Representatives from the Department of Home Affairs (DHA) have attempted to water down concerns that the government's proposed Assistance and Access Bill would impact Australian exporters.
"The Bill expressly says under the Technical Capability Notice provisions that agencies cannot ask companies to build a capability to remove one or more forms of electronic protection," Home Affairs Assistant Secretary Andrew Warnes told the Parliamentary Joint Committee on Intelligence and Security (PJCIS) on Monday. "The Bill has already expressly ruled that out, so that's where they should be hanging their hats on."
"If they don't have the capability to do it now, we will not ask them to build the capability to do it, so that's their assurance."
Director-General of the Australian Signals Directorate (ASD) Mike Burgess said the compulsive nature of the proposed laws do not apply overseas.
"Compulsive powers proposed under this legislation do not relate to foreign intelligence, and therefore there is no grounds which that technology is sold and used in other countries outside of Australia," Burgess said.
"Unlike other countries in the world that do have compulsive powers that go outside their jurisdiction, this isn't the case."
On the potential for companies to pull out of Australia due to the compulsion to help interception agencies, Burgess said it is a matter for companies to decide which countries they do business in.
"I think it would be unlikely that Apple would not want to sell iPhones in Australia," he said.
Earlier in the month, Australian security vendor Senetas said the Bill would damage Australian reputations and trust, and endanger billions of dollars of exports, as well as the jobs of people who are dependent on that trade.
"With export values exceeding $3 billion, we face the real prospect of sales being lost, exports declining, local companies failing or leaving Australia, jobs in this industry disappearing, and related technical skills deteriorating," the company said.
Senetas further added that the Bill would introduce systemic weaknesses into products and the internet as a whole, and should be withdrawn.
Under the proposed law, Australian government agencies would be able to issue three kinds of notices:
- Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
- Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
- Technical Assistance Requests (TAR), which have been described by experts as the most dangerous of all.
Opening the hearing was Director-General of Security at the Australian Security Intelligence Organisation (ASIO) Duncan Lewis, who said the spy agency has cases where it wants to use the proposed powers.
"I anticipate that ASIO would immediately seek to use this legislation if and when it becomes available," Lewis said.
Monday's hearing was shifted forward due to requests from Prime Minister Scott Morrison and Home Affairs Minister Peter Dutton to have the legislation passed in this sitting fortnight.
"I would call on all members of the committee to do what they can to deal with this matter in an expeditious way, because we do want to arm the police with the ability to look at these encrypted messages," Dutton said last week.
Asked on Monday whether there are any specific threats that ASIO needs the powers for, Lewis did not identify a threat, but instead said there is a general increased threat over the Christmas period.
Shadow Attorney-General Mark Dreyfus pointed out that even if the legislation is rushed through Parliament, due to the Bill allowing for a 28-day consultation period when a TCN is issued, it would be nigh on impossible for ASIO to make use of all the provisions in the Bill.
Dreyfus also put forward the idea of the PJCIS issuing an interim report that waves through the proposed powers of agencies involved in counter-terrorism, and producing another report for the rest of the agencies with interception powers.
- How government haste is ruining its own anti-encryption law
- Security guarantees will be meaningless under encryption-busting laws: Senetas
- There's 'bigger fish to fry' than anti-encryption laws: Telstra security chief
- ASIO chief says encryption-busting scheme would not involve persistent monitoring
- Australia's anti-encryption legislation fails to address human rights concerns: Committee
- Australian PM insists on encryption-busting Bill being passed in next sitting fortnight