Telecommunications Sector Security Reform (TSSR)
advertisement
HOPE REWARD OPPORTUNITY Australian Government-Attorney General Department Telecommunications Sector Security Reform (TSSR) Initiative, July 2015 From: Selva (Kidnapillai Selvarajah) Remarks: My views expressed in this submission do not necessarily reflect the views of my past employers or present employer or any other community or voluntary organisations that I am currently involved. Note: This submission can be made to the public after removing my residential address Due Diligence -> Submission Summary The role of the government should be always both as a Facilitator and Enabler of the Technological Innovation in the Telecom Market By enacting this TSSR package, apparently an attempt has been made to redefine the role of the government in a competitive telecom market Whilst the national security has been challenged by the technological innovation however TSSR is not the best way to address such challenge in today’s context Telecommunications Act 1997 was amended in 2004 to provide a power for the Attorney-General to direct a person to prevent or cease the supply of a telecommunications service on national security grounds. It has not been used so far. Law enforcement agencies already have enough powers to access telecom data, issue data preservation notices and seek a warrant to intercept communications. Based on simple analysis using the G-TIPS model(Government(TSSR) = f(T,I, P,S)), it seems we have not tried to strike a right balance among the parameters, viz, Technology, Innovation, Privacy, and Security in this reform package TSSR will not enhance the $45billion Telecom industry to attract more investment TSSR package will hinder technological innovation in the market Cloud computing and big data will be discouraged if we proceed with this reform Apparently, the intent of the TSSR is just to give more intrusive powers to a few government security agencies. According to Article 17 of the United Nation’s International Covenant on Civil and Political Rights, everyone has the right to privacy and protection of the privacy by law. Did we consider in this TSSR initiative? I strongly believe that Regulatory Impact Statement (RIS) has not taken into account the full impact of the regulatory cost relating to this reform package We have tried to provide invasive powers for Government via this reform to intervene in the commercial operations of telecom operators, probably not seen in any Liberal Democracy in the modern internet society Finally, are we trying to invent a new role for the Government in the competitive telecom market by enacting this package as a Legislation? Exposure Draft: Telecommunications and Other Legislation Amendment Bill 2015 An Individual Submission for Consideration Background: The Parliamentary Joint Committee on Intelligence and Security (PJCIS) undertook a review of potential reforms to Australia’s national security legislation and published its Report of the Inquiry into Potential Reforms of Australia’s National Security Legislation. I have made an individual submission to this inquiry and made my concerns known to the members of the committee. Following the public consultation process, the PJCIS recommended that Government amend the Telecommunications Act 1997 to establish a security framework to protect the Australia’s telecommunications infrastructure. The joint media statement released by both the Attorney-General and the Minister for Communications stated that Australia’s economic prosperity and the wellbeing of our people are heavily dependent on the telecommunications networks and data flows across them. Therefore both believe that it is vital to maintain the security and resilience of the telecommunications networks. The main intent of this proposed legislation will require telecommunication carriers, carriage service providers and carriage service intermediaries (C/CSPs) to protect their networks from unauthorised access and interference. It will also provide government with new regulatory powers to request information and to issue directions to help promote compliance. It will formalise and enhance existing information sharing and relationships between Government and C/CSPs to ensure greater consistency, transparency and accountability for managing national security risks across all parts of the telecommunications sector. Role of the Government: Continued unprecedented technological development, driven by cloud-based services and the introduction of more powerful smart phones, sensors, big data and Internet of Things (IoT) is set to accelerate the technological development and the world has become a Networked Society. The Telecom Market has seen the role of the government both as Facilitator and Enabler in these technological advancements and innovation. By considering the move of the government to amend the Telecommunications Act 1997 to strengthen the current framework for managing national security risks to the Australian Telecommunications Network, I doubt whether the government is trying to redefine its role in the telecommunications Sector. We agree that the national security has been challenged by the technological innovation but I still question whether the proposed Telecommunications Security Reform Initiative is the BEST way to address this challenge, violating individual Privacy and deterring Innovation by the Telecom