More law enforcement agencies to get access to ‘anti-encryption’ powers

The government has introduced a bill that will allow anti-corruption organisations to employ the provisions of controversial legislation intended to mitigate the impact of encryption technology on law enforcement investigations.

The powers in Schedule 1 of the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 are designed to help law enforcement agencies better intercept online communications services. Currently those powers are available to the Australian Federal Police, the Australian Crime Commission, and state and territory police forces, as well as intelligence agencies.

The Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019 will amend the legislation to enable state-based anti-corruption agencies to employ the powers, which will allow them to serve communications providers with notices compelling them to undertake a wide range of ‘acts’ in relation to services they operate.

If passed, the legislation will expand the definition of “interception agency” to include the Australian Commission for Law Enforcement Integrity; NSW’s Independent Commission Against Corruption, Crime Commission, and Law Enforcement Conduct Commission; Victoria’s Independent Broad-based Anti-corruption Commission of Victoria; Queensland’s Crime and Corruption Commission, South Australia’s Independent Commissioner Against Corruption, and WA’s Corruption and Crime Commission.

The changes will bring the legislation into line with the definition of interception agency in the Telecommunications (Interception and Access) Act 1979, an explanatory memorandum accompanying the bill states.

“This amendment will provide these anti-corruption bodies with tools – in the form of industry assistance – to investigate serious crime, and law enforcement misconduct and corruption across the public sector,” the memorandum states.

The bill will also expedite the review of the encryption legislation by the Independent National Security Legislation Monitor.

Currently, the INSLM is required to review the Assistance and Access Act as soon as possible after an 18-month period that began on 8 December when the legislation received Royal Assent. If the new bill is passed, the INSLM will be required to conduct a review before the end of the 18-month period.

The move will enable “effective, timely and expert monitoring of the Assistance and Access Act which is designed to allow law enforcement and national security agencies to continue to discharge their legitimate and lawful functions in the increasingly complex modern communications environment,” the explanatory memorandum states.

Labor amendments

Labor has foreshadowed that it will seek to amend the government bill.

Shadow attorney-general and national security minister Mark Dreyfus yesterday accused the government of trying to back away from a deal stuck last year with Labor to facilitate consideration a range of amendments to the encryption legislation.

The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 was passed on 6 December mdash; the last sitting day of 2018 mdash; thanks to Labor’s support. Labor criticised the legislation, which was subject to 173 government amendments on the morning of 6 December, as significantly flawed.

However, the opposition withdrew its own proposed amendments to ensure the bill could be passed by both houses of parliament after the government adjourned the lower house to prevent a defeat on a separate piece of legislation.

Dreyfus said that it is “not tenable” for the government to argue that its 6 December amendments “largely implemented” the recommendations of a bipartisan report on the legislation by the Parliamentary Joint Committee on Intelligence and Security.

“To make the legislation conform to the Committee’s recommendations, we will be moving amendments to the Telecommunications and Other Legislation Amendment (Miscellaneous Amendments) Bill 2019 when it is introduced into the Senate,” Dreyfus told the House of Representatives.

The “most fundamental” of the PJCIS recommendations related to the definition of “systemic weakness,” Dreyfus said.

The legislation bans the government from demanding that a service provider create a systemic weakness or systemic vulnerability. However, the legislation did not originally define those terms.

One of the government’s amendments introduced a definition of systemic weakness, saying that it “means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person.”

“For this purpose, it is immaterial whether the person can be identified,” the definition adds. Systemic vulnerability is defined in a similar fashion.

Groups representing the tech and telco sectors have criticised the definition.

“We are not aware of any impacted companies, technical experts, non-government organisations or individuals who accept that the government’s rushed amendments implemented the critical recommendations of the committee in relation to the meaning of ‘systemic weakness’ or ‘systemic vulnerability,’” Dreyfus said.

“In fact, there is broad agreement that instead of clarifying the meaning of the term ‘systemic weakness’ the government’s amendments have created additional confusion. Technology experts have gone as far as calling the government’s amendments ‘an abomination’.”


Copyright © 2019 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon