Encryption laws near a ‘significant turning point’


Denham Sadler
Senior Reporter

The recent independent national security monitor’s report on Australia’s anti-encryption powers and the ongoing parliamentary inquiry should be a “significant turning point” for the highly controversial legislation, Digital Rights Watch chair Lizzie O’Shea has told a public hearing.

The Parliamentary Joint Committee on Intelligence and Security (PJCIS) restarted its inquiry into the Assistance and Access Act, which gives law enforcement and authorities the power to compel tech companies to provide access to encrypted data, on Monday with a public hearing.

At the hearing, the likes of Atlassian, the Law Council of Australia and digital rights organisations backed Independent National Security Legislation Monitor (INSLM) Dr James Renwick’s recent extensive report into the Assistance and Access (AA) Act, and called on the government to make a number of significant reforms to the bill.

Encryption data maze
Finding a way through: Industry speaks on encryption laws

Dr Renwick’s report, made public by the government this month, called for the power to issue and authorise the encryption-busting notices facilitated by the Act to be taken away from agency heads and the government and instead handed to a new judicial oversight body.

In his report, Dr Renwick called for a new statutory office within the Administrative Appeals Tribunal to handle all matters related to the Assistance and Access (AA) Act.

Dr Renwick also recommended that a new definition be included for “systemic weakness” and for “systemic vulnerability” to be scrapped from the bill entirely.

The INSLM report was commissioned by the PJCIS and will inform its own report to government, which is due later this year.

The two reports offered an opportunity to fix the most significant issues with the encryption legislation, Digital Rights Watch chair Lizzie O’Shea said.

“The fact of the monitor’s report and the many concerns raised highlights that this review could be a significant turning point in the history of this dangerous legislation,” Ms O’Shea told the hearing.

“These problems would have been wholly avoided had the representatives debated this bill properly and had welcomed public scrutiny rather than demonstrating suspicion towards it,” she said.

“We think the public has been failed by this law but we can do better, and I’d encourage the committee to consider repeal or in the absence of this, extensive reform.”

While many witnesses argued for different variations of the recommendations, such as for the independent oversight to come from the Federal Court rather than the Administrative Appeals Tribunal, they broadly backed the report and its findings.

But many of the witnesses also pointed out that the comprehensive review and consultations process should have been conducted before the legislation was passed by Parliament rather than after the fact.

Atlassian’s head of IT and policy Patrick Zhang told the committee the INSLM’s recommendations represented “positive changes on many fronts”.

“We agree that the Act will only become a proportionate measure if key reforms are taken, but we strongly believe that there is a path forward that will meet the requirements for all stakeholders,” Mr Zhang said at the hearing.

“We believe Dr Renwick has undertaken a writing that is very comprehensive and very objective and well-balanced. What we like about his report is the upfront elucidation of a standard for clear law for transparency and for rights compliance,” he said.

“That is a very important beacon to put at the beginning of the report. He has recommended a number of positive changes that will improve the AA Act.”

While Law Council of Australia president Pauline Wright said the organisation strongly supported the underlying theme of the INSLM report, she said their preference would be for the independent judicial oversight to come from the Federal Court rather than the AAT.

“It would be desirable for the new body to be designed in a way to make it feasible for the authorisation functions to be expanded in the future,” Ms Wright told the hearing.

The Australian Civil Society Coalition also appeared at the hearing, featuring Electronic Frontiers Australia policy committee chair Angus Murray and Ms O’Shea.

While the digital rights group continue to push for the legislation to be repealed entirely as a first preference, they also welcomed the INSLM’s “comprehensive and well-rounded report,” and backed Dr Renwick’s recommendations.

“The position we take is generally that the report comes to 33 recommendations that are all acceptable. However, those recommendations are a baseline for where reform or amendments should be taken by this committee should its recommendation not be to repeal the legislation,” Mr Murray said.

Dr Renwick’s series of recommendations represent a pragmatic positive middleground between the various stakeholders involved with the encryption laws, Communications Alliance chief executive John Stanton said.

“This approach to the challenge and the recommendations offer a path to a solution that almost certainly doesn’t meet 100 percent of the aspirations of any stakeholder but does take into account the legitimate priorities of all of those groups,” Mr Stanton told the hearing.

While all appearing at the hearing broadly welcomed the INSLM report and its recommendations, many witnesses expressed a preference for the Federal Court to handle the authorisation of notices under the Act, rather than the model of a new agency within the Administrative Appeals Tribunal, as put forward by Dr Renwick.

The issue over whether some definitions in the Act, such as “systemic weakness” and “systemic vulnerability” need to be changed or scrapped entirely was also raised, with many witnesses favouring Labor’s approach of removing them entirely from the legislation.

The PJCIS is due to hand its report to government on the encryption bill by the end of September.

Do you know more? Contact James Riley via Email or Signal.

1 Comment
  1. Loading 4 months ago
    Reply

    if you use p2p security solutions, you won’t have to call a conference. Let them try the utopia ecosystem

Leave a Comment

Your email address will not be published.

Related stories