Data bill goes down to the wire.

While se­cu­rity chiefs are sup­port­ing Peter Dut­ton’s call for new pow­ers to ac­cess en­crypted data, they have de­clined to sup­port the gov­ern­ment’s claim such changes are made more ur­gent by the re­cent ter­ror at­tack and ar­rests in Mel­bourne.

The Saturday Paper - - The Week Contents - Karen Mid­dle­ton

Aus­tralia’s se­cu­rity and law-en­force­ment chiefs have de­clined to en­dorse fed­eral gov­ern­ment as­ser­tions that pro­posed new en­cryp­tion laws must be rushed through par­lia­ment in the wake of Mel­bourne’s re­cent Bourke Street ter­ror­ist at­tack.

This week, the heads of the Aus­tralian Se­cu­rity In­tel­li­gence Or­gan­i­sa­tion (ASIO), Aus­tralian Fed­eral Po­lice (AFP), Aus­tralian Sig­nals Direc­torate and Vic­to­ria Po­lice gave ev­i­dence to the par­lia­men­tary watch­dog com­mit­tee ex­am­in­ing the en­cryp­tion leg­is­la­tion, as did the De­part­ment of

Home Af­fairs. All ar­gued the new pow­ers were needed ur­gently to al­low ac­cess to en­crypted data and the con­tent of calls and mes­sages.

But ASIO, the Aus­tralian Fed­eral Po­lice and Vic­to­ria Po­lice would not af­firm sug­ges­tions that the Mel­bourne in­ci­dent, and sub­se­quent ar­rest of three men sus­pected of plan­ning a sep­a­rate at­tack, had in­creased the ter­ror threat.

ASIO’s di­rec­tor-gen­eral of se­cu­rity, Dun­can Lewis, also con­firmed the na­tional se­cu­rity agency was not con­sulted be­fore Prime Min­is­ter Scott Mor­ri­son and

Home Af­fairs Min­is­ter Peter Dut­ton de­manded last week that the bi­par­ti­san par­lia­men­tary joint com­mit­tee on in­tel­li­gence and se­cu­rity (PJCIS) cut short its de­lib­er­a­tions over the en­cryp­tion leg­is­la­tion so that par­lia­ment could pass it be­fore ris­ing for the year next week.

Last Thurs­day, Dut­ton wrote to the PJCIS urg­ing it to wind up its re­view of the en­cryp­tion laws early. The com­mit­tee is re­quired, by law, to re­view se­cu­rity leg­is­la­tion.

“The gov­ern­ment has in­tro­duced this leg­is­la­tion into the par­lia­ment in di­rect re­sponse to the se­ri­ous de­te­ri­o­ra­tion in Aus­tralia’s na­tional se­cu­rity re­sult­ing from the per­va­sive use of en­crypted com­mu­ni­ca­tions by threats, in­clud­ing ter­ror­ist sus­pects and or­gan­ised crim­i­nals,” Dut­ton wrote.

He quoted ASIO’s as­sess­ment that 95 per cent of peo­ple plan­ning and en­gag­ing in ter­ror­ism, es­pi­onage and other un­law­ful cy­ber ac­tiv­ity used en­crypted com­mu­ni­ca­tions, un­der­min­ing agen­cies’ abil­ity to keep Aus­tralians safe.

“This sit­u­a­tion has be­come more ur­gent, how­ever, in light of the re­cent fa­tal ter­ror­ist at­tack in Mel­bourne and the sub­se­quent dis­rup­tion of al­leged plan­ning for a mass ca­su­alty ter­ror­ist at­tack by three in­di­vid­u­als,” Dut­ton wrote.

He said the use of en­crypted com­mu­ni­ca­tions was “par­tic­u­larly con­cern­ing as we ap­proach Christ­mas and the New Year” – pe­ri­ods that have been tar­geted in the past.

The same day, Dut­ton joined Mor­ri­son at a news con­fer­ence where they stepped up pres­sure on the com­mit­tee to fin­ish its re­view and pass the en­cryp­tion bill.

“We know from the mat­ters that are cur­rently un­der in­ves­ti­ga­tion, the abil­ity for our au­thor­i­ties to have these pow­ers, to en­gage in in­ter­cept­ing these com­mu­ni­ca­tions is in­cred­i­bly im­por­tant,” Mor­ri­son said at the time. “Our po­lice, our agen­cies need these pow­ers now and I would like to see them passed. In fact, I would in­sist on see­ing them passed be­fore the end of the next sit­ting fort­night.”

