Chinese network vendor Huawei is concerned that proposals set out in the Australian telecommunications security inquiry by the Joint Parliamentary Committee on Intelligence and Security, will see some vendors, such as Huawei, discriminated against, following the company's ban for tendering for the National Broadband Network (NBN).
The discussion paper from the Attorney-General's Department, accompanying the inquiry, makes a number of wide-ranging proposals for overhauling telecommunications security legislation to adapt to technological changes, including requiring internet service providers (ISPs) to retain customer data for up to two-years and giving government agencies a greater role in deciding which vendors telcos can and cannot use in their network infrastructure.
As Huawei was banned from tendering for the NBN for reasons still currently kept secret, it comes as no surprise that Huawei's submission to the inquiry raised concerns about proposals that could exclude Huawei and other vendors.
"Given the commentary surrounding the proposed reforms, we do have concerns that the security standards proposed in the Discussion Paper will be imposed in a way that discriminates against particular vendors, or vendors from a particular country of origin, with little or no benefit for security outcomes," Huawei said.
Huawei said that the security reforms should not amount to "additional red tape" and should focus on the actual security risks, rather than "irrelevant criteria, such as the country of origin of a vendor".
The company stated that network vendors need to demonstrate the security of their equipment in order to win business, and as such, strong competition in the industry improves the security available in the network equipment. Huawei highlighted that it has equipment in fibre networks in the UK, Singapore, Malaysia and New Zealand, and while it does not have a meaningful presence in tier 1 carrier networks in the US, there has been no evidence that the US networks are more secure than those in the UK or New Zealand.
Huawei also pointed out that its main rivals, Alcatel-Lucent, Ericsson, Nokia-Siemens and Cisco, all have major manufacturing bases in China, so distinguishing between the companies based on country of origin is "neither rational, nor effective".
As such, Huawei has recommended that telcos not be forced to run their major business decisions about network infrastructure by the government first, stating that it would harm competition and investment in Australia.
"Discriminatory security reforms would limit investment, innovation and the availability of new technologies for Australian consumers, businesses and governments."
Huawei rival Cisco noted in its submission that the "trustworthiness of suppliers and network elements" was critical for a secure network, but said that all elements, from supply chain to hardware and software vulnerabilities to integrity of the infrastructure, must all be assessed. Cisco recommended using a "trusted community" model for private-public partnerships between the government, vendors and telcos.
The committee has, so far, published 177 submissions to the inquiry, the vast majority coming from private citizens opposed to the proposed reforms, but a number of government departments and telecommunications organisations have also made their views known.
Australia's third-largest ISP, iiNet, said that there was "no hard evidence", for example, statistics on cyber terrorism, to justify why interception and access laws need to be overhauled, and retaining data for up to two years would be in conflict with the National Privacy Principles in the Privacy Act. If an exemption was provided under this act, iiNet said that it would have major implications for privacy, because any personal information can be collected and retained, just in case it may be of use to law enforcement agencies.
iiNet said that the government needed to provide an analysis of the costs, benefits and risks of the data retention scheme, justify why agencies need the data and quantify the expense to ISPs.
The Australian Mobile Telecommunications Association and the Communications Alliance said in a joint submission that any costs associated with the implementation of data retention, and other proposals that impact on telecommunications providers, should be minimised to avoid that cost being passed onto consumers. The groups estimate that the cost of data retention could be in the range of "tens to hundreds of millions of dollars".
If source and destination IP addresses were required to be included, setting up technology to capture this information would cost between AU$500 million and AU$700 million, the groups estimated, and the addition of a single data element could increase this figure by tens of millions of dollars. The groups said that a more accurate figure can be provided when the government actually reveals what information it intends ISPs to keep.
Customs and Border Protection welcomed the possibility of increased interception powers, while the Australian Tax Office (ATO) said that if the ATO was able to get real-time data from ISPs, this would improve fraud investigations.
The Australian Federal Police (AFP) insisted in its submission that the data retention proposal for "non-content data", such as subscriber information, numbers, time of communication, IP addresses and URLs, is not about giving the government and law enforcement agencies new powers, but that "it would ensure that existing investigative capabilities remained available" as technology changed.
Without data retention, the AFP warned that it would have limited ability to track offenders, present evidence in court, react to some life-threatening situations and complete investigations.
The Media, Entertainment and Arts Alliance, representing journalists, said that the proposed expansion of intercept powers had "the potential to threaten press freedom", and could risk the confidentiality of journalists' sources and information if agencies were able to obtain data from their ISP.