There is, if you’re not aware of it, an internet kill switch in Australia. It’s located in s.581 of the Telecommunications Act, which enables the attorney-general, after consulting the prime minister and the minister for communications, to direct a telecommunications carrier or carriage service provider in writing to cease to supply a service if it is ‘prejudicial to security’, as defined under the ASIO Act.
Such a power, of course, would only be used in an emergency.
The power in its current form has only existed since 2003, when the Howard government amended the Act as one of its suite of draconian counter-terrorism measures.
And therein lies a tale, and one not wholly irrelevant to the expansion of national security powers currently being considered by the Joint Committee on Intelligence and Security. It’s a little complicated, but stick with it.
The original form of that 2003 amendment had a rider: the power to order a carrier or provider to cease supply applied ‘either generally or to a particular person or particular persons’. That is, an attorney-general could direct a company to switch off an individual’s or organisation’s phone or internet access
The Howard government was in a desperate hurry to get the bill through. When it reached the Senate after passing the Reps in 2003, the government agreed to an inquiry. Only, the inquiry was a Howard-era special: it was advertised on August 27, 2003, with submissions due the following Monday, September 1. Only two submissions arrived, unsurprisingly: one from Vodafone, and the other from the NSW Council for Civil Liberties. The following Friday, a 2½-hour hearing was held. That was it; the committee reported a fortnight later.
Vodafone and the NSWCCL raised concerns about, inter alia, the kill-the-internet power, and particularly the arbitrary nature of it. And all senators on the committee focused on how the power applied to individuals. This produced a weird statement from the attorney-general’s officials under questioning from Kate Lundy. Despite the Bill clearly stating the power applied ‘either generally or to a particular person’, an AGD officer told the committee ‘the draft as it stands certainly appears to do that but the intention was to turn off an actual carriage service of itself… It was not the intention that it would be targeting an individual service.’
The contradiction didn’t deter committee chairman Alan Eggleston from recommending passage of the Bill, but he did suggest the government clarify the issue. Labor and the Democrats in their minority reports both wanted the issue addressed as well.
And, indeed, the government did. The bill marked time for six months, and when it came back on for debate in the Senate, the government removed the reference to individuals and in fact went further and added that a direction ‘must relate to a carriage service generally and cannot be expressed to apply to the supply of a carriage service to a particular person, particular persons or a particular class of persons’.
So, why the history lesson? Among the proposals on which the government is seeking views via the JCIS is to supplement the kill-the-internet power with ‘powers of direction… [for] directing a [carriage or carriage service provider] to alter its business practices or undertake other actions considered necessary to protect national security interests’.
What would this entail? ‘Directions could involve targeted mitigation or remediation of security risks, including modifications to infrastructure, audit, and ongoing monitoring, with costs to be borne by the relevant C/CSP,’ says the discussion paper.
‘Targeted mitigation’ suggests a much more specific focus than the current power. Indeed, the paper pointedly notes of the current power that ‘this direction only applies to a service as a whole, however; it cannot be used to restrict service use or supply to a particular organisation, group or person’. Is Labor now proposing a power to target individuals to which it objected in 2003? Is AGD, having had its power curtailed in 2003, trying to revisit the issue?
It’s hard to know. Indeed, it’s hard to know about a lot of these proposals because the ‘discussion paper’ does anything but discuss many of them. At least this new directions power gets a couple of paragraphs; more controversial proposals such as data retention and criminalisation of refusal to help with decryption get little or no discussion at all.
This led to the remarkable outcome on Friday of a letter to the editor of the Herald Sun from Nicola Roxon, actually containing more detail about one of the proposals than the discussion paper itself. In relation to the proposal ‘Establishing an offence for failure to assist in the decryption of communications’, all the discussion paper says is:
‘Requirements on industry to retain current information and to assist agencies to decrypt information would greatly enhance agencies’ abilities to detect and disrupt criminal and other behaviours… ‘
It’s not even fully clear whether that relates to the decryption proposal, or merely forms part of the ‘modernising the industry assistance framework’ proposals. But to the Herald Sun, Roxon wrote:
‘There is also no proposal to enforce people to give up passwords. There are already powers for law-enforcement agencies to compel suspects to decrypt data such as child pornography held on a computer to turn unintelligible information into compelling evidence against these serious criminals. The question we’re asking the committee is whether this should extend to live communications like chat rooms for crimes like paedophilia.’
That, plainly, doesn’t have anything to do with industry decryption. So now the picture is even more confused than before. The following day, Roxon sent a letter to The Age expressing deep disappointment about its coverage of the issue and for ‘assuming I’ve made up my mind on these reforms, when I have been absolutely clear that I have not’.
Fairfax, mostly via Dylan Welch, has pursued these proposals from the outset. And as Welch pointed out, it was Roxon herself who told last week’s gathering of cybersecurity rent-seekers in Canberra about the highest-profile proposal, data retention, that ‘many investigations require law enforcement to build a picture of criminal activity over a period of time. Without data retention, this capability will be lost.’ Roxon then invoked the (wholly irrelevant) example of the investigation of the murder of NSW MP John Newman, and concluded ‘the loss of this capability would be a major blow to our law-enforcement agencies and to Australia’s national security’.
Greens senator Scott Ludlam told Crikey: ‘There are a number of proposals in this package, many with serious implications for basic rights. The risk of focusing on high-profile ones like data retention is that we miss ones that need teasing out like a new national security directions power over telcos and ISPs. But it’s difficult given the vague nature of the discussion paper Nicola Roxon released.’
Roxon’s comments in her speech caused concern within government ranks that, having done the right thing and established a proper public inquiry into these proposals, she’d pre-empted the outcome on one of the most controversial issues. Far from getting Roxon’s position wrong, The Age was merely reaching the same conclusion that some MPs were, a conclusion that is hard to avoid from her own words.
All very confusing.