Telcos hit back against national security law proposal

Telcos in Australia have voiced their concerns with the latest proposal by the government to enforce additional national security measures.

The Australian telecommunications industry has spoken out against a federal government proposal requiring them to increase network protection and provide greater oversight to government agencies to intervene for the purpose of protecting national security.

The government announced at the end of last month its intention to amend the Telecommunications Act with additional national security-related measures, which would force telecommunications carriers to provide information about their networks and services to the Attorney-General's Department, or face fines.

Under the proposed changes (PDF), released by Communications Minister Malcolm Turnbull and Attorney-General George Brandis on June 26, telcos "must do their best" to protect their networks against unauthorised access.

Communications Alliance CEO John Stanton has argued that the draft laws, which the government intends to introduce later in 2015, are too vague.

"We think it's adding unjustifiably significant additional and intrusive powers to government, when a more collaborative approach might be a better alternative," Stanton told ABC Radio on Wednesday morning.

The proposed law would provide the secretary of the Attorney-General's Department, in consultation with the head of the Australian Security Intelligence Organisation (ASIO) and the secretary of the Department of Communications, with the power to force carriers to provide information and refrain from undertaking certain activities on their networks, with the threat of fines to ensure compliance.

Any information obtained by the secretary that is classed as being in relation to assessing the risk of unauthorised access to or interference with networks, or is for "the purposes of security", could then be shared with anyone for security or risk assessment reasons.

"Australia's economic prosperity and social well-being are increasingly dependent on telecommunications networks and data that flows across them. It is vital that we maintain the security and resilience of these networks in a global environment of increasingly sophisticated national security risks," the ministers stated when introducing the draft Bill last month.

"The reforms will ensure that businesses, individuals, and the public sector can continue to rely on telecommunication networks to store and transmit data safely and securely, and to support other critical infrastructure sectors."

In addition, telecommunications companies will be forced to give notice to security agencies of any modification they make to their networks and management systems that could impact the security of their networks, and must comply with government oversight in regards to the equipment they may purchase.

"Vulnerabilities in telecommunications equipment and managed service providers can allow state and non-state actors to obtain clandestine and unauthorised access to networks and thereby extract information and control, disrupt and disable networks. The Bill implements a framework to better manage those threats and risks, and protect networks and the information stored on and carried across them from unauthorised interference and access," the exploratory memorandum to the Bill (PDF) states.

While Turnbull and Brandis said that these new powers "will only be used as a last resort, to protect the national interest", they argued the changes are necessary for Australian national security due to increasing numbers of online attacks from "nation states and hacktivists".

Greens communications spokesperson Senator Scott Ludlam has since pointed out that Brandis, who once famously struggled to define metadata during an interview on data-retention legislation, should not be telling telecommunications experts which technology to buy.

"I think the last thing we would want to see is Commonwealth bureaucrats telling computer security experts who run these big telecommunications companies how to run their networks and their datacentres," Ludlam said.

According to the largely censored regulatory impact statement (PDF), the proposed framework to comply with the amendment will cost the telco industry a combined AU$558.4 million, with ongoing costs of more than AU$184,000 per annum for each telco.

Telcos are already fighting to meet the tight August 13 deadline to comply with the recently passed mandatory data-retention legislation, which has been estimated to cost telcos approximately AU$4 per customer per year -- totalling around AU$49.68 million per year for ISPs, and AU$120 million per annum for mobile operators -- with an estimated setup fee of AU$319 million.

The annual estimated cost for the government in administering and enforcing this latest national security scheme is AU$1.6 million.

Submissions on the draft legislation are due by July 31, 2015.

With AAP