Operators and thereby hindering the overall development of the Telecom and Information Technology Sectors. Have ever thought this before embarking our journey in this TSSR initiative? Telecommunications Act 1997: Due to the enactment of the Telecommunications Act 1997, the telecom sector has gone through a spectacular development and advancement in Australia. The post July, 1997 telecom regulatory framework for the Australian telecommunications industry could be described as technology neutral, market-driven and emphasising a form of self-regulatory framework. The Telecommunications Act 1997 was amended in 2004 to provide a power for the Attorney-General, in consultation with the Prime Minister and Minister for Communications, to direct a person to prevent or cease the supply of a telecommunications service on national security grounds. Since its enactment, the power has not been exercised. As per Attorney-General Department notes, our Security agencies rely on the power in section 581(3) as a basis for engagement and encouraging cooperation. The government believes that this approach is risky for numerous reasons and involves often lengthy and costly engagement (for both Government and industry) on a case-by-case basis. Recently enacted the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2014 will force telecommunications operators and internet service providers (ISPs) to collect and store for two years an enormous amount of data about their customers' communications. If you scan through the public consultation and the submission made PJCIS, the majority of the stakeholders are against all these changes in the law. Even media has reported that even the normally docile Inspector-General of Intelligence and Security has flagged concerns about these expanded powers last year. I believe the only people pushing for these amendments are a small set of government agencies. It is to be noted here that the law enforcement agencies already have the power to access telecommunications data, issue data preservation notices and seek a warrant to intercept communications. With the passing of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2014, they also have data retention powers. We believe that even they have extraordinary powers, and received more “Special Intelligence Operations” provisions which makes it legal for ASIO officers to break the law, including lying to Parliament and the courts. No tangible evidence has been provided as to why any these new powers are actually necessary, including interfering the commercial operations of the telecom networks. Further, it is still not clear why the existing legislative provisions are insufficient and why we really need this current Telecommunications Sector Security Reform Initiative? The current TSSR would have an impact on the Telecom Industry that has an annual turnover around $45Billion. We hope the intention of TSSR is to enhance $45billion industry to attract further investment but not interfere in the commercial operations of the network. G-TIPS Model: The Government should always try enact any technology related legislation by considering the impact on at least four vital parameters, viz, Technology (T), Innovation (I), Privacy (P) and Security(S). It is very hard to compromise among these parameters when addressing the national security and related risks, but we believe we should be able to strike a right balance in this regard. Let us analyse the major provisions of the reform package using this simple but logical model G(TSSR) = f(T,I, P,S) that could be used to arrive at a conclusion whether this new legislation really striking the right balance required to mitigate the national security risks arising out from the telecommunications networks. Technology and Innovation: Technology and Innovation can be frustrating to watch in action. We have seen the Australian Telecommunications Networks have been continued to adopt new technologies in the market, launching innovative products and services. The ability to innovate has become a top priority for telecom operators in the Australian market. The speed at which innovation occurs is accelerating, and consumers are hungry for the new products, services and experiences coming their way. The responsible government should recognise the competitive nature of the Telecom business. At present, due to the fierce competitive nature, the telecom market presents considerable challenges to telecom operators. The major telecom operators, viz Telstra, Optus and Vodafone have been looking at the ways to reduce the costs without degrading the quality of service provided to the consumers. When there are cost pressures and telecom operators tend to look for options such as outsourcing and how this is feasible under the proposed TSSR package? The scope of telecom market innovation has also expanded. It is no longer just a case of pushing products out of the market but, rather, of creating value for customers by personalising the entire customer experience. So forging an organisational culture that promotes technological innovation, getting closer to customers to find out what they really want and directing your innovation accordingly, is more important than ever. We wonder whether telecom operators will have free hands for these types of market innovation whilst tolerating the interference of the bureaucrats attached to the Attorney-General Department