Industry bodies call for encryption Bill reforms
Australia's ICT industry has called on the government to introduce a series of reforms to its encryption legislation, with judicial oversight of the new surveillance powers topping the wishlist of changes.
A broad range of ICT and internet industry groups has tabled a joint submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) recommending a range of amendments to the controversial Bill, which was pushed through the Senate under unusual circumstances last month.
The submission recommends that the legislation be amended to adopt the warrant-based system that was recommended in the Labor amendments to the Bill.
Labor agreed to drop its proposed amendments in order to have the legislation passed before parliament ceased sitting for the year, in return for a commitment from the government to facilitate consideration of the amendments in the new year.
Under the warrant-based system, security agencies would be required to obtain judicial consent before issuing Notices under the Act. These Notices would require companies to facilitate the access of encrypted communications sent over their devices or services.
The submission also recommends that the legislation be amended to clearly spell out and narrow the limits of what agencies can request of product or service providers, as a further guarantee that the legislation cannot be abused to force the implementation of back door access to encrypted communications.
Other key recommendations involve raising the threshold of criminal acts that the legislation can be used to combat, closing a number of loopholes identified in the legislation — including one that would allow the government to access metadata of journalists without obtaining a special warrant — and ensuring that providers are not required to comply with the legislation if doing so would cause them to violate foreign law.
The submission was co-authored by industry bodies including the Information Technology Professionals Association (ITPA), Communications Alliance, the Australian Industry Group, the Australian Information Industry Association, the Australian Mobile Telecommunications Association and Digital Industry Group. “The legislation shows a blatant disregard for and misunderstanding of how the internet works, how online encryption operates and is used to secure millions of legitimate communications every day, and will almost certainly not prevent a single act of terrorism, child abuse or other serious crime that couldn’t have been prevented otherwise,” ITPA Director Robert Hudson commented.
“Instead, the privacy and security of law-abiding citizens is now almost certain to be compromised for commercial, criminal or other non-legitimate purposes as tools prove to be as useful as a chocolate teapot for the purpose they were developed for, and instead are released or leaked into the hands of those who would do us harm.”
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
As news breaks of 15 million Victorian commuters having their travelling records poorly...
Join privacy experts and your IT peers to learn best-practice methodologies to help you comply...
Up to 50,000 devices owned by Australian organisations are at risk following the discovery of a...