Thursday, 6 December 2018
Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018; Second Reading
I table a revised explanatory memorandum relating to the bill and move:
That this bill be now read a second time.
I seek leave to have the second reading speech incorporated in Hansard.
The speech read as follows—
New communications technology, including encryption, is eroding the capacity of Australia's law enforcement and security agencies to investigate serious criminal conduct and protect Australians.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 contains amendments to various legislation to create a package of reforms that strengthens the ability of Australia's law enforcement and national security agencies to deal with the challenges of encryption.
Encryption underpins modern information and communication technology. It is a tool that protects personal, commercial and government information and supports confidence in a secure cyberspace. These technologies allow us to confidently do things like online banking and shopping.
However, serious criminals and terrorists are increasingly misusing and exploiting these technologies.
Terrorist organisations in Australia and overseas are using secure messaging services to obscure their identities and plans from the authorities. For example, ISIL used secure messaging services to plan the November 2015 Paris attacks.
The lack of access to encrypted communications presents an increasingly significant barrier for national security and law enforcement agencies in investigating serious crimes and national security threats.
According to ASIO, encryption has impacted intelligence operations in at least nine out of every 10 of its priority cases.
The AFP advise that encrypted communications have directly impacted around 200 operations conducted by the AFP in the last 12 months, all of which related to the investigation of serious criminality and terrorism offences carrying a penalty of 7 years imprisonment or more.
The uptake of encrypted communications platforms by organised criminal and terrorist groups has been sudden. This represents a seismic shift in the operational environment for our law enforcement and security agencies.
In June 2013, only 3 per cent of internet communications intercepted by ASIO, under warrant, were encrypted. By 1 July 2017, that figure had increased to more than 55 per cent. Most of the material of intelligence value is in the encrypted proportion.
Similarly, more than 90 per cent of data lawfully intercepted by the AFP is now encrypted in some form.
No responsible government can sit by while those who protect our community lose access to the tools they need to do their job. In the current threat environment, we cannot let this problem get worse.
This legislation will not weaken encryption or mandate 'backdoors' into encryption.
The Bill represents a package of measures which will enhance our approach. The Government has undertaken extensive industry and public consultation on the Bill and has made amendments to account for the constructive feedback we received.
Outline of Measures in the Bill
Industry assistance, including technical assistance and technical capability warrants
The supply of communications is a global industry. With major technology providers headquartered overseas, we must work with international partners to adapt to a world characterised by ubiquitous encryption.
The communications industry is in a unique position to assist in tackling the challenges we face.
Encrypted products are developed and applied by a range of private providers – both inside and outside of Australia – and in a range of forms across the communications supply chain.
National security and law enforcement agencies already work cooperatively with industry partners on these issues, to protect Australians.
The Bill seeks to enhance those existing relationships to achieve lawful and non-arbitrary access to available information in the context of serious criminal and national security threats.
It complements the existing obligations of domestic service carriers to provide reasonable assistance to law enforcement under the Telecommunications Act 1997.
The Bill facilitates a multi-level approach to industry assistance, creating a framework to support the wide range of providers that assist law enforcement and intelligence agencies voluntarily, including foreign providers.
This is reinforced and clarified by the creation of two new powers: the technical assistance notice and the technical capability notice.
Technical assistance notices are issued by an agency head or their delegate and will compel assistance that a provider is currently capable of giving.
Technical capability notices are issued by the Attorney-General and can require a company to develop and/or maintain a standing capability to effectively action agency requests.
The Government is not seeking to mandate so-called backdoors. The Bill specifically provides that companies cannot be required to create systemic weaknesses in their encrypted products, or be required to build a decryption capability.
This is also not a new vehicle to collect personal information. Surveillance and interception must be authorised by existing warrants and authorisations, which are subject to their own safeguards, including judicial oversight.
The Bill requires that any obligations within a technical assistance notice and technical capability notice are reasonable, proportionate, practicable and technically feasible. We are not in the business of asking industry to do the impossible.
The legislation provides for cost recovery for complying with new requirements and immunities from civil liability.
Alternative capabilities for law enforcement
Modern information and communications technology has provided more ways to stay connected and store information. These capabilities include a wide variety of electronic protection. Agencies need expanded capabilities to adapt and meet the needs of the evolving digital environment.
To this end, the Bill provides law enforcement agencies with additional powers for overt and covert computer access. Computer access involves the use of software to collect information directly from devices. Commonwealth, State and Territory law enforcement agencies would be able to use this power to investigate offences with a federal aspect.
The Surveillance Devices Act will include a new covert computer access power for law enforcement, like those powers currently available to ASIO. This will enable law enforcement agencies to apply for computer access warrants when investigating serious federal crimes with a maximum penalty of three years or more, including terrorism and child exploitation.
The cross-border storage of information and overseas location of service providers, makes Australia's mutual assistance framework critical in enabling Australian and foreign authorities access to information to inform investigations and obtain evidence. Under that framework, foreign authorities will be able to make a request to the Attorney-General to authorise an eligible law enforcement officer to apply for, and execute, a computer access warrant to assist in a foreign investigation or investigative proceeding.
Amendments will be made to the Crimes Act search warrant framework to ensure law enforcement officers do not have to physically be on premises in order to access a computer under a search warrant.
Amendments to the Customs Act will enable a judicial officer to issue a search warrant authorising the ABF to search a device (such as a smartphone) held on a person. Currently, devices can only be searched when found on a premises.
The Crimes Act and the Customs Act will be amended to increase the maximum penalty for a person who fails to provide assistance to law enforcement in accessing a device, which is the subject of a search warrant. These assistance orders must be issued by a judicial officer. The maximum penalty will be increased to five years. An aggravated offence will be created for serious offences like espionage, terrorism, child exploitation and pornography, with a maximum penalty of 10 years imprisonment.
The increased penalties for non-compliance with orders for access to a device reflects the value of evidentiary material on devices and the fact that persons who have undertaken criminal activity would rather accept the current low penalties than provide data that could be evidence in a more serious prosecution.
Given the increased complexity of devices and higher volumes of data stored, law enforcement agencies will now have 30 days to conduct forensic processes in regards to seized computers and data storage devices. This is an increase on the currently inadequate 14 day timeframe for police forces and 72 hour period for the Australian Border Force.
ASIO is responsible for investigating some of the gravest threats to Australia's national security, including espionage, terrorism and attacks on Australia's defence systems.
ASIO's ability to collect intelligence using traditional means, such as telecommunications interception, is declining due to encryption.
To mitigate this decline, the Bill will introduce a new framework to ensure that persons and bodies who voluntarily assist ASIO are given appropriate legal protections for this assistance. The purpose of this new framework is to give members of the public the highest degree of confidence that they may lawfully help ASIO to protect Australia's national security.
This Bill demonstrates the Government's commitment to ensuring that law enforcement and national security agencies have the tools they need to keep Australians safe. The Government has consulted extensively with industry and the public on these measures and is committed to ensuring that our legislative response to the challenges of an evolving technological landscape is reasonable, proportionate and meets national security and law enforcement needs.
Before debate commences on this bill, senators may be aware I made a submission to the PJCIS regarding this legislation, highlighting a number of previous Senate Privileges Committee inquiries about events that have occurred as well as the use of intrusive powers, and dealing with parts of this legislation. I wrote in very similar terms to the Attorney-General and Minister for Home Affairs. I have received a response from the Acting Minister for Home Affairs indicating the government's willingness to work on dealing with those issues, including intrusive powers more broadly and other legislation and updating the MOU between the AFP and the presiding officers with respect to parliamentary privilege and I table the letter from the Minister for Home Affairs.
I thank Senator Molan for his courtesy and I rise on behalf of the opposition to speak to the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. I want to start with some overarching remarks. The fundamental responsibility of any government is to ensure the safety of the nation and its people and it is the foundation upon which all other policy aspirations necessarily rest. As a party of government, it is a responsibility Labor has always upheld. We in Labor have proven, both in government and in opposition, we always place national security ahead of partisan politics.
Before I turn to the bill I want to say a little about the approach Labor has been taking to national security matters. First, we start with the premise that our security agencies and law enforcement bodies, to the extent they are involved in national security matters, must be given the powers and resources they need to keep Australians safe and our nation secure. Second, we believe national security laws that encroach on the rights and freedoms of Australians must be always necessary and proportionate to the threats faced. Third, Labor holds that, with a grant of new powers, we must ensure there are oversight and transparency mechanisms designed to ensure these powers are used for the purpose they are granted and in a manner that ensures ongoing accountability for their exercise.
These principles are often challenging to apply but we put a great deal of time and energy into rigorously analysing every national security bill presented against the principles I have outlined. We do so because we understand that, in conferral of new powers to protect the nation's security, it is vital that we do not compromise the very freedoms and way of life that we are seeking to protect. Labor has always taken the advice of our national security agencies seriously. But we also know government's ability to respond to new and evolving threats relies on the public's ongoing faith that our laws are appropriate, proportional and adapted to the circumstances that we face.
