Jenny McAllister (NSW, Australian Labor Party, Shadow Assistant Minister for Families and Communities) Share this | Hansard source

I rise to speak on the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. This bill makes further amendments to the telecommunications access regime that passed this parliament on the final sitting day of last year. In recent years, the agencies charged with maintaining Australia's national security have publicly and privately expressed concerns about encryption technologies, and these are not abstract concerns. The agencies contend that their investigations of individuals and entities suspected of being involved in a range of serious offences have been frustrated by these technologies. As people under investigation or surveillance migrate towards the use of encrypted apps, their communications go dark and the process of obtaining a lawful warrant to gain access to those communications is frustrating. The telecommunications access regime passed by this parliament in December last year was put in place in response to clear advice from our national security agencies that widespread use of encryption in digital telecommunications was hindering intelligence and law enforcement, to the detriment of Australia's national security. Labor accepts that advice.

Indeed, Labor approached this bill as we have approached all other national security bills. Whether in government or in opposition, Labor has consistently worked to ensure that our security agencies have the powers and resources they need to keep our community safe and that our laws are adapted to meet the changing security threats we face. In pursuing that objective, our approach has been consistent. We take the advice of national security agencies seriously. We understand the context of our decisions, most specifically that in acting to protect our nation, founded on the rule of law and respecting individual liberties, we need to respond to those core values and that, to the extent that individual rights are burdened by national security measures, such burden must represent the least intrusive manner to achieve the security objective and be proportionate to the actual threat. We scrutinise evidence carefully and we never, never, politicise national security.

Labor is committed to working through the evidence of agencies, stakeholders and experts in a deliberative manner. Our bipartisan approach means exactly this. We expect the PJCIS to robustly interrogate the issues that are placed before it without seeking to obtain narrow electoral advantage, and we seek to embed in our national security architecture robust oversight. Strong and effective oversight does not undermine our national security; it enhances it. Public trust and confidence in our security and intelligence agencies are best ensured through strong and rigorous oversight and scrutiny. As with all bills, this is the approach we took to the TOLA bill last year.

It is worth briefly recapping the process that led to the bill before the chamber today. I know there are many people who've keenly followed the debate. I also know there are many people who are probably wondering why we are debating this issue again when we dealt with it only in December last year, and that is a fair question to ask. In September 2018, the government introduced the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, the TOLA bill. It was referred to the Parliamentary Joint Committee on Intelligence and Security for inquiry, and the committee started its inquiry, called for submissions and held hearings as it normally does. There was no end date specified by the government for this process, but midway through the process, in November 2018, the Minister for Home Affairs asked the committee to accelerate its inquiry into the 2018 bill in order to enable it to pass the parliament before the end of the year.

The case for urgency was forcefully prosecuted by the government in the media. At one point documents that had been provided to the committee confidentially were leaked into the public domain and appeared on the front page of a newspaper, and the government has refused to initiate any investigation into that leak. National security agencies subsequently gave public evidence to the committee that they needed the powers contained in the 2018 bill in order to respond to the heightened risk of terror over the Christmas period.

In response to that evidence, the committee finished its inquiry early. It issued a consensus report that made 17 recommendations for a range of amendments to improve these laws. The government committed to moving amendments that reflected those recommendations. On the morning of 6 December 2018, the last parliamentary sitting day of 2018, the government introduced 173 lengthy amendments to the 2018 bill. Some of those amendments did not properly reflect the text or the intent of the committee's recommendations, and that is not just Labor's view. It is the view of the Inspector-General of Intelligence and Security; it is the view of lawyers; it is the view of civil society groups; and it is the view of the Commonwealth Ombudsman.

Labor noted our dissatisfaction with the rushed process during the debate in December last year. We secured from the government a commitment that it would allow consideration of our proposed amendments to rectify these problems and oversights, and the bill before the chamber today is a product of that commitment. We do not suggest that the amendments that will be moved in the chamber by Labor today are all that are necessary to align the legislation with the recommendations of the committee nor that the recommendations of the committee are all that are necessary to address the concerns that have been raised by stakeholders.

As was the case last year, we are operating under a compressed time line. The government has left us with less than four sitting days in this chamber before the budget. This bill has just a few hours scheduled for debate today. We have been forced to prioritise. As a consequence, this bill and Labor's amendments to it are not intended to deal with all of the potential issues that have been identified in the legislation passed in December last year. We seek only to address some of the more important deficiencies in that legislation, including the definition of systemic weakness; the role of the AFP Commissioner in ensuring a national approach is taken to the exercise of some of the powers in the legislation; the oversight role of the Ombudsman; and limiting the scope of technical assistance notices and technical capability requests. I'll address these amendments in further detail later in my speech.

It is worth noting that this bill is just one of a number of separate, ongoing processes to improve the legislation passed in December last year and address the deficiencies identified by stakeholders. There are three other processes that bear mention. At the same time as this process is underway, the Parliamentary Joint Committee on Intelligence and Security is conducting another inquiry into the legislation passed last year. Although Labor accepted the evidence of the security agencies that they needed the powers over the holiday period, we insisted that the committee be allowed to resume its inquiry in order to be able to properly examine all five schedules of the legislation. As part of this ongoing inquiry, the committee has received further submissions and briefings from stakeholders, and the inquiry is due to report on 3 April this year.

Labor secured a commitment that the legislation will be referred to the Independent National Security Legislation Monitor for review within 18 months. Labor is also committed to referring the measures introduced by this legislation to our parliamentary inquiry to report on the economic impacts. The telecommunications access regime has a clear national security imperative, but its consequences are not limited to the national security realm. Labor has heard and understands the message from industry that this legislation has the potential to impact the viability of the tech sector in Australia.