who are expected to control the global supply chain for Telecommunications equipment. Do we have any qualitative and quantitative analysis on the impact of the TSSR in terms of new technology introduction, outsourcing options, innovation in products and services and choosing only particular type of vendors(I guess the Australian government probably would not like to have a particular vendor/vendors due to geo-political reasons) in the supply of equipment? I have extracted some data from the web site of the Department of Prime Minister and Cabinet re the Regulatory Impact Statement (RIS) that was prepared by the AttorneyGeneral’s Department and assessed as compliant and consistent with best practice by the Office of Best Practice Regulation (OBPR). The RIS estimates the average annual additional regulatory cost to be $220,000 a year and identifies offsets. The OBPR has agreed to the regulatory cost and offset estimates. I strongly believe this RIS cost of $220,000 has not taken into account the full regulatory impact of the proposed by this legislation. Privacy and Security: Advances in communications technology, including the internet access, have dramatically changed the way we collect and use our personal information. Our personal data can be transferred universally and more rapidly now than ever before. This has influenced the way we perceive about our individual privacy and the protection of our personal records. The expectations relating to individual privacy have exponentially increased. It is the duty of any government to seriously look into this enhanced expectation of the citizens safeguarding the individual privacy. With the enactment of the Telecommunications (Interception and Access) Amendment (Data Retention) Act 2014, we have expanded the ability of our law enforcement agencies to monitor various forms of communications activities including online internet access would harm individual privacy, anonymity, and free expression. According to Article 17 of the United Nation’s International Covenant on Civil and Political Rights, everyone has the right to privacy and protection of the privacy by law. It would become a hindrance for us to use the various technologies to undertake our legitimate tasks on a daily basis. I would like to pose a few thoughts on the privacy and the national security that could be relevant to this TSSR package: Will the imperatives of individual privacy and national security be reconciled after enacting this package? Is it possible to enhance national security by regulating the global supply chain of the telecommunication equipment? Will this TSSR package conducive to the Coalition government BIG Data idea and the Digital Transformation Office Initiative to conduct the affairs with citizens via electronically? Will the TSSR override our civil liberties in favour of national security after the enactment? Will the proposed reform package protect our civil liberties that are part of any Liberal Democracy? I believe the Coalition government in particular the current Minister for Communications Malcolm Turnbull MP have had a strong view that the measures such as Internet Filtering intended to provide a safe online passage protecting our kids could end up tarnishing the internet freedom that we have been enjoying. It seems that current TSSR package is worse than the introduction of Internet Filtering and I wonder how we still going ahead with this reform. Conclusion: Australians always have the view that national security always paramount importance to conduct their socio-economic life unhindered. We acknowledge the importance of the objective of protecting Australian telecommunications networks and the date flows across them. We should recognise that the owners of the telecom infrastructure have a strong interest and demonstrated expertise in ensuring Australia’s Telecom networks are secured and resilient not only in providing the services to their consumers but also supporting the other critical infrastructures. The proposed Telecom Security Reform Package goes too far in the name of national security by creating wide-ranging powers for a few security agencies and AttorneyGeneral Department to intervene in the affairs commercial operational decisions such as outsourcing, buying equipment and choosing equipment vendors and requesting commercially sensitive information from vendors involved in the telecommunications industry. Telecom Operators normally sign NDA (Non-Disclosure Agreement) with vendors who are contracted to supply the equipment and services for the smooth functioning of the telecom networks. By enacting this TSSR package, we are creating another LAYER of UNWANTED COMPLEXITY for the telecom operators. Probably, we have tried to create intrusive powers for Government to intervene in the commercial operations of telecom operators, not seen in any Liberal Democracy in the modern internet society. Not last but least, we are we trying to invent a new role for the Government in the competitive telecom market via this reform. All the Stakeholders except a few government security agencies have not convinced that there are sufficient grounds to warrant the proposed TSSR initiative. The costs and intrusion into the commercial operations of Australian telecommunications operators and their equipment vendors that they represent would be staggering. Do we really need this package? Thank you.
