Hasty PJCIS examination of encryption Bill produces rushed and contemptuous report

The Australian Labor Party agrees to reverse the sensible order of creating legislation, and will pass encryption-busting Bill, before then reviewing its consequences.

andrew-hastie-encryption-canning.png
(Image: APH)

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) has delivered its report [PDF] on Australia's proposed Assistance and Access Bill which will soon become law.

Under the proposed law, Australian government agencies would be able to issue three kinds of notices:

  • Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
  • Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
  • Technical Assistance Requests (TAR), which have been described by experts as the most dangerous of all.

must read

What's actually in Australia's encryption laws? Everything you need to know

All the big questions answered on Australia's encryption laws answered.

Read More

The report confirms much of what was already known about the compromises Labor has made.

The threshold for industry assistance is recommended to be lifted to offences with maximum penalties in excess of three years; TANs and TCNs will be subjected to statutory time limits, as well as any extension, renewal, or variation to the notices; the systemic weakness clause to apply to all listing acts and things; and the double-lock mechanism of approval from Attorney-General and Minister of Communications will be needed, with the report saying the Communications Minister will provide " a direct avenue for the concerns of the relevant industry to be considered as part of the approval process".

The report's recommendations also call for a review after 18 months of the Bill coming into effect by the Independent National Security Legislation Monitor; TANs issued by state and territory police forces to be approved by the Australian Federal Police commissioner; companies issued with notices are able to appeal to the Attorney-General to disclose publically the fact they are issued a TCN; and the committee will review the passed legislation in the new year and report by April 3, 2019, right around when the next election is expected to be called.

See: Australia's anti-encryption law will merely relocate the backdoors

Companies issued with notices will be able to ask for a binding assessment from a technical expert and retired judge, to rule on whether the notice is the least intrusive measure available, is reasonable, and proportionate. The technical expert must have "knowledge that would enable them to assess whether proposed TCN would contravene section 317ZG of the Bill, and should be cleared for security purposes to the highest level required by staff members of ASIO, unless the Attorney-General approves a lower security level", the report said.

For the assessment to be successful, both the expert and ex-judge must agree the notice is reasonable and proportionate, compliance is practicable and technically feasible, and the measure is the least intrusive.

The politicians are also making sure that they are taken care of, with the revised legislation to make explicit that parliamentary privilege is protected, after Senate President Scott Ryan wrote to the committee to express his concerns.

In short: Testimony from experts has been ignored; actual scrutiny of the Bill is kicked down the road for the next Parliament; Labor has made sure it is not skewered by the Coalition and seen to be voting against national security legislation on the floor of Parliament; and any technical expert must have security clearance equal to the Australia's spies, i.e. someone who has been in the spy sector.

Contained in one of the rare pieces of committee opinion, was an acceptance of the "immediate need" for agencies to be used for the powers in the Bill to be enforced.

"The absence of these tools results in an escalation of risk and has been hampering agency investigations over several years," the report said.

"As the uptake of encrypted messaging applications increases, it is increasingly putting the community at risk from perpetrators of serious crimes who are able to evade detection."

Must read: Why Australia is quickly developing a technology-based human rights problem (TechRepublic)

The mere 38 pages of the report, of which almost one-third is dedicated to two repetitions of the 17 recommendations, reveal the rushed and contemptuous nature of which the committee treated the witnesses that it does not agree with.

The report and the process have been shown to be a complete joke.

Only once was the most dangerous part of the Bill -- the TARs that allow interception agencies to ask for assistance rather than force agencies to help -- mentioned.

In its additional notes at the end of the report, Labor attempts to justify its position.

"The fundamental responsibility of any government is to ensure the safety of the nation and its people. It is the foundation upon which all other policy aspirations necessarily rest. As a party of government, it is a responsibility that Labor has always upheld," the ALP members state.

"Government's ability to respond to new and evolving threats relies on the public's ongoing faith that our national security laws are appropriate, proportional, and adapted to the circumstances we face. The committee's work builds that faith."

The hubris of the ALP members continues as they state the Bill has "adequate oversight and safeguards to prevent unintended consequences while ongoing work continues", but that this is something that will be worked out in practice as the committee has put off proper review for at least another 18 months.

See: The race to ruin the internet is upon us

"These separate [Independent National Security Legislation Monitor] processes provide an opportunity to resolve our ongoing concerns about the Bill with the assistance of industry, experts, and civil liberties groups, whilst also upholding our responsibility to keep Australians safe."

Australia, you have been sold down a river for a year and a half to make sure Labor did not get attacked as being soft on terrorism during the upcoming election campaign.

Already this week, Coalition members have accused the government of running a protection racket for terrorists, and being "happy" for terrorists to plot attacks using encrypted messages.

A potential Bill Shorten prime ministership is not worth the perceived harm that it will do to Australia's reputation. This was an issue Senetas recently told the committee about, with the end result potentially being the Australian security vendor having to move itself and 200 jobs offshore.

Not for the first time in recent memory, Australia is once again King Idiot of the internet, and with our interception agencies set to take advantage of the new laws at the earliest opportunity, things are about to get messy.

We are in uncharted territory, and much like the country's metadata retention system, we are only here because the Labor party agreed with the Coalition government.

Related Coverage