Thursday, 6 December 2018
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018; Second Reading
I too rise to speak on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. Recent events in Melbourne have highlighted to Australians the threat that is presented by terrorists using encrypted messaging applications. As a government, we support the use of strong encryption to protect personal, commercial and government information. However, the increasing use of encryption to hide communications has significantly degraded the ability of law enforcement and intelligence agencies to collect intelligence, conduct necessary investigations and, of course, detect intrusions into Australian networks.
The statistics show that encryption impacts at least nine out of 10 of ASIO's priority cases—95 per cent of ASIO's most dangerous counterterrorism targets are actively using encrypted messages to conceal how they are communicating and what they are communicating. Over 90 per cent of data being lawfully intercepted by the Australian Federal Police now uses some form of encryption. Effectively, all communications amongst terrorists and organised crime groups are expected to be encrypted by 2020. That poses some significant and real challenges for us. We saw during the height of the operations by Daesh how they so effectively used online recruiting and how effectively they used technology to radicalise young people. Therefore, we know they have been, regrettably, at the cutting-edge of the use of technology. They will continue to look at new ways they can ply their evil trade, and new technologies are what they're looking for. We know from AFP reports that the July 2017 plans in relation to the Etihad flight used encrypted messaging as part of the preparations.
To meet these challenges, the government has introduced this legislation, so that our agencies have the necessary tools to ensure that they are able to adapt to the increasing use of encryption by terrorists and serious criminals. It is important that these laws are passed as soon as possible. As we heard from the director-general of ASIO during the PJCIS hearing, when he was asked about the operational urgency of enacting this legislation his response was unequivocal: 'Without question.'
The bill contains an expressed prohibition against weakening the security of devices or communications and will not introduce so-called back doors. Contrary to some of the assertions that have been made by commentators, this bill will not weaken encryption. Providers cannot be required to build a capability to decrypt and can only be asked to decrypt when they retain the ability to do so. All types of assistance and all capabilities developed must be reasonable, they must be proportionate, they must be practical and they must be technically feasible. And, very importantly, access to private communications and personal information remains subject to those existing requirements for a judicially authorised warrant or an authorisation. In particular, requests for metadata will continue to be governed by current requirements under legislation. Authorities should expect industry support when a company's services are used to plan or to facilitate an unlawful activity, and these reforms will place obligations on companies supplying communication services or supplying communication devices in Australia to provide reasonable assistance to law enforcement and security agencies. The bill also enhances existing search warrants and introduces new computer-access warrants to modernise search-and-seizure powers of law enforcement agencies.
Significant consultation has been undertaken in relation to this complex piece of legislation. For more than a year, this government has consulted with key industry stakeholders on the text and the intent of this bill. The bill was released for public comment in August 2018. There have been hearings held by the PJCIS on 19 October, 16 November and 26 November. The government has also worked with the committee focusing on the urgency and operational benefits of key measures, especially at the most recent hearings. We know this bill is essential, as has been stressed during the course of this debate. As Andrew Colvin stated recently in an editorial in The Australian, what this bill does, in essence, is give police a fighting chance.
In recognition of the work of the PJCIS, a supplementary explanatory memorandum has been distributed which outlines the amendments being moved by the government in relation to this bill, and they pick up a lot of the work that has been done by the committee. The amendments are substantial but they also extensively cover issues that the committee deemed were necessary to be included in this bill. For example, just to pick up a few of those, the amendments to the bill will enhance existing oversight arrangements for agencies and provide review mechanisms, provide explicit inspection powers, add to reporting requirements and also ensure that the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman are notified of the issue of variation, extension and revocation of all industry assistance measures. The amendments will define 'systemic weakness' and 'systemic vulnerability'. The amendments will enhance the protections against systemic weakness and vulnerability. Amendments will also go to enhancing the independent assessment on referral of whether requirements to build new capability create a systemic weakness and are reasonable, proportionate, practical and technically feasible.
Clearly, technology assists us in our everyday life. It is important. It's important to the way we conduct our affairs. We use technology for banking, for shopping—for a whole range of activities in our daily lives. But, of course, whilst technology does bring us wonderful advantages, it also presents challenges. We know that, as new technology is developed, so too do criminal elements and terrorists look to ways that they can exploit it and carry on their activities. Therefore, encryption is a very important part of the internet. It's a very important part of computer and data security. As I said, whilst it's vitally important to Australia's economic growth, it is also a critical feature of issues in the national security space.
The bill also ensures that our agencies can access lawfully obtained data and content. Of course, this will be facilitated by the introduction of new computer access warrants for law enforcement. It will enable them to obtain evidence directly from a device in a covert manner and it will strengthen the ability of law enforcement and security agencies to access data covertly through warrants and orders for assistance. Not only are these measures important; they are supported by strong safeguards and limitations for the privacy of Australians.
The amendments to this bill also go to other areas, and I would like to touch on those in the time I have available. The amendments will also extend the decision-making requirements and the limitation against building or implementing systemic weaknesses. They will narrow the functions for which intelligence agencies can seek voluntary assistance. They will limit the application of industry assistance measures to the investigation and prosecution of serious offences. They will make activities that may be required by notice in the schedules exhaustive and clarify that they can be used to facilitate or assist in giving effect to warrants and authorisation. They will ensure that decision-makers consider the necessity of the parameters and measures that are set out in the schedule to the act so any conduct would be the least intrusive to third parties—again going to that important point about privacy.
The amendments will impose time limits of 12 months for technical assistance notices and technical capability notices. The amendments will also provide for designated communication providers to disclose information about technical capability notices with agreement from the relevant agencies and subject to conditions. The amendments will clarify that disclosures can be made between law enforcement agencies and oversight bodies. They will clarify the appropriate civil penalties in line with similar assistance obligations under the Telecommunications Act. They will also go to other, minor technical amendments that are necessary for the efficacy of this legislation.
I think one of the things that's been raised in the chamber is: what is the urgency of this legislation? I really want to touch on that as well. The use of encrypted messaging applications by terrorists does represent a significant threat to the safety of all of us, and this creates a critical blind spot for our agencies. It is vital that they be given the appropriate tools to detect and disrupt attacks, particularly through the summer holidays. The measures in this bill are a holistic answer to the challenges posed by encryption and modern communications. Passage now will allow our agencies to address current and emerging threats by modernising the way that they seek industry assistance and allow them to work together with providers to identify new ways to address extant risks. It will address current and emerging threats by enhancing computer access and alternative collection methods that enable them to work around encryption without compromising it. It will address current and emerging threats by bolstering overt access to devices by compelling users of a relevant device to hand over passwords. As I have said, the government has worked very, very constructively with key stakeholders and with the PJCIS to respond to the concerns that have been raised during the review and make the necessary amendments.
In concluding my remarks, I think that there has been extensive industry consultation. As I've indicated, an exposure draft was released. There have been public hearings in relation to this matter. I think that the suite of amendments that has been provided and tabled by the government find that appropriate balance between the need to protect Australians at the same time as ensuring that privacy issues are protected. The bill represents, most importantly, a three-stage consultation process where there has been consultation with industry, with community organisations and with the public.
Can I pick up a point that was made earlier. We know that in relation to terrorist attacks intelligence is absolutely vital. Whilst, of course, human intelligence is paramount, nevertheless the use of technology and the benefits that it can bring to the agencies in relation to detection will no doubt ensure that potential attacks may be foiled and, at the same time, provide the agencies with the necessary tools and additional tools in their armoury. I believe that this bill now strikes the appropriate balance between maintaining the privacy of Australians and the integrity of networks and devices and ensuring that our agencies can continue to protect the Australian public.