Australia's anti-encryption legislation fails to address human rights concerns: Committee

The government needs to explain why Australian law enforcement and intelligence agencies need the sweeping new powers proposed in the Assistance and Access Bill 2018, according to the Parliamentary Joint Committee on Human Rights.

The committee has identified multiple occasions where it isn't clear why the proposed measures are "necessary, as opposed to desirable or convenient", and where the measures are not "rationally connected to (that is, effective to achieve) the stated objectives of the measures".

The committee's 47-page analysis was published in its Report 11 of 2018, which was tabled in Parliament on Wednesday. It discusses how the three proposed methods for the government to request or demand assistance in accessing communications would impact human rights.

Those three methods are:

• Technical Assistance (TA) Requests, which are described as voluntary requests, but which may be the least constrained;
• Technical Assistance (TA) Notices, which are compulsory notices for a communication provider to use an interception capability they already have; and
• Technical Capability (TC) Notices, which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices.

These may limit human rights, such as the right to privacy and the right to freedom of expression, so "for each of these rights, the measures must pursue a legitimate objective and be rationally connected and proportionate to achieving that objective", the committee wrote.

Must read: Why Australia is quickly developing a technology-based human rights problem(TechRepublic)

"In general terms, protecting national security and public order is capable of constituting a legitimate objective for the purposes of international human rights law. However, a measure will only pursue a legitimate objective (capable of justifying a proposed limitation on human rights) where there is a reasoned and evidence-based explanation of why the measure addresses a pressing or substantial concern, and does not simply seek an outcome which is convenient or desirable."

While encrypted communications may well pose challenges, according to the committee the government has not established pressing and substantial concern.

"For example, it is not clear from the information provided why the measures are necessary, as opposed to desirable or convenient, to address the majority of information legally intercepted by ASIO being encrypted," they wrote.

"It is also not clear whether the aspects of the measures that do not appear on their face to relate to decryption address a pressing or substantial concern."

Notices and requests could also be issued to protect "the interest of Australia's foreign relations or Australia's economic well-being", grounds which are "broader than those on which the right to freedom of expression can be validly restricted".

In this context, the committee raised what is often called the "chilling effect" of surveillance, citing article 19(2) of the International Covenant on Civil and Political Rights (ICCPR).

The Bill's definition of "interception agency" is "very broad" and includes state-based anti-corruption agencies.

"It is not clear how empowering these agencies, which do not appear to discharge functions relevant to safeguarding national security and addressing the type of crime contemplated in the statement of compatibility, is effective to achieve the objectives of the bill (namely, protecting national security and public order)," the committee wrote.

The committee is concerned by the lack of detail in how the long yet incomplete list of "acts or things" that might be requested or demanded are all "rationally connected with the stated objectives" of the Bill.

There are also "concerns that the measures as framed may be overly broad with respect to its stated objectives".

The committee also identified a vast range of concerns in relation to the definitions, process, oversight, and review of these and other new measures proposed in the Bill. These include, among many others, changes to the law relating to computer access warrants, and amendments to the Surveillance Devices Act 2004.

The definition of so-called "backdoors" was also raised, with the committee asking "whether it would be feasible to define 'systemic vulnerability' and 'systemic weakness', and, if not, whether the scheme will be sufficiently circumscribed so as to avoid broader effects on the users of a provider's service or device".

Finally, the committee identified a broader concern. Both the Telecommunications (Interception and Access) Act 1979 and the Surveillance Devices Act were legislated before the Parliamentary Joint Committee on Human Rights was established under the Human Rights (Parliamentary Scrutiny) Act 2011.

In other words, the committee has never looked at the existing laws through its human rights lens.

"It is therefore difficult to assess whether the warrant or authorisation scheme in [the existing Acts] would operate as a sufficient safeguard [for human rights]," they wrote.

Related Coverage

• OAIC calls for sunset clause on encryption-busting Bill and warns of privacy risks
• Dutton frames Encryption Bill debate as battle between protecting Silicon Valley or protecting Australians
• Australian industry and tech groups unite to fight encryption-busting Bill
• Internet Architecture Board warns Australian encryption-busting laws could fragment the internet
• Australia's anti-encryption law will merely relocate the backdoors: Expert
• Home Affairs makes changes to encryption Bill without addressing main concerns
• Encryption Bill sent to joint committee with three week submission window