Review of the Telecommunications and Other Legislation Amendment Bill 2016 (CTH)

On 9 November 2016, the Attorney-General, Senator the Hon George Brandis QC, asked the Parliamentary Joint Committee on Intelligence and Security (PJCIS) to inquire into the Telecommunications and Other Legislation Amendment Bill 2016 (Cth) (The Bill), introduced into the Senate on 9 November 2016.

Overview of the Bill

The Bill will amend the Telecommunications Act 1997 (the Telecommunications Act) to strengthen the current framework for managing national security risks to Australia's telecommunications networks. According to the Attorney-General, national security risks in the form of espionage, sabotage, and foreign interference can arise in the global supply chain for telecommunications equipment, services, or the outsourcing of sensitive network management functions. It is vital that these security risks are managed to protect the availability and integrity of telecommunications networks and systems and the confidentiality of information stored and carried on these networks and systems.

The Bill formalises and enhances existing information sharing and relationships between government and telecommunications carriers and carriage service providers (C/CSPs) to ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector. Key elements of the Bill include:

• establishing a security obligation, applicable to all C/CSPs requiring them to do their best to protect their networks from unauthorised access and interference;
• requiring carriers and some carriage service providers to notify security agencies of planned key changes to networks and services that could compromise their ability to comply with the security obligation;
• empowering the Secretary of the Attorney-General's Department to request information from C/CSPs to monitor compliance with the security obligation;
• providing the Attorney-General with a power to issue a C/CSP a direction requiring them to do or refrain from doing a specified thing to manage security risks; and
• expanding the operation of existing civil enforcement mechanisms in the Telecommunications Act 1997 to address non-compliance with the security obligation, notification requirement, information requests and directions.

Amendments Made to Drafts Following Public Consultation

Two rounds of public consultation were held between June – July 2015 and November 2015 – January 2016, respectively. A number of changes have been made to improve the operation of the proposed legislation in response to this feedback, including:

• The scope of the security obligation to protect telecommunications networks from unauthorised access and interference has been clarified and narrowed;
• The power to issue directions to C/CSPs has been vested in the Attorney-General instead of the Secretary of the Attorney-General's Department;
• The threshold for the exercise of the directions powers has been increased;
• Additional safeguards have been added to the exercise of the directions powers by the Attorney-General;
• Limitations have been placed on the Secretary’s ability to delegate the information gathering power to the Director-General of ASIO;
• Additional safeguards have been included to protect the confidentiality of commercially sensitive information obtained through the exercise of the information gathering power;
• Directions issued by the Attorney-General (including the existing direction power to cease a service) will now be reviewable under the Administrative Decisions (Judicial Review) Act 1977;
• The operation of the notification requirement will now be clearer, more transparent and impose less regulatory burden on industry;
• The implementation timeframe will be increased from six months to 12 months from Royal Assent;
• The scope of the obligation to protect networks or facilities has been limited to networks or facilities owned, operated or used by a carrier or C/CSP;
• The Bill clarifies that effective control and competent supervision relates only to networks and facilities owned or operated by the provider;
• The requirement for intermediaries to maintain effective control and competent supervision over networks and facilities has been removed;
• The scope of obligations of intermediaries has been limited so they apply only to networks or facilities used to supply the carriage services arranged by an intermediary;
• The Bill now specifies that the Communications Access Coordinator will respond to notifications within 30 days and capability plans within 60 days;
• The timeframe for affected parties to provide a submission after a written notice of direction to do, or refrain from doing a specific thing, has been increased;
• Under information gathering powers, companies will now be able to provide copies of documents, and also be entitled to reasonable compensation for complying with a requirement to provide a copy of a document;
• The Secretary of the Attorney-General’s Department is required to have regard to the likely cost to comply with an information gathering request before issuing that request; and
• Confidentiality requirements have been expanded to protect the confidentiality of commercially sensitive information or documents provided in individual notifications or security capability plans.

Current Review of the Bill

The Bill will place obligations on telecommunications carriers, carriage service providers and carriage service intermediaries to protect networks and facilities to ensure the confidentiality of communications and information, as well as to ensure the availability and integrity of networks and facilities. This security obligation will be supported by a requirement for industry to provide information to government, powers of direction and a penalty regime to encourage compliance. The PJCIS has previously recommended telecommunications sector security reforms in its June 2013 Report of the Inquiry into Potential Reforms of Australia's National Security Legislation and its February 2015 Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014.

Submissions are due to the PJCIS by 3 February 2017 and they expect to make their final report in April 2017.

TimeBase is an independent, privately owned Australian legal publisher specialising in the online delivery of accurate, comprehensive and innovative legislation research tools including LawOne and unique Point-in-Time Products.

Telecommunications and Other Legislation Amendment Bill 2016 [CTH] and Secondary Materials as reproduced in TimeBase LawOne

Attorney-General (CTH) Draft Materials

Joint Committee Review