Senate debates

Thursday, 14 February 2019

Bills

Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019; Second Reading

9:43 am

Photo of Jenny McAllisterJenny McAllister (NSW, Australian Labor Party, Shadow Assistant Minister for Families and Communities) Share this | | Hansard source

I rise to speak on the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. This bill makes further amendments to the telecommunications access regime that passed this parliament on the final sitting day of last year. In recent years, the agencies charged with maintaining Australia's national security have publicly and privately expressed concerns about encryption technologies, and these are not abstract concerns. The agencies contend that their investigations of individuals and entities suspected of being involved in a range of serious offences have been frustrated by these technologies. As people under investigation or surveillance migrate towards the use of encrypted apps, their communications go dark and the process of obtaining a lawful warrant to gain access to those communications is frustrating. The telecommunications access regime passed by this parliament in December last year was put in place in response to clear advice from our national security agencies that widespread use of encryption in digital telecommunications was hindering intelligence and law enforcement, to the detriment of Australia's national security. Labor accepts that advice.

Indeed, Labor approached this bill as we have approached all other national security bills. Whether in government or in opposition, Labor has consistently worked to ensure that our security agencies have the powers and resources they need to keep our community safe and that our laws are adapted to meet the changing security threats we face. In pursuing that objective, our approach has been consistent. We take the advice of national security agencies seriously. We understand the context of our decisions, most specifically that in acting to protect our nation, founded on the rule of law and respecting individual liberties, we need to respond to those core values and that, to the extent that individual rights are burdened by national security measures, such burden must represent the least intrusive manner to achieve the security objective and be proportionate to the actual threat. We scrutinise evidence carefully and we never, never, politicise national security.

Labor is committed to working through the evidence of agencies, stakeholders and experts in a deliberative manner. Our bipartisan approach means exactly this. We expect the PJCIS to robustly interrogate the issues that are placed before it without seeking to obtain narrow electoral advantage, and we seek to embed in our national security architecture robust oversight. Strong and effective oversight does not undermine our national security; it enhances it. Public trust and confidence in our security and intelligence agencies are best ensured through strong and rigorous oversight and scrutiny. As with all bills, this is the approach we took to the TOLA bill last year.

It is worth briefly recapping the process that led to the bill before the chamber today. I know there are many people who've keenly followed the debate. I also know there are many people who are probably wondering why we are debating this issue again when we dealt with it only in December last year, and that is a fair question to ask. In September 2018, the government introduced the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, the TOLA bill. It was referred to the Parliamentary Joint Committee on Intelligence and Security for inquiry, and the committee started its inquiry, called for submissions and held hearings as it normally does. There was no end date specified by the government for this process, but midway through the process, in November 2018, the Minister for Home Affairs asked the committee to accelerate its inquiry into the 2018 bill in order to enable it to pass the parliament before the end of the year.

The case for urgency was forcefully prosecuted by the government in the media. At one point documents that had been provided to the committee confidentially were leaked into the public domain and appeared on the front page of a newspaper, and the government has refused to initiate any investigation into that leak. National security agencies subsequently gave public evidence to the committee that they needed the powers contained in the 2018 bill in order to respond to the heightened risk of terror over the Christmas period.

In response to that evidence, the committee finished its inquiry early. It issued a consensus report that made 17 recommendations for a range of amendments to improve these laws. The government committed to moving amendments that reflected those recommendations. On the morning of 6 December 2018, the last parliamentary sitting day of 2018, the government introduced 173 lengthy amendments to the 2018 bill. Some of those amendments did not properly reflect the text or the intent of the committee's recommendations, and that is not just Labor's view. It is the view of the Inspector-General of Intelligence and Security; it is the view of lawyers; it is the view of civil society groups; and it is the view of the Commonwealth Ombudsman.

Labor noted our dissatisfaction with the rushed process during the debate in December last year. We secured from the government a commitment that it would allow consideration of our proposed amendments to rectify these problems and oversights, and the bill before the chamber today is a product of that commitment. We do not suggest that the amendments that will be moved in the chamber by Labor today are all that are necessary to align the legislation with the recommendations of the committee nor that the recommendations of the committee are all that are necessary to address the concerns that have been raised by stakeholders.

As was the case last year, we are operating under a compressed time line. The government has left us with less than four sitting days in this chamber before the budget. This bill has just a few hours scheduled for debate today. We have been forced to prioritise. As a consequence, this bill and Labor's amendments to it are not intended to deal with all of the potential issues that have been identified in the legislation passed in December last year. We seek only to address some of the more important deficiencies in that legislation, including the definition of systemic weakness; the role of the AFP Commissioner in ensuring a national approach is taken to the exercise of some of the powers in the legislation; the oversight role of the Ombudsman; and limiting the scope of technical assistance notices and technical capability requests. I'll address these amendments in further detail later in my speech.

It is worth noting that this bill is just one of a number of separate, ongoing processes to improve the legislation passed in December last year and address the deficiencies identified by stakeholders. There are three other processes that bear mention. At the same time as this process is underway, the Parliamentary Joint Committee on Intelligence and Security is conducting another inquiry into the legislation passed last year. Although Labor accepted the evidence of the security agencies that they needed the powers over the holiday period, we insisted that the committee be allowed to resume its inquiry in order to be able to properly examine all five schedules of the legislation. As part of this ongoing inquiry, the committee has received further submissions and briefings from stakeholders, and the inquiry is due to report on 3 April this year.

Labor secured a commitment that the legislation will be referred to the Independent National Security Legislation Monitor for review within 18 months. Labor is also committed to referring the measures introduced by this legislation to our parliamentary inquiry to report on the economic impacts. The telecommunications access regime has a clear national security imperative, but its consequences are not limited to the national security realm. Labor has heard and understands the message from industry that this legislation has the potential to impact the viability of the tech sector in Australia.

The evidence from industry placed before the committee raises serious concerns about the government's bill and its impact on internet security—and public trust in internet security—and consequently on the competitiveness of the Australian IT businesses subject to these laws. Throughout last year, the government sought to reassure industry that the bill prohibited an agency from forcing a provider to implement any kind of systemic weakness or systemic vulnerability into a form of electronic protection. However, many submitters to the committee contended that it was not clear what those terms actually meant. These witnesses expressed concern that, in the absence of a definition, the protective measures in the bill provided little actual protection at all. To this end, the committee made two recommendations, recommendations 9 and 10, which both relate to the meaning of the term systemic weakness. In doing so, the committee had regard to evidence from the Director-General of the Australian Signals Directorate, who stated that a systemic weakness is a weakness that might actually jeopardise the information of other people as a result of that action being taken. The committee also noted evidence from the Director-General of Security that the powers in schedule 1 of the bill will not be used to require a designated communications provider to do anything that jeopardises the security of the personal information of innocent Australians.