I turn now to the bill itself. The access bill was introduced in the parliament in September 2018 and was referred to the PJCIS. National security agencies gave public evidence to the committee that they needed these powers in order to respond to heightened risk of terror over the Christmas period, and those views have been repeated in media engagements and elaborated upon in classified briefings before the committee. Labor members of the committee accepted that evidence.
The committee also heard compelling evidence that, in the form the government introduced the bill, it could do more harm than good. Specifically, as originally presented, this bill could, amongst other things, pose a significant risk to Australia's national security, jeopardise security cooperation with the United States and create unnecessary risks for Australian business and, in particular, local technology exporters. Labor has been consulting with industry and civil society stakeholders, both through the committee process and outside, and we have negotiated with the government to give effect to many of the core concerns, and these are reflected in the recommendations and in many but not all of the government amendments. While there are significant outstanding issues, this compromise will deliver security and enforcement agencies the power they say they need over the Christmas period and ensure adequate oversight and safeguards to prevent unintended consequences while enabling continued scrutiny of the bill into 2019. These review processes provide an opportunity to resolve our ongoing concerns about the bill with the assistance of industry experts and civil liberties groups, while also upholding our responsibilities to keep Australians safe.
I will speak briefly to some of the improvements to the bill. Systemic weakness related concerns are addressed by amendments that seek to clarify the term 'systemic weakness' and also amendments that clarify that technical capability notices cannot be used to create a systemic weakness. Other concerns addressed through amendments include the ability of a provider to disclose details of a technical capability notice, except to the extent that doing so would compromise an investigation.
Amendments also include that authorisation of a technical capability notice requires the approval of both the Attorney-General and the Minister for Communications. In addition, a designated communications provider which has concerns about a technical capability notice will be able to request an assessment of whether or not it would indeed create a systemic weakness, whether the requirements are reasonable and proportionate, whether compliance is practically and technically feasible and whether the notice is the least intrusive measure that would still achieve the objective. Two persons, a technical expert and a non-serving judge, would be jointly appointed to conduct the assessment, and their report would have to be provided to the Inspector-General of Intelligence and Security in the case of ASIO and to the Commonwealth Ombudsman in the case of the AFP.
The issue of inadequate oversight and safeguards has been addressed through amendments which include strengthening the IGIS's oversight powers. These include: explicit notification and reporting requirements when issuing, varying, extending or revoking a notice of request; and limits on the exercise of powers, including extending the prohibition on systemic weakness to voluntary notices, ensuring that decision-makers consider necessity and intrusion on innocent third parties when they issue a notice. There will also be provision for defences for IGIS officials and clear information-sharing provisions.
Amendments also establish clear authority for the Commonwealth Ombudsman to inspect and gather information on the exercise of these powers by the AFP and state and territory interception agencies. The amendments in relation to the Commonwealth Ombudsman will include notification requirements and information-sharing provisions. These would complement the inspection activities of state and territory oversight bodies. In addition, the AFP will be required to prove any state- or territory-initiated technical assistance notices and must apply the same criteria and go through the same decision-making process as would apply if the AFP were the original issuing authority.
In response to belated government demands that consideration of this bill through the intelligence committee be accelerated, Labor have assisted in this process. We are pleased that the government has acknowledged and responded to a number of the serious concerns raised both by Labor members of the committee and by the opposition more broadly. However, as Mr Dreyfus has previously indicated, the amendments do not reflect the full recommendations of the intelligence committee. Therefore, as the shadow Attorney-General has stated, Labor will be moving some minor but important amendments in committee to make the amended bill reflect the unanimous recommendations of the Parliamentary Joint Committee on Intelligence and Security.
Senator Molan interjecting—
Senator Molan, please resume your seat. There is a new agreed speaking order. I have been provided with a new list, and Senator Steele-John has the call. Senator Wong, on a point of order?
I will be guided by the chamber, but, just as a matter of courtesy, Senator Molan had the call and he deferred to me because I stood, and I thanked him for that. In those circumstances, I wonder if Senator Steele-John would mind if, as a member of the committee, Senator Molan was able to make a contribution. Obviously, it's in the hands of the chamber.
The reason Senator Molan was called was because there was an error on the speaking list. The government never speaks first when we are debating a bill—it always goes Labor, Greens and back over to the government side of the chamber. There was an acknowledged error in the speaking list to the point where none of our speakers, even though we provided them, were on it, as I understand it. That's why Senator Molan was first.
Thank you. The legislation before the chamber tonight is one of the most dangerous and one of the least-thought-through pieces of legislation ever to come before the Australian parliament. Within its pages are listed the mechanisms by which the privacy of every Australian citizen may be violated, the security of our nation placed at risk and billions of dollars worth of industry banished overseas.
This legislation is nothing more or less than the dark fantasy of a particular public servant—a man who has been working his way to the top of Australian government for decades, a man of a dangerous right-wing disposition who has successfully created a department in his image and who now stands on the cusp of achieving a lifelong goal of empowering the Australian government with the ability to keep the general populace, who he regards as nothing more or less than helpless sheep, safe and sound. I am talking, of course, of Michael Pezzullo, the head of the Department of Home Affairs, who has, for almost 10 years now, waited for a government stupid enough to pass this legislation and an opposition weak enough to let them do it. Now, in 2018, he has found his men in Scott Morrison and Bill Shorten.
Order, Senator Steele-John! I know someone will jump up, but I'll save them the energy. When you're referring to members of either this chamber or the House, I'd encourage you to use their official titles. Thank you, Senator Steele-John.
Mr Bill Shorten and Mr Scott Morrison are the fools willing to follow along in the wake of a man who has no place in the Australian Public Service. He's a man of such dangerous ideas, of such a radical disposition, of such an absolute, ironclad belief in his own rightness, that he would force through legislation that he knows is flawed, that he knows places at risk the privacy of every Australian, that he knows will drive business out of this country and that he knows places us at risk of criminal activity, because he wants the power. He believes that he alone is the man of the moment—the man willing, the man capable, of keeping us safe. He is nothing more or less than a snake that has waited in the grass for a helpless government—
I withdraw, Mr Acting Deputy President. This administration, weak, lost and frightened, understanding more clearly than any government has in the past that it is finished, that the game is up, that there will be no rescue, has turned to the only trick in the book it has left: national security. Knowing that when the Department of Home Affairs, when Mr Pezzullo and his puppet Mr Dutton say, 'Jump,' the Labor Party say, 'How high?', this opposition, obsessed as they are with victory at any and all costs, will tonight engage in the trading away of the human rights and liberties of every single Australian. No statement that is made in this place tonight, in relation to the so-called safeguards that the Labor Party have secured, will be true. They cannot be true because they do not understand the technology they are dealing with. They have spent months sitting on a committee with their fingers in their ears. With 15,000 submissions given, with some of the most reputable technical organisations in this country coming before them and pleading—pleading!—with them to reconsider, they have done nothing but craft new rhetorical mechanisms by which they, tonight, make the excuse for bending over backwards and letting this legislation pass.
It is very interesting to me that one of the amendments which finally may make its way through is one which ensures that this legislation does not apply to us here in this place, that it cannot threaten our parliamentary privilege. So it is we, in this place, who will be protected while the Australian public is placed at risk. We will keep our jobs. We will retain the ability to organise our leadership coups via whichever encrypted application we choose, safe in the knowledge that we cannot be compromised. We, in this place, may well engage in any corrupt act we so choose, and our state counterparts may well do the same, safe in the knowledge that anticorruption commissions are exempt from an ability to utilise these powers, but state police, territory police, Border Force—they're fair game; they can use them however they like.
The lies and the stupidity that have strewn forth from this opposition in the last few days beggars belief. The contributions made by members of the Labor Party in the House of Representatives were laughable and they were sickening, because they showed, for all to see, the depths to which they will stoop to avoid any possible imputation that they might do anything other than be in lock step with the government on an issue of so-called national security.
This is a piece of legislation, dreamt up by a sinister figure who brings our public service into disrepute by virtue of his very existence within it, is being pursued by a government that brings our nation into disrepute by their very existence within this place, facilitated by an opposition whose cowardice and whose intellectual vacancy is a national embarrassment.
You will go home at the end of this day to your constituencies, and you will lie in bed and disregard all that I have said. You will brush it aside as the naive ramblings of someone who needs to spend a bit longer in this place to learn how things are done. But I warn you now: there is a whole internet out there. You are being watched. The internet remembers. The betrayal will not be forgotten. The role of this government in bending to the will of one of the most sinister figures that has ever roamed the halls of this place will not be forgotten. The human rights abuses which are sure to be perpetrated by the dark creation that is the Department of Home Affairs will not be forgotten. His role in the creation of the national disgrace that is the Border Force will not be forgotten. Justice will come to every single one of you who have today facilitated the march of this man and his agenda. Border Force will be broken open. Those who have committed their crimes will be brought to justice. The department shall be broken apart, and these decrepit laws, these insults to the Australian people, shall be repealed, and all those who this day fought against them shall be vindicated.
