news A number of major telecommunications companies including iiNet and Macquarie Telecom, as well as telco and ISP representative industry groups, have expressed sharp concern over the Federal Government’s proposed package of surveillance and data retention reforms, stating that “insufficient evidence” had been presented to justify them.

The Federal Attorney-General’s Department is currently promulgating a package of reforms which would see a number of wide-ranging changes made to make it easier for law enforcement and intelligence agencies to monitor what Australians are doing on the Internet. For example, the Government is interested in establishing an offence which would allow Australians to be charged with failing to assist in decrypting encrypted communications. Also on the cards is a data retention protocol which would require ISPs to retain data on their customers for up to two years, and changes which would empower agencies to source data on users’ activities on social networking sites.

Instead of law enforcement agencies being forced to request multiple different types of interception warrants, the legislation would be modified to allow authorities to request a new more comprehensive centralised type of warrant with multiple powers. Provisions under the ASIO Act for the intelligence agency to request warrants are to be modernised and streamlined, and the agency is to gain the power to disrupt a target computer for the purposes of accessing the information on it — or even to access other third-party computers on the way to the target machine.

However, in submissions to the Parliamentary Joint Committee on Intelligence and Security, which is examining the proposed reforms, a number of major Australian telcos and their industry groups have expressed sharp concern regarding the proposed legislation.

In its submission, iiNet acknowledged there was “an obvious public interest” in law enforcement agencies having effective telecommunications interception capabilities, and in network infrastructure being kept secure. However, the ISP argued, there was also “an obvious need” to balance those factors against human rights, privacy, and the cost of reforms to the telecommunications sector. Consequently, iiNet called for the Government’s package of reforms to be “rejected”, as the Government had provided “insufficient evidence to support the justification on which they are based”, and that they failed to provide the aforementioned balance.

“iiNet notes that there is no ‘hard evidence’ referred to in the Discussion Paper to support the assertion that changes in technology and the practices of [telcos] are causing serious problems for law enforcement agencies,” the company wrote in its submission. “For example, no statistics have been provided on the number of attempts made by law enforcement agencies to obtain data from [telcos] that were unsuccessful due to the [telco] not having retained or collected the data that the law enforcement agency required. On the contrary, the Discussion Paper refers to evidence which suggests that interception powers continue to be used effectively.”

Furthermore, iiNet wrote that it believed it was important that it be recognised that telcos “are not state agents”, and that clear demarcations were needed as to their responsibilities to law enforcement agencies.

The ISP also objected to other elements of the proposals. For example, one proposed reform would see the Government given power to force telcos to take steps to secure their networks, with a view to maintaining the integrity of critical national telecommunications infrastructure.

However, iiNet wrote that it believed the Government “should not have an unfettered power” to issue binding directions to telcos, noting it didn’t believe checks and balances on this power as currently proposed were sufficient. “iiNet believes that such power has the potential to result in disproportionate outcomes unless the scope of the power is limited to achieve proportional outcomes, and there are appropriate checks and balances in place that govern its use,” the telco wrote.

Business-focused telco Macquarie Telecom also wrote in a separate submission that it did not believe that there was enough evidence yet to justify the reforms.

For example, with respect to the telco sector security reforms, the telco wrote: “Macquarie is concerned that the proposed reforms may not be sufficiently justified … With a clear alignment between the interests of industry players and the Government on the need for network infrastructure security, Macquarie believes a better outcome could be achieved with increased communication at a trusted level between industry and Government.”

With respect to the data retention section of the reforms, Macquarie wrote that the Government’s consultation paper on the issue “does not … provide any elaboration of the details of the proposed data retention regime”. “Macquarie also notes that there is a wide range of matters that need to be addressed before any proposal for a data retention regime can be seriously considered by industry,” the telco wrote. “Such matters include: The scope of the data to be retained; how data is stored, secured, retrieved and delivered; and who has access to stored data and the terms on which access is provided.”

