House debates

Thursday, 20 September 2018

Bills

Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018; Second Reading

11:34 am

Photo of Peter DuttonPeter Dutton (Dickson, Liberal Party, Minister for Home Affairs) Share this | | Hansard source

I move:

That this bill be read a second time.

New communications technology, including encryption, is eroding the capacity of Australia's law enforcement and security agencies to investigate serious criminal conduct and protect Australians.

The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 contains amendments to various legislation to create a package of reforms that strengthens the ability of Australia's law enforcement and national security agencies to deal with the challenges of encryption.

Encryption underpins modern information and communication technology. It is a tool that protects personal, commercial and government information and supports confidence in a secure cyberspace. These technologies allow us to confidently transact online and to use the internet for services such as banking and shopping.

However, criminal syndicates and terrorists are increasingly misusing and, indeed, exploiting these technologies.

Terrorist organisations in Australia and overseas are using secure messaging services to obscure their identities and plans from the authorities. For example, ISIL-inspired terrorists used secure messaging services to plan the November 2015 Paris attacks.

The lack of access to encrypted communications presents an increasingly significant barrier for national security and law enforcement agencies in investigating serious crimes and national security threats.

According to ASIO, encryption has impacted intelligence operations in at least nine out of every 10 of its priority cases.

The AFP advise that encrypted communications have directly impacted around 200 operations conducted by the AFP in the last 12 months, all of which related to the investigation of serious criminal offences carrying a penalty of seven years imprisonment or more.

The uptake of encrypted communications platforms by criminal and terrorist groups has been sudden. It represents a seismic shift in the operational environment for our law enforcement and security agencies.

In June 2013, only three per cent of internet communications intercepted by ASIO, under warrant, were encrypted. By 1 July 2017, that figure had increased to more than 55 per cent. Most of the material of intelligence value is in the encrypted proportion.

Similarly, more than 90 per cent of data lawfully intercepted by the AFP is now encrypted in some form.

No responsible government can sit by while those who protect our community lose access to the tools they need to do their job. In the current threat environment, we cannot let this problem get worse.

The bill represents a package of reasonable and proportionate measures which will enhance our approach. The government has undertaken extensive industry and public consultation on the bill and has made amendments to account for the constructive feedback received.

Outline of M easures in the B ill

Industry assistance, including technical assistance and technical capability warrants

The supply of communications is a global industry. With major technology providers headquartered overseas, we must work with international partners to adapt to a world characterised by ubiquitous encryption.

The communications industry is in a unique position to assist in tackling the challenges we face.

Encrypted products are developed and operated by a range of private providers—both inside and outside of Australia—and in a range of forms across the communications supply chain.

National security and law enforcement agencies already work cooperatively with industry partners on these issues, to protect Australians.

The bill seeks to enhance those existing relationships to achieve lawful and non-arbitrary access to available information in the context of serious criminal and national security threats.

It complements the existing obligations of domestic service carriers to provide reasonable assistance to law enforcement under the Telecommunications Act 1997.

The bill facilitates a multilevel approach to industry assistance, creating a framework to support the wide range of providers that assist law enforcement and intelligence agencies voluntarily, including foreign providers.

This is reinforced and clarified by the creation of two new powers: the technical assistance notice and the technical capability notice.

      The legislation will not weaken encryption or mandate backdoors into encryption. The bill specifically provides that companies cannot be required to create systemic weaknesses in their encrypted products, or be required to build a decryption capability.

      This is also not a new vehicle to collect personal information. Surveillance and interception must be authorised by existing warrants and authorisations, which are subject to their own safeguards, including judicial oversight.

      The bill requires that any obligations within a technical assistance notice and technical capability notice are reasonable, proportionate, practicable and technically feasible. We are not in the business of asking industry to do the impossible.

      The legislation provides for cost recovery by providers for complying with new requirements and also provides immunity from civil liability.

      Alternative capabilities for law enforcement

      Modern information and communications technology has provided more ways to stay connected and to store information. These capabilities include a wide variety of electronic protection. Agencies need expanded capabilities to adapt and to meet the needs of the evolving digital environment.

      To this end, the bill provides law enforcement agencies with additional powers for overt and covert computer access. Computer access involves the use of software to collect information directly from devices. Commonwealth, state and territory law enforcement agencies would be able to use this power to investigate offences with a federal aspect.

      The Surveillance Devices Act will include a new covert computer access power for law enforcement, like those powers currently available to ASIO. This will enable law enforcement agencies to apply for computer access warrants when investigating serious federal crimes with a maximum penalty of three years imprisonment or more, including terrorism and child exploitation.

      The cross-border storage of information and overseas location of service providers makes Australia's mutual assistance framework critical in enabling Australian and foreign authorities to gain access to information to inform investigations and to obtain evidence. Under that framework, foreign authorities will be able to make a request to the Attorney-General to authorise an eligible law enforcement officer to apply for, and execute, a computer access warrant to assist in a foreign investigation or investigative proceeding.

      Amendments will be made to the Crimes Act search warrant framework to ensure law enforcement officers do not have to physically be on premises in order to access a computer under a search warrant.

      Amendments to the Customs Act will enable a judicial officer to issue a search warrant authorising the ABF to search a device (such as a smartphone) held on a person. Currently, devices can only be searched when found on a premise or premises.

      The Crimes Act and the Customs Act will be amended to increase the maximum penalty for a person who fails to provide assistance to law enforcement in accessing a device which is the subject of a search warrant. These assistance orders must be issued by a judicial officer. The maximum penalty will be increased to five years. An aggravated offence will be created for serious offences like espionage, terrorism, child exploitation and pornography, with a maximum penalty of 10 years imprisonment.

      The increased penalties for noncompliance with orders for access to a device reflect the value of evidentiary material on devices and the fact that persons who have undertaken criminal activity would rather accept the current low penalties than provide data that could be evidence in a more serious prosecution.

      Given the increased complexity of devices and higher volumes of data stored, law enforcement agencies will now have 30 days to conduct forensic examinations of seized computers and data storage devices. This is an increase on the currently inadequate 14-day time frame for police forces and 72-hour period for the Australian Border Force.

      ASIO p owers

      ASIO is responsible for investigating some of the gravest threats to Australia's national security, including espionage, terrorism and attacks on Australia's defence systems.

      ASIO's ability to collect intelligence using traditional means, such as telecommunications interception, is declining due to encryption.

      To mitigate this decline, the bill will introduce a new framework to ensure that persons and bodies who voluntarily assist ASIO are given appropriate legal protections for this assistance. The purpose of this new framework is to give members of the public the highest degree of confidence that they may lawfully help ASIO to protect Australia's national security.

      Conclusion

      The bill demonstrates the government's commitment to ensuring that law enforcement and national security agencies have the tools they need to keep Australians safe. The government has consulted extensively with industry and the public on these measures and has made amendments to reflect the feedback in the legislation now before the parliament. The government is committed to ensuring that our legislative response to the challenges of an evolving technological landscape is reasonable, is proportionate and meets national security and law enforcement needs. I commend this bill to the House.

      Debate adjourned.