There have been some new and interesting developments on the Assistance and Access Bill (2018), which I think are important to communicate. Despite a growing list of concerns with the bill as it stands, Prime Minister Morrison and Minister Dutton continue to call for the bill to be passed, with pressure being put on the PJCIS to recommend that it be passed before the end of parliamentary sitting time in 2018. ITPA has joined with a number of other technology industry groups to insist that the PJCIS does not rush to recommend the bill.
Thursday 15 November was meant to be the last day that Australians had to opt out of My Health Record, a national online database of patient health information with serious flaws. (Check our previous article for what was wrong with it.) The flaws within My Health Record were so bad that last week it emerged that the Privacy Commissioner for the Australian Digital Health Agency (which is responsible for My Health Record) quit last month, apparently leaving the organisation out of frustration that privacy and security concerns she had raised were being ignored by senior management.
I’m sorry if this is starting to sound repetitive, but there’s still a determined attack by our federal government on online security, and it’s important that we don’t let the fight drop off as we tire of it. Since I last wrote on the topic, the first public hearing has been held by the PJCIS. Of the eleven members of the committee, four were in attendance — two from each major party. A number of people presented to the committee — you can see the full transcript in the Hansard record.
As we noted in our last newsletter, Minister Dutton pushed a barely modified version of the proposed “Assistance and Access Bill 2018” into parliament barely 10 days after the Department of Home Affairs’ consultation period ended. Minister Dutton claimed, “The government has consulted extensively with industry and the public on these measures and has made amendments to reflect the feedback in the legislation now before the parliament” — a claim that ITPA and many other concerned organisations take exception to, and the modifications to the Bill clearly did not take into account the very large amount of feedback that the department received.
Barely a week after the Department of Home Affairs consultation period closed, Minister Dutton has pushed into parliament a version of the Assistance and Access Bill 2018 with only minor changes. This was then referred to the Parliamentary Joint Committee on Intelligence and Security (PJCIS), which is now running its own consultation period, closing on 12 October 2018. You can see the details here. It seems odd to us (and many other groups with expertise in this area) that all of the submissions to the original consultation could have been appropriately considered within the incredibly short time frame between the consultation closing and the bill being introduced to Parliament. Certainly, the level of changes (removing protecting government revenue as a reason for action under the bill) indicate that the vast majority of the feedback (our submission is here; a list …
A few weeks ago, the federal government’s Department of Home Affairs requested comments from the public on a draft of ‘The Assistance and Access Bill 2018’ — a bill designed to allow law enforcement agencies to gain access to communications and information previously not available to them due to encryption technology. As we noted, we intended to make a submission to the government on this bill. You can read the details of our submission below. In summary though, the bill, in its current form, will have a dire impact on internet privacy and potentially even e-commerce, all without actually achieving its stated goals — because criminals will simply move to using software not subject to this law.
From as far back as April 2016, the federal government has been talking about the trouble that encryption causes for law enforcement. In June 2017, the then Attorney-General George Brandis started talking about governments globally working to find ways to “break into” encrypted communications by working “with” the companies that provide end-to-end encrypted communications tools such as WhatsApp, Signal, Telegram, Viber, but not by introducing flaws or backdoors into the apps. Over the last 18 months or so, various comments were made by government representatives around breaking encryption — and fast forward to August 2018, we now have a proposed bill to be introduced into parliament — The Assistance and Access Bill 2018.
My car stereo died recently. “What does this have to do with ITPA?” I hear you ask. The tl:dr version — I spent a lot of time, effort and money to save a few dollars instead of engaging a professional, and had to do so without a network of experts available to me to help me pick good advice from bad and to warn me of the pitfalls.
One of the biggest IT issues ongoing at present is the Australian Government’s My Health Record project. It was designed as an opt-in service, where you would have to explicitly provide a healthcare provider with authority to create a record on your behalf. The primary benefit of the service was that a ‘single source of truth’ copy of your medical records (or a summary of them) would be available to any health provider nationally. So if you were away from home within Australia and required treatment, your records would be available to medical professionals, who would be able to learn your medical history, allergies etc, with the idea being that you would receive better and more appropriate medical care as a result. Unfortunately, the benefits of the service were not well sold to the public, and the percentage of people …