I would ask you to reflect upon your role. I would ask you to reflect upon who it is you serve. I suggest to you that it is the Australian people you serve, not your own self-interest. It is they who will hold you to account. It is they who will bring the ultimate electoral justice down upon you for the lies that you have utilised to pass this legislation through this place.
Our political movement, the great Australian Greens party, will be there every step of the way. We will not let you forget. We will be there with the community as each and every one of the violations which you tonight unleash are brought home to roost with you. History will record this as one of the most profound failures of leadership that the Australian Labor Party has ever perpetrated. Tonight you are shamed by your actions. You are shamed by your words. And, if you can sleep, I do wonder about the content of your souls and the nature of your brains. I thank the chamber for its time.
I rise to speak in the second reading debate on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. The one message I have is that if we want the people of Australia to benefit from the security that this bill conveys over the Christmas period, a period of normal increase in terrorist activity—a period when agencies are responsible for our security—we definitely need this bill to be passed and passed without amendment. That is the critical issue today.
I have been handed a number of amendments in the time that Senator Steele-John has been speaking. I haven't been able to go through those amendments in detail, but it is absolutely critical that this bill be passed now. If it's not passed now, it will be on the opposition's and the Greens' heads that we cannot protect Australian citizens over the Christmas period. I do thank Senator Wong for her description of the process by which we have made this bill, and it is a very important bill. It is a bill which has been asked for by the security agencies since 2014. It's a bill, as you see from Senator Steele-John's intervention, which evokes passions; it's a very complex bill. Senator Wong has given us a very good appreciation of the process and of the things that were discussed during the process within the PJCIS itself, and I thank her for that. For Senator Steele-John, I was quite disturbed by the attack on a long-serving and very successful public servant. I suggest that this man has served this country as a public servant for many years and he deserves to be thought of better and to be considered in a much better way than Senator Steele-John in his almost biblical speech has presented Mr Michael Pezzullo.
It's a very complex bill and it is condescending of Senator Steele-John to say to us we did not understand this bill as we went through it. We received many interventions, and many aspects of evidence were very complex. We went through them in great detail. We took specialist advice, and this is a good bill. I suggest to Senator Steele-John at some stage that he actually reads the bill and tries to understand it. The allegations he has made as to the consequences of this bill are fundamentally untrue.
The new communications technology, which obviously includes encryption, is eroding the capacity of Australia's law enforcement and security agencies to investigate serious criminal conduct and to protect Australians. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 contains amendments to various pieces of legislation to create a package of reforms that strengthens the ability of Australia's law enforcement and national security agencies to deal with the challenge of encryption.
Encryption underpins modern information and communications technology. It is a tool that protects personal, commercial and government information, and supports confidence in a secure cyberspace. This just proves that, despite what Senator Steele-John says, we are aware of the internet. These technologies allow us to confidently transact online and to use the internet for services such as banking and shopping. However, criminal syndicates and terrorists are increasingly misusing and, indeed, exploiting these technologies. Terrorist organisations in Australia and overseas are using secure messaging services to obscure their identities and plan safe from the authorities' view. For example, ISIL-inspired terrorists used secure messaging services to plan the November 2015 Paris attacks.
The lack of access to encrypted communications presents an increasingly significant barrier for national security and law enforcement agencies in investigating serious crimes and national security threats. According to ASIO, encryption has impacted intelligence operations in at least nine out of every 10 of its priority cases. The AFP advised that encrypted communications have directly impacted around 200 operations conducted by the AFP in the last 12 months, all of which related to the investigation of serious criminal offences carrying a penalty of seven years or more. The uptake of encrypted communication platforms by criminal and terrorist groups has been relatively sudden. It represents a seismic shift in the operational environment for our law enforcement and security agencies.
In June 2013 only three per cent of internet communications intercepted by ASIO under warrant were encrypted. By 1 July 2017 that figure had increased to more than 55 per cent. Most of the material of intelligence value is encrypted. Similarly, more than 90 per cent of data lawfully intercepted by the AFP is now encrypted in some form. No responsible government can sit by while those who protect our community lose access to the tools they need to do their job. In the current threat environment, we cannot let this problem get worse. The bill represents a package of reasonable and proportionate measures which will enhance our approach. The government has undertaken extensive industry and public consultation on the bill and has made amendments to account for the constructive feedback received.
I'd like to give an outline of certain measures in the bill. The first one is the industry assistance, including technical assistance and technical capability warrants. The supply of communications is a global industry. With major technology providers headquartered overseas, we must work with international partners to adapt to a world characterised by ubiquitous encryption. The communications industry is in a unique position to assist in tackling the challenges we face. Encrypted products are developed and operated by a range of private providers, both inside and outside Australia, and in a range of forms across the communications supply chain. National security and law enforcement agencies already work cooperatively with industry partners on these issues to protect Australians. The bill seeks to enhance those existing relationships to achieve lawful and non-arbitrary access to available information in the context of serious criminal and national security threats. It complements the existing obligations of domestic service carriers to provide reasonable assistance to law enforcement under the Telecommunications Act 1997. The bill facilitates a multilevel approach to industry assistance, creating a framework to support the wide range of providers, including foreign providers, that assist law enforcement and intelligence agencies voluntarily. This is reinforced and clarified by the creation of two new powers—the technical assistance notice and the technical capability notice. Technical assistance notices will be issued by an agency head or their delegate to compel assistance that a provider is capable of giving. Technical capability notices will be issued by the Attorney-General and will require a company to take reasonable steps to develop and maintain a capability to respond to agency requests.
This legislation will not weaken encryption or mandate backdoors into encryption. The bill specifically provides that companies cannot be required to create systemic weaknesses in their encrypted products or be required to build a decryption capability.
In conclusion, the bill demonstrates the government's commitment to ensuring that law enforcement and national security agencies have the tools they need to keep Australia safe. The government has consulted extensively with industry and the public on these measures and has made amendments to reflect the feedback that is in the legislation now before the parliament. The critical issue is that we get this bill through. I commend this bill to the Senate.
The Labor Party does support the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, subject to the passage of amendments. I speak as a member of the PJCIS, which was tasked with reviewing this bill. I wish to explain the basic proposition that was put before us, before going to some of the detail.
In recent years, and, indeed, as far back as 2014, the agencies charged with maintaining our national security have publicly and privately raised concerns about encryption. These agencies contend that their investigations of individuals and entities suspected of involvement in serious offences has been frustrated by these technologies. In particular, what they tell us is that their existing interception powers—those powers which are heavily regulated through the judicial warrant process—and their warranted access to communications are frustrated by this technology. I say this because I want to be very clear about the actual content of this bill.
I speak, really, in regard to schedule 1 of the bill. The bill has five schedules. Schedule 1 of the bill provides for a range of ways by which the national security agencies may work with technology companies to develop tools that may be used, where a warrant is present, to access a person's communications for the purposes of a criminal investigation. It is a most important point, and one that is ignored in contributions like that of Senator Steele-John's. Senator Steele-John would have you believe that this is a bill that provides unimpeded access to all communications—to mass surveillance—and that is not the case. If Senator Steele-John had read the legislation, he would understand that access to a person's communications continues to be subject to warrant. It is extremely difficult to have a serious debate about national security when people misrepresent the substance of legislation. I would urge senators to speak to the legislation before them, not to some other piece of legislation which is, in fact, not before this chamber.
This bill has been through quite an extraordinary process. The Labor Party have a long and proud tradition of seeking to place national security well above partisan politics. It's for this reason that, where possible, we seek to take a bipartisan approach to national security. We seek to do that through the processes of the PJCIS. Protecting the security of Australians is a fundamental responsibility of government. As a party of government, that is a responsibility that we take very seriously. We also understand that that will require coordinated action by parliament and the executive. It's on this basis that we offer bipartisanship. I note that over the last 20 years we've experienced a very real change in the threat environment for our country. During this time, the parliament has considered a number of bills that have increased the powers and capabilities of our security agencies. With a few limited exceptions, these bills responded to advice from the agencies about the tools that they need to keep Australians safe. When we receive advice from agencies, we take it seriously. We also take seriously the requirement to ensure that appropriate checks and balances are in place, that appropriate oversight is in place.
I make the point that, for some years now, Labor has had in the public domain a proposition to reform the way the PJCIS does its work to ensure that its powers are commensurate with the powers that have been granted to the agencies. The PJCIS's work doesn't put a brake on the process of legislation. It is, in fact, an essential part of keeping Australians safe, because our ability to respond to new threats relies on the public's faith that national security laws are appropriate, proportionate and adapted to the circumstances that we face. So, when we undertake work in the committee, it plays a very important role in allowing Australians to see that parliamentarians are examining these questions in a serious way.
