by Rebecca Merrett

Telco Sector Security Reforms the new Data Retention Act?

Nov 30, 2015

The Attorney-General’s Department has released new updates to the Telecommunications Sector Security Reforms draft bill. Internet Australia said it sees it going down the same path as the Data Retention Act by being passed without being adequately justified.

The updated draft bill includes “safeguards” around the Attorney-General’s exercise of powers. It requires the Attorney-General to consult with telcos affected by a national security matter and take into account the impact of a direction given to a company.

It also includes safeguards around confidentiality and commercially sensitive information when the Attorney-General obtains information from telcos.

Internet Australia’s CEO, Laurie Patton, acknowledged the Attorney-General’s Department consultation with industry as a positive sign, but is concerned the TSSR bill will be passed without adequate justification, technical knowledge of its impact on telcos and the rights of Internet users.

“The data retention scheme did not avail themselves of sufficient external technical advice, which is why the Data Retention Act is now arguably unworkable without amendments.

“The TSSR is similar to the data retention legislation passed in that few people believe an adequate case has been made to justify the risks of unintended consequences. We need to better understand the Government’s expectations.

“This is an extremely sensitive piece of proposed legislation strewn with pitfalls for drafters who don’t understand how the ICT market works – or more specifically, how fragile the workings of the Internet can be and how important it is to protect the Internet from unjustified external interference.”

The new draft bill states the Attorney-General can give directions to a telco where “certain activities may be prejudicial to security”.

The Explanatory Memorandum of the updated bill states: “There is an existing power in section 581(3) of the Telecommunications Act which authorises the Attorney-General to direct C/CSP [carrier or carrier service provider] to cease operating its service where the proposed or continued operation of that service is or would be, prejudicial to security.”

It states this would only be used in the case of an extreme national security risk, with the power not yet been exercised to date.

The Explanatory Memorandum also states the bill “would complement the data retention regime by improving the security of networks as a whole”.

The Attorney-General also has “information gathering power” to ensure telcos’ compliance is met by monitoring and investigating their activity.

Telcos would also be required to notify the Communications Access Co-ordinator when making changes to their services or systems in relation their obligations under TSSR.

Submissions can be made to the updated draft of the TSSR bill, which close 18 January 2016.