The Australian Government supports cyber security tools, like encryption, that create a safe online environment for Australians. Encryption ensures that everyday digital transactions, like online banking or shopping, can occur securely. The Government has no interest in undermining these critical technologies.
Unfortunately, the same technologies are being employed by terrorists, paedophiles, drug smugglers and human traffickers to conceal illicit activities and facilitate crime. Criminals are increasingly sophisticated users of the internet and rapid technological change has caused valuable sources of evidence and intelligence to diminish, for example:
- over 95 per cent of the Australian Security Intelligence Organisation’s (ASIO) most dangerous counter-terrorism targets use encrypted communications
- encryption impacts intelligence coverage in nine out of ASIO’s 10 priority cases
- it is estimated that by 2020 all electronic communications of investigative value will be encrypted.
The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (the Assistance and Access Act) equips agencies with the tools they need to effectively operate in the digital era and keep the Australian community safe. The Assistance and Access Act introduced some key reforms to help our agencies access the evidence and intelligence they need by:
- enhancing industry cooperation with law enforcement and security agencies
- improving agency computer access powers.
Importantly, nothing in this legislation can require industry to break encryption. Instead, the measures enhance the existing ability of Australian agencies to undertake targeted, proportionate and independently oversighted surveillance activities.
The operation of the Assistance and Access Act is subject to ongoing review by the Parliamentary Joint Committee on Intelligence and Security and by the Independent National Security Legislation Monitor.
For more information on the Act, see:
Enhanced industry cooperation
The modern Australian communications industry is open, data-based and involves a wide-range of onshore and offshore providers. The Assistance and Access Act allows law enforcement and security agencies to seek assistance from the full scope of companies that supply communications services and devices in Australia.
The Assistance and Access Act does not place any standing obligations on companies. Robust consultation measures will ensure that both Australian and multi-national companies can have a say in potential requirements. The Government will not require companies to do the impossible. By default, industry is compensated for all reasonable costs of complying with a request from Government.
Safeguards
Engagement between Government and industry is bounded by critical safeguards. All requirements must be reasonable, proportionate, practical and technically feasible. Government cannot:
- build or implement so-called ‘backdoors’ or do anything that would make the communications of innocent persons less secure
- build a decryption, interception or data retention capability
- access communications without an existing warrant or authorisation
- compel an employee to undertake activities without the knowledge of their employer
Division 7 of Part 15 of the
Telecommunications Act 1997 gives the force of law to some of these core limitations.
The regime also contains robust oversight mechanisms, including:
- extensive independent scrutiny by the Commonwealth Ombudsman and the Inspector-General of Intelligence and Security and a clear complaints mechanism to these bodies
- public transparency reporting by companies who have received a notice to assist
- independent review of new capabilities by a technical expert and retired judge
- judicial review of any requirements on industry
- annual reports, tabled in Parliament, on the use of powers
These safeguards ensure that industry assistance is collaborative, constructive and does not jeopardise cyber security.
For a more detailed look at the safeguards and oversight measures contained in the legislation, see:
For more information on the operation of the industry assistance measures and discussion on the Assistance and Access Act, see:
Modern warrants for the digital age
The new, independently-approved, collection powers will improve the ability of agencies to operate around encryption without undermining it. The purpose of these warrants is to ensure agencies can lawfully access intelligible communications content.
The Assistance and Access Act strengthens the ability for law enforcement and security agencies, under warrant, to collect evidence from electronic devices. An independent authority approves the use of these powers and agency activities are subject to oversight by the Commonwealth Ombudsman or the Inspector General of Intelligence and Security.