It's in that context that I wish to express disappointment about the way that the government has approached this bill. These issues were first raised in 2014. Senator Brandis then went on to indicate, sometime in the middle of 2017, that the government intended to develop legislation to respond to encryption. Things went very quiet for a long time, and then in the middle of this year we understand or we received evidence that the government initiated discussions with a very small number of industry participants. Eventually—I think in August—the government initiated a public consultation process and, as has already been noted in this debate, it received many thousands of submissions. It was only in September that a bill was brought to the parliament. That bill was referred to the PJCIS, and at that time there was no indication given to that committee of a desired end point for the committee's deliberations. Indeed, it was a bill that contained five schedules and 170 pages. The indication was that the committee ought to take as much time as it needed to work through the issues.
This is a complex piece of legislation. It ought not have been rushed, and yet midway through this process, as the committee was taking evidence and scheduling hearings from a range of industry participants, security agencies and civil society groups, government ministers—not members of the committee but members of the executive—started to very publicly place pressure on the committee. Government ministers started to assert that the committee was unnecessarily delaying the process. Government ministers, in fact, at times went on to suggest that opposition members of the committee were not committed to national security. This was regrettable in the extreme because actually the committee and public faith in the committee are essential, and criticising the committee—placing pressure on the committee from the point of view of the executive—weakens public faith that the executive trusts the entities of the parliament to review and consider the legislation that they are presenting.
At a later point, documents that had been provided to the committee confidentially were leaked into the public domain and appeared on the front page of the newspaper. The government has refused to initiate any investigation into that leak. This is no way for a responsible government to behave. A responsible government respects the processes of the parliament. A responsible government, particularly in relation to national security, ought to respect the processes of a committee like the PJCIS, which has many decades of experience and a track record of considering legislation, improving it and securing its passage.
The committee has since 2014 considered something in the order of 15 pieces of legislation. In conducting our reviews we have made nearly 300 recommendations for change, and those recommendations have been in all instances accepted by the government and shaped the passage of legislation that is stronger, more robust and actually makes Australians safer. I ask the government to walk away from the tactics that were adopted over the course of the last couple of weeks. This was no way to behave. It was disrespectful, it fundamentally undermined the work of the committee and, in the long run, I believe, it will undermine the safety of Australians.
I come back to the specifics of the bill before us. The committee did hear evidence that there are a range of concerns in industry, in particular, about the operation of this bill. Those concerns went to the potential for any kind of weakening of security, even for a very narrow purpose, to have the potential to weaken the security of the internet overall and to weaken the security of the internet for other users.
At the same time, the committee heard evidence from the national security agencies that they urgently require passage of the bill to obtain the necessary powers to deal with an enhanced terrorist threat over Christmas. No responsible parliamentarian can ignore a warning of that kind. It is for that reason that Labor sought to reach an agreement with the government, an agreement which would provide the agencies with the powers they require in the period that they say they require them but which would also allow ongoing scrutiny of this bill. I'm pleased that, finally, the government engaged with us and started to contemplate amendments of these kinds. I note the engagement between Mr Porter and Mr Dreyfus in this regard.
I want to go through some of the recommendations made by the committee that are embodied in the amendments that were passed in the House of Representatives and which are likely to be contemplated here in this chamber. In the first instance, we sought to limit the scope of this bill to criminal law enforcement in relation to offences with penalties of a maximum of three years imprisonment. These powers ought not be used for trivial offences—for summary offences. They are for serious offences only, and I'm pleased that the committee's final report contains a recommendation in this regard.
The committee was also concerned to ensure that in extending the provisions in this legislation to state and territory law enforcement agencies appropriate oversight was in place for those agencies. We recommended that the state and territory law enforcement agencies do have these powers but that the Commonwealth Ombudsman have their powers extended to ensure that they are able to oversee the exercise of the industry assistance measures not only by the AFP and the Australian Criminal Intelligence Commission but also by the state and territory interception agencies.
The Inspector-General of Intelligence and Security made a range of recommendations—actually, she termed them 'suggestions' in her report and I don't wish to misrepresent her—about what she would require in terms of amendments to allow her to oversee the provisions of the bill effectively. A range of those suggestions have been incorporated and they are noted in recommendation 5 in the PJCIS report.
The committee also recommended that technical capability notices be authorised jointly by the Attorney-General and the Minister for Communications. The purpose of this recommendation is to ensure that the Minister for Communications, who, amongst other things, is responsible for economic interests associated with communications, would have a say in considering whether or not the tests necessary for a notice to be issued have been met. That's important because those tests include consideration of practicality and proportionality, and one would expect that the minister who is directly responsible for communications is in a position to provide detailed consideration and an industry perspective on these issues.
Systemic weakness was a theme of many of the submissions. The bill, as originally presented by the government, did not contain a definition of systemic weakness. Nonetheless, throughout the hearings, the intelligence agencies and the national security agencies provided evidence about their understanding of systemic weakness—how they would understand it in terms of its ordinary meaning. The Director-General of the Australian Signals Directorate gave evidence that a systemic evidence is a weakness that might actually jeopardise the information of other people as a result of that action being taken. And the Director-General of Security explained that the powers in schedule 1 would not be used to require a designated communications provider to do anything that jeopardises the security of personal information of innocent Australians. These were important assurances and explanations of how those agencies understood the ordinary meaning of systemic weakness, so, in the amendments that have been addressed to deal with this, the committee has recommended that they have regard to the ways that the agencies themselves interpret this term and its ordinary meaning.
Many of the industry submitters spoke about the importance of transparency. In particular, they spoke about the way that the industry seeks to secure overall security by being entirely transparent about shortcomings and communicating those publicly. The committee made a recommendation that would allow a provider to request the Attorney-General to approve them to disclose a technical capability that had been developed as part of the schemes laid out in the bill. The expectation is that the Attorney-General would agree to that request, except to the extent that doing so would prejudice an investigation or compromise national security. This does complement the existing provisions in the original bill that enabled a provider to publicly disclose the fact that they were issued a technical capability notice.
Of course, it's possible that a person or an organisation served with a notice may consider that, notwithstanding the fact that the notice has been issued, it generates the possibility for a systemic weakness, and the committee recognised that some mechanism needs to be put in place to allow that complaint or view to be assessed. In particular, recommendation 11 goes to this point. The committee recommended that the bill be amended to allow a designated communications provider who has been given a capability notice under section 317W(1) of the bill to request a binding assessment. The binding assessment goes across four points: whether the proposed notice would contravene section 317ZG of the bill, which goes to systemic weakness; whether the requirements imposed by the notice are reasonable and proportionate; whether compliance with the notice is practicable and technically feasible; and, importantly, whether the notice is the least intrusive measure that would be effective in achieving the objectives of the notice. Once such a request had been made by persons served with a notice, two people would be jointly appointed to conduct an assessment. One of those people would be a technical person and the other person would be a retired judge, and both of them must agree that those tests—systemic weakness, reasonable and proportionate, practical and technically feasible, and the least intrusive measure—had been met.
This has been a process beset with some challenges, but Labor stands here in support of the bill.
I seek leave to move a motion to extend the debate on this bill by 30 minutes.
That the debate on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 be extended for 30 minutes.
Question agreed to.
I rise to give a brief contribution on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. I rise to speak on issues of security in a broader context to the bill. What we are seeing in Western Australia in regard to the increasingly cosy relationship between the state's Labor government and China is deeply troubling. We have a situation where the WA government is seeking to take assets from an Australian company and give them to a foreign government, creating serious implications for Australian security. No other government in the world would give such strategic assets to a foreign power, yet it is happening in WA. In the interests of Australian security, it is very important that these matters are properly investigated.
We have instances of Western Australian MP and upper house whip Pierre Yang being forced to resign from organisations affiliated with the Chinese Communist Party and Premier Mark McGowan preparing to clear the way for China's biggest conglomerate, CITIC Limited, to undertake a major expansion, including controlling port facilities, in Cape Preston. The growing camaraderie between the WA government and Chinese enterprises seeking to take Australian property is concerning for all Australians. It's shocking that Labor's upper house whip, who controls how his party votes, has been shown to have these affiliations. I'm sure it's alarming to all Australians to learn that Mr Yang also served aboard a suspected China spy ship. Serious questions must be asked of why the WA Premier and his whip would visit Beijing to meet with the Chinese president and senior government officials. Was it for funds, for direction on how to acquire Australian assets or to firm up China's military position? It is disappointing that the WA government is favouring Chinese business interests over Australian ones.
The fact that Sino Iron is building an international-standard airstrip capable of landing commercial jumbo jets and military aircraft and now seeks control of all approaches by land to the port of Cape Preston is a national security concern. It defies belief that a Chinese state owned enterprise would be granted permission to build a major new airstrip under a cloak of secrecy when there is already an airstrip just 80 kilometres away, at Karratha, being used by BHP, Woodside and other mining companies. Together with the controversial Chinese lease of Darwin Port, Australia's vulnerability in the event of international conflict cannot be ignored. The government's role is to protect Australian people and put Australia first. The lives of people born in Australia and those who come here seeking freedom from oppression need to be protected.
