Australian Senate votes to replace systemic weakness and vulnerability definitions in encryption laws
The first of Labor's dumped amendments when it waved through Australia's encryption laws in December has succeeded, and will see the contentious definitions of systemic weaknesses and systemic vulnerability replaced.
As the current one stands, the definition for systemic vulnerability is read as:
systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.
The definition for systemic weakness is identical, except the word vulnerability is substituted by weakness.
According to Labor's amendment agreed to by the Senate on Thursday morning, the pair of systemic terms are used in a new Section 317ZG that will prohibit:
- The implementation or creation of decryption capabilities;
- An action that would render authentication or encryption less effective; and
- An act or thing that could create a material risk to otherwise secure information or could be accessed, used, or compromised by a third party
Other clauses in the amendment clarify that technical assistance requests, technical assistance notices, and technical capability notices cannot be used to access the information of people who are not the subject of, or communicating directly with those who are the subject of, an investigation to which the request or notice applies.
The amendment was passed 37-28, with government Senators having voted against the amendments.
Must read: Australia's encryption laws will fall foul of differing definitions
"The government has left us with less than four sitting days in this chamber before the budget," Senator Jenny McAllister said. "We have been forced to prioritise. As a consequence, this Bill and Labor's amendments to it are not intended to deal with all of the potential issues that have been identified in the legislation passed in December last year.
"We seek only to address some of the more important deficiencies in that legislation, including the definition of systemic weakness; the role of the AFP Commissioner in ensuring a national approach is taken to the exercise of some of the powers in the legislation; the oversight role of the Ombudsman; and limiting the scope of technical assistance notices and technical capability requests. I'll address these amendments in further detail later in my speech."
Senator Jordan Steele-John said the Australian Greens would back the Labor amendments because they made a bad Bill "slightly better".
"What are we to make of the situation which has conspired here this morning? I will put it in one word: a mess, an absolute mess," Steele-John said.
"Our job as senators, our role as elected members of the house of review, is to scrutinise legislation. And yet again we see a government attempting to sneak out of that role, to avoid that scrutiny, and we see an opposition complicit in that process."
The Greens Senator from Western Australia accused senators of not understanding the technology they were dealing with.
"Through ignorance, you have put at risk billions of dollars of industry and threatened the right to privacy of all Australians," he added.
The committee process was suspended at 11:45am AEDT, with three more Labor amendments set to be voted upon.
Any amendments made by the Senate will need to get back to the lower house to become law.
On Tuesday night in the House of Representatives, Labor Shadow Attorney-General Mark Dreyfus said the government's amendments that were agreed to and passed by Labor last year were inadequate.
"It is not tenable to argue, as the government continues to argue, that its amendments largely implemented the committee's 17 recommendations. No reasonable person accepts that," Dreyfus said.
"The Inspector-General of Intelligence and Security, who has made a public submission to the committee, doesn't accept it. Industry doesn't accept it. Lawyers and other civil society groups don't accept it. The Commonwealth Ombudsman has even told the committee that the government's amendments are inconsistent with the Ombudsman's role as an independent and impartial office.
"This fiasco of lawmaking is what a job well done looks like to this chaotic government."
The government Bill before the Senate allowed Australia's anti-corruption agencies to use the encryption laws.
Updated at 4.15pm AEDT, February 14, 2019: Added comments from Senators.
Related Coverage
Australian anti-corruption bodies should get encryption-busting powers: PJCIS
Exclusion of anti-corruption agencies was an interim measure, Andrew Hastie has said.
Canberra ignoring 'overwhelming empirical evidence' on encryption busting
Associate professor Vanessa Teague believes Canberra is ignoring efforts from experts to explain why the encryption-busting laws are the wrong approach.
NSW police corruption body wants access to encrypted communications
Excluding the Law Enforcement Conduct Commission from accessing encrypted communications may encourage police corruption more broadly, it has argued.
Home Affairs reveals Australian authorities already using new encryption powers
The Department of Home Affairs has been told law enforcement and national security agencies are already using the Act as the department continues to 'support' its implementation.
AFP concerned about approving state police usage of Australia's encryption laws
Concerns over a federal body overseeing the operations of state and territory authorities.
Australian industry groups issue wish list of encryption law changes
Some old, some new, some borrowed from the Labor party.