With Australia's encryption-busting Assistance and Access Bill sitting before the Parliamentary Joint Committee on Intelligence and Security, and the Department of Home Affairs having already made a small number of changes to its wording between the draft release and the Bill's introduction to Parliament last month, Minister for Home Affairs Peter Dutton has said the Bill is already compromised.
"I think there is a common-sense approach here. I think the government has crafted that common-sense approach, but it can only be enacted if it is supported in the Senate," Dutton told the National Press Club in Canberra on Wednesday. "We can't have on key national security Bills compromises because we're dealing with five or six or eight different senators all with different motivations, and pulling in every direction."
Dutton said Opposition Leader Bill Shorten needs to decide whether he is on the side of Silicon Valley multinationals or with "law enforcement and intelligence agencies in this country who want to protect Australians".
The Home Affairs minister added that tech giants need to be hounded to pay more tax in Australia, have breached user privacy for commercial advantage, and are protesting moves to force them to help law enforcement in Western countries while simultaneously doing business in authoritarian growth markets.
"It is essential. Given we are talking about nine out of 10 national security investigations now being impeded because of the use of encryption, we need to deal with it. It doesn't go as far as some people would want, but it is a measured response," he added.
While once again avoiding any specifics on how companies could meet their obligations under the proposed law without weakening their systems or breaking into their own software, the minister argued that the law does not go beyond other laws relating to data collection, and that the debate is, at its heart, about how to deal with encryption.
"We are talking about trying to cope with a technological change here, not talking about creating backdoors, not talking about weakening their product or trying to undermine their business model; quite the opposite," Dutton said. "Encryption is an important part of our community, but it is being used by some for for the wrong reasons and we need to deal with that."
Dutton further said the Bill should be dealt with sooner rather than later.
For her part, Labor Shadow Minister for Communications Michelle Rowland said in a speech on Tuesday that unlike other national security laws that are entirely domestic in their effect, the Assistance and Access Bill will impose obligations from Australia on multinationals, and it would have global ramifications.
"Despite being 176 pages in length, and containing near 43,000 words, it has been pointed out to me the text of the Bill only contains the word encryption once," Rowland said.
"Whilst I remain unclear on what the full scope of the Bill is in terms of its practical application, and I'm yet to have someone articulate it to me, the proposed assistance framework does appear to go beyond encryption and potentially into the sphere of modifying devices and software at different points in the service stack."
Rowland said the Bill is entering new territory, and as a result needs to be "scrutinised rigorously".
"The implications of such scenarios need to be tested. To do this, we need time," she said. "Labor was and remains concerned at the haste with which the Bill was introduced to Parliament."
According to Rowland, the complexity in the current debate is not due to balancing security and privacy, but in dealing with trade-offs between security and security.
"That is, the pursuit of one security objective, through the development of measures to bypass encryption to access information on a device, as one example, being traded off against the security of a broader system that may now have greater vulnerability as a result of being modified, temporarily or permanently, to facilitate that access," Rowland said.
"These will become judgments about competing forms of technical risk to systems and devices, which are complex and can vary from circumstance to circumstance."
The shadow minister also called on the government to engage further with industry and other stakeholders.
"This engagement should include a series of industry workshops to develop scenarios and stress test them against the processes and mechanisms set out in the Bill," she said.
"This will help to develop a better understanding of where legitimate objectives encounter technical barriers, or when there is an absence of limiting factors, or adequate accountability, in circumstances where requests can be issued."
In response to questions from ZDNet, Rowland declined to expand on how these workshops would work.
Under the proposed law, Australian government agencies would be able to issue three kinds of notices:
- Technical Assistance Notices, which are compulsory notices for a communication provider to use an interception capability they already have;
- Technical Capability Notices, which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
- Technical Assistance Requests, which have been described by experts as the most dangerous of all.
Submissions on the Bill to the Parliamentary Joint Committee on Intelligence and Security must be made by Friday October 12, with the first hearing set for Friday October 19.
The new mega-group has called on Canberra to ditch its push to force technology companies to help break into their own systems.
Fresh from rushing the legislation into Parliament, the government will ram its legislation through the Parliamentary Joint Committee on Intelligence and Security.
Services providers now have a defence to use if they are required to violate the law of another nation, and the public revenue protection clause has been removed.
Industry groups, associations, and people that know what they are talking about, line up to warn of drawbacks from Canberra's proposed Assistance and Access Bill.
If the Assistance and Access Bill becomes law as it stands, it could affect 'every website that is accessible from Australia' with relatively few constraints in the government's powers.
Official statements from the Five Country Ministerial meeting make it clear: Voluntarily build lawful access into encrypted messaging systems, or else. It's not a good look.
5 tips to secure your supply chain from cyberattacks (TechRepublic)
It's nearly impossible to secure supply chains from attacks like the alleged Chinese chip hack that was reported last week. But here are some tips to protect your company.