This is de­spite sub­mis­sions from two other key watch­dog or­gan­i­sa­tions, the In­spec­tor-Gen­eral of In­tel­li­gence and Se­cu­rity and the Com­mon­wealth om­buds­man, that the leg­is­la­tion could lead to se­cu­rity agen­cies op­er­at­ing with­out proper ac­count­abil­ity and needed sig­nif­i­cant im­prove­ment.

Com­mu­ni­ca­tions and in­ter­net com­pa­nies are also con­cerned it could po­ten­tially weaken en­cryp­tion and leave Aus­tralian sys­tems, soft­ware, de­vices or com­po­nents vul­ner­a­ble to cy­ber at­tack – some­thing the agen­cies dis­pute.

The com­pa­nies ar­gue that fear of a weak­ness, com­bined with Aus­tralian providers be­ing forced to give the agen­cies se­cret ac­cess to their prod­ucts and to users’ de­vices and in­for­ma­tion, would cause se­ri­ous rep­u­ta­tional dam­age in­ter­na­tion­ally and see sales and us­age plum­met.

In a move that sug­gested the

PJCIS did not ap­pre­ci­ate be­ing hur­ried, com­mit­tee chair­man and Lib­eral MP An­drew Hastie, and his La­bor deputy An­thony Byrne, is­sued a rare joint state­ment. They said the com­mit­tee had agreed to hear ur­gent ar­gu­ments at spe­cial hear­ings this week, but had not can­celled al­ready-sched­uled hear­ings due later this week and next. At time of press, those hear­ings were still sched­uled.

Called to ap­pear a se­cond time be­fore the PJCIS on Mon­day, agency chiefs re­it­er­ated the need for the pow­ers, warn­ing that crim­i­nals and would-be ter­ror­ists had al­ready “gone dark”, us­ing en­cryp­tion to evade de­tec­tion.

But they would not say the threat was any greater this Christ­mas than it had been pre­vi­ously.

Dun­can Lewis said nei­ther he nor his ASIO deputy, Heather Cook, were ad­vised be­fore Mor­ri­son and Dut­ton de­manded the com­mit­tee wind up de­lib­er­a­tions. ASIO also had not briefed them on any need to ex­pe­dite the re­view, nor re­quested it be trun­cated.

Lewis said en­crypted com­mu­ni­ca­tions had caused prob­lems for ASIO in­ves­ti­ga­tions since 2014.

“From my point of view, the ur­gency be­gan four years ago,” he said. “We’ve said that it has been a nec­es­sary step for gov­ern­ment to take to get some leg­is­la­tion in place to as­sist us. That hasn’t changed … I’m not in a po­si­tion to sug­gest that there is some sort of sud­den ramp-up. It was im­por­tant ini­tially and it is be­com­ing pro­gres­sively more im­por­tant be­cause of the lev­els of en­cryp­tion that we face each day, but the de­tail of the leg­is­la­tion – whether it’s right or not – re­ally is a mat­ter for leg­is­la­tors.”

Lewis said ASIO wanted the leg­is­la­tion passed but wouldn’t nom­i­nate a time frame, ac­knowl­edg­ing it would still take weeks for agen­cies to have the sys­tems in place to use it.

The bill it­self, which was in­tro­duced in Septem­ber, also had fur­ther in­built de­lays for con­sul­ta­tion and au­tho­ri­sa­tion.

Lewis said that while the events in Mel­bourne served as “a timely re­minder”, the alert was no higher as a re­sult.

“We’ve not changed the threat level at Christ­mas time to my knowl­edge – cer­tainly not while I’ve been in this po­si­tion – be­cause a gen­eral lift of threat would re­quire spe­cific in­for­ma­tion that there was an at­tack [planned] at a cer­tain place by cer­tain peo­ple at a cer­tain time,” he said. “… And I just want to as­sure you, mem­bers of the com­mit­tee and mem­bers of the pub­lic, that we have no such ev­i­dence of that at this stage. There is a gen­eral height­en­ing of se­cu­rity over Christ­mas but there is noth­ing spe­cific to in­di­cate there is an at­tack com­ing that would there­fore war­rant an in­crease in the threat level.”

The De­part­ment of Home Af­fairs wants the ex­panded pow­ers to ac­cess en­crypted in­for­ma­tion to pre­vent and pros­e­cute all kinds of se­ri­ous crime, not only ter­ror­ism.

Shadow at­tor­ney-gen­eral Mark Drey­fus, a mem­ber of the PJCIS, in­di­cated the com­mit­tee might make an in­terim re­port rec­om­mend­ing amend­ing the leg­is­la­tion to only cover coun­tert­er­ror­ism while it con­sid­ers wider im­pli­ca­tions, in­clud­ing re­gard­ing other crime.