Labor does not consider that recommendations 9 and 10 in the committee's report have been satisfactorily realised in the government amendments to their own bill of December last year. During the committee stage, Labor will introduce amendments that seek to clarify these terms in the legislation. Labor's amendments have the support of industry and put in place safeguards to ensure that actions taken under this legislation will not create a material risk that the information of innocent persons would be compromised by an unauthorised third party.

I note the joint comments made in a public submission to the PJCIS by the Communications Alliance, the Ai Group, the Australian Information Industry Association, the Australian Mobile Telecommunications Association, the Digital Industry Group and the Information Technology Professionals Association. These organisations said in their submission:

It appears very difficult to adequately define the terms 'systemic weakness/vulnerability' and 'target technology'. As currently drafted in the Act, these definitions are difficult to understand, ambiguous and are significantly too narrow. The limitations intended to be given to systemic vulnerability/weakness through the definition of target technology do not achieve the desired objective. Specifically, it is unclear what constitutes a class of technology, (e.g. would a 'class' be all mobile handsets, or Android phones, but not iPhones, or the mobile handsets offered by one service provider but not another, or some other combination of factors?). Assuming this term has a common-sense meaning (to the extent this exists), then the application to the whole class of technology creates a far too narrow characterisation of what constitutes a systemic weakness or vulnerability.

Consequently, we recommend deleting the definitions of systemic weakness/vulnerability and target technology and, instead, to more clearly and narrowly articulate in Section 317ZG the prohibited effects of a TAN or TCN. We note the limitations contained in Section 317ZG but maintain that the definitions of these three terms are not useful and/or significantly too narrow to be acceptable.

We support the amendments to Section 317ZG as tabled by Labor on 6 December 2018.

That is the advice from industry.

I would like to briefly canvass the other amendments that Labor will seek to introduce during the committee stage. Recommendation 4 of the PJCIS report called for the Commonwealth Ombudsman to be given appropriate oversight of the administration of the industry assistance measures. Although the government's amendments sought to give effect to those recommendations, they also introduced an additional provision enabling the Minister for Home Affairs to delete information from an Ombudsman's report if that information could reasonably be expected to prejudice certain of an agency's activities. The inclusion of that new power has not been explained by the government. The Commonwealth Ombudsman wrote to the committee to express his concern that the minister's power to delete information from a report prepared by the Ombudsman is 'a power that is not available to a minister under any other legislation under which my office may issue a report and, in my view, is inconsistent with the Commonwealth Ombudsman's role as an independent and impartial office'. The Ombudsman also argued that this power is unnecessary given that his office routinely consults with agencies to identify whether a draft report contains operationally sensitive material that should be removed or amended before it is published.

Recommendation 7 of the committee calls for the Commissioner of the AFP to have a role in approving technical assistance notices initiated by state and territory authorities. The intention of this is to ensure consistency of decision-making and reporting across jurisdictions. To do this, the AFP Commissioner is required to apply the same statutory criteria and go through the same decision-making process as would apply if the AFP were the original issuing authority. That was the recommendation. The government's amendments provide that the AFP Commissioner may approve a technical notice, but the amendments did not establish the decision-making criteria for approval. Labor's amendment will make it clear that the AFP must follow the process recommended by the committee. We are also moving other amendments that would limit technical assistance requests and technical capability notices to certain specified acts and things.

As I said earlier, Labor does not believe that these amendments solve all the potential issues with the bill that have been highlighted by stakeholders. Rather, this is one of a number of processes that Labor has forced the government to go through in order to remedy some of the issues that arose as a result of the rushed time line the government imposed for consideration of the original legislation last year. These issues have been raised for years. There was no reason for the government to make a last-minute introduction of the legislation and a last-minute call for acceleration. The committee ought to have been given the time to conclude its work. The government did not provide either the intelligence and security committee or the parliament the time needed to properly consider the legislation. Labor voted for the legislation last year nonetheless because of the advice of our national security agencies. They said there was a need for these powers before the holiday period, and we acted promptly because we take seriously the task of protecting Australia and Australians.

But we also take seriously the task of making sure legislation is appropriate and adapted to the ends it is trying to undertake. That means limiting the unintended consequences to individuals and businesses. That is why we are going through this process today. We have been consulting with industry, with tech experts, with lawyers and with civil society, and also with the agencies themselves. We are doing the work necessary to improve this legislation.

9:58 am

Jordon Steele-John (WA, Australian Greens) Share this | | Hansard source

What are we to make of the situation which has conspired here this morning? I will put it in one word: a mess, an absolute mess. Our job as senators, our role as elected members of the house of review, is to scrutinise legislation. And yet again we see a government attempting to sneak out of that role, to avoid that scrutiny, and we see an opposition complicit in that process. Before the commencement of this part of the procedure, there was an opportunity for the opposition to vote against the government's motion to exempt the bill from proper senatorial process. They voted with the government, once again playing a facilitatory role in the carnival of malprocess which has been the formulation and legislation of this diabolical act.

I am not sure whether the opposition have taken leave of their senses. I am not sure whether they have perhaps misunderstood the nature of the chamber in which they work or the job that we are sent here to do. I will provide them with an opportunity to go back and look at the Constitution and consider what they themselves got into this job for, and vote for my motion to refer this legislation to the relevant committee for scrutiny, because, in case anybody in here hasn't noticed, you guys have got no idea what you are doing. You drafted a mongrel piece of legislation before Christmas. You rushed it through so fast that even members of the government were ashamed of what they'd done. You then had the Prime Minister go out there and terrify everybody about attacks over Christmas, and, like some kind of obscene jelly creature, the opposition melted. They were comprehensively duped. They slink in here this morning, speaking words of: 'We've held them to account. We've made sure that what the industry wanted will be represented in the legislation.' Rubbish! What the industry wanted was for you to do your damn job—oppose and scrutinise, not go weak at the knees.

This bill that has come before us this morning proposes to expand these dangerous powers to yet more institutions; institutions which are, by their very nature, different from the agencies which currently have them. And yet again we see the opposition getting on board. You do not understand the technology you are working with. You are allowing yourselves to be ruled by people of fear.