National security requires determination to do what is required to thwart those who could harm our people and nation. It equally requires an acute awareness that we must not damage the rights and democratic freedoms that we should be working to protect at all times. These issues should not be twisted in an attempt to gain partisan advantage. They should be the subject of careful, sober deliberations. That isn't what we've seen from the government over the past two weeks, and it's not what we're seeing in the Senate this afternoon.
Just over two weeks ago, the Minister for Home Affairs, Peter Dutton, cynically sought to exploit a tragic knife attack by an alleged extremist and the arrest of three other terrorist suspects by trying to bully this parliament into passing this controversial encryption bill, the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, before Christmas without full scrutiny and debate. When Labor suggested that consideration of the bill by the Parliamentary Joint Committee on Intelligence and Security should not be truncated, Mr Dutton accused Labor of being weak on terrorism. Today Prime Minister Morrison hopped on board, declaring that the opposition leader, Mr Shorten, is 'a clear and present threat' to national security. This would be funny if it weren't so disgraceful.
This bill does deal with a serious problem. Encryption is undoubtedly a significant and growing problem for our intelligence and law enforcement agencies. Serious and organised criminals, and persons seeking to harm Australia's national security routinely use telecommunications services and communication technology to plan and carry out their activities. Interception under warrant of those communications as well as access to stored telecommunications information have greatly assisted our law enforcement and security agencies in their efforts to deal with these threats. It is claimed that terrorists and criminals are now effectively going dark by communicating and orchestrating their plans by encrypted messaging apps like WhatsApp, Signal, Telegram and others.
Our law enforcement and security agencies made their case that they are unable to access information, sometimes time-critical information, that was previously accessible. That said, this is not a problem that has developed overnight. The increasingly widespread use of encryption has been identified as a law enforcement and security problem for quite some time. Nor is it the case that counterterrorism, counterespionage and criminal investigations have suddenly come to a halt. The Department of Home Affairs' most recent annual report on telecommunications interception and access shows that in 2016-17, 3,717 interception warrants were issued to law enforcement agencies. During that year, information obtained under interception warrants was used in over 3,300 arrests, over 4,300 prosecutions and more than 2,700 convictions. In 2016-17, law enforcement agencies also made nearly 400 arrests, conducted over 1,000 proceedings and obtained over 440 convictions based on evidence obtained under stored communication warrants. The telecommunication intercept and access statistics relating to law enforcement do not indicate a sudden drying up of valuable information or a collapse in investigations, prosecutions and convictions. On the contrary, comparisons to the most recent figures with earlier years suggest that, notwithstanding the increasing use of encryption, telecommunication interception and access remain very valuable law enforcement tools.
Is there a crisis here? I don't doubt that encryption is a significant and growing problem for law enforcement and security agencies, but one cannot but think that, in making the case for this legislation, some of the advocates may be over-egging the pudding. It is also the case that very serious concerns have been raised by IT companies and security and privacy experts that this legislation will effectively open back doors that may systematically compromise internet security, including services used by Australians every day. The security and law enforcement agencies may differ on this, but these concerns cannot be lightly dismissed. They cannot be swept under the carpet.
One of the big disappointments of this process is the failure of government to consult more closely and more effectively with industry at a much earlier stage in the development of this legislation. An exposure draft was made available prior to the formal introduction of the bill in September, but it is clear that the truncated process was intended to give the appearance of consultation and little more than that. What the government should have done was engage with industry and get our security and law enforcement experts to sit around the table with industry and thrash out solutions that would meet perspectives and concerns of both sides.
And where are we today? The government wants to push the bill through the parliament in a single day and wants to do so after incorporating, only this morning, 50 pages of 173 amendments. While the PJCIS has done a good job in hastily producing an initial report on the legislation, it is far from clear that the government's amendments represent an adequate response to the PJCIS's recommendations. Some of the government's amendments may well improve the bill by adding various safeguards. There are now a few bells and whistles attached. The range of agencies able to seek and demand assistance to overcome encryption has narrowed, but only marginally. After all, the overwhelming bulk of telecommunication interception warrants recorded in the Department of Home Affairs annual report are issued to the major law enforcement agencies. In 2016-17, 3,175 warrants were issued to the Australian Federal Police and state police forces—that's 85 per cent of the total of the 3,717 warrants issued to law enforcement agencies, a figure that doesn't include ASIO's activities. Taking state anticorruption bodies out of the mix is marginal.
Similarly, the introduction of the role of the communications minister in addition to the Attorney-General in relation to the giving of technical capability notices appears to be a worthy measure, but it doesn't amount to much of a safeguard. When it comes to questions of national security and organised crime, I doubt that the communications minister, who is staring at me from across the chamber, would be very much a force of restraint outside the National Security Committee of Cabinet. Moreover, no ministerial sign-off is required for technical assistance notices, which are, in many respects, as far-reaching as the technical capability notices, given that they can also require companies to remove a form of digital security. Unlike capability notices, assistance notices do not require any consultation period with the communication provider and can take immediate effect. Assistance notices can be issued and subsequently varied by delegated officers within the enforcement agency, not just by the head of that agency.
Back doors aren't just an issue for encryption systems; the legislation itself has more than a few back doors. A great deal of discussion has focused on the question of decryption assistance that might introduce systemic weaknesses into communication and other systems. It is remarkable that the bill was originally introduced without any such definitions. In its report, the PJCIS notes:
The Committee notes the evidence of the Director-General of the Australian Signals Directorate that a "systemic weakness" is a weakness that "might actually jeopardise the information of other people as a result of that action being taken". The Committee also notes the evidence of the Director-General of Security, that the powers in Schedule 1 will not be used to require a designated communications provider to do anything that jeopardises the security of the personal information of innocent Australians. Having regard to those assurances, the Committee recommends that the Bill be amended to clarify the meaning of the term 'systemic weakness', and to further clarify that Technical Capability Notices (TCNs) cannot be used to create a systemic weakness.
The government's amended bill now proposes definitions of systemic weakness and systemic vulnerability:
systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.
systemic weakness means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.
That may be all well and good, but these definitions look more like a quick drafting fix knocked out by the government lawyers overnight than a serious effort to address what is very complex, technical and, indeed, mathematical issue. At the very least, a form of words closer to those employed by the Director-General of the Australian Signals Directorate would be more preferable. What does industry think of these definitions? The initial reactions are negative, but the truth is that no-one had any time to think through any of it properly. Labor's opposition amendments propose definitions that might provide somewhat stronger protection against the sort of unintended consequences at risk here.
On balance, Centre Alliance is prepared to support Labor's proposed amendments, but that doesn't make this whole process in any way acceptable. To suggest that the Senate today should rubber-stamp these very complex proposals, fraught as they are with potential unintended consequences, is plainly ridiculous and downright irresponsible. This is, indeed, the worst type of legislation on the run. The government is trying to push through complex, controversial legislation without the opportunity for serious scrutiny or examination and without the opportunity for a committee stage. At the very least, the government's amended bill should be referred back to the PJCIS for further review, including input and comment from industry. The same should be done with Labor's proposed amendments. Then we might have more confidence that the Senate is not moving to approve measures that contain serious flaws and may bring about unintended consequences harmful to both national security and personal privacy. The PJCIS will apparently continue its encryption inquiry. Clearly its work is not finished.
Meanwhile, there is no excuse for the Senate to pass legislation this week without the further scrutiny it clearly needs. There should be no short-circuiting of the parliament's duty to carefully and methodically scrutinise the executive government, especially the powers and the work of our security intelligence agencies. Unfortunately, it appears that the Labor opposition has buckled and has agreed to a flawed and inadequately considered bill. As that occurs, my sense of deja vu will be complete.
Today, as we debate the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill, we know that we have a responsibility in this place to balance the privacy and freedoms of Australian citizens with the paramount importance of providing a safe and secure nation. There have been, as we know, quite rightly, a lot of concerns raised with regard to this legislation, but Labor have listened very carefully and closely to these concerns. We have responded by going through the technical detail, and I have great confidence in my colleagues who have done this.
We've heard, for example, about issues with the technical assistance requests and the fact that these are voluntary and represent a request from the agencies for a designated communications provider to insist that law enforcement access encrypted information. This, of course, means that telecommunications companies will choose whether or not to comply with this request. In addition, there are issues with the technical assistance notices, which are mandatory and require a designated communications provider to do something that is already within their power to compel them to help law enforcement access encrypted information. There are also the technical capability notices, which are mandatory and require a designated communications power to build a capability to help law enforcement access encrypted information.
