KIM LANDERS, PRESENTER: Fergus Hanson is the head of the International Cyber Policy Centre at the Australian Strategic Policy Institute.

When I spoke to him a short time ago, I began by asking what are some of the more controversial provisions, that he thinks tech companies might balk at?

FERGUS HANSON: Well, one is that the tech companies have been turned into essentially telecommunications providers so they've now under the same obligations, that Telco's are under at the moment.

So, that involves in some instances, compelling them to assist with activities that would gain content to people's - are lawfully gaining content to people's communications.

Another interesting point, is that one of these areas can be the provision of source code, so that would be something that, many tech companies might balk at now while the provision's there and protections, that it has to be reasonable and proportionate.

That the fact that it's even there in the first place, I think is going to upset some tech companies for sure.

KIM LANDERS: The minister says that this legislation will explicitly exclude asking companies to introduce a weakness in their encryption. Is there a red line that you can foresee though?

FERGUS HANSON: The legislation goes on and on about saying that it won't involve breaking encryption, systemic - involving systemic weaknesses, so that the key word there is systemic.

So, this legislation is very precise in that it can't compel companies to create these vulnerabilities that are systemic.

But instead, what it aims at, is trying to create opportunities to access content, through ways that aren't systemic.

So that they're tailored to individual cases where somebody's instituted of a certain crime and there's a warrant there for that material.

KIM LANDERS: Could it also be the case, that you might never know if a company is allowing the security agencies or the police to actually, you know, snoop on your device?

FERGUS HANSON: Well that's right. There's both overt and covert provisions in this bill so in some cases, law enforcement is compelled to notify you, if they've accessed your device or your computer and in other cases it can be done covertly, so that you don't know, that it's happened.

But, as with all the provisions, there are protections, it has to be lawfully authorised.

KIM LANDERS: How's the government going to compel some of these big, you know overseas companies to provide this access?

FERGUS HANSON: Well, there's both voluntary and compulsory provisions in there and for the compulsory ones, if the firms don't comply, there are fines up to $10 million per active non-compliance, and for individuals, up to fifty thousand dollars.

KIM LANDERS: And, what about for people like you and me who have a smartphone or other device. What are the penalties that we face?

FERGUS HANSON: Well, for people that are required under law to access, there's a provision there to access their device and they don't comply — so they don't provide their pin code, for example, to open up their phone or their thumbprint to open it up — the penalties increase significantly from about six months at the moment, as the maximum penalty, now to about - between five and ten years depending on the seriousness of the crime.

And that's to prevent people that are at the moment, according to law enforcement are balking at opening their device, because they realize there'll be more trouble if they do.

So, taking the six months imprisonment term rather than opening up to law enforcement.

KIM LANDERS: Fergus Hanson, head of the International Cyber Policy Centre at the Australian Strategic Policy Institute.