Further changes announced to controversial telecoms security bill


news The government has announced a further round of consultation on changes to controversial new legislation that will require telecoms providers to provide greater safeguards for their networks and to permit greater powers of oversight for government agencies.

The Telecommunications and Other Legislation Amendment Bill, as it is called, is aimed to better manage the national security risks arising from unauthorised interference and access to telecommunications networks, such as in the form of espionage, sabotage, and foreign interference.

Security and resilience of telecommunications infrastructure is “increasingly critical” to the social and economic well-being of Australia, Attorney-General George Brandis and Minister for Communications Mitch Fifield said in a joint statement on 27 November.

The statement further points to the recent Australian Cyber Security Centre’s Threat Report as a reminder of the “scale of the cyber threat” to Australian organisations and that telecommunications networks and facilities are being “actively targeted by those who wish to harm Australia’s interests”.

The government has been working with the telecoms sector to improve the bill, Brandis and Fifield said, and the detailed feedback provided through the “extensive” consultation undertaken so far has been carefully considered.

However, the bill has been somewhat controversial and widely interpreted as giving the government power over purchasing decisions made by telcos. For example, it could mean giving government the power to stop telcos from buying hardware from certain foreign suppliers, such as China’s Huawei. The government has already barred Huawei from contracts with the National Broadband Network, however the UK has largely cleared the Chinese company in ongoing security audits.

A number of changes to improve the proposed legislation have been implemented, including safeguards on the use of the proposed regulatory powers and clarification of the intended scope and application of requirements to be imposed on telecommunications providers.

Whether the latest changes will appease the industry remains to be seen.

“The Bill now provides greater safeguards for industry while still meeting the core objective of better protection of telecommunications networks from espionage, sabotage and disruption activity,” said Brandis and Fifield. “The proposed legislation continues to reflect the approach recommended by the Parliamentary Joint Committee on Intelligence and Security.”

Key elements of the bill include:

  • Establishing a security obligation requiring carriers and carriage service providers (C/CSPs) to do their best to protect their networks from unauthorised access and interference
  • Requiring carriers and some carriage service providers to notify security agencies of planned key changes to networks and services that could compromise their ability to comply with the security obligation
  • Empowering the Secretary of the Attorney-General’s Department to request information from C/CSPs to monitor compliance with the security obligation
  • Providing the Attorney-General with a power to issue a C/CSP a direction requiring them to do or refrain from doing a specified thing to manage security risks
  • Expanding the operation of existing civil enforcement mechanisms in the Telecommunications Act to address non-compliance with the security obligation, notification requirement, information requests and directions.

The government has released a revised Explanatory Memorandum (pdf file, 452KB) updated with the latest changes and draft administrative guidelines to industry on how to meet the proposed legislative requirements.

The government is accepting feedback from the industry as it finalises the legislation. Submissions on the exposure draft will close on 18 January.

Image credit: Parliamentary Broadcasting