Amazon, Facebook, Google, Oath and Twitter members have raised concerns over the Assistance and Access Bill exposure draft published on 14 August, urging the government to review the bill.
In a submission to the Department of Home Affairs consultation on the bill, the Digital Industry Group Inc (DIGI) – whose members include representatives from the biggest technology companies – showed concerns over some of the requirements.
"DIGI urges the Government to review the Bill and reflect in it practices that are consistent with established norms of privacy, free expression, and the rule of law as well as conflict of laws, and to specifically adopt the principles advocated by the Reform Government Surveillance Coalition," DIGI wrote in its submission.
Specifically to terms proposed in the Bill, DIGI wrote that the technical assistance and technical capability notices may lead to vulnerabilities since a services provider can be required to provide assistance or build capabilities that impact the security of the service provider’s system, product or services in a non-systemic way.
It also includes that a service provider could have to implement or build a systemic weakness or vulnerability into something other than “a form of electronic protection”.
"These requirements have potential to erode consumer trust and introduce weaknesses that malicious actors could exploit," DIGI stated.
As previously reported by ARN, the bill proposes three reforms, including enhancing the obligations of domestic providers to give reasonable assistance to Australia’s key law enforcement and security agencies and, for the first time, extending assistance obligations to offshore providers supplying communications services and devices in Australia.
Furthermore, the bill also proposes introducing new computer access warrants for law enforcement that will enable them to covertly obtain evidence directly from a device, while strengthening the ability of law enforcement and security authorities to overtly access data through the existing search and seizure warrants.
DIGI is recommending that technical assistance and technical capability notices should only be issued if it is necessary to do so, as determined by an independent judicial authority.
"The decision to issue the notice should be made by an independent judicial authority on the basis of evidence and an assessment of clear criteria," DIGI recommended.
It also suggested that notices should not require recipients to build vulnerabilities or weaknesses into their products or services, should not be used to impose new data retention and interception capabilities and should not require recipients to breach laws of other countries that apply to them.
"It’s important to note that even if these recommendations were adopted, the Bill proposes extraordinary powers of unprecedented scope, and their exercise should be limited to combating serious crimes that pose a grave threat to human life or safety."
DIGI said that its members responded to more than 1,700 government requests for information from Australian law enforcement agencies from July to December 2017.
Digital Rights Senator Jordon Steele-John said he was thrilled with the submission by DIGI as he has called on the big tech companies to speak out against the legislation.
“Contrary to the stated objective of the bill, Australian cyber security will be significantly diminished by undermining the fundamental principles of end-to-end encryption – which is exactly what this legislation proposes.
“Creating technology vulnerabilities to expand the surveillance overreach of the five eyes network will ultimately leave all of us more vulnerable to criminal activity," Steele-John added.
"Given some of the biggest data breaches over the last few years have come from government agencies, I’m not left feeling any safer by the prospect of this legislation."
The exposure draft of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (the Bill) published on 14 August was drafted by the Department of Home Affairs in cooperation with Australian Criminal Intelligence Commission (ACIC), Australian Federal Police (AFP) and Australian Security Intelligence Organisation (ASIO).
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.