Labor and Coalition agree to encryption "compromise"

Australia’s two main parties have agreed to “compromise” on the encryption-busting bill that is currently before parliament.

“This compromise will deliver security and enforcement agencies the powers they say they need over the Christmas period, and ensure adequate oversight and safeguards to prevent unintended consequences while ongoing work continues,” shadow Attorney-General Mark Dreyfus said in a statement.

It is understood that the compromise will see the term “systemic weaknesses and vulnerabilities” defined in the legislation for the first time.

The most serious type of notice - the technical capability notice or TCN - would have additional oversight, requiring both the Attorney-General and Communications Minister to sign off.

Where the recipient of the TCN disputed its legality on system weakness grounds, it would be reviewed by a two-person panel consisting a former judge and a technical expert, iTnews understands.

A TCN compels the target “to build a new capability that will enable them to give assistance” to law enforcement or the government.

Critics worry this will compromise the security of all users, while the target will not be permitted to tell anyone about the nature of the capability they have built for law enforcement.

In addition, as Labor had proposed last week, the bill will be confined initially only to serious offences, likely terrorism and child exploitation.

It was unclear whether both federal and state law enforcement agencies would be able to make use of the powers, if they passed. This was a key sticking point in the negotiations over the past 24 hours.

The compromises are likely to be laid out in full on Wednesday morning when debate on the bill is listed to resume.

It is still not a complete certainty that the agreed parts of the bill can be passed, as it will still need the stamp of approval from the Parliamentary Joint Committee on Intelligence and Security (PJCIS).

The PJCIS has been a battleground for the past fortnight, with the government launching sustained attacks on the process in a bid to have it wrap-up early and pass the encryption-busting laws with few amendments.

The government has previously only made minor concessions on the bill, despite large-scale concerns raised by all parts of the technology sector, as well as by privacy and security experts and law bodies.

Dreyfus framed Labor’s compromise as “responsibly improving national security legislation” and said the government had made “made important concessions on its earlier position”.

Still, Labor indicated a willingness to pass a bill it knew had serious flaws. It was unclear how these flaws could be mitigated if portions of the bill pass.

“The PJCIS will continue its scrutiny of the bill into 2019, allowing for outstanding concerns to be worked on and further amendments introduced in the new year if necessary,” Dreyfus said.
“Let me be clear – this bill is far from perfect and there are likely to be significant outstanding issues.”

Update, 6.38pm AEDT: Attorney-General Christian Porter said that the definition of "systemic weakness" is still being worked out.

"That is a very complicated definition. I’m not going to try to recite it to you here," Porter told a news conference.

"In fact, the final drafting is being done with Labor by way of negotiation on that at the moment, but it is as it sounds. It is a weakness that would affect all applications on all devices at any given single point in time."

Porter also refused to say how law enforcement planned to use the new powers.

"My instructions from our intelligence agencies is to not give examples on the types of things that might or might not be requested," he said.