I have, through the course of this process, worked in deep consultation with industry, with advocates, with people who actually understand the process. At every step of the way I have attempted to alert the opposition and the government to the true nature of the legislation that they are working with, and at every opportunity they have shown the ignorance, the arrogance and the recalcitrance of those who simply do not care about the detail of policy but are totally consumed by the nature of politics. This is one of the greatest crimes that can be perpetrated by a legislator. We are talking of the fundamental right to privacy of the Australian people. That should be an issue which is above the game playing and the nonsense which occupies so much of this chamber's time. But, no, the opposition couldn't pull themselves to do it. Now, this moment which we have before us is an opportunity for the opposition and the crossbench to come together and draw a line in the sand.

Photo of Jenny McAllisterJenny McAllister (NSW, Australian Labor Party, Shadow Assistant Minister for Families and Communities) Share this | | Hansard source

This is a truly unifying speech!

Jordon Steele-John (WA, Australian Greens) Share this | | Hansard source

Well, the truth hurts, doesn't it? There is an opportunity now to move forward from this moment, to refer this bill to a committee and do our job, to ensure that the legislation before us does what we expect it to do, to perform the very basic nature of our duties. I have expressed—and it will probably seem to be an understatement to some listening tonight—a great deal of anger on behalf of those who work in this sector. I do so because, through ignorance, you have put at risk billions of dollars of industry and threatened the right to privacy of all Australians. Through that process, though you were comprehensively told over the Christmas break that you were wrong, that you didn't know what you were doing and that you had passed bad legislation, you have come before this chamber today with the same mindset. That is ultimately the inexcusable aspect of today's spectacle. You mucked up, you didn't read it carefully, and now you continue to make your mistake worse. That is the unforgivable part that the opposition is playing in this process.

We will be moving amendments during this debate which seek to get good outcomes to repair some of the damage, to do right by the citizenry and the industry. I urge the crossbench and the opposition to support those amendments, to support referral and to finally get on and do your damn job. I thank the chamber and I move:

At the end of the motion, add:

", and the bill be referred to the Legal and Constitutional Affairs Legislation Committee for inquiry and report by 2 April 2019."

10:08 am

Photo of Ian MacdonaldIan Macdonald (Queensland, Liberal Party) Share this | | Hansard source

The first duty of government is to make sure the citizens in its jurisdiction are safe. Very often that means some of the rights and liberties we all love and expect in a country like Australia have to be adjusted because criminals and terrorists do not work by any rules; they can do what they like. In this area we're discussing, the criminals and the terrorists have taken advantage of technology to defeat and make difficult the work of Australia's security, criminal investigation and enforcement agencies. The earlier bill was all about making sure Australians were protected. Senator Steele-John and Senator McAllister are correct: that was passed through the houses quickly before the Christmas break. That was done on the advice of security agencies, who thought that the Christmas break could be a time for increased terrorist activities. So it was, fortunately, passed through the House and the Senate before the parliament rose last year, and I thank the Labor Party for their responsible approach to this then and now.

From my point of view, if it's a choice between someone close to me being blown up by a terrorist bomb or me having someone eavesdropping on my conversations or looking at my texts or tweets or Facebook or chat page, I know which I'd prefer. Quite frankly, if anyone wants to listen to anything I say or thumb into my device, they're welcome to it. They'd quickly die of boredom—and perhaps that, in some cases, might be a good outcome! But it is important that we take the advice of those who have the knowledge. Whilst I appreciate Senator Steele-John's passion and his self-proclaimed expertise in this area that many of us don't have—

Jordon Steele-John (WA, Australian Greens) Share this | | Hansard source

I've listened to experts, Ian. I'm not one myself.

Photo of Ian MacdonaldIan Macdonald (Queensland, Liberal Party) Share this | | Hansard source

Thank you for that clarification, Senator Steele-John.

Photo of Cory BernardiCory Bernardi (SA, Australian Conservatives) Share this | | Hansard source

Ignore the interjection, Senator Macdonald.

Photo of Ian MacdonaldIan Macdonald (Queensland, Liberal Party) Share this | | Hansard source

I was about to say that the Greens always have the luxury of being able to say, do, oppose and suggest whatever they like, knowing that they will never be in a position to have to take responsibility for the safety of Australians. The government and indeed, at some stage, the opposition—not in the immediate future, but at some stage, I guess, in the future they will be in government—have the challenge, the responsibility and the duty to do everything that is possible to keep safe ourselves, our family members and our neighbours.

These bills, while some say they are draconian, are—I believe and I think most Australians would accept—put in place purely to make it easier for the agencies that protect us to actually do their job and protect us. The government supports the use of strong encryption to protect personal, commercial and government information. However, the increasing use of encryption to conceal communications has significantly degraded law enforcement and intelligence agencies' ability to collect intelligence, conduct investigations and detect intrusions into Australia's networks. Encryption actually impacts on at least nine out of every 10 of ASIO's priority cases. Ninety-five of ASIO's most dangerous counterterrorism targets actively use encrypted messages to conceal their communications. Over 90 per cent of data being lawfully intercepted by the AFP now use some form of encryption. Effectively, all communications amongst terrorists and organised crime groups are expected to be encrypted by 2020. If that happens, the agencies that protect us will have to have some ability to intercept and learn what those terrorists and organised crime groups are doing, and that means breaking their encryption.

The bill was introduced to equip our agencies with the tools that are necessary to adapt to the increasing use of encryption by terrorists and serious criminals. Claims by some industry representatives that the laws weaken online security by breaking encryption are absolutely false. Quite simply, under the legislation, a company cannot be compelled to create a decryption capability. It cannot be asked to make encryption less effective for general users, it cannot be compelled to build backdoors and it will not jeopardise the information security of general users.

In the time available to me, I want to go through some of the claims that have been made in the media and elsewhere about this bill which, quite frankly, are what some important person once called fake news. And, I confess, of course, that my information comes to me not from my own clever thought but from experienced law enforcement and security people who do understand these things, who know what needs to be done and what the legislation and this amendment will actually do.

The claim has been made that the bill would allow the government to order the makers of smartphone speakers to install persistent eavesdropping capabilities into a person's home, require a provider to monitor the health data of its customers for indications of drug use or require the development of a tool that can unlock a particular user's device, regardless of whether such a tool could be used to unlock every other user's device as well. That's the claim, but that claim is not correct. The actuality is that the bill expressly prohibits notices from doing anything for which a warrant would be required. A surveillance device in a home or monitoring a person's device would require a warrant. The bill expressly further prohibits requiring the building or implementation of the systemic weakness—and that's in section 317ZG.

Another claim being falsely made is this: that it will force tech companies and telcos to insert a backdoor—a systemic vulnerability into all encrypted systems—so that the government can access everyone's private communications. That's the claim, and that claim also is not correct. The bill, to the contrary, is absolutely explicit that the notice cannot require the building or implementation of a systemic weakness. This includes the requirement of a new decryption capability or anything that would make any form of electronic protection like encryption less effective.

