Ian Macdonald (Queensland, Liberal Party) Share this | Hansard source

I was about to say that the Greens always have the luxury of being able to say, do, oppose and suggest whatever they like, knowing that they will never be in a position to have to take responsibility for the safety of Australians. The government and indeed, at some stage, the opposition—not in the immediate future, but at some stage, I guess, in the future they will be in government—have the challenge, the responsibility and the duty to do everything that is possible to keep safe ourselves, our family members and our neighbours.

These bills, while some say they are draconian, are—I believe and I think most Australians would accept—put in place purely to make it easier for the agencies that protect us to actually do their job and protect us. The government supports the use of strong encryption to protect personal, commercial and government information. However, the increasing use of encryption to conceal communications has significantly degraded law enforcement and intelligence agencies' ability to collect intelligence, conduct investigations and detect intrusions into Australia's networks. Encryption actually impacts on at least nine out of every 10 of ASIO's priority cases. Ninety-five of ASIO's most dangerous counterterrorism targets actively use encrypted messages to conceal their communications. Over 90 per cent of data being lawfully intercepted by the AFP now use some form of encryption. Effectively, all communications amongst terrorists and organised crime groups are expected to be encrypted by 2020. If that happens, the agencies that protect us will have to have some ability to intercept and learn what those terrorists and organised crime groups are doing, and that means breaking their encryption.

The bill was introduced to equip our agencies with the tools that are necessary to adapt to the increasing use of encryption by terrorists and serious criminals. Claims by some industry representatives that the laws weaken online security by breaking encryption are absolutely false. Quite simply, under the legislation, a company cannot be compelled to create a decryption capability. It cannot be asked to make encryption less effective for general users, it cannot be compelled to build backdoors and it will not jeopardise the information security of general users.

In the time available to me, I want to go through some of the claims that have been made in the media and elsewhere about this bill which, quite frankly, are what some important person once called fake news. And, I confess, of course, that my information comes to me not from my own clever thought but from experienced law enforcement and security people who do understand these things, who know what needs to be done and what the legislation and this amendment will actually do.

The claim has been made that the bill would allow the government to order the makers of smartphone speakers to install persistent eavesdropping capabilities into a person's home, require a provider to monitor the health data of its customers for indications of drug use or require the development of a tool that can unlock a particular user's device, regardless of whether such a tool could be used to unlock every other user's device as well. That's the claim, but that claim is not correct. The actuality is that the bill expressly prohibits notices from doing anything for which a warrant would be required. A surveillance device in a home or monitoring a person's device would require a warrant. The bill expressly further prohibits requiring the building or implementation of the systemic weakness—and that's in section 317ZG.

Another claim being falsely made is this: that it will force tech companies and telcos to insert a backdoor—a systemic vulnerability into all encrypted systems—so that the government can access everyone's private communications. That's the claim, and that claim also is not correct. The bill, to the contrary, is absolutely explicit that the notice cannot require the building or implementation of a systemic weakness. This includes the requirement of a new decryption capability or anything that would make any form of electronic protection like encryption less effective.

There is a further claim, and that claim is that, unlike surveillance laws around the world, this bill requires no judicial oversight. That's the claim. That claim is also not correct. In Australia, judicial authorisation is typically reserved for intrusive powers that access personal information and data. Access to that type of data is prohibited by the bill. To conduct telecommunications intercept or surveillance, the law enforcement agency will still require a judicially authorised warrant. Overseas legislation that has similar provisions directed at securing industry assistance does not always have judicial oversight. The primary exception is the Investigatory Powers Act of the UK parliament which was passed in 2016. The double-lock regime in the UK requires judicial and ministerial authorisation for certain powers. However, no direct comparison can be made between the size and scope of the Investigatory Powers Bill of the UK and this bill. Unlike the English bill, this bill does not provide for bulk interception, bulk equipment interference, disclosure of communications data and the retention of personal data sets, including internet collection records. As a result, the double-lock regime is not appropriate for this bill, as the English bill is more expansive and has a more significant impact on providers. Further, the double-lock feature is a product of the oversight mechanism applying to other intelligence collection powers.

I'm going through these claims in some detail because I think it's important that anyone who has a serious interest in this bill understands that some of the claims that have been made popularly are not, in fact, true. There is a claim that ASIO, ASIS, the Australian Signals Directorate, the Federal Police, state police forces and bureaucrats in the Department of Home Affairs, acting in secret and without the oversights of the courts, would be able to force companies to compromise their products to gain access to any data they want, including access to the data of other governments. That's the claim. The reality is this: the compulsory industry assistance powers will only be available to ASIO and interception agencies, as they are defined in the bill. These are the same agencies which have powers to intercept live communications under a warrant issued by a judge or members of the Administrative Appeals Tribunal. ASIS and the Australian Signals Directorate can only request voluntary assistance. It's important to understand that.

In addition, in relation to that claim, with the prohibition of systemic weakness the bill includes the following strong safeguards: the requirement for the decision-maker to consider the reasonableness, proportionality, practicality and technical feasibility of a notice, including the interests of the provider and the integrity of the devices and services. Some other of these safeguards include requiring the decision-maker to consider any advice received from a provider about the requirement in a notice. This is an opportunity for the provider to detail how a notice may create a systemic vulnerability or weakness. And there's a further safeguard in the ability of the government and the provider to appoint a person with technical expertise to assess whether the requirements of the technical capability notice would actually create a systemic weakness. Judicial review is available for the use of the industry assistance powers.

There are a number of other claims that have been made which have engendered the sort of concern that the previous speaker raised. Most of them are simply not accurate. I'm not going to have time to go through the whole list of the claims that have been made and discount them by giving a factual rejection of those claims.

I conclude my contribution to this bill, and again thank the Labor Party and members of the crossbench for supporting this bill—and supporting it prior to Christmas in some haste—because our first duty, which the previous speaker spoke a bit about, as a government and as a parliament is to do the best we can to keep our fellow citizens safe. We have wonderful agencies—the AFP, ASIO, ASIS, the relevant agencies of the Department of Home Affairs—who I think do a wonderful job. I've had the privilege of chairing the Senate Legal and Constitutional Affairs Legislation Committee for some years now, and all of those agencies appear before our committee at estimates time. Very often they are subject to very intensive grilling, very intensive questioning, by senators about a range of matters, including the powers that they have and the actions that they take and are compelled to take to protect privacy and to protect citizens' basic human rights.

But there is a time when some things have to be done because of advances in technology. As I said earlier—and I want to repeat—the terrorists and the organised criminal gangs run by no rules. They are not overseen by anyone. They don't have to account to anyone except their masters, who want the results of their criminal or terrorist activity. We have to give our agencies the tools to be able to counter the activities of terrorists and criminal agencies as they get smarter, as they make increasing use of advanced technology to pursue their evil goals, and so bills like this are essential. Very often, as I concede, we have to rely on the advice of the people whose job it is to investigate and protect us. In my long experience in this parliament, we've always been very well served, very carefully served, as Australians by our security agencies and our police agencies, and this legislation—the legislation passed before Christmas—give our agencies a fair chance at countering the advanced technological attempts of criminals and terrorists. I urge the Senate to adopt this bill.