The government has revealed 50 pages of draft amendments to Australia’s encryption-busting bill, giving some MPs little more than ten minutes to try and digest them.
The draft amendments have now been released for public consumption [pdf] and - for the first time - define what it means to implement a systemic weakness and vulnerability under the proposed law.
“Systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person,” the draft amendment states.
“Systemic weakness means a weakness that affects a whole class of technology, but does not include a weakness that is selectively introduced to one or more target technologies that are connected with a particular person.”
In both cases, the government says it is “immaterial whether the person can be identified.”
The definition appears to confirm critics’ worst fears - that technology companies will be required to weaken security and insert backdoors in products; however, they will not be considered “systemic” if agencies pick and choose who they target.
However, the government argues that isn't the case in a new explanatory memorandum.
"This definition makes clear that anything that weakens whole systems, and consequently puts the security of innocent users at risks, is prohibited," the government said.
"It clearly states a carve-out for targeted use of powers that are isolated to particular targeted devices and do not undermine system security."
Labor appeared to be unhappy with the proposed definition but has decided to wave the bill through the lower house anyway.
“The issue of inserting an appropriate definition of systemic weakness into the legislation has been a major issue of disagreement between Labor and the government that we are continuing to work to resolve even now,” shadow Attorney-General Mark Dreyfus said.
Labor MP Mike Kelly said that “a proper definition of systemic weakness” was still required.
“That’s going to be a huge challenge,” he said.
“This is a broad concept that will be very difficult to nail down effectively in a regulatory mechanism.”
However, even if Labor is still unhappy with the definition, it appears that they believe any practical difficulties can be assuaged by an appeal mechanism available to companies hit with technical capability notices, where a retired judge and security-cleared tech expert would review the nature of what was being asked and issue a binding ruling on it.
“We have got greater comfort in how that will be managed by the fact that we now have an additional mechanism … to have an independent assessment done which a company can refer to where it has concerns of being forced to a requirement under a [capability notice] of engaging or unlocking some of these aspects of what they do,” Kelly said.
Labor MPs admitted that the bill was likely to harm Australia’s software industry, its commercial interests and security posture.
But Kelly was adamant that the bill should be rushed through anyway and said that the public should be “reassured” by the vigour that Labor had applied in seeking changes to the bill.
“I think the public should be reassured that the Parliamentary Joint Committee on Intelligence & Security (PJCIS) - and Labor on that committee - have prosecuted the case effectively in relation to the civil liberties issues that are presented by it, but we have also taken great cognisance of commercial impacts and security impacts,” Kelly said.
Kelly said he was unable to specify the exact reasons the bill was required.
“There are specific aspects we are constrained in not being able to go into in the public space because of the nature of these issues and the briefings that we’ve received,” he said.
“We’re going to have a bill that enables our agencies to deal with what was presented to us as a period of heightened alert and to deal generally with managing the threat challenge they have with this technical barrier.
“At the same time we’re going to see the committee continue its process on refining what will no doubt be a significantly improved piece of legislation when that process is complete.”
Greens MP Adam Bandt slammed the rush and the lack of time given to MPs to even consider the draft amendments, which were still being put together last night.
“What’s happening is as is usual on the last day of sitting in this place [is that] all of a sudden there are urgent things that can’t wait and legislation that could have been dealt with six months ago and gone through the proper process is now being pushed through the parliament,” Bandt said.
“We’re told by the Opposition, ‘It’s OK, we’ve fixed it, trust us. We’ve had a closed door meeting with the government, we’ve reached a bunch of agreements’.
“Well pardon me if when we get circulated with 50 pages of amendments about 10 minutes ago and people say, ‘Hang on, I’m not going to take you on face value’.”
The amended bill was read a second time in parliament just after midday, with only two MPs - Andrew Wilkie and Adam Bandt - voting against it.
It passed the lower house entirely at 12.25pm and was referred to the senate for consideration.
.png&h=140&w=231&c=1&s=0)
.png&h=140&w=231&c=1&s=0)
_page-0001.jpg&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