There is a further claim, and that claim is that, unlike surveillance laws around the world, this bill requires no judicial oversight. That's the claim. That claim is also not correct. In Australia, judicial authorisation is typically reserved for intrusive powers that access personal information and data. Access to that type of data is prohibited by the bill. To conduct telecommunications intercept or surveillance, the law enforcement agency will still require a judicially authorised warrant. Overseas legislation that has similar provisions directed at securing industry assistance does not always have judicial oversight. The primary exception is the Investigatory Powers Act of the UK parliament which was passed in 2016. The double-lock regime in the UK requires judicial and ministerial authorisation for certain powers. However, no direct comparison can be made between the size and scope of the Investigatory Powers Bill of the UK and this bill. Unlike the English bill, this bill does not provide for bulk interception, bulk equipment interference, disclosure of communications data and the retention of personal data sets, including internet collection records. As a result, the double-lock regime is not appropriate for this bill, as the English bill is more expansive and has a more significant impact on providers. Further, the double-lock feature is a product of the oversight mechanism applying to other intelligence collection powers.

I'm going through these claims in some detail because I think it's important that anyone who has a serious interest in this bill understands that some of the claims that have been made popularly are not, in fact, true. There is a claim that ASIO, ASIS, the Australian Signals Directorate, the Federal Police, state police forces and bureaucrats in the Department of Home Affairs, acting in secret and without the oversights of the courts, would be able to force companies to compromise their products to gain access to any data they want, including access to the data of other governments. That's the claim. The reality is this: the compulsory industry assistance powers will only be available to ASIO and interception agencies, as they are defined in the bill. These are the same agencies which have powers to intercept live communications under a warrant issued by a judge or members of the Administrative Appeals Tribunal. ASIS and the Australian Signals Directorate can only request voluntary assistance. It's important to understand that.

In addition, in relation to that claim, with the prohibition of systemic weakness the bill includes the following strong safeguards: the requirement for the decision-maker to consider the reasonableness, proportionality, practicality and technical feasibility of a notice, including the interests of the provider and the integrity of the devices and services. Some other of these safeguards include requiring the decision-maker to consider any advice received from a provider about the requirement in a notice. This is an opportunity for the provider to detail how a notice may create a systemic vulnerability or weakness. And there's a further safeguard in the ability of the government and the provider to appoint a person with technical expertise to assess whether the requirements of the technical capability notice would actually create a systemic weakness. Judicial review is available for the use of the industry assistance powers.

There are a number of other claims that have been made which have engendered the sort of concern that the previous speaker raised. Most of them are simply not accurate. I'm not going to have time to go through the whole list of the claims that have been made and discount them by giving a factual rejection of those claims.

I conclude my contribution to this bill, and again thank the Labor Party and members of the crossbench for supporting this bill—and supporting it prior to Christmas in some haste—because our first duty, which the previous speaker spoke a bit about, as a government and as a parliament is to do the best we can to keep our fellow citizens safe. We have wonderful agencies—the AFP, ASIO, ASIS, the relevant agencies of the Department of Home Affairs—who I think do a wonderful job. I've had the privilege of chairing the Senate Legal and Constitutional Affairs Legislation Committee for some years now, and all of those agencies appear before our committee at estimates time. Very often they are subject to very intensive grilling, very intensive questioning, by senators about a range of matters, including the powers that they have and the actions that they take and are compelled to take to protect privacy and to protect citizens' basic human rights.

But there is a time when some things have to be done because of advances in technology. As I said earlier—and I want to repeat—the terrorists and the organised criminal gangs run by no rules. They are not overseen by anyone. They don't have to account to anyone except their masters, who want the results of their criminal or terrorist activity. We have to give our agencies the tools to be able to counter the activities of terrorists and criminal agencies as they get smarter, as they make increasing use of advanced technology to pursue their evil goals, and so bills like this are essential. Very often, as I concede, we have to rely on the advice of the people whose job it is to investigate and protect us. In my long experience in this parliament, we've always been very well served, very carefully served, as Australians by our security agencies and our police agencies, and this legislation—the legislation passed before Christmas—give our agencies a fair chance at countering the advanced technological attempts of criminals and terrorists. I urge the Senate to adopt this bill.

10:26 am

Photo of Jim MolanJim Molan (NSW, Liberal Party) Share this | | Hansard source

I rise to speak on the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. I have been a member of the Parliamentary Joint Committee on Intelligence and Security for only a couple of months. Many other members of the committee have been on that committee for many, many years, and the corporate knowledge within that committee of human rights, of technology, of the processes that this Senate chamber goes through and that the lower house goes through is deep and very detailed.

People have often asked me why we only have the government and the opposition on the PJCIS. Unfortunately, we've seen today why that is the case. We heard from Senator Steele-John words such as 'anger', 'ignorance' and 'risk'. I don't mind risk. Everyone must look at risk. Everyone must take risk. Governments take risk all day, every day. But how patronising of Senator Steele-John to say that we do not understand the technology. I find that absolutely patronising—as though the Greens have a monopoly on understanding technology. I suggest to Senator Steele-John that, firstly, he read the bill and, secondly, he understand the bill. As for the amendment, which suggested that this legislation should go to the Legal and Constitutional Affairs Legislation Committee, we have put the most amazing amount of time and effort into this, and it is a continuing process, so to derail that process now is totally irresponsible.

Of course, the reason that we only have the opposition and the government on this committee was, I think, shown by the speech made by Senator McAllister. Having been in the Senate now for only 12 months, I am overwhelmingly impressed by the fact that in this committee we do not politicise issues such as this. We have an extraordinarily bipartisan approach to these incredibly important activities. It is extraordinarily robust. It's not as though compromises through ignorance of technology or lack of understanding of human rights occur; it is incredibly robust.

Some of the most important things that have continually come out of this, both in the popular media and in the committee itself, are the issues that industry has brought before us. I understand the concerns of industry; I deeply understand the concerns of industry. They are concerned about systemic weaknesses, which Senator Macdonald has spoken about in some detail, and I will build on his speech. I acknowledge the difficulties of this bill and the complexity of the bill, but, as I say to just about everyone in the debates I've been involved in in the open media, read the bill in the first instance, which so many people have not. I say understand the bill, which is complex and hard, but it is necessary. I then say let's see it in operation. We will report again by 3 April. Let's see it in operation, and then we will learn and then the confidence will come.

