AARNet warns of 'draconian overreach' in telco regulation

Security concerns shouldn't stifle innovation says research network

Australian attorney general George Brandis by https://www.flickr.com/photos/cebitaus/ cc 2.0 attribution https://creativecommons.org/licenses/by/2.0/
Australia's aspiring netops-in-chief, Attorney-General George Brandis

As the deadline for submissions on the Australian government's telecom security legislation approaches, concerns are emerging at the potential for the laws to stifle innovation.

The laws, introduced to Federal Parliament late in June, are designed to make sure that telecommunications carriers protect their infrastructure against both physical and network attacks.

Peter Elford, government relations director at the Australian Academic and Research Network (AARNet), told The Register the starting point for all carriers is in the Communications Alliance's response to the bill.

“We have a set of common concerns … there's a lot of concern about the reach that the legislation puts in place,” Elford said.

However, from a specifically-AARNet point of view, Elford said “we're really concerned about potential unintended consequences”, adding that the research network does not want to end up in a similar position to its New Zealand counterpart, REANNZ.

That organisation has had to suspend its work on software-defined networking (SDN) while it waits for the New Zealand government to decide how much detail it needs on changes to the network under its security legislation. That's because the intention of SDN is to allow networks to be reconfigured in minutes instead of hours, and to do so automatically in line with policy rather than after human intervention.

“The devil is always in the detail,” Elford said. Original drafts of what is now the Telecommunications and Other Legislation Amendment Bill 2015 made a distinction between “high priority” and “low priority” engagements.

That phrasing appears designed to distinguish between different levels of risk – a carrier like Australia's dominant telco Telstra has a vastly different risk profile than AARNet.

Without any of the proposed regulations that the government would attach to the bill, it's not possible to tell whether the government intends to retain that distinction.

“The overreach is potentially quite draconian, without the guidelines or implementation processes,” Elford told Vulture South.

The problem, here as in New Zealand, is that AARNet doesn't want to have to slow down the pace of change to “the pace that the regulator is capable of digesting.

“A research and education network is going to want to deploy and make changes … at a rate much higher than a commercial carrier. The sort of things we're doing are likely to be new and innovative by definition.”

Larger carriers, Elford said, are themselves “aghast” that “the government could reach in and turn off a service. If [technology like SDN] is going to get a researcher to an answer faster, our obligation is to make that possible.”

The industry has until the end of July to assemble its responses to the legislation. ®

Sponsored: Detecting cyber attacks as a small to medium business

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER




Biting the hand that feeds IT © 1998–2020