“Abandon” TSSR bill, telco industry tells Brandis

7

news Australia’s technology sector is almost universally opposed to the Government’s planned national security telco legislation in its current form, submissions published this morning to the exposure draft of the bill have revealed, in a further sign that the Government has alienated industry on the issue of national security.

Dubbed the Telecommunications Sector Security Reforms, the legislation has been in development by the Attorney-General’s Department for at least a year. It will give the Government sweeping powers over private sector telco networks, requiring, among other powers, telcos to notify security agencies of key changes to networks and giving the Attorney-General’s Department the power to request information from and issue directions to telcos.

Communications Minister Malcolm Turnbull has confirmed that the bill could result in telcos being informed they cannot buy equipment from certain manufacturers. This would be likely to mean that companies such as Chinese network manufacturer Huawei — which has already been banned from contracting to the National Broadband Network on un-named security concerns — may lose contracts worth tens to hundreds of millions of dollars with key suppliers such as Telstra, Vodafone and Optus.

Late last month, four major industry groups whose members will be affected by the changes — the Communications Alliance, the self-regulatory body which represents almost all major telcos in Australia, the Australian Mobile Telecommunications Alliance, which represents the mobile industry, the Australian Information Industry Association, which represents the technology sector, and the Australian Industry Group, which represents industry as a whole — joined forces to note major concerns with the bill.

The four Associations collectively represent the bulk of Australia’s $100 billion ICT industry. It is a relatively unprecedented move to see them uniting on a single policy issue in this manner.

This morning, Attorney-General George Brandis published the submissions into the exposure draft for the bill. The submissions further strengthen concern about the bill, with major companies such as Foxtel, iiNet, Macquarie Telecom, TPG, Telstra and Optus all expressing strong concerns regarding it.

“TPG has serious concerns about the proposed telecommunications sector security reforms set out in the exposure draft … TPG considers that the TSSR reforms are unnecessary and overly broad; could hinder rather than improve the promotion of national security; and would impose unwarranted costs on industry and end-users,” the company wrote in its submission.


“For these reasons, the TSS Reforms should be abandoned.”

“TPG does not believe the Attorney-General or his secretary is the best placed authority to make decisions about a telco’s network security. They lack the requisite knowledge of the intricacies of a telco’s systems and are unlikely to possess the skills to determine the appropriate form and level of network security required.”

iiNet expressed similar sentiments.

“The Direction Power increases the power of Government in a way that has the potential to impose a severe burden on the telecommunications industry and to affect competition and stifle innovation without [carriers and carrier service providers or C/CSPs] having any avenue of meaningful appeal or review,” the telco wrote in its submission.

“In light of this, iiNet believes that the Direction Power goes far beyond any measures that are required to ensure that Australia’s national security interests are appropriately protected. 
iiNet believes that the legal effect of the Protection Obligation is superfluous and serves no useful purpose. iiNet believes that its intended effect as implied in the draft explanatory memorandum to the Bill (EM) goes beyond what is acceptable in a free and democratic society.”

Major telcos Telstra and Optus worded their complaints more diplomatically, but expressed many of the same sentiments regarding specific issues with the legislation. Both Telstra and Optus focused on positive enhancements they recommended to substantially change the bill’s operation.

“Whilst Optus supports the Government’s intent in attempting to protect Australian telecommunications networks from interference, it believes the current Exposure Draft does not provide the necessary rigour for such a new security assessment framework to operate practically,” the telco said. “Further work is needed to establish clear decision-making criteria before a Direction can be issued to providers, and an appeals mechanism for these Directions must be made available.”

Other such as Macquarie Telecom and even Foxtel also expressed concerns, backing the existing complaints by groups such as the Communications Alliance, while industry association Internet Australia damned the bill in its entirety.

“… we consider that in its current form the Bill represents an unacceptable and unreasonable transfer of responsibility and oversight from the Parliament to the bureaucracy,” Internet Australia wrote.

“Our ongoing experience with the problematic implementation of the Data Retention Act gives us little confidence in the ability of the department to fully appreciate the technical issues involved. This is not a criticism of any individuals, or of the department per se, it is simply the observation that the essential level of technical knowledge in respect of telecommunications systems and equipment is not resident in the department.”

Attorney-General George Brandis has signalled plans to introduce the bill to Parliament in the current Spring Sitting period — which lasts until early December.

opinion/analysis
I want to note three things stemming from this morning’s release of submissions into the exposure draft of the TSSR legislation.

Firstly, all of the submissions released were overwhelmingly negative. There was very little positive sentiment from anyone regarding this legislation. In fact, the submissions substantially strengthened the already strong complaints the telco industry has about the legislaion.

Secondly, no submissions from law enforcement or intelligence agencies were published. It’s possible that agencies such as ASIO and the AFP simply asked that their submissions not be published. However, I think it more likely that they did not make submissions; instead, such agencies are likely intrinsically involved in the creation of this bill and thus felt no need to comment on the exposure draft.

