Government pushes ahead with controversial telco security bill

Attorney-General George Brandis yesterday introduced in the Senate a bill to implement the government’s Telco Sector Security Reforms program.

The TSSR bill — Telecommunications and Other Legislation Amendment Bill 2016 — has previously been the subject of a public consultation, with the government releasing two exposure drafts. The telco industry expressed concerns over both exposure drafts.

The bill is intended to ensure that Australia’s telecommunications infrastructure remains secure from threats such as espionage, sabotage and foreign interference.

The security framework introduced by the bill will “formalise the relationship” between government agencies and carriers, carriage service providers and carriage service intermediaries “to achieve more effective collaboration on the management of national security risks,” states the bill’s explanatory memorandum.

The legal regime introduced by the proposed regulation will require telcos to “do their best to protect telecommunications networks and facilities from unauthorised interference, or unauthorised access, for the purposes of security,” the bill states.

Telcos will be required to advise the government ahead of time of changes to their networks or facilities that may have an impact on their security, including plans to provide new services, procuring certain types of equipment or entering outsourcing arrangements. Instead of individual notifications of changes, a telco may submit a security capability plan that will outline multiple proposed changes they intend to make.

The government through the attorney-general may direct a telco to either undertake or not undertake certain actions.

For example, the attorney-general “may give the carrier or carriage service provider a written direction not to use or supply, or to cease using or supplying, the carriage service or the carriage services” if they are considered “prejudicial to security”.

If the bill is passed, the attorney-general may “give a carrier, carriage service provider or carriage service intermediary a written direction requiring the carrier, provider or intermediary to do, or to refrain from doing, a specified act or thing within the period specified in the direction.”

The proposed legislation could potentially see the government overriding a telco’s choice of equipment vendor or network design decisions.

There have been some changes between the second exposure draft and the current bill. For example a requirement on telcos to “do the carrier’s best or the provider’s best to protect telecommunications networks and facilities from unauthorised interference or unauthorised access to ensure” the security of networks and communications is slightly tweaked to cover “telecommunications networks and facilities owned, operated or used by the carrier or provider”.

Another changes is that the Attorney‑General’s Secretary when employing a power to gather information to assess possible non-compliance with the legislation “must have regard to the costs, in complying with any requirement in the notice, that would be likely to be incurred by the carrier, provider or intermediary”. A further change allows telcos to be reimbursed for the cost of copying documents sought by the government.

“Australia’s national security, economic prosperity and social well-being increasingly depend on the security and resilience of telecommunications services,” a statement issued on behalf of Brandis and communications minister Senator Mitch Fifield said.

“This is why the Government, with the benefit of input from key telecommunications stakeholders, has developed this important legislation, which provides greater certainty for the industry and better protects telecommunications networks from national security threats.”

The government said the Parliamentary Joint Committee on Intelligence and Security will hold a public inquiry into the bill.