AFP com­mis­sioner An­drew Colvin said the op­er­a­tional ur­gency was “now be­com­ing very real, and con­tin­ues”.

His Vic­to­ria Po­lice coun­ter­part, Neil Pater­son, said the threat in his home state was “grow­ing in com­plex­ity”.

Colvin said the nar­cotics trade spikes dur­ing the sum­mer party sea­son.

Asked if there was an ur­gent need for the pow­ers over Christ­mas, he said: “I would have to say that that is at a con­stant tempo that is so high for us any­way that those peaks and troughs are in the mar­gins. It runs at a very high tempo con­stantly.”

Pater­son de­clined to agree that Vic­to­ri­ans would be at risk if the leg­is­la­tion wasn’t passed be­fore Christ­mas.

“I don’t know if I can speak on the ex­act tim­ing,” he said.

The agen­cies’ com­ments came after warn­ings of the need to get the leg­is­la­tion right. The In­spec­tor-Gen­eral of In­tel­li­gence and Se­cu­rity, Mar­garet Stone, who over­sees in­tel­li­gence agen­cies, re­it­er­ated her con­cern that the bill’s over­sight pro­vi­sions were in­ad­e­quate.

Those con­cerns have been echoed by the Com­mon­wealth om­buds­man, who over­sees the ac­tiv­i­ties of law-en­force­ment agen­cies un­der the Telecom­mu­ni­ca­tions (In­ter­cep­tion and Ac­cess) Act gov­ern­ing war­rants for phone taps and other elec­tronic sur­veil­lance and some war­rant­less re­quests to ac­cess meta­data.

As The Satur­day Pa­per re­ported last week, many fed­eral, state and lo­cal agen­cies and or­gan­i­sa­tions are now sidestep­ping that process, lodg­ing 350,000 re­quests for un­en­crypted meta­data yearly us­ing dif­fer­ent, broader leg­is­la­tion with lim­ited over­sight.

Re­quests are ex­pected to in­crease un­der the en­cryp­tion laws.

While oth­ers among Aus­tralia’s

Five Eyes se­cu­rity part­ners – the United States, Bri­tain, Canada and New Zealand – have vary­ing data ac­cess laws, none are be­lieved to be as ex­ten­sive as those pro­posed in Aus­tralia.

While its crime-fight­ing util­ity has been ac­knowl­edged, the en­cryp­tion bill has also at­tracted in­ter­na­tional warn­ings about po­ten­tial down­sides. A group of se­cu­rity ex­perts from Aus­tralian and in­ter­na­tional uni­ver­si­ties, in­clud­ing Cam­bridge and Har­vard, have warned the com­mit­tee of po­ten­tial neg­a­tive im­pli­ca­tions.

And the United Na­tions spe­cial rap­por­teur on the right to pri­vacy, Joseph Can­nat­aci, gave vide­olink ev­i­dence this week that he was gravely con­cerned.

Can­nat­aci said the leg­is­la­tion was badly drafted, vague and too broad.

“This bill re­mains fa­tally flawed,” he said. “It does not meet the ba­sic re­quire­ments for gov­ern­ment-led sur­veil­lance as iden­ti­fied by my man­date. It lacks the ba­sics of due ac­count­abil­ity to par­lia­ment and be­yond and it ex­poses Aus­tralia and the world to greater risks in cy­ber in­se­cu­rity.”

Mar­garet Stone and her deputy

Jake Blight told a PJCIS hear­ing on No­vem­ber 16 that their of­fice had not been con­sulted on the shape of the bill’s ex­po­sure draft.

On Tues­day, they re­vealed the De­part­ment of Home Af­fairs had con­tacted them on Mon­day seek­ing to dis­cuss con­cerns.

But Stone’s com­ments sug­gest they still have very dif­fer­ent views about the leg­is­la­tion.

“We would cer­tainly make ev­ery ef­fort to meet with them as of­ten as nec­es­sary,” Stone as­sured the com­mit­tee. “How long it takes to reach a com­mon view is an­other mat­ter.”

Like the com­mit­tee over­all, she gave lit­tle in­di­ca­tion she was will­ing to be rushed.

Min­is­ter for Home Af­fairs Peter Dut­ton and Prime Min­is­ter Scott Mor­ri­son.

KAREN MID­DLE­TON is The Satur­day Pa­per’s chief po­lit­i­cal cor­re­spon­dent.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.