Defence's bid for new technology restrictions scuttled by Thom review

An independent review of Australia’s tough export control laws has conspicuously tempered the Department of Defence's demands for sweeping new powers and suggested it work better with stakeholders to address perceived gaps in the legislation.

The government on Wednesday released the much-awaited report [pdf] from the former Inspector General of Intelligence and Security Vivienne Thom’s review of the Defence Trade Controls Act 2012.

The review probed whether the legislation, which regulates the supply of military and so-called ‘dual-use’ technologies overseas, continues to provide “appropriate levels of regulation and security for controlled technologies”.

It also looked at whether operation of laws continued to align with international best practices for export controls were not “unnecessarily restricting trade”.

In its submission, Defence had lobbied for the controls be strengthened because of changes to the national security environment since the Act was introduced - a bid that provoked shot a sever backlash from academia and part of industry.

This included new powers that would allow Defence to control how all technology developed in Australia is sold or exported, including the ability to retrospectively re-classify research as dual use or security sensitive.

The audacious bid for a sledgehammer does not appear to have paid off, with the review noting it did “not support the broad approach implied by the recommendations in the Defence submission”, despite the changes in the national security environment.

Instead, it suggested a more nuanced approach by Defence that involves “develop[ing] a policy proposal that takes a proportionate approach to address the current gaps in the legislation” in consultation with affected stakeholders.

The review said this would help address “serious and legitimate concerns” expressed by industry, research bodies and universities.

“Any solution must focus effort and resources on protecting technology that would cause the most damage should it be obtained by foreign entities that may use it against Australian interests,” the report states.

It recommended that Defence work with stakeholders to “develop a practical legislative proposal” that addresses gaps with the legislation, but stopped short of “formulat[ing] any prescriptive recommendations for legislative amendments”.

The reference to a "practical" approach is likely to be interpreted as a pushback against overly abitious claims and kite-flying by parts of the bureaucracy and industry. 

The review helpfully indicated that “principles that could guide such changes” include:

• “the limitation of the supply provision at section 10 that specifies that it applies only when certain locational criteria are met at the time of supply
• the lack of control over the transfer of technology not captured by the DTC Act’s existing provisions but which, if transferred to foreign entities with interests contrary to Australia’s, could prejudice Australia’s security, defence and international relations
• the inadequate control of emerging and sensitive military and dual-use technology.”

The review also suggests that the proposal should consider a number of factors to limit the effects of any amendment on trade, research and international collaboration, the review recommends. These include:

• “ensure all decisions are targeted and based on risk-related consideration of the technology being supplied, the end user and the end use
• contain measures to ensure transparency and scrutiny of decisions
• limit additional uncertainty, complexity and risk of inadvertent breaches
• minimise any increased compliance costs.”

The government, which has agreed to all nine recommendations in the review [pdf], said Defence exports control arm (DEC) would establish a working group to “develop options to address the identified gaps in the DTC Act”.

The group, which will consist of representatives from Defence and other government agencies, universities and industry, will “develop practical, risk based legislative proposals to amend the DTC Act to enhance the government’s ability to prevent the transfer of defence and dual-use technology to entities that may use it in a manner contrary to Australian interests or who are acting on behalf of a foreign power”.

Cryptographic research

The release of the review comes less than a week after it was revealed that Defence quietly stopped renewals of unrestricted communications exemptions for cyber security and cryptography researchers subject to the export control laws.

The general permission was introduced on a trial basis in 2017 to bypass the legislation and allow for the free flow of information for research purposes.

Submissions to the review had suggested cryptography should be exempt from the legislation altogether, as the regulation was counterproductive and created issues for researchers when communicating overseas.

The review had heard that stakeholders “expressed clear support for the approach taken in the Defence two-step cryptography trial”.

But the review rejected that the controls should not apply to cryptography research, but has recommended that Defence consider this once it has reviewed the cryptography permit trial, which government has agreed to.

“The Department of Defence should formally evaluate its two-step cryptography permit trial and decide whether the approach will be implemented on an ongoing basis,” the report states.

“The evaluation should consider whether an alternative approach would be preferable and explore whether the clarification of existing thresholds would be sufficient or whether legislative amendment is required.”

The government has asked Defence to “consult any proposed actions regarding the permit”, and approach that it lacked when communicating about the end of the unrestricted permits in December.