The evidence from industry placed before the committee raises serious concerns about the government's bill and its impact on internet security—and public trust in internet security—and consequently on the competitiveness of the Australian IT businesses subject to these laws. Throughout last year, the government sought to reassure industry that the bill prohibited an agency from forcing a provider to implement any kind of systemic weakness or systemic vulnerability into a form of electronic protection. However, many submitters to the committee contended that it was not clear what those terms actually meant. These witnesses expressed concern that, in the absence of a definition, the protective measures in the bill provided little actual protection at all. To this end, the committee made two recommendations, recommendations 9 and 10, which both relate to the meaning of the term systemic weakness. In doing so, the committee had regard to evidence from the Director-General of the Australian Signals Directorate, who stated that a systemic weakness is a weakness that might actually jeopardise the information of other people as a result of that action being taken. The committee also noted evidence from the Director-General of Security that the powers in schedule 1 of the bill will not be used to require a designated communications provider to do anything that jeopardises the security of the personal information of innocent Australians.

Labor does not consider that recommendations 9 and 10 in the committee's report have been satisfactorily realised in the government amendments to their own bill of December last year. During the committee stage, Labor will introduce amendments that seek to clarify these terms in the legislation. Labor's amendments have the support of industry and put in place safeguards to ensure that actions taken under this legislation will not create a material risk that the information of innocent persons would be compromised by an unauthorised third party.

I note the joint comments made in a public submission to the PJCIS by the Communications Alliance, the Ai Group, the Australian Information Industry Association, the Australian Mobile Telecommunications Association, the Digital Industry Group and the Information Technology Professionals Association. These organisations said in their submission:

It appears very difficult to adequately define the terms 'systemic weakness/vulnerability' and 'target technology'. As currently drafted in the Act, these definitions are difficult to understand, ambiguous and are significantly too narrow. The limitations intended to be given to systemic vulnerability/weakness through the definition of target technology do not achieve the desired objective. Specifically, it is unclear what constitutes a class of technology, (e.g. would a 'class' be all mobile handsets, or Android phones, but not iPhones, or the mobile handsets offered by one service provider but not another, or some other combination of factors?). Assuming this term has a common-sense meaning (to the extent this exists), then the application to the whole class of technology creates a far too narrow characterisation of what constitutes a systemic weakness or vulnerability.

Consequently, we recommend deleting the definitions of systemic weakness/vulnerability and target technology and, instead, to more clearly and narrowly articulate in Section 317ZG the prohibited effects of a TAN or TCN. We note the limitations contained in Section 317ZG but maintain that the definitions of these three terms are not useful and/or significantly too narrow to be acceptable.

We support the amendments to Section 317ZG as tabled by Labor on 6 December 2018.

That is the advice from industry.

I would like to briefly canvass the other amendments that Labor will seek to introduce during the committee stage. Recommendation 4 of the PJCIS report called for the Commonwealth Ombudsman to be given appropriate oversight of the administration of the industry assistance measures. Although the government's amendments sought to give effect to those recommendations, they also introduced an additional provision enabling the Minister for Home Affairs to delete information from an Ombudsman's report if that information could reasonably be expected to prejudice certain of an agency's activities. The inclusion of that new power has not been explained by the government. The Commonwealth Ombudsman wrote to the committee to express his concern that the minister's power to delete information from a report prepared by the Ombudsman is 'a power that is not available to a minister under any other legislation under which my office may issue a report and, in my view, is inconsistent with the Commonwealth Ombudsman's role as an independent and impartial office'. The Ombudsman also argued that this power is unnecessary given that his office routinely consults with agencies to identify whether a draft report contains operationally sensitive material that should be removed or amended before it is published.

Recommendation 7 of the committee calls for the Commissioner of the AFP to have a role in approving technical assistance notices initiated by state and territory authorities. The intention of this is to ensure consistency of decision-making and reporting across jurisdictions. To do this, the AFP Commissioner is required to apply the same statutory criteria and go through the same decision-making process as would apply if the AFP were the original issuing authority. That was the recommendation. The government's amendments provide that the AFP Commissioner may approve a technical notice, but the amendments did not establish the decision-making criteria for approval. Labor's amendment will make it clear that the AFP must follow the process recommended by the committee. We are also moving other amendments that would limit technical assistance requests and technical capability notices to certain specified acts and things.

As I said earlier, Labor does not believe that these amendments solve all the potential issues with the bill that have been highlighted by stakeholders. Rather, this is one of a number of processes that Labor has forced the government to go through in order to remedy some of the issues that arose as a result of the rushed time line the government imposed for consideration of the original legislation last year. These issues have been raised for years. There was no reason for the government to make a last-minute introduction of the legislation and a last-minute call for acceleration. The committee ought to have been given the time to conclude its work. The government did not provide either the intelligence and security committee or the parliament the time needed to properly consider the legislation. Labor voted for the legislation last year nonetheless because of the advice of our national security agencies. They said there was a need for these powers before the holiday period, and we acted promptly because we take seriously the task of protecting Australia and Australians.

But we also take seriously the task of making sure legislation is appropriate and adapted to the ends it is trying to undertake. That means limiting the unintended consequences to individuals and businesses. That is why we are going through this process today. We have been consulting with industry, with tech experts, with lawyers and with civil society, and also with the agencies themselves. We are doing the work necessary to improve this legislation.