I will speak in passing only on the background of this bill, because I think that Senator Macdonald has covered in great detail what the bill is, as has Senator McAllister. I'll speak a little bit about the government reaction and a lot about systemic weakness and back doors. I'll speak about the implementation of the bill, and we've had a period of implementation of the bill. What you've got to do when you put in a complex activity like that is implement it, look at it and learn from it. If there are changes to be made in our continual struggle for perfection, then we make those. I'll talk about the framework that we've implemented to implement it: the speed, the compressed time line that we worked in for operational reasons; issues such as authority creep and metadata, passwords, oversight, how international companies have looked at this, and the harm to Australian industry and other comments. If I can get through that in 15 minutes, I will be astounded, but I'll give it a good go.

On 5 December 2018—and it's very important that we lay down, through Hansard, the process that we have gone through to bring this bill into being—the committee tabled its report on the act, which focused on the urgency and operational benefits of key measures in the act. The government accepted, in principle, the 17 recommendations in the committee's report and moved 167 amendments in the House of Representatives to implement these recommendations on 6 December 2018. The act passed both houses later that day.

On 21 December, the government provided agencies that were going to implement this over the Christmas period with comprehensive interim guidelines to support the use of their new powers until more detailed industry consulted guidance could be developed. The committee has commenced, as Senator McAllister has laid out, another review of the legislation, focusing on implementation and the government amendments, passed on 6 December 2018. We will report by 3 April 2019.

On 9 January 2019, the government approved 21 companies and industry bodies to form a consultation group for the development of administrative guidance material. An issues paper was released for distribution and industry comment on 1 February 2019. The government delivered onsite training, on 24 January and 4 February 2019, on the use of the powers to the police forces in New South Wales, Victoria and Queensland.

On 29 January 2019, the Department of Home Affairs provided a submission to the committee review addressing how the amendments to the legislation are consistent with the committee recommendations and how the act is being operationalised, and from being operationalised we will learn. On 8 February 2019, the Department of Home Affairs provided a supplementary submission addressing concerns raised in submissions to the review by the Inspector-General of Intelligence and Security and the Commonwealth Ombudsman, and this has been mentioned before.

The government has now introduced the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019. The miscellaneous amendments bill brings forward the review of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 by the Independent National Security Legislation Monitor. That review will happen before, rather than after, June 2020 and ensures that the Commonwealth and state anti-corruption bodies are able to use the industry assistance powers in the assistance and access act that we're talking about.

Of course, one of the big ongoing questions, which was raised by Senator McAllister quite rightly, is the definition of 'systemic weakness'. The act defines 'systemic weaknesses' or 'vulnerabilities', to be a weakness or vulnerability that affects an entire class of technology—that is, it's a weakness that relates to a whole system rather than to a particular part. Defining 'systemic weakness' or 'vulnerability' as something that affects a whole class of technology ensures that items of technology cannot be made less secure. This means that the government cannot require companies to weaken their product or services in a way that would undermine widely used security measures. Without a definition of 'systemic weakness'—and we spent hours in the committee discussing this definition—a significant threshold is removed from the process of determining if the exercise of the power is prohibited.

Other definitions that have been moved in parliament may create greater ambiguities or may be too descriptive. The act refers to the prohibition against building or implementing a systemic weakness or vulnerability in the context of electronic protection. Without reference to 'electronic protection', which includes passwords, encryption methods and other security layers, it's unclear what kind of weakening is prevented by the prohibition.

There is a framework to implement this, and the government continues to work closely with agencies to facilitate implementation and operationalisation of the act. On 21 December 2018, the Department of Home Affairs provided those comprehensive interim guidelines I spoke about before to support the use of these new powers over the Christmas period. The Department of Home Affairs is delivering onsite training to the police forces that will have to implement these powers. The government has been advised that, in late 2018 and early 2019, agencies have used the industry assistance and computer access powers in the act. I'll just repeat that: the agencies have used the industry assistance and computer access powers in the act, and the world still exists.

Agencies have indicated that they will take a collaborative approach with industry in utilisation of the industry assistance powers, commencing with what's called 'technical assistance requests'—the definition of which and the description of which are in the act—to engender support and cooperation. The government continues to consult with industry stakeholders to ensure their views are incorporated in the ongoing implementation of the new framework. The government has collated a comprehensive industry information package for regular distribution to industry members, providing further details on the intended operation of the act. Twenty-one companies and industry bodies have been identified to form a consultation group for the development of administrative guidance material. An issues paper, as I said before, is out there for them.

We've done this fairly fast. It's was important that it be done fast because we faced an operational challenge over the Christmas period. The use of encrypted messaging applications by terrorists, as Senator Macdonald spoke about in some detail, represents a significant threat to the safety of all Australians, and this creates an appalling blind spot for our agencies as they work to protect us. It's vital they be given the appropriate tools in the 21st century to detect and disrupt attacks. The need for the powers in the act became more urgent in light of the fatal terrorist attack in Melbourne in November of last year. The likelihood for further attacks was heightened, as we've all agreed, during the Christmas period that we've just come out of.

The measures in the act are a holistic answer to the challenges posed by encryption and modern communications. The act allows our agencies to address current and emerging threats in the following ways: by modernising the way they seek industry assistance and allowing them to work together with providers to identify new ways to address extant risks. We are working together with providers by enhancing computer access and alternative collection methods that enable them to work around encryption without compromising it—again, I repeat: to work around encryption without compromising it—and bolstering overt access to devices by compelling users of a relevant device to handover passwords.

The criticism is often made of this act that there is, manifest within this bill, what has been called authority creep, and that authority creep relates to metadata. The act does not allow agencies to request metadata. Interception agencies will continue to request metadata if they need it through the Telecommunications (Interception and Access) Act. The data retention legislation restricted the number of agencies that could make such covert requests through this legislation. A broader range of agencies have always been able to request information from carriers through the telecommunications act itself. This act allows a disclosure of data consistent with the notice-to-produce powers of a Commonwealth, state or territory agency.

The question then arises quite often in popular context: does this address the issue of passwords? Well, no. Passwords are a form of electronic protection. We cannot build a capability to remove passwords. That is in the bill. As has been made very clear, this legislation does not allow new capabilities to be developed that enable the removal of a form of electronic protection, passwords being one of those forms.

