Issue No 22: 11 September 2018

SAVE THE DATE – Comms Essentials on Space and Satellite

When: Wednesday, 26 September 2018, 9.00am (9.30am start) – 11.30am
Where: Baker McKenzie, Barangaroo Sydney with a video link to Melbourne
Speakers:

• Dr Megan Clark, Head of the Australian Space Agency
• James Cameron, Authority Member, Australian Communications and Media Authority (ACMA)
• Rocket Lab, commercial rocket launch services provider (invited)

Communications Alliance*, AIIA and AMTA joint submission on the exposure draft of the ‘Encryption Bill’

EXECUTIVE SUMMARY

This submission on the exposure draft of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (Bill or Encryption Bill) is lodged by Communications Alliance*, the Australian Information Industry Association (AIIA) and the Australian Mobile Telecommunications Association (AMTA).

Industry shares Government’s desire to protect national security, fight terrorism and crime, enforce law and to enable the relevant agencies to effectively do so in a digital age. Member companies already provide law enforcement and intelligence agencies with various assistance under the Data Retention Regime, the Telecommunications Sector Security Reform (TSSR) and/or through the workings of interception legislation and assistance obligations under the Telecommunications Act 1997. 

Encryption underpins almost any online activity. Therefore, it is vital to ensure that encryption, and the resultant trust that communications and transactions (in their widest form) are secure and private, are not weakened. Regrettably, encryption is, at times, also being used to conceal illicit and criminal activities and has the potential to significantly hinder the work of intelligence and law enforcement agencies.

The Associations and their members are strong advocates for cybersecurity, data protection and the protection of privacy. Unfortunately, the exposure draft of the Bill bears the very real risk of severely damaging Australia’s (and international) cybersecurity and, therefore, to act contrary to its stated aim of increasing security for Australians. The proposed Bill not only creates a schism between security and safety on the one hand and privacy rights on the other, it also – and potentially even more importantly – creates friction between security/safety for the purpose of law enforcement and crime prevention, and security/safety of electronic products and services and, consequently, for our everyday digital lives.

In many places the draft legislation is ambiguous. It lacks definition and clarity as to what it is trying to achieve. The lack of clarity and detail raises significant concerns around intent, actual implementation and, ultimately, legislative overreach. The extraordinarily broad application to almost any person or organisation that has dealings with electronic products and services, irrespective of their location, and the extremely wide scope of acts and things that can be requested of those actors further increase concerns of legislative overreach. 

The attempted extraterritorial reach of the legislation is unprecedented. Not only does it have the potential to generate anti-competitive outcomes and to create disincentives for providers to offer products and services to Australians, it also creates significant risks for Australian providers to breach laws in foreign jurisdictions when they are taking action as a result of the requirements of the Bill. 

The notice processes created under the draft Bill are prone to the exercise of bias and lack an independent assessment mechanism. Equally concerning is the lack of strong judicial oversight of a piece of legislation that has the potential to significantly impact on society’s overall security and the privacy of individuals. 

The proposed legislation seeks to break new ground and to set international precedents. Consequently, there is a pressing need to clearly articulate why it is needed and, once consensus is reached, ‘to get it right’, also bearing in mind international obligations and peer nations’ norms. It is imperative that the legislation does not weaken existing cybersecurity structures, carefully balances security and privacy considerations, minimises unintended consequences, and it should be developed within a more holistic framework around cybersecurity, data retention, network security, interception and privacy. 

More needs to be done to achieve this. Further consultation (and work on the development of practical measures and their implementation) with all relevant stakeholders, including the Associations and their members, is required prior to the Bill being introduced into Parliament. Industry would welcome the opportunity to review a second exposure draft of the Bill before it is introduced into Parliament. 

Once introduced into Parliament, the legislation must be referred to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) for further scrutiny prior to passage.

*NOTE: This submission does not represent the views of NBN Co.

