10 December 2018

Assistance and Access Bill

You may have seen in the news that the Australian Labor Party said they will support the passage of the proposed Assistance and Access Bill 2018, after the government agreed to some token amendments to limit the use of the new powers to investigation of "serious offenses", defined as anything with a jail term of three years or more. Regrettably, they backed down and our Parliament passed the Bill, without those amendments.
The AISA Board is deeply disappointed and remains concerned that the additional safeguards proposed by Labor do little to address the fundamental flaws in the proposed legislation, which represents a direct threat to Australia’s national security on a number of levels. In our submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), AISA argued strongly against the notion that government mandated vulnerabilities are required to facilitate law enforcement and national security, and that in fact they are more likely to destroy global trust in the Australian technology sector, and create new avenues for cyber criminals and state sponsored actors to attack Australian businesses and critical infrastructure. 
AISA was also a signatory to a joint submission to the PJCIS from a broad coalition of technology companies and interested civil society organisations including Google, Amazon, Microsoft, and Privacy International. This submission argued that the proposed bill is too broad in scope, is ambiguous in its requirements, and lacks appropriate judicial oversight.

Unfortunately, the government has chosen not to listen to the concerns of industry, resorting instead to politicising tragedy, which we believe is unacceptable and a higher standard of behaviour should be maintained for Australia by all political parties.  As security professionals we know this legislation will not affect criminals or terrorists as they have the means and the expertise to create their own tools and applications. While everyday citizens will have their privacy and security compromised, criminals and terrorists will simply move to establish a black market to share and distribute their own applications for encrypted communications which will be unaffected by the current legislation.

Key concerns with the legislation:
• Price increases for everyday consumers - the additional compliance costs and associated technology changes for technology businesses to comply, will ultimately be passed on to consumers.
• Trust in security patches and updates will be eroded – prompting people to not apply patches, reducing the overall security of the nation.
• Terrorists and criminals will simply move to their own applications and will establish a black market trade in encryption tools.
• Job losses - the Australian technology sector and cyber startups in Australia will be hampered by the legislation, making their products and services less attractive to international businesses.
• While we frown at the practices of China’s heavy handed control of their citizens, Australia moves a step closer in that direction by eroding the privacy of Australian citizens.
• Pivot of Asian-Pacific partners away from Australia, back to China who appears more trusted than Australia.

“The Government played political games with this Bill, rather than serving the very real security needs of the country. It deliberately ambushed the Parliament with a Bill riddled with major flaws; no one had time to read and analyse it in full. It released a 50 page list of 173 amendments just hours before ramming the ill-considered Bill through the Parliament. It ignored the technical and other expertise provide to the Parliamentary committee in 85 submissions. This is no way to make laws or public policy about a complex, fast-moving area such as cybersecurity” said Dr Suelette Dreyfus a well-known technology researcher, journalist, writer and AISA member.

AISA and the board will continue to lobby on your behalf, but your action is also required to protect your privacy and your family, Australian based technology businesses and the nation. As a community we need to ensure the systems and networks that the country relies on every day to function are trustworthy and secure. We urge you to contact and meet your local MP, and request changes to this dangerous and flawed legislation.