News and Updates

SUBMISSION - Internet Australia's 10 recommendations for the TOLA (decryption) legislation

Internet Australia has been focussed on pushing back on the 'anti-encryption legislation' known as the Assistance & Access act, TOLA, or Telecommunications and Other Legislation Amendment (Assistance and Access) Act, since it was first unveiled in 2017, and passed into law in the final sitting of Parliament in December 2018.

The legislation is now being examined by the Independent National Security Legislation Monitor (INSLM), Dr James Renwick CSC SC, and Internet Australia is delighted that we have been invited to appear before the INSLM in Canberra to expand and explain our submission.

If you would like to attend the details are:

Date/Time: Thursday, 20 February 2020 - 11:45am – 12:15pm
Location: QT Canberra, Eureka Room, 1 London Circuit, Canberra ACT (doors will be open from 8:15am)
Livestreamed:https://eavs.com.au/inslmhearing/

A summary is below

Recommendation # 1: We recommend that serious Australian offence defined in s317B be redefined to reference the definition serious offence in s5D of the Telecommunications (Interception and Access) Act 1979.

Recommendation # 2 : W e recommend that ‘persons (who) manufactures or supplies components’ (Items 8 and 11 ) be removed from the list of ‘designated communications providers’ in s317C, and that ‘manufacturing’ and ‘supplying’ be removed from all other Items where they appear (such as Item 7)

Recommendation # 3: That the definitions of ‘designated communications provider’ relating to facilities (S317C (7),(8),(9) ) be removed, as they cannot be restricted to a single person as required by the definitions of ‘target technology’ and s317ZG(4A) - (4C) , and in any case ‘facilities’ are already covered under the items relating to ‘carriage services’.

Recommendation # 4: That a new subparagraph be added to section 317ZF(3) explicitly allowing disclosure (in the case of a notice served on an employee) to the person’s employe r, or (in the case of a notice served on a contractor) to the contractor’s client.

Recommendation # 5: That subsection 317ZF(3)(e) be expanded to read ‘for the purposes of obtaining professional advice, including legal advice, in relation to this Part.’

Recommendation #6: That subsection 317ZF(3) be expan ded to provide that the costs of seeking legal or other professional advice be borne by, and recoverable from, the issuer of the notice or request.

Recommendation # 7: That the definitions of ‘systemic weakness’ and ‘systemic vulnerability’ be revised, following dedicated consultation with industry on suitable definitions.

Recommendation # 8: We recommend that the Department consider creating guidance docu ments regarding ‘systemic’ weaknesses and vulnerabilities, especially as compared to ordinary weaknesses and vulnerabilities, and engage with industry to jointly assist in describing guidance and process flowcharts to assist the agencies and industry to di stinguish when a systemic issue is likely to be created.

Recommendation # 9: We recommend that a TAN or a TCN should only be issued after a suitable judicial warrant has been obtained, providing evidence and assurance that the safeguards and limitations hav e been considered by an independent arbiter.

Recommendation # 10: We recommend that the most dangerous and contentious portions of this ACT, the compulsive Technical Capability Notice, be set aside and removed from legislation until further extensive consult ation, round - table meetings and constructive discussion can be had between agencies and the IT industry affected by these laws, seeking to jointly produce a balanced outcome where agencies are able to achieve their goals without harming the Australian tech and IT industry.