Optus warns decryption bill contains 'unfettered' power

Optus has issued a blunt warning about “unfettered” power that proposed decryption laws could hand authorities to unilaterally change or revoke voluntary cooperation agreements without consultation.

In a submission [pdf] to the Department of Home Affairs, Optus largely avoids the wider issues that the decryption bill raises.

These, it says, are “ultimately a matter for Government to find the right balance between … the extension of the power of the state over the individual; the associated tension with privacy principles and civil liberties; and the utility of the access to communications for law enforcement and national security agencies”.

However, Optus was unhappy with aspects of the bill including a lack of consultation with the subject of a request or notice.

It wants mandatory consultation to be included at all stages to prevent agencies from going overboard, particularly in specifying what may or may not be technically feasible.

Optus is also concerned that law enforcement is afforded too much discretionary power, particularly when it comes to the voluntary “technical assistance requests” that can be served.

“If the power of the authorised person to vary a technical assistance request is unfettered, then a service provider is faced with the risk that a variation can be made without prior consultation, leaving it with a commitment to provide assistance it may not have agreed to in the first instance and that it does not have the capability to perform,” Optus said.

It said the unannounced variation could be costly, technically complex or impossible, or break the functioning of Optus’ network.

“Any one of these factors could alter the balance of the service provider’s original decision to enter into a voluntary agreement and could, in fact, place the service provider in the difficult circumstance of having to meet agreed or contracted commitments which have been unilaterally varied,” it said.

Similar powers exist for the authorities to unilaterally revoke a request, again without consulting the service provider or other party affected by it.

Optus said it also wants the government to come up with a standard form of contract that can be used in all agreements made under the laws (assuming they pass).

Importantly, Optus said it did not want to provide voluntary assistance “in advance of commercial contracting arrangements being agreed and settled”.

It is unclear in the legislation when a telco that struck a voluntary agreement would have to begin implementing it.

Expense and distraction

Optus warned that compliance with the decryption laws was likely to be an expensive and time-consuming proposition for telcos.

The costs of maintaining its existing internal law enforcement liaison unit were already “substantial”, without the significant imposition of the proposed decryption laws.

Optus also warned that its forward plans could be thrown into disarray by the decryption laws, if passed.

“Optus already has major commercial, IT and network programs in flight and which are scheduled for implementation over the next three years,” it said.

“In practical terms, the assistance regime may disrupt these plans.

“Optus will need to stand prepared to initiate significant scoping and compliance programs in response to this assistance regime.”