One substantial telco industry submission to the reform inquiry was issued by the Australian Mobile Telecommunications Association and the Communications Alliance. Between them, the pair represent almost all of Australia’s ISPs and telcos, and their submission was also endorsed by several other groups — the Australian Information Industry Association, which represents broader technology companies, and the Australian Industry Group, which represents industry as a whole.

The combined associations noted they supported the underlying objectives of the surveillance reform package; but they had significant concerns about the details of the package.

For example, the associations noted that community expectations had not substantially changed on the issue of telecommunications interception since this kind of law enforcement access was first introduced: “That is, the presumption is still that communications are private and that lawful interception or access to the content or other information about such communications is the exception and is allowed only under certain circumstances defined in the relevant legislation.”

Consequently, the associations wrote, they would prefer that telecommunications interception access should be reserved solely for the purposes of addressing instances of serious crime or threats to national security.

In addition, on another issue, the associations wrote that their view is that the Government “has not provided sufficient justification for the implementation of data retention.” “In particular there appears to have been no proper assessment of the relationship to be derived and the costs (social and financial) involved in implementing such a regime,” the associations wrote.

The issue of data retention is one which has consistently attracted negative commentary from Australia’s ISP industry, which has often positioned this kind of proposal as a costly imposition on its operations that would give law enforcement agencies unfettered powers.

For example, in June 2010, as the issue was being discussed, then-Exetel chief executive John Linton said: “My personal view is that it is an insanely difficult and expensive process to implement that serves exactly no purpose whatsoever — in other words nanny state gone totally insane one more time by the current government.” Linton said he had no idea how the system could actually be implemented by a company like his — a mid-tier ISP — and the cost of storing the data suggested would be incredibly high in overheads on any basis he could imagine. “For a company the size of Telstra it would be a ludicrously high expense,” he added.

In general, the package of surveillance reforms discussed in this article has attracted a significant degree of criticism from the wider community over the past few months since it was first mooted. Digital rights lobby group Electronic Frontiers Australia has described the Federal Government’s proposed new surveillance and data retention powers as being akin to those applied in restrictive countries such as China and Iran, while the Greens have described the package as “a systematic erosion of privacy”.

opinion/analysis

I agree wholeheartedly with the argument by Australian telcos and ISPs that the Federal Government has not provided sufficient evidence for why this extremely wide-ranging package of reforms should be pushed through into legislation.

Let me point out a few salient facts about these proposals. Firstly, as the complexity and number of submissions to the Parliamentary Joint Committee on Intelligence and Security illustrates, there are an absolute stack of reforms in this package. Data retention, changes to telecommunications interception, streamlined warrants, the ability to penetrate private computers, an offence for failing to decrypt communications … there’s a stack in here, and many aspects of these reforms are so complex that they each be the subject of their own parliamentary inquiry.

Secondly, the Government has gone to great lengths to deny public scrutiny of these proposals. The proposed legislative changes, and most of the actual detail of the proposed reforms, has not been released — all that commentators are going on at this point is a limited consultation paper summarising the reforms. As the ISPs pointed out, there is a lack of detail here — we don’t know what we’re responding to. Furthermore, when these issues have been discussed in Parliament previously, bureaucrats from the Attorney-General’s Department have avoided as far as possible providing any information about them. And even the consultation period to make submissions to the the Parliamentary Joint Committee on Intelligence and Security was woefully short.

A little known fact is that Australia’s telcos usually don’t fight too hard when the Federal Government tries to implement reforms of this nature. They usually comply with law enforcement requests in this area, and in fact work with law enforcement every day on interception matters. It’s common for ISPs and telcos to have closed door meetings with the Attorney-General’s Department and other government agencies as these laws are being planned, as was the case in 2010 and beforehand with the data retention proposals.

So when ISPs and telcos do start pushing back and calling for further evidence — as they have in these submissions — then you know something is wrong. Australia’s ISPs appear to believe that they are about to be handed a lot of responsibility for what should rightfully be policing work — and they are not that keen to sign up for the job.

Over the next week Delimiter will be examining more of the submissions to the Parliamentary Joint Committee on Intelligence and Security’s review into the Attorney-General’s Department’s proposed surveillance reforms. There is broad community concern about this package, and we hope to make some of that public.