What about oversight? If you are going to give people and agencies powers, you must always have an appropriate level of oversight. All requests and requirements of industry are subject to extensive independent oversight by the Inspector-General of Intelligence and Security, the Commonwealth Ombudsman or state and territory oversight bodies. The integrity body must be notified when a notice for assistance is issued, varied, extended or revoked. The integrity body has the authority to inspect agency use of powers at any time and may make a report to parliament on the outcome of their inspection. Compulsory powers carry additional oversight measures to ensure they are used appropriately. One in particular, probably the most complex one, which is called a technical capability notice, may only be issued by the Attorney-General. A company may also refer any requirement to build a capability to an independent assessment panel consisting of a retired judge and a technical expert. This panel must consider whether proposed requirements will inadvertently, as parts of the industry have argued, create a back door. Further, any decision to compel assistance may be challenged through judicial review proceedings.

Some people have asked: why aren't these notices issued by a judge? It is all part of the normal oversight. Judicial authorisation is typically reserved in this country for intrusive powers that access personal information and data. These notices we were talking about before are designed to facilitate industry assistance. Warrants are still required to access content, and that is critically important. There are robust safeguards built into the framework, including a statutory reasonableness test, ministerial oversight and judicial review, as I've spoken about before. These are on top of the prohibition on systemic weaknesses and accessing personal content. That might be complex, but it requires you to actually read the bill and to understand the bill.

What about international comparisons? There is one that you can make, and that is to the Investigatory Powers Act 2016 from the UK. The legislation that we are looking at is far narrower in scope and application than the UK's Investigatory Powers Act. The UK act reformed interception powers, imposed data retention requirements and allowed for bulk collection of data. This act does none of these things. Unlike the Australian legislation, the UK act does not prevent the building of a capability that removes encryption or other forms of electronic protection. The government understands the UK powers can also be used to require providers to build core interception capabilities, and this is not enabled via the assistance and access act.

Australian notices are subject to a global safeguard that means industry can't be required to build flaws in their system, and industry cannot be required to stop making their systems more secure. This comes to a very, very interesting conclusion. Will the act harm Australia's technology industry? During the development of the legislation, the government recognised concerns that the act may harm Australian products' competitiveness at market. However, the legislation includes provisions for companies to publish statistics regarding the number of requests or notices they have received. This will leave most companies unaffected, as they will be able to disclose that they have not been asked to provide assistance, while companies who do assist can demonstrate that their systems are not compromised by the assistance provided, consistent with the act's explicit protections against the creation of back doors and degradation of security features.

This is a very complex, very large and very important bill. It does not require reference to any other committees. It has been worked through in a process of bipartisanship—not politicised—in a very, very robust way, and it is a credit to the PJCIS. I recommend the bill.

10:46 am

Photo of Richard Di NataleRichard Di Natale (Victoria, Australian Greens) Share this | | Hansard source

People right around the country are desperate to vote this mob out. They are desperate to see a change in direction for our country. They are desperate to remove a government that has shown itself incapable of dealing with the challenges of our generation. They are desperate to see a new government take us to another place—a better place, a place that acknowledges the future and that does not attempt to drag us back to a bygone era. What we have with this piece of legislation is a government that doesn't understand what the future looks like and wants to hand over more power to a group of unaccountable agencies, to ensure that we continue the slow and gradual erosion of people's private information and to destroy a burgeoning industry.

That was also the view of the Labor Party. It was the view of the Labor Party. They stood with the Greens and made it very clear that they believed this legislation was bad legislation. Yet all it took was for the government to throw around those two words, 'national security'—they throw them around like confetti—and the Labor Party went to water. A weak-kneed Labor Party refused to stand up and mount a defence for individuals to ensure that their information remains private and to ensure that our software industry and our IT industry are able to continue to grow and export and develop into the industry that we know that it can be. They went to water.

We congratulated them at the time. We agreed with them on their criticisms of this piece of legislation. The evidence was clear. We heard that this would open up a gate to corporate and state espionage. We heard that this bill would enforce our software industry and talented IT entrepreneurs offshore. We know that because they told us. We heard that this would compromise the privacy of all Australians. We heard that it would weaken the cybersecurity of Australian companies and, indeed, of the Australian government. Of course we knew that it would hand over more power to our unaccountable intelligence agencies.

We just had a contribution from Senator Molan, who made it clear that he doesn't want the Greens to be involved in the Joint Committee on Intelligence and Security. Of course he doesn't. He doesn't want the scrutiny that the Greens provide in that environment. He doesn't want the transparency that is necessary for Australians to judge for themselves whether this is a good law or a bad law. He doesn't want to be held to account, and this government don't want to be held to account for the decisions that they are making that erode Australians' private information and that ensure we put the brakes on this hugely profitable and potentially job-creating IT industry. That's why we do need the Greens in the Senate holding both major parties to account, being a buffer against the repeated disappointment of the Labor Party, who cave in as soon as those two words 'national security' are thrown around.

This has nothing to do with national security and everything to do with securing information and with individuals and organisations being absolutely certain that their information remains private and that it is used for their benefit and not for the benefit of some of these unaccountable agencies. If it wasn't for the work of Senator Jordon Steele-John, through his engagement with the IT sector, with the digital rights sector, with a range of organisations who have told us repeatedly: 'You must repeal this legislation because it does nothing to keep Australians safe. Indeed it makes us less safe,' we still wouldn't know some of the egregious impacts that this legislation will have. We now know that the words 'national security' are thrown around as a cover for governments to go about and implement even more authoritarian laws. Well, it looks like the Home Affairs monolith created by Peter Dutton will continue, regardless of who wins the next election.

Franklin Delano Roosevelt famously once said that we have nothing to fear but fear itself, and that's the response we should be giving to this scare campaign being mounted by the Liberals when it comes to national security. We've got the Labor Party putting the desires of an authoritarian minister ahead of the deepest concerns of individuals, of technology companies, of defence contractors, of the UN, of the EU, of lawyers and of digital rights and civil liberty groups, all of whom know this is bad legislation. Indeed, that was the view of the Labor Party until they caved.

We know there are good people inside the Labor Party who are arguing that this bill should not pass. Sadly, it seems they've lost. That is why you need the Greens in the Senate, because we have both parties now willing to destroy the future of Australian businesses who develop software. Internationally, people are looking on this bill, and the signal that this sends to the rest of the world is that we can't trust software developed here. We can't trust that it hasn't been compromised and is being utilised against secure systems. We cannot trust Australian technology. The government, with the support of the Labor Party, are sacrificing our IT industry. This is an export market estimated by Austrade to be worth over $3 billion, rising to at least $6 billion over the next decade. Let's look at what's at stake here. Encryption is critical. Encryption is critical for the safety of our digital infrastructure in our banking system, in our energy grid, in mass transit systems. Essential services in this digital economy rely on encryption and they will now be opened up for exploitation.