Communications Alliance, DIGI and AIIA joint submission on the exposure draft of the Consumer Data Right Bill

The three Associations have made a joint submission on the exposure draft of the Treasury Laws Amendment (Consumer Data Right) Bill 2018. The Associations raise a number of concerns with the legislation, including:

• The timeframes for consultation and the legislative process are rushed and dictated by the implementation timeframe for the first phase of the Open Banking CDR. More consultation and rigorous analysis would be required and the decoupling of the consultation for the CDR Bill from the ACCC rule making framework is disappointing and not helpful. 
  
• The approach taken risks a ‘template’, developed to suit the characteristics of the banking sector, but to some degree inappropriate to other sectors, being imposed on telecommunications companies.
  
• The general premise of the legislation appears to suggest that a CDR regime would be beneficial in all sectors and circumstances. This needs to be tested through a rigorous, evidence-based cost-benefit analysis and that analysis ought to be made public for scrutiny by Industry and other stakeholders.
  
• The CDR Bill also proposes to extend CDR data to data that is directly or indirectly derived from other CDR data; and also, to include data that is associated with CDR data. The Associations request that the definition of CDR data ought to explicitly state that data that is imputed, derived or value-added data not be considered CDR data. Further, data that is not able to be re-identified to a consumer in the normal course of business within a data holder should not be considered CDR data. This limited scope appears to be in line with the (accepted) recommendations by the Productivity Commission. The Associations also highlight the expectation that communications metadata will not be included in the regime.
  
• The designation of a sector requires greater mandatory transparent consultation and a high-level outline of the sector rules so that the economic and social impact of a designation can be appropriately analysed prior to designation. The legislation requires clear criteria that must be considered when taking a decision to designate a sector. 
  
• The definition of CDR consumer includes large businesses, contrary to the recommendation of the Productivity Commission. In the absence of convincing arguments for this extended definition of a CDR consumer, the Associations do not support the inclusion of large business.
  

Family Friendly Filter Program Helps Australian Parents Protect Kids Online

Australian parents wanting to protect their families from unwanted or harmful internet content now have new options under the reinvigorated Family Friendly Filter program operated by Communications Alliance.

Three new filter vendors have now passed the rigorous independent testing needed to be certified as Family Friendly Filter providers.

The newly accredited filters are:

• Norton Family Premier, from Symantec;
  
• Family Zone; and
  
• Australian Private Networks (as part of their internet service)

Australians seeking assurance that family members – and children in particular – will not be exposed to inappropriate or potentially harmful internet content can choose a certified filter provider by visiting the Family Friendly Filter page on the Communications Alliance website.

Communications Alliance CEO, John Stanton, said the availability of three certified providers was particularly welcome in an environment of increasing concern about the potentially harmful effects of children being exposed to sexually explicit content online.

“We are working closely with the Office of the eSafety Commissioner on online safety issues, and the Family Friendly Filter program has an important role to play in offering safe options to parents,” Mr Stanton said.

To qualify as a Family Friendly Filter provider, filter vendors must pass stringent testing performed by respected independent testing house, Enex TestLab, which uses an undesirable content site list provided by the Office of the eSafety Commissioner.

The testing criteria include effectiveness, ease of use, configurability, availability of support and agreement by the candidate filter company to update the filter as required by the Office of the eSafety Commissioner – for example where the Office determines following a complaint that a specified site is prohibited under Australian law.

The filters come in a number of levels of classification, enabling families to choose a level of filtering that is suitable to the age of children in the family.

Filters are only one tool that can be used to encourage safe internet access. The Office of the eSafety Commissioner provides a range of information, tools and educational material for parents and schools. The Office also offers help with and accepts complaints regarding cyber bullying and offensive and illegal content.

In addition, many Australian Internet Service Providers (ISPs) have tools and information available to parents concerned about online safety issues.

Some examples include:

New Member

Communications Alliance is pleased to welcome the following new member;