Home affairs minister Peter Dutton has been accused of rushing legislation that tech companies say could have the effect of weakening encryption, privacy and security of all Australians.
Shortly after the House of Representatives passed tough new anti-food tampering legislation on Thursday morning, and just before the house debated whether to pass a motion of no confidence in Dutton over the au pairs scandal, the home affairs minister introduced the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018.
The swift introduction of the legislation came as a shock to both the technology sector, Labor and the Greens.
It was just 10 days after submissions closed on the draft legislation, and just over a month after that draft was first released.
The legislation if passed would force tech companies to: remove protections on devices, give law enforcement agencies the design specs of their devices, install software on a device when asked, provide access to devices, and help agencies build their own systems.
The companies that would be most affected by the legislation, including Wickr, Facebook, Google and Amazon had all raised alarms that the requirements for companies to allow law enforcement agencies to exploit weaknesses in encryption to investigate serious crimes could also have the effect in creating vulnerability for law-abiding users, who rely on encryption for security and privacy online.
In his speech introducing the legislation, Dutton justified the proposed new powers by saying that more than 55% of communications intercepted by ASIO (Australian Security Intelligence Organisation) under warrant as of July last year was encrypted, compared with 3% in June 2013.
For the AFP (Australian Federal Police), the figure is more than 90%.
"The lack of access to encrypted communications presents an increasingly significant barrier for national security and law enforcement agencies in investigating serious crimes and national security threats," Dutton said.
"The AFP advise that encrypted communications have directly impacted around 200 operations conducted by the AFP in the last 12 months, all of which related to the investigation of serious criminal offences carrying a penalty of seven years imprisonment or more."
Dutton said the legislation was "reasonable and proportionate" and the government had "consulted extensively with industry and the public" on the legislation.
But the government has so far refused to publish all 14,000 submissions received to the exposure draft legislation. BuzzFeed News understands that the department contacted everyone who made a submission and told them that unless they opt in to having their submission published, it will not be made public.
On Friday afternoon, the department published some of the submissions, including from the Australian Human Rights Commission, the privacy commissioner, Telstra and Optus. The department noted that over 14,000 of the submissions were form letters from Digital Rights Watch, but it is believed some submissions have still not been made public.
Nicole Buskiewicz, the managing director of Digital Industry Group Inc (DIGI), which represents companies including Google, Facebook and Amazon in Australia, said the government is ignoring the voices of people who made a submission to the department.
"Given the seriousness of the issues raised by the bill and the potential adverse impact on the security of online communications generally, DIGI urges the government to increase dialogue with civil society and industry to find global solutions to the problems identified by the government to support law enforcement and security agencies in their goal of protecting citizens from harm," she said in a statement.
"We call on the government to undertake further consultation and to address the issues raised in the submissions provided."
Labor's shadow attorney-general Mark Dreyfus, shadow communications minister Michelle Rowland, and shadow minister digital economy Ed Husic, have also called for the government to not rush the legislation through parliament, labelling the decision to introduce the legislation so quickly a "mockery" and "unacceptable".
"It is simply implausible that Peter Dutton could have in such a short timeframe given due consideration to the widespread concerns when dealing with encryption that raised by industry and other stakeholders," the Labor MPs said in a statement.
"Instead, the government appears to have taken a tick and flick approach to an incredibly complicated bill, with potentially far-reaching consequence for the privacy and digital security of all Australians."
Labor noted that it took two years for similar UK legislation to be passed after the initial announcement of the legislation.
"It is vital that the government engages in proper consultation processes when introducing entirely new national security laws with the potential to impact every Australian who uses a phone or computer," they said.
Greens senator Jordon Steele-John said the short window between consultation and legislation being introduced meant there was no way the government had time to properly consider the feedback.
“This is massive government overreach and something we should all be extremely concerned about," he said. "It makes a mockery of our right to privacy, leaves us more vulnerable to cyber espionage and permanently weakens existing protections we all rely on to stay safe and secure online."
The legislation has not yet been debated in the House of Representatives, and Labor is pushing for the legislation to be examined by the joint standing committee on intelligence and security before it is voted on.
Dutton said amendments to the legislation had been made in response to the consultation, but he has not spelled out what specifically has been changed.
Josh Taylor is a Senior Reporter for BuzzFeed News and is based in Sydney.
Contact Josh Taylor at firstname.lastname@example.org.
Got a confidential tip? Submit it here.