We'll support the amendments that have been proposed to this current piece of legislation, but let's not delude ourselves: they make a shocking, dreadful piece of legislation a little less bad. The right response now is to not support this bill in its entirety. We need to ensure that individual Australians and organisations, remain safe. We need to ensure that we create the conditions that allow these industries, which are the industries of today and tomorrow, to grow and prosper.

Let me finish my contribution by quoting the Australian Digital Rights Watch chair, Tim Singleton Norton. He made this statement:

This bill is still deeply flawed, and has the likely impact of weakening Australia's overall cybersecurity, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections. In its very design, it is antithetical to human rights and core democratic principles. Lawmakers are on notice that they will be responsible for the consequences of introducing weaknesses into our digital infrastructure – including adverse consequences borne by everyday people who rely on encryption to go about their daily lives in a digital society.

I get it that most people in this place don't understand the very nature of the bill that they're currently supporting. It's okay to admit you don't know, but surely it's critical that we take a cautious approach in this area, that we listen to the advice of people from right around the world. It is unprecedented action that this chamber is now taking. Listen to the UN, to the EU lawyers and to the digital rights and civil liberty groups. Listen to the many millions of Australians who are horrified by this. Listen to those tech companies who understand the impact of this law on the business that they are currently conducting. This is bad law even with these amendments. It introduces vulnerabilities into people's private information and into vital national infrastructure and it risks bludgeoning an incredibly lucrative and important industry for Australia.

We Greens in the Senate will always stand up against bad legislation. You may use the words 'national security'. Well, we believe it is in the interests of all Australians to ensure that their information remains safe and secure. We won't be cowed by your campaign to ensure that the next election is based on fear and division. We stand ready to vote and repeal this legislation—it won't be long before its flaws are revealed and we have to undo the damage that has been done—but we have an opportunity to stop it now, and that is exactly what we will be endeavouring to do.

10:57 am

Photo of Amanda StokerAmanda Stoker (Queensland, Liberal Party) Share this | | Hansard source

I rise to speak in support of the Telecommunications and Other Legislation Amendment (Miscellaneous Measures) Bill 2019. National security, keeping Australians safe from harm, is the highest priority of every government, but it is a particularly important priority for this government. That's why, on Monday, the Prime Minister spent quite some time outlining our plan for keeping Australians safe and secure. The Prime Minister highlighted many of the existing threats to the freedom and the security of all Australians. They include the dangers that arise from organised crime; the consequences of trafficking in drugs; the issue of border security and the risks of people smuggling; and the threats of terrorism, corruption and online predators, particularly those who do so for the sexual exploitation of children. In the many years before I came to this place, I served as a Commonwealth prosecutor, and I don't think I'm exaggerating in saying that I've prosecuted near enough to all of these offences at one time or another. I've seen how hard our agencies work to stop crimes of this nature and I've seen how difficult it is to mount a case to hold accountable those who engage in this kind of conduct in the digital age. These threats are continually growing and continually evolving. This isn't something we need to be scared of but something that we need to deal with. We need to prepare our agencies and give them the tools they need to be able to be effective in the interests of all Australians.

Today our security agencies face one of the most significant technological challenges we have ever faced in our history. With fatal terrorist attacks overseas, the recent disruption of alleged planning for a mass casualty attack by three individuals in Melbourne—incidents like this highlight the threat to all Australians that is presented by those who would seek to harm Australians using terror and who plan to do so and communicate using encrypted messaging applications.

The government supports the use of strong encryption to protect personal, commercial and government information. We understand it has a positive commercial and public role to play. However, the increasing use of encryption to conceal communications has significantly degraded law enforcement and intelligence agencies' ability to collect intelligence, to conduct investigations and to detect intrusions into Australian networks. Our intelligence agencies have told us some facts about which we should all be concerned and of which we should all take note. The first is that encryption impacts at least nine out of every 10 of ASIO's priority cases. The second is that 95 per cent of ASIO's most dangerous counterterrorism activities target those who actively use encrypted messages to conceal their communications. The third fact is that over 90 per cent of data that is being lawfully intercepted by the AFP now uses some form of encryption. The fourth is that effectively all communications among terrorists and organised crime groups are expected to be encrypted by 2020. And let's be frank about it: near enough to all of them are already using these services.

It's a reality to which we must adapt. The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 was passed at the end of last year to help equip our agencies with the tools that are necessary to adapt to the increasing use of encryption by terrorists and serious criminals. We now seek to improve upon this legislation by bringing forward a review of the act and by ensuring that Commonwealth and state anticorruption bodies are able to use the industry assistance powers in the act. Those who have concerns about this act should feel reassured by the bringing forward of that review. It demonstrates this parliament's commitment to transparency in the use of powers like this.

The Parliamentary Joint Committee on Intelligence and Security supports the government's position that Commonwealth and state anticorruption bodies should have the same access to industry assistance powers as law enforcement agencies. The use of industry assistance powers by these bodies will be subject to appropriate oversight, and that will be effected by the Commonwealth Ombudsman. Access to the industry assistance measures will help corruption bodies in identifying and investigating serious crime and serious law enforcement misconduct and corruption across the public sector. At a time when other people in this building have spent a lot of time talking about the need for institutions like a federal ICAC, one would think that facilitating the use of evidence-gathering techniques such as this by those who would seek to stamp out corruption would be something that would have some appeal.

There have also been claims by some that these laws have been rushed through the parliament. That's not right. The use of encrypted messaging applications by terrorists represents a significant threat to the safety of all Australians, and it creates a real and critical blind spot for our agencies. It's vital that they be given the appropriate tools to detect and disrupt attacks, and it's vital that we do that in a way that is sufficiently prompt and sufficiently responsive to ensure that Australians' safety, that which is protected by the investigations our agencies undertake, is not prejudiced by our failure to act.

The need for the powers in the act was highlighted—became more urgent—in light of the fatal terrorist attack that occurred in Melbourne in November 2018. It was a tragic and awful day for all Australians, and it should serve as a wake-up call for us all about the need to act. The likelihood for further attacks was heightened during the Christmas and New Year period. The measures in the act provide a holistic answer to the challenges posed by encryption and modern communications. We can see that this is a difficult balancing act, and it's important that we get it right—and this bill does. It allows our agencies to address current and emerging threats, first, by modernising the way that they seek industry assistance and allowing them to work together with providers to identify new ways to address existing risks; second, by enhancing computer access and alternative collection methods that enable them to work around encryption without compromising it; and, third, by bolstering overt access to devices by compelling users of a relevant device to hand over passwords in particular situations.