As I think about these issues in the context of national security, we've seen a number of incidents in Australia quite recently in relation to lone-wolf terrorist attacks by people who have been known to act alone and in unstable ways. To be honest, the idea that people would be working in an organised way in groups of people using telecommunications encrypted technology to organise terrorist crimes in Australia means that we must consider and respond to those concerns by really taking seriously the need to introduce laws such as these today. Our security agencies and law enforcement bodies need these powers and resources to keep our community safe and our nation secure.
I don't deny that these are extremely challenging principles to apply, but I have great confidence and I have seen the effort that a great many of my colleagues have put into taking the time and energy to analyse every national security bill that is presented to this place against these important principles. We understand that, in conferring new powers to protect our nation's security, we don't want to compromise the very freedoms and the way of life that we are seeking to uphold and protect. When we look at keeping Australians safe, we also want to balance that with upholding the rights, freedoms and privacy of our country.
The vast majority of submitters argued that the access bill in its current form did not afford robust substantive and procedural protections. That's why we've looked very carefully at amendments that should be moved in this place. These concerns have been compounded by the fact that there was a distinct lack of public consultation on this bill, and we recognise this. We have fought very hard to improve the bill and to deal with the most significant of the many concerns raised throughout the inquiry. We recognise the importance of the opposition being able to work through national security issues with the government in a bipartisan way, so that there is a clear understanding across the parliament about how national security issues should be dealt with. But, when things go too far and are not right, we on this side of the chamber take very seriously our responsibility to make sure that the issues with legislation are fixed and amended.
We have consulted with civil society, industry and stakeholders throughout the committee processes and indeed outside of that, and our shadow Attorney-General Mark Dreyfus and Senator Jenny McAllister and many others have negotiated and worked hard with the government to give effect to their core concerns. Senator Penny Wong, shadow Attorney-General Mark Dreyfus and many others in our caucus have sought to step us through the seriousness of these concerns and the importance of resolving them. We believe that the compromise we've reached with the government will deliver the security and enforcement powers that agencies say they need and will ensure adequate oversight and safeguards to prevent unintended consequences while enabling continuing scrutiny of the bill.
It is extremely important that we in this place do our very, very best to put national security issues ahead of partisan politics. I note that there is a long history of needing to do this. This is in fact the 16th substantive national security bill introduced over the last five years. Labor has a general approach to national security matters. The first principle, of course, is that our national security agencies and law enforcement bodies, to the extent that they have a responsibility to be involved in national security matters, need to be given the powers and resources that they need to keep Australia safe, to keep our nation secure. We also contend that national security laws that encroach on our rights and freedoms must be proportionate to the threats and the risks that we face. This also means that, with the granting of any new powers, oversight is extremely important. Transparency is extremely important. We need to be clear that these powers are used for the purpose for which they were intended, and for only that purpose, and do not in any other way invade the privacy and protections of Australian citizens.
Lastly, a basic principle guiding our approach should be, particularly when national security laws confer extraordinary powers, that we must treat those powers as extraordinary and not simply as the new normal. I do consider that these new powers are and could be, if they were misused, extremely invasive and extremely dangerous, but that means we need proper oversight, and I believe that the legislation before us today does indeed do that.
Systemic weakness in the legislation has been a significant issue between both the government and the Labor Party. We did express our concern that the bill could pose a risk to Australia's national security, and indeed there was evidence before the Senate committee in relation to this. But we know, as they have told us, that they're responsible for really important systems that need to be secure—things like the Royal Commission into Institutional Responses to Child Sexual Abuse, law enforcement agencies, our banks and our Defence forces. I, therefore, was very concerned when a company told the Labor Party and the committee that the definition of a systemic weakness could in fact compromise their work in that area. It was of great concern to the Labor Party that Liberal members of the committee had proposed to ignore those concerns. But we were very pleased that, after the government declared last week that they were going to stop working with Labor on these joint issues, they backed down from that very reckless course and negotiated to resolve these important issues. They are the core of the amendments that come forward in this place.
We've had concerns raised by submitters in public hearings on this bill, which apparently were not identified previously by the government, as to whether it would prejudice Australia's security cooperation with the United States. We had attention drawn to these issues in relation to compliance with the US Clarifying Lawful Overseas Use of Data Act, the CLOUD Act, which was enacted this year. The CLOUD Act of the United States is what makes it possible for Australia to enter into a bilateral agreement with them to allow agencies from Australia to request the data of non-US persons. This includes things like WhatsApp and messages which might be sent by or to a terrorist subject. This relates to Australian technology companies directly. The concern here was that that would enable Australian agencies to bypass existing requirements through the US of making requests through the Department of Justice.
To be clear about this, we have mutual assistance and treaty arrangements with the US currently. It is indeed a cumbersome system that's been in place for many years. We can make requests for telecommunications data via those mutual legal assistance treaty processes, but it does take time. I have great concern that actually what we want to see is an oversight that prevents crime; it's not just about landing a conviction after the event.
The CLOUD Act, that was passed by Congress this year, has the prospect of swifter access for Australian intelligence agencies and police forces where they would simply be able to make the request using the processes of the CLOUD Act. This means it would go directly to a service provider that is based in the US, and this is the basis of the CLOUD Act process.
If the request did not relate to a US citizen and related to a foreigner, from the point of view of the US, we could still see those issues dealt with swiftly—within a matter of days. I see this as a great advance, because currently it takes many months of effective cooperation with the US. This means that, in order to enter into an agreement with the US under the Cloud Act, we need the US Attorney-General to be able to certify with their Secretary of State that there are, in their relationships with foreign governments with whom they seek to cooperate, procedural protections for privacy and civil liberties that are robust and substantive. Frankly, I think this is critically important—that the US is sending a signal that protections for citizens and privacy for civil liberties must be robust and substantive, not just for their own citizens but for those with whom their own agencies interact. I think that is an incredibly important principle for global cooperation on these matters. As Mr Mark Dreyfus MP told the House of Representatives, the Congress has a right to object to such certifications within 90 days if these tests are not seen to be met.
The Labor Party put significant time and effort into assessing and analysing national security bills against these really important principles. We know that keeping Australians safe means we also need to uphold the rights and freedoms that we, as a democratic society, hold dear. Otherwise, why are we doing this? The reason we want to be able to protect people from terrorism is because of the society that we hold dear and the values that it contains. This is what we fight to protect day after day. We don't want to see any deranged or hate-filled terrorist attack our freedoms with violence in our nation. We don't want to be part of governments that give in to fear, because that is what panders to terrorism across the globe.
We must always hold an important trust that means the laws we pass can only be part of the solution to the national security threats we face. We know that we need inclusive societies where people can have open and communicative communities that mean people have a strong sense of trust and resilience within society. What we have seen is that when laws are misdesigned they make the problem worse, because they create in society fear of overreach by the state. So we must have a good relationship—a relationship of trust—with the community, with those we seek to protect with these laws.
Time and time again, we know, important information that stops terrorist attacks comes from the community. If the community does not have trust in the way we implement these kinds of security measures then that important information will not come forward, and we will all be the poorer and less safe for it.
I too rise to speak on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. Recent events in Melbourne have highlighted to Australians the threat that is presented by terrorists using encrypted messaging applications. As a government, we support the use of strong encryption to protect personal, commercial and government information. However, the increasing use of encryption to hide communications has significantly degraded the ability of law enforcement and intelligence agencies to collect intelligence, conduct necessary investigations and, of course, detect intrusions into Australian networks.
The statistics show that encryption impacts at least nine out of 10 of ASIO's priority cases—95 per cent of ASIO's most dangerous counterterrorism targets are actively using encrypted messages to conceal how they are communicating and what they are communicating. Over 90 per cent of data being lawfully intercepted by the Australian Federal Police now uses some form of encryption. Effectively, all communications amongst terrorists and organised crime groups are expected to be encrypted by 2020. That poses some significant and real challenges for us. We saw during the height of the operations by Daesh how they so effectively used online recruiting and how effectively they used technology to radicalise young people. Therefore, we know they have been, regrettably, at the cutting-edge of the use of technology. They will continue to look at new ways they can ply their evil trade, and new technologies are what they're looking for. We know from AFP reports that the July 2017 plans in relation to the Etihad flight used encrypted messaging as part of the preparations.
To meet these challenges, the government has introduced this legislation, so that our agencies have the necessary tools to ensure that they are able to adapt to the increasing use of encryption by terrorists and serious criminals. It is important that these laws are passed as soon as possible. As we heard from the director-general of ASIO during the PJCIS hearing, when he was asked about the operational urgency of enacting this legislation his response was unequivocal: 'Without question.'