Thirdly, a number of submissions expressed a direct concern that the Attorney-General’s Department itself does not have the technical capability to deal with the powers the Government is trying to legislate to allocate it. It appears that this view stems directly from the mismanagement of the data retention legislation — mismanagement which continues to plague both the telco sector and the Government itself.

Now the ball is largely in the Opposition’s court. The telco sector has given Labor a massive amount of ammunition to attack the Government regarding these proposed national security reforms. One wonders to what extent the Opposition will choose to load up its verbal weapons. It seems clear that Labor should not — with the entire telco sector in an uproar over the bill — allow the TSSR legislation to pass through the Parliament unmodified. But then, stranger things have happened on Capital Hill.

Image credit: Parliamentary Broadcasting

7 COMMENTS

  1. It shall pass as is with the only opposition coming from the independents and the Greens.

  2. Perhaps it’s yet another bill loosely related to the TPP? The govt says you cannot buy network hardware from practically every supplier except ones linked to US interests. Then as telcos are forced to buy from those suppliers, the TPP is declared a resounding success by encouraging industry investment. By that stage the US has it’s spy hooks dug deep into Australia and can do its own piracy investigation, and with some TPP sleight of hand, the US can sue Australian individuals directly. George Orwell, your dystopian future has nothing on Australia.

    • It’s an interesting bit of hypocrisy there, isn’t it? You can’t use equipment we suspect ‘might’ contain back doors, but we have no evidence for, but you should use vendors the whole world knows to be compromised. Brilliant bit of logic, that.

  3. Devils advocate time.

    I think there are big nuances in the views of different parts of industry that you’ve kinda but not really addressed.

    The big telcos support the proposal but want process amendments like tightening up decision making rules and more appeal rights. This seems like the kind of stuff that an exposure draft process is meant to bring up before the laws even hit the parliament. I think it’s fair to say that Optus and Telstra would have the best and most sophisticated understanding of the security risks facing the telecommunications sector out of the industry. As the largest network operators there are probably some issues they even understand better than dsd, asio, cert and the other government players in this space. And they probably also know what they don’t know. So their conditional support, if you can put it that way, is pretty significant.

    TPG and a couple of others seem to think that individual service providers are uniformly the best authoritative view on how to protect their own networks. Maaaaybe that’s true for TPG which is renowned for its cutting edge security expertise (/s) but I doubt it’s true for many companies. But really the argument just amounts to TPG saying “we disagree” to the government, opposition and security agencies view that the private sector doesn’t always know enough about security threats and sometimes prioritises profit over security. That’s a totally different argument to Telstra and Optus, who agree with the problem specification, but disagree with the details of the laws.

    I’m surprised at the paragraphs you chose to quote from iinet and ISOC. iiNet calls the proposed duty to protect their network and customer information ‘superfluous’ and ‘beyond what is acceptable in a free and democratic society’ in the space of two sentences. Maybe it could be one of these but not both. And how on earth can iiNet think that both data retention and data protection are anti-democratic?! Really sounds like it’s fishing for headlines rather than making a serious argument there. Same for that first paragraph from ISOC. Does it really think it’d be a good outcome for Parliament itself to regulate industry on a daily basis? If not, what on earth does it mean that this would be an ‘unreasonable transfer of responsibikity and oversight from the Parliament to the bureaucracy’?

    Tldr not all of the industry is telling government to “abandon” this. The more sophisticated telcos seem more supportive, but want major amendments. That’s not a great look after a year of talks. The arguments against are pretty powerful, don’t get me wrong. But some of those opposed sound like they either don’t believe government has anything to offer here, or are just spouting any argument they can to to avoid extra costs.

    • Hmm. Very good points — I agree with almost all of this.

      What I would say about the big telcos versus the small telcos is that the big telcos largely agree with the smaller telcos on this one, that I can see, but are just being a bit more diplomatic.

      You can see this through the highly inflammatory submission made by the Communications Alliance. If either Telstra or Optus had wanted to, they could have had that submission watered down. They are the big cheeses of the CA membership. Instead, they let CA rant and rave about this issue, causing a massive fuss, and then provide a somewhat more constructive view in their own submissions.

      Telstra and Optus know that they will have to continue to work with the Government on these issues on an ongoing basis. So they leave the strong language to the industry body, and look more moderate. The smaller ISPs have never really had to work with the Government too much, so they raise a bigger fuss on their own right because they don’t want to be dragged to the same obligations which Telstra and Optus already suffer under.

      In short, it’s all about ‘optics’ ;)

      • Good points there too. I suppose that the majors would have pretty much open door access to the political offices and could do their messaging privately. If they’re taking a sterner tone behind closed doors we wouldn’t know but government and opposition would. I suppose the proof will be in one of the major parties baulking or the major telcos going harder in public if government plows ahead.

        Still playing devils advocate because maybe you know more from sources. But it is also possible that Telstra and Optus aren’t worried about the core proposal and just want it tweaked: If they do have open door access to the pollies, they wouldn’t need CA to do their messaging for them and may be happy to let CA message for the smaller players, while presenting their own, divergent view in public. It’s not like big companies, from Telstra to BHP to Woolies haven’t gotten into fights with governments in the past, after all.

Comments are closed.