A coalition of groups that brings together civil liberty and privacy advocates with major technology firms has called for a major rework of controversial Australian legislation that they argue could weaken the cyber security of popular online services.
Apple, Google, Microsoft, Amazon, Twitter and Facebook are among those calling for changes to the law.
In total, 36 groups have endorsed a submission to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) which is examining the legislation that was rushed through parliament at the end of last year in somewhat bizarre circumstances.
The government argued the legislation — the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 — was necessary because of the increasing barrier that encrypted communications services pose to the work of police and intelligence organisations. However, critics argue that it could undermine cyber security and privacy.
The joint submission calls for the government to amend the legislation to narrow the scope of ‘Technical Assistance Notices’ (TANs) and ‘Technical Capability Notices’ (TCNs). Under the so-called ‘encryption’ legislation, a TAN is a direction from an authorised interception agency to a service provider to cooperate in a certain manner.
The list of possible acts outlined in the legislation is extensive — including providing technical information, installing or modifying software, facilitating access to certain equipment or a device or service, substituting one service for another, or modifying a service. Moreover, the list of possible acts or things outlined in the legislation is not exhaustive.
A TCN is an instruction from the government to build a new capability that can facilitate the work of law enforcement or national security agencies.
The coalition of groups wants to limit the scope of TANs and TCNs in order to minimise the risk of undermining the security of online services. In addition, the groups said they are seeking increased judicial and public oversight of the use of the new powers, including requiring judicial approval before a notice is issued.
Another change sought is the loosening of non-disclosure requirements; currently in most circumstances disclosing a TAN or TCN is an offence.
The submission also calls for the rights of security researchers and software engineers to be protected.
A further change sought is a narrowing of the definition of a “designated communications providers,” which are the entities subject to the new regime.
"These laws are deeply flawed, and have the likely impact of weakening Australia’s overall cyber security, lowering confidence in e-commerce, reducing standards of safety for data storage and reducing civil right protections,” said the chair of Digital Rights Watch, Tim Singleton Norton.
Alongside DRW, the submission has drawn support from a wide-range of well-known civil liberties organisations including Access Now, Blueprint for Free Speech and the Electronic Frontier Foundation.