The bill contains an expressed prohibition against weakening the security of devices or communications and will not introduce so-called back doors. Contrary to some of the assertions that have been made by commentators, this bill will not weaken encryption. Providers cannot be required to build a capability to decrypt and can only be asked to decrypt when they retain the ability to do so. All types of assistance and all capabilities developed must be reasonable, they must be proportionate, they must be practical and they must be technically feasible. And, very importantly, access to private communications and personal information remains subject to those existing requirements for a judicially authorised warrant or an authorisation. In particular, requests for metadata will continue to be governed by current requirements under legislation. Authorities should expect industry support when a company's services are used to plan or to facilitate an unlawful activity, and these reforms will place obligations on companies supplying communication services or supplying communication devices in Australia to provide reasonable assistance to law enforcement and security agencies. The bill also enhances existing search warrants and introduces new computer-access warrants to modernise search-and-seizure powers of law enforcement agencies.
Significant consultation has been undertaken in relation to this complex piece of legislation. For more than a year, this government has consulted with key industry stakeholders on the text and the intent of this bill. The bill was released for public comment in August 2018. There have been hearings held by the PJCIS on 19 October, 16 November and 26 November. The government has also worked with the committee focusing on the urgency and operational benefits of key measures, especially at the most recent hearings. We know this bill is essential, as has been stressed during the course of this debate. As Andrew Colvin stated recently in an editorial in The Australian, what this bill does, in essence, is give police a fighting chance.
In recognition of the work of the PJCIS, a supplementary explanatory memorandum has been distributed which outlines the amendments being moved by the government in relation to this bill, and they pick up a lot of the work that has been done by the committee. The amendments are substantial but they also extensively cover issues that the committee deemed were necessary to be included in this bill. For example, just to pick up a few of those, the amendments to the bill will enhance existing oversight arrangements for agencies and provide review mechanisms, provide explicit inspection powers, add to reporting requirements and also ensure that the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman are notified of the issue of variation, extension and revocation of all industry assistance measures. The amendments will define 'systemic weakness' and 'systemic vulnerability'. The amendments will enhance the protections against systemic weakness and vulnerability. Amendments will also go to enhancing the independent assessment on referral of whether requirements to build new capability create a systemic weakness and are reasonable, proportionate, practical and technically feasible.
Clearly, technology assists us in our everyday life. It is important. It's important to the way we conduct our affairs. We use technology for banking, for shopping—for a whole range of activities in our daily lives. But, of course, whilst technology does bring us wonderful advantages, it also presents challenges. We know that, as new technology is developed, so too do criminal elements and terrorists look to ways that they can exploit it and carry on their activities. Therefore, encryption is a very important part of the internet. It's a very important part of computer and data security. As I said, whilst it's vitally important to Australia's economic growth, it is also a critical feature of issues in the national security space.
The bill also ensures that our agencies can access lawfully obtained data and content. Of course, this will be facilitated by the introduction of new computer access warrants for law enforcement. It will enable them to obtain evidence directly from a device in a covert manner and it will strengthen the ability of law enforcement and security agencies to access data covertly through warrants and orders for assistance. Not only are these measures important; they are supported by strong safeguards and limitations for the privacy of Australians.
The amendments to this bill also go to other areas, and I would like to touch on those in the time I have available. The amendments will also extend the decision-making requirements and the limitation against building or implementing systemic weaknesses. They will narrow the functions for which intelligence agencies can seek voluntary assistance. They will limit the application of industry assistance measures to the investigation and prosecution of serious offences. They will make activities that may be required by notice in the schedules exhaustive and clarify that they can be used to facilitate or assist in giving effect to warrants and authorisation. They will ensure that decision-makers consider the necessity of the parameters and measures that are set out in the schedule to the act so any conduct would be the least intrusive to third parties—again going to that important point about privacy.
The amendments will impose time limits of 12 months for technical assistance notices and technical capability notices. The amendments will also provide for designated communication providers to disclose information about technical capability notices with agreement from the relevant agencies and subject to conditions. The amendments will clarify that disclosures can be made between law enforcement agencies and oversight bodies. They will clarify the appropriate civil penalties in line with similar assistance obligations under the Telecommunications Act. They will also go to other, minor technical amendments that are necessary for the efficacy of this legislation.
I think one of the things that's been raised in the chamber is: what is the urgency of this legislation? I really want to touch on that as well. The use of encrypted messaging applications by terrorists does represent a significant threat to the safety of all of us, and this creates a critical blind spot for our agencies. It is vital that they be given the appropriate tools to detect and disrupt attacks, particularly through the summer holidays. The measures in this bill are a holistic answer to the challenges posed by encryption and modern communications. Passage now will allow our agencies to address current and emerging threats by modernising the way that they seek industry assistance and allow them to work together with providers to identify new ways to address extant risks. It will address current and emerging threats by enhancing computer access and alternative collection methods that enable them to work around encryption without compromising it. It will address current and emerging threats by bolstering overt access to devices by compelling users of a relevant device to hand over passwords. As I have said, the government has worked very, very constructively with key stakeholders and with the PJCIS to respond to the concerns that have been raised during the review and make the necessary amendments.
In concluding my remarks, I think that there has been extensive industry consultation. As I've indicated, an exposure draft was released. There have been public hearings in relation to this matter. I think that the suite of amendments that has been provided and tabled by the government find that appropriate balance between the need to protect Australians at the same time as ensuring that privacy issues are protected. The bill represents, most importantly, a three-stage consultation process where there has been consultation with industry, with community organisations and with the public.
Can I pick up a point that was made earlier. We know that in relation to terrorist attacks intelligence is absolutely vital. Whilst, of course, human intelligence is paramount, nevertheless the use of technology and the benefits that it can bring to the agencies in relation to detection will no doubt ensure that potential attacks may be foiled and, at the same time, provide the agencies with the necessary tools and additional tools in their armoury. I believe that this bill now strikes the appropriate balance between maintaining the privacy of Australians and the integrity of networks and devices and ensuring that our agencies can continue to protect the Australian public.
I rise to speak on the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018. The week started well. I have to say it started surprisingly well because, for the first time in many, many years, it seemed that the ALP were finally behaving like an opposition when it came to matters of so-called national security. It was the first time that I can remember that we finally saw the Labor Party acknowledge that their job, as the opposition, was to scrutinise, criticise and amend legislation that erodes civil liberties in order to save civil liberties. We're told it is very important that this legislation exists to protect our freedoms, and yet, of course, what we see is the gradual erosion of our freedom to protect our freedoms.
While over many years there has been practically a cigarette paper of difference between the government and the Labor opposition, we did see at the start of this week the Labor Party acknowledge the fundamental problems with the legislation that was being proposed. We saw the Labor Party acknowledge that they would be opposing what many people have described as draconian national security legislation. When the Labor Party were talking about it at the start of the week, they understood that this legislation would, rather than prevent crime, open a gate to corporate and state espionage, that it would make us less safe, that it would force our software industry and talented IT entrepreneurs offshore, that it would compromise the privacy of Australians, that it would weaken the cybersecurity of Australian companies and the government and that it would hand over even more powers to an unaccountable secret intelligence network. So it was a good start to the week—a surprising one, yet a good one—because, finally, we were starting to see the Labor Party acknowledge that it was time for them to do their job.
Yet, here we are, at the end of the week, and after a couple of days of protest from the government we've now seen the Labor Party roll over so that Peter Dutton can give them a little tickle on their belly, a little scratch. That's where we are right now. Labor are too afraid to do their job and stand up and recognise that, as an opposition, we can't hand over powers continually to a government, to unaccountable intelligence agencies, that would have the effect of compromising the privacy of Australians and skewer our software industry and IT industry.
So here we are, and this is where things get interesting. The Labor Party acknowledged that it was necessary to amend the piece of legislation that we have before us. Through their response to the report of the joint standing committee on intelligence matters, the Labor Party acknowledged many of the problems with this piece of legislation. The Labor Party recommended that, with the support of the government, there should be significant changes made—that the committee should inquire into this bill in 2019 and that there should be a separate statutory review undertaken by the Independent National Security Legislation Monitor within 18 months of the legislation coming into effect. They said: 'These were very important changes. They will help resolve the ongoing concerns we had with the bill.' And now we have a set of amendments proposed by the ALP to this legislation. We thought they might oppose this legislation, which is the right thing to do, but now they've said that they will amend it.
We think they should oppose it. We think they should oppose it because, as I said, it hands over enormous power to unaccountable intelligence agencies. It opens the gate to corporate and state espionage. It erodes the privacy of all Australians. On that basis, we think they should oppose it. We know that a number of people within this space, including the digital rights and civil liberty groups who contributed to the various inquiries into this legislation and, for example, the UN, the EU, tech companies and Defence contractors—a range of people impacted by this legislation—said it should not be passed. At the start of the week, the Labor Party expressed those concerns, but at the end of the week they said, 'Well, we're going to pass this legislation with amendments.' There is another twist that I'll get to in a moment.
