection;

                      but does not include activities not directly related to maintaining the technical integrity or security of the network, such as:

                  (v)    screening or altering the content of communications other than to remove malicious code; and

                 (vi)    monitoring the contents of communications other than to identify threats to the network; and

                (vii)    gathering non-anonymised statistical usage information;”.

The first amendment inserts a definition of what we mean by ‘network protection activities’. It just says ‘including’ and is then followed by a list of factors. We do not intend that this definition be prescriptive but rather that it be read as guidance. It arises from the need, as I said before, identified in submissions and also during the inquiry into the bill—including a contribution from the Privacy Commissioner—for a clearer definition of what constitutes ‘network protection duties’. The whole purpose of the act is to protect the privacy of individuals who use our telecommunications systems and also to protect the integrity of the networks themselves. The act makes it an offence to intercept communications passing over the network and, obviously, it is meant to specify the circumstances in which it is lawful to intercept communications. There needs to be a balance, which the act attempts to provide, between protecting privacy and the public interest in having computer network owners and operators able to respond to security threats to the networks that they are administering.

By having such loosely defined terms in the bill, our concern is that the discretion is too broad for network operators to intercept communications and disclose them. There will be no guidance whatsoever in the event that these matters reach a court. The amendment provides such guidance. It is not all encompassing or restrictive but it includes a sense of the scope of the activities that we believe reasonably constitute network protection duties. It also provides guidance and reasonable restrictions on what can or cannot be construed as legitimate network protection duties. I commend the amendment to the Senate.