The Coalition's national security amendment to Telco Act

This week in Business Spectator the Coalition government's proposed national security amendment to the Telecommunications Act is discussed and the potential detrimental effect on the Telecommunications industry is identified.

Read the full article below

The Coalition government’s proposed national security amendment to the Telecommunications Act is an ill-conceived exercise that once again threatens to impose onerous conditions on the telecommunications industry. It’s the latest feature of a wish list that the government hopes to fast track through parliament using the overembellished national security situation.

The industry is currently in a state of chaos with the government stoking the confusion and uncertainty with a raft of poorly conceived ideological demands.

On the one hand government would have Australians believe that telecommunications is a national security asset requiring greater oversight and control yet government refuses to declare telecommunications to be an essential service.

The Attorney-General’s Department description of the Telecommunication Sector Security Reforms legislation is that the “Bill formalises and enhances existing information sharing and relationships between government and telecommunications carriers, carriage service providers and carriage service intermediaries (C/CSPs) to ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector.

Building on the existing security obligations on C/CSPs in the Telecommunications Act 1997, the Bill will:

  • oblige all C/CSPs to take steps to protect their networks from unauthorised access and interference
  • require C/CSPs to notify security agencies of key changes to networks and management systems that could affect their ability to protect their networks
  • provide the Secretary of the Attorney-General’s Department with powers to request information from C/CSPs, and issue directions to C/CSPs, enforceable by a civil penalty regime.

In helping to manage national security risks to telecommunications infrastructure, the framework will strengthen the safeguards for metadata stored in accordance with the government’s data retention legislation.”

The Attorney-General George Brandis and the Communications Minister Malcolm Turnbulldescribed the national security amendment as a framework building on existing obligations that “will be implemented via a collaborative partnership with industry, involving increased engagement and information sharing with government agencies.”

Brandis and Turnbull go on to claim that “there has been consultation with some parts of the telecommunications sector on the reforms, and the proposed legislation reflects the approach that has been recommended by the bipartisan Parliamentary Joint Committee on Intelligence and Security.”

That may be true, but the tsunami of criticism following the announcement, including apush back from the Communications Alliance, leaves us all to wonder exactly who did the government consult with?

Unwarranted, unfettered power

The legislative amendment is vague and puts significant new and potentially unwarranted power into the hands of the government and bureaucrats without justification.

A key concern for carriers is the inclusion of the requirement that “the Attorney-General or Attorney-General’s Secretary may give directions to a carrier or a carriage service provider in circumstances involving a risk to security.” Who determines that there are “circumstances involving a risk to security”?

The draft goes on to require telcos to “not to use or supply, or to cease using or supplying, the carriage service or the carriage services” when told to do so by the Attorney-General when the “proposed use or supply would be, or the use or supply is, as the case may be, prejudicial to security”.

As the “case may be” is a statement of nonsense, as is the proposed legislative amendment when it provides the government with powers that cannot be challenged in court by tying the Telecommunications Act 1997 to the Australian Security Intelligence Organisation Act 1979 and sections of the Criminal Code limiting what evidence may be presented to a court.

The legislation as it now stands is a threat to Australian society as it provides far more powers to the government than was available previously under Section 313 of the Telecommunications Act 1997 and removes the need for warrants to request information related to criminal or security related matters.

Protecting the three layers

One way of looking at the telecommunication networks is as three layers (applications, transport and infrastructure) and the current policing and security focus is on the application and upper end of the transport layers. The government and agencies such as the Federal Police and the Australian Communications and Media Authority have worked with corporations, industry and consumers to build a capability to fight cyber-crimeincluding the Australian Cybercrime Online Reporting Network and CERT Australia.

What is missing in Australia is an Infrastructure Security Assurance agency that focuses on the transport and infrastructure layers of the digital network to identify critical infrastructure, vendor equipment security and to provide an audit, monitoring, testing and assurance role.

While it might be argued that the existing government agencies cover the transport and infrastructure layers in reality there is little known about the infrastructure and vendor equipment used in the Australian telecommunication and enterprise networks.

The government has adopted a brute force approach to this problem and appears set on pushing the problem onto the telecommunications industry whilst removing recourse for vendors, telcos and consumers through the courts.

National security is vital for the nation’s future prosperity but the government’s approach to a well known problem should be seen for what it is and the government should be forced to adopt a more inclusive and practical approach that will attract a willingness from the telecommunications industry to participate without being threatened with potential jail time.

Mark Gregory is a senior lecturer in the School of Electrical and Computer Engineering at RMIT University.