Claims by some in this chamber that the laws weaken online security by breaking encryption are false. Quite simply, under the legislation, a company cannot be compelled to create a decryption capability. It cannot be asked to make encryption less effective for general users, and it cannot be compelled to build backdoors. It will not jeopardise the information security of general users. Importantly, access to private communications and personal information remains subject to existing requirements for a judicially authorised warrant or an authorisation of a similar kind. Requests for metadata will continue to be governed by the current requirements. The act places obligations on companies supplying communication services or devices in Australia to provide reasonable assistance to law enforcement and security agencies. The act also enhances existing search warrants and introduces new computer access warrants to modernise the search and seizure powers of law enforcement. Quite simply, this legislation does not allow for mass surveillance, as the Greens would have you believe—they love a good scare campaign. In fact, the act has considerable oversight arrangements. For instance, all requests and requirements on industry are subject to extensive independent oversight by the Inspector-General of Intelligence and Security, the Commonwealth Ombudsman or state and territory oversight bodies.

It's worth noting that the integrity body must be notified when a notice for assistance is issued, varied, extended or revoked. Further, the integrity body has the authority to inspect agency use of powers at any time and may make a report to parliament on the outcome of their inspections. Compulsory powers carry additional oversight measures to ensure they are used appropriately. For example, technical capability notices may only be issued by the Attorney-General. Furthermore, a company may also refer any requirement to build a capability to an independent assessment panel, consisting of a retired judge and a technical expert. It's quite sensible, really, that the technical expertise needed to get this right be coupled with the judicial expertise that's necessary to ensure that individual rights continue to be protected. The panel must consider whether proposed requirements would inadvertently create a back door, again using that combination of legal principle and technical expertise. Further, any decision to compel assistance may be challenged through judicial review proceedings, providing transparency and accountability for those who don't believe the powers have been exercised in the way that they should or providing opportunities for review for those who strenuously object.

The act does not allow agencies to request metadata. Interception agencies will continue to request metadata through the Telecommunications (Interception and Access) Act 1979. The data retention legislation restricted the number of agencies that could make covert requests through this legislation. A broader range of agencies have always been able to request information from carriers through the Telecommunications Act 1997. This act allows disclosure of data consistent with the notice-to-produce powers of a Commonwealth, state or territory agency. There are also a number of misconceptions posed around the definition of 'systemic weakness'. The definition of 'systemic weakness' is sufficiently clear about what would amount to creating a back door. For example, the government moved amendments to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 on 6 December 2018 to further strengthen and clarify the prohibition against requiring providers to create or implement a back door. This included providing a definition of 'systemic weakness' that was clear and also providing a definition of 'systemic vulnerability'. This prohibits requirements in a request or a notice which would have the effect of leading to systemic intrusions into devices or networks. The effect of this is to enhance the safeguards that exist to prevent the creation of back doors.

Defining systemic weakness or vulnerability as something that affects a whole class of technology ensures that general items of technology like a type of operating system or a commercially available encrypted messaging service cannot be made less secure. Other definitions that have been moved in parliament may create greater ambiguities or, in effect, be too prescriptive. These other definitions that have been proposed may not achieve the policy intent of ensuring the overall security of devices and services, and it's important that we make sure that remains intact. For example, amendments to the definition of 'systemic weakness' use the language of 'communicating directly' to designate what constitutes 'otherwise secure information'. This language may be too narrow and exclude popular methods of communication such as private internet forums and online broadcast platforms. And I can tell you from my experience in prosecuting that these private internet forums in particular are extremely popular among those who would seek to be involved in organised crime; those who would seek to exploit children online; those who would seek to produce some of the most barbaric, predatory material for others on the internet to use; and, as we have all, I think, become aware in recent years, those who would seek to plan terrorist acts against this nation.

Additionally, the language of 'may create a material risk to otherwise secure information', may be too broad and may create an unworkable standard for assessors. The current test, which uses the language 'likely', is an appropriate legal standard. It clarifies that requests and notices must not jeopardise information security of any other person. The amendment to the language also further enhances the prohibition on any inadvertent impact on broader cybersecurity that might arise from the activities that are being targeted by an agency.

Other amendments propose the removal of the anchor of electronic protection, which makes the prohibition unnecessarily ambiguous. Without reference to 'electronic protection', which includes passwords, encryption methodology and other security layers, it is unclear what kind of weakening is prevented by the prohibition.

There have also been questions asked as to why there is a definition of 'systemic weakness'. In the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill as originally tabled, these terms were subject to their ordinary meaning. However, this approach was subject to considerable public debate and scrutiny. Leaving these terms as subject to their ordinary meaning provided maximum flexibility for providers to raise concerns as to what would be considered a systemic weakness or vulnerability. So, in response to concerns raised by industry and by the public, the Parliamentary Joint Committee on Intelligence and Security recommended that the meaning of the term 'systemic weakness' be clarified and made more precise and so that's what's happening.

The government has also strengthened the prohibitions and limitations by: clarifying what is meant by 'systemic weakness' and 'systemic vulnerability'; strengthening the prohibitions against an agency requesting the building of a systemic weakness or systemic vulnerability; clarifying the limitations for technical assistance requests, technical assistance notices and technical capability notices; and introducing an assessment panel to consider and report on whether technical assistance would result in a systemic weakness or systemic vulnerability. Let's be clear. It doesn't allow for mass surveillance or require the construction of decryption capabilities or so-called back doors. It doesn't require companies to jeopardise information security for innocent users. It doesn't require employees of companies to work in secret without their employer's knowledge. It doesn't discriminate between Australian and foreign companies. It doesn't require Australian citizens to do things by virtue of their citizenship or allow our Five Eyes partners to request Australia circumvent human rights obligations. None of that is facilitated by this bill.

National security and keeping Australians safe from harm is our highest priority. The heads of ASIO and the AFP and the National Cyber Security Adviser support these laws. The government will continue to listen to the concerns of our intelligence agencies and provide them with the tools they need to continue their good work to protect Australians from those who would seek to do us harm.

11:17 am

Photo of Linda ReynoldsLinda Reynolds (WA, Liberal Party, Assistant Minister for Home Affairs) Share this | | Hansard source

I rise to speak on the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill as well, but given that my colleagues have so comprehensively covered this bill—and I thank them for that—I would like to commend the bill to the Senate.

Photo of Barry O'SullivanBarry O'Sullivan (Queensland, National Party) Share this | | Hansard source

The question is that the second reading amendment circulated in the chamber and proposed by Senator Steele-John be agreed to.

11:24 am

Photo of Barry O'SullivanBarry O'Sullivan (Queensland, National Party) Share this | | Hansard source

The question now is that the bill be read a second time.

Question agreed to.

Bill read a second time.