The independent national security monitor won’t call on government to repeal its highly controversial encryption laws but will likely recommend a series of tweaks, as a number of inquiries into the powers begin to ramp up.
Independent National Security Legislation Monitor (INSLM) Dr James Renwick is conducting an inquiry into the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (TOLA Act), which gives law enforcement the power to compel tech companies to provide access to encrypted data.
Dr Renwick held a series of public hearings last month and delivered a speech to the Lowy Institute earlier this month outlining his initial view and potential recommendations to the government.
He said it wasn’t realistic to ask the government to completely scrap the powers. He will instead recommend a series of changes to improve the legislation.
“Here in Australia, and internationally, there is great interest in, and strong views about, OLA, which is seen as far-reaching and novel in its scope. The short period allowed for consultation on the TOLA Bill clearly caused lingering disquiet, even anger,” Dr Renwick said.
“Some say that brevity of itself means that the TOLA Act should be repealed, with consultation to begin again, not least as a way of regaining trust. Realistically, I do not think that is likely nor do I think it is appropriate to recommend it.”
He said that there can be a balance between giving authorities the power to access encrypted communications and upholding the integrity of encryption.
“There is no binary choice between encryption and policing or intelligence work. I agree that ‘going dark’ has created a large problem for police, intelligence and integrity agencies, so justifying a proportionate but not absolute legislative response,” Dr Renwick said.
“The real question for me is whether any of these powers are proportionate to the undoubted threats – especially of criminality – that exist. And the answer to that question must focus on the thresholds and safeguards for their use.”
Dr Renwick outlined that his recommendations will likely include new definitions of “systemic weakness” and “systemic vulnerability” and independent judicial oversight of the powers.
These were key recommendations emerging from a national security committee inquiry and were included in Labor’s attempts to amend the legislation earlier this year.
He said that having a “double lock” approval system, with any notices having to be approved by a judge or the Administrative Appeals Tribunal, might be a good balance.
“Any scheme involving the use of coercive power must have the necessary checks and balances not only to ensure that agencies exercising those powers make correct and lawful decisions, but that such decisions are seen to be made,” Dr Renwick said.
“It is only through doing so that agencies will instil and inspire the community’s trust in their exercise of new powers in our sceptical age.”
Applying laws that exist in the physical world to the digital realm is difficult when it is unclear to most just how much information is included on their phones, for example, he said.
“The fact that there is now a greater range of information about each of us in existence than there ever has been before, and that we do not fully know or understand what personal data is on our phones or computers, nor which commercial entities have access to it or use it, are fact that remain highly relevant to my review,” Dr Renwick said.
“If we are ignorant about, say, what is on our mobile devices and how its content is used commercially, we equally cannot fully comprehend in advance how it might be used in a later investigation or prosecution by police, intelligence or integrity agencies who might obtain the data or content by legally authorised compulsion.”
Dr Renwick’s final report, which is due by the end of June, will inform the Parliamentary Joint Committee on Intelligence and Security’s own report, which is set to be tabled by the end of September.
The PJCIS was set to hold public hearings on March 27 on the encryption powers, but these have now been cancelled.
Do you know more? Contact James Riley via Email.