What we saw was the Labor Party roll over and give their support with a proposal to amend the legislation. We're about 15 minutes away from an order that says we need to vote on this bill. To the great shame of the Labor Party, they will vote for it. But the Labor Party were only going to vote for it on the basis of a number of amendments they proposed. As of a few minutes ago, we've learnt that they might not even support their own amendments to the legislation—just think about that! At the start of this week, the Labor Party stood up and said, 'We're really worried about this bill and we're not going to offer our support for it.' We've listened to the civil liberties groups, we've listened to the digital rights community, we've listened to the IT community and to the defence contractors, we've listened to the software industry, and we understand that this bill is a bridge too far. Rather than keeping us safe, what it does is open the floodgates to more corporate crime and, worse still, to the involvement of other state actors in our national security debate. What we are doing is opening the possibilities for other state actors as well as non-state actors—like other corporate players—to basically have access to information that, without changes to this legislation, remains the property of each individual in Australia, remains private property, remains the domain of those individuals who choose to share that information with whomever they choose to share it with.
The Labor Party said, based on some criticism from the government, 'We don't want to look weak on national security, so what we're going to do is reluctantly accept this but with some very significant changes.' As of five minutes ago, we've learnt that they may not even support their own amendments. It's remarkable that we are here on the last day of parliament for the year, 15 minutes before we are about to conclude the business of the parliament for 2018, and Labor's final act is to not even back their own amendments. Can you believe that you have a party that, four days ago, said it would not support the bill but now, four days later, won't even support its own amendments? It is remarkable!
The Labor Party are going to sacrifice an IT industry, an export market estimated by Austrade to be worth $3 billion, because they're such cowards. They don't want to stand up to the government and make an argument about why we need to improve the privacy of Australians rather than give it up in the name of looking strong on national security. Look at this mob—stand up to them! They are weak as the proverbial. All the Labor Party need to do is show a bit of ticker, stand up to them and, rather than selling out the IT industry and giving up the privacy of Australians, recognise that they have an opportunity to lead, not to cave in. It reminds me a bit of climate change. It reminds me a bit of the debate—
It is remarkable, Senator Patrick; indeed, you're right. We're in a parallel universe right now where the proposers of amendments, who are putting forward amendments because they acknowledge that they have huge concerns around this legislation, now look like they're not even going to back their own amendments. I understand why you'd be confused, Senator Patrick; it's a reasonable judgement to make. But the reality is: it now appears that the Labor Party will not support their own amendments. They'd rather have Peter Dutton in the back pocket of every Australian than stare down an over-the-top scare campaign from a government that's only got fear. That's all they have. All this government have is fear. They have nothing else. They've got no vision, no agenda and no plan for the country. All they have is fear and division. Yet here we have the Labor Party saying: 'You know what? We'll hand over complete and total power to Peter Dutton. He's the man that we're going to trust with our national security.'
The great tragedy is that we now have the opportunity to turf this mob out and to change the country so that we move away from this politics of fear and division, from the paralysis that has gripped Australian politics for far too long, and yet here we are with the Labor Party rolling over yet again. I've got to say that I'm disappointed. As I said, at the start of the week, I turned around to my colleagues and said, 'Finally, on an issue of so-called national security, we're going to see the opposition behave like an opposition.' Yet here we are just before parliament's about to rise, when not many people are paying attention to what's going on here, and the Labor Party are saying, 'We've got a whole range of amendments.' I point to their additional comments to the report of the committee that was scrutinising this legislation. In their additional comments, they say very, very clearly:
The work of the committee has not been assisted by the government’s approach to this debate over recent weeks. Labor members are concerned to avoid a continuation of this conduct. It jeopardises the important function the committee serves in our national security apparatus.
They said in their own additional comments, 'We're worried about where this is going.'
Labor then indicated that the government had acknowledged some of their concerns; however, they said that they believed that the government's changes didn't 'address all of the problems in this bill'. That's why the Labor Party proposed a series of amendments—to address the concerns they outlined in the additional comments to this report. And what are they doing? They're walking away from their own amendments. Why would Labor be scared of this mob? They couldn't run a raffle and here you guys are handing over carte blanche national security legislation that gives Peter Dutton veto over what Australians can and can't share with each other. It is remarkable stuff. It's utterly remarkable.
This is why you need the Greens in the Senate—because you can't trust either of the major parties. You can't trust Bill Shorten because, when it comes to actually taking a stand on an issue that matters, he rolls over and gives the government everything they want. You can't trust him. That doesn't mean, of course, that we won't work constructively with the Labor Party when they win office—because they will win office—but you need us here to hold them to account. And let me be really clear about this: we will be doing everything we can to repeal this legislation when it becomes very clear what this legislation does—when all the flaws are revealed and the damage is done—but, right now, we need to stop it.
For those people who haven't followed the debate closely, encryption protects digital infrastructure like our banking system. It protects the electricity grid. It protects mass transport systems. Our essential services in this digital economy will be opened up for exploitation by very dark forces, by state actors and non-state actors. That's why we are going to oppose this legislation. And, if the Labor Party won't move their own amendments, let's be very clear about it: we'll move the Labor Party's amendments for them. That's what we'll do and you will have to vote against your own amendments, amendments that you said were necessary. In the committee that looked specifically at this legislation the Labor Party said that these amendments were necessary. We'll oppose this legislation that threatens the privacy of citizens and that drives tech companies—who fear for their staff's legal liabilities and who will be blacklisted from global software markets—from Australia. We will oppose this unnecessary legislation that hands even more, and unaccountable, powers to our intelligence agencies.
I want to quote the words this week of witness K's lawyer, Bernard Collaery. This is another indictment on the nation. Bernard is the victim of a coordinated attack by intelligence agencies and ministerial officers who authorised the illegal bugging of East Timor's cabinet in order to secure a commercial benefit for a major donor to major parties—that is, Woodside. Let me tell you what Mr Collaery knows. He knows better than anyone else how dangerous this power is. He said:
Australian politicians, alone now among the enlightened democracies in Western Europe, the United States—
On a point of order, I'm just seeking the indulgence of Senator Di Natale to extend the time of the debate by 10 minutes so that he can finish his remarks. I have to make some remarks to assist the chamber and to assist—
Let me tell you about Mr Collaery. Mr Collaery knows better than anyone else how dangerous the granting of powers like this can be. Just think about this: Bernard Collaery was the victim of a remarkable attack by intelligence agencies. This was the illegal bugging of East Timor, our poorest neighbour. This was done so that they could get a commercial benefit. This is what he said:
Australian politicians, alone now among the enlightened democracies in Western Europe, the United States and Britain, legislate powers to intelligence agencies without reserving the slightest right to supervise operational use of such potentially intrusive powers. Labor, by omission and lack of courage, is about to give unaccountable persons we don't know further carte blanche powers over our freedoms.
'By omission and lack of courage'—that's what we're seeing right now. He went on to say:
This time around, when the inevitable excesses come to light, hopefully before an Integrity Commission, we may say that institutionally Federal Labor was complicit, not just 'unaware' as Mr Dreyfus has been explaining away his role or lack thereof in 2013.
We're handing over more of our civil liberties to unaccountable agencies and attorneys-general from both parties, who have proven themselves prepared to bug and prosecute anyone who dares expose their breaches of power. This is what governments have done! Attorneys-general from both the Liberal and Labor parties have shown that they're prepared to bug and prosecute people who expose them for what they do. Why are we doing this, especially in a week when the High Court has exposed and condemned the misuse of power that jeopardised the rule of law in Victoria?
Let's look at what has happened just in Victoria this week. It's absolutely remarkable stuff! These amendments will allow state and territory police forces to utilise the powers of this bill. But in the most egregious act of self-interest, the two parties have agreed to exclude state anticorruption bodies.
I move the second reading amendment circulated in my name:
At the end of the motion, add:
"and the Parliamentary Joint Committee on Intelligence and Security conduct a review of the operation of the amendments made by this bill and report on that review by 3 April 2019."
This has the effect of referring the amendments to be made by this bill to the Parliamentary Joint Committee on Intelligence and Security to conduct a review of the operation of the amendments made by this bill and to report on that review by 3 April 2019.
I also confirm that the government has agreed to facilitate consideration of these amendments in the New Year in government business time. Finally, I also confirm that the government supports, in principle, all amendments that are consistent with the Parliamentary Joint Committee on Intelligence and Security recommendations in relation to this bill. This will facilitate this bill becoming law without amendment, and I do support it on that basis.
Sit down, Senator Di Natale. I have a question before the chair now. I took a point of order. I did not give you the call to move a motion. I'm putting the question as moved via a second reading amendment—
Senator Di Natale interjecting—
I have taken advice from the Clerk.
Senator Di Natale interjecting—
Senator Di Natale, this goes to the same ruling I gave earlier, when the government sought to move a suspension of standing orders that was not related to a matter before the chair, and that motion was ruled out of order and then the minister, you will recall, had to move for the adjournment of the debate. On the same principle—on advice from the Clerk as well—that is the ruling I'm making.
The question is that the second reading amendment moved by Senator Cormann be agreed to.