New national security laws dealing with encrypted communications are likely to pass Parliament by the end of the week, as Labor and the government have come to an in-principle agreement on key parts of the Bill after a series of concessions from the Coalition.
"The changes include limiting the application of the powers in this bill to only serious offences, properly defining key terms in the bill, and requiring a 'double-lock' authorisation process for Technical Capability Notices, " Shadow Attorney-General Mark Dreyfus said on Tuesday.
"This Bill is far from perfect, and there are likely to be significant outstanding issues, but this compromise will deliver security and enforcement agencies the powers they say they need over the Christmas period, and ensure adequate oversight and safeguards."
There will be greater oversight of the Technical Capability Notice powers in the Bill, which will compel companies to build new functionality to help interception agencies access data, or they will risk facing a fine.
The Attorney-General and Communications Minister would need to authorise such a notice and where there was a dispute over whether such a notice would create a systemic weakness, this would be determined by a former judge and a technical expert.
Dreyfus said it was yet another example of Labor working responsibly to improve national security laws.
"I want to issue a call to the government -- the trashing of bipartisan process and politicisation of national security that has occurred over the past month must never happen again," he said in a statement.
Speaking to journalists on Tuesday afternoon, Attorney-General Christian Porter said the Bill would contain a definition of systemic weakness, which is one of the few clauses that allows tech companies to refuse to comply.
Earlier in the week, Dreyfus said Labor could not back the rushed the Parliamentary Joint Committee on Intelligence and Security (PJCIS) process from looking at the Bill, but offered an interim Bill that would wave through the proposed powers of agencies involved in counter-terrorism, and produce another report for the rest of the agencies with interception powers.
On Monday, the government accused the Labor party of backing terrorists for failing to pass the proposed laws.
Energy Minister Angus Taylor accused Labor of "running a protection racket for terrorists" by refusing to rush through the laws; Finance Minister Mathias Cormann said Labor wanted terrorists to be able to communicate via WhatsApp; and current Australian Prime Minister Scott Morrison accused Labor leader Bill Shorten of being "happy" for terrorists to plot attacks using encrypted messages.
Assistant Home Affairs Minister Linda Reynolds claimed the legislation needs to be rushed to help alleviate security threats over the coming summer break.
"Christmas is a heightened security issue for us and we need to make sure people are as safe and as secure as possible," Reynolds said on Sunday.
"It is the lives of Australians at risk, because the threat is real."
Asked last week whether there are any specific threats that the Australian Security Intelligence Organisation (ASIO) needs the powers for, ASIO Director-General Duncan Lewis responded by not identifying a threat, but instead saying there is a general increased threat over the Christmas period.
Dreyfus pointed out that even if the legislation is rushed through Parliament, due to the Bill allowing for a 28-day consultation period when a Technical Capability Notice is issued, it would be nigh on impossible for ASIO to make use of all the provisions in the Bill.
Under the proposed law, Australian government agencies would be able to issue three kinds of notices:
- Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
- Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
- Technical Assistance Requests (TAR), which have been described by experts as the most dangerous of all.
Much like Australia's data retention laws, Labor needed to back the laws to guarantee quick passage through the Parliament.
Must read: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)
Despite claims that there is a need for the laws to track down terrorists and other extremely serious offenders, the laws have mostly been used in the previous two years to chase down drug traffickers.
In this instance, PJCIS chair Andrew Hastie was up front with his desire for the encryption-busting capabilities of the Bill to be used on targeting drug offenders.
"We use more ice in regional WA than in Sydney or Melbourne, so my point is from an economic perspective, we have a serious problem in this country with ice, and of course, my electorate has a large meth problem," he said.
"I'll just put on the record, different perspectives on this question."
Hastie also rejected comparisons between this Bill and Chinese legislation that force Chinese companies to comply with demands from Beijing, through stating that Australia is a liberal democracy.
Australia's proposed encryption-busting Bill would be thrown out of a European court, United Nations Special Rapporteur on the right to privacy Joe Cannataci has said.
Government ministers have taken to the airwaves over the weekend to claim Labor is playing games with the proposed Assistance and Access Bill.
Fresh from ignoring experts on the warming of the planet, Australia's politicians are now ignoring cyber experts.
ASIO will immediately seek to use the legislation when it comes into force.
Australia's proposed encryption-busting legislation is one of the most significant changes to surveillance laws in a generation, but the government is skimping on the review processes.
Home Affairs Minister Peter Dutton wants proposed legislation allowing police to read encrypted messages made law soon, after a terror plot was foiled.
If an Australian company is compelled by legislation to deny that a capability in its products exists, then its assertions are meaningless, security company Senetas has said.