Australian carriers try to head off government telco security bill
Sys admin/attorney-general George Brandis not welcome in the data centre
Australian attorney-general George Brandis' plans to turn his department into a national telco chief security officer are to be carpet-bombed by a coalition of industry groups opposing the proposed laws.
In a submission leaked to the ABC and The Australian Financial Review and since sighted by The Register, a bunch of industry groups led by the Communications Alliance is warning that the Telecommunications and Other Legislation Amendment Bill 2015 is a dangerous mess.
The joint submission will carry the imprints of the Communications Alliance, Australian Industry Group, the Australian Information Industry Association, and the Australian Mobile Telecommunications Association.
Both the telco industry and business at large are worried that there aren't any benefits offsetting the costs, or that would “justify the intrusion” into carriers, service providers, and their intermediaries.
As The Register has already reported, a requirement for a carrier to get a bureaucrat to rubber-stamp changes to its network has the potential to kill innovations like software-defined networking (SDN) and network function virtualisation (NFV) stone dead.
The implications of such a move go far beyond bureaucratic lead in the telco's saddlebags: Australia also has significant academic input into SDN development, with most major universities conducting research into the technology.
George Brandis, Cisco Certified Systems Engineer?
Happy, they ain't. The submission ticks off transparency (there isn't any), restraint (the government wants intrusive powers), justification (somehow overlooked in Canberra), consultation (absent), costly (like site-filtering and metadata before it), and protection for carriers against civil litigation (missing).
The legislation, the groups are going to tell the government, will disrupt new networks technologies, deter tech investment in this country, and would reduce the availability of telco infrastructure.
The submission notes that the AGD can act unilaterally, telling carriers what to do with their networks without consultation, and the legislation lacks any back channel so carriers can say “if you have to do this damn silly thing, don't do it in this damn silly way” (to quote Sir Humphrey Appleby).
As the bill now stands, telcos also have to hand over whatever documentation the secretary of the Attorney-General's Department (AGD) might ask for, with no limit on how long the AGD can keep that information, nor any constraint on how or with whom the department might share that information.
The submission states that the cost of implementing the legislation “will be added to the already substantial imposts” arising from the government's data retention scheme, its online copyright notice scheme, and its just-passed-through-parliament Turnbull filter.
It seems, to The Register's reading of the draft submission, that the AGD has about as much clue in relation to the telco security legislation as it has exhibited in its data retention implementation, with complaints that department hasn't explained what's so broken that it needs fixing, nor how turning over network designs to AGD's lawyers will reduce the risk of espionage.
Even the clueless laws passed in New Zealand, which have left university research network REANNZ unplugging SDN while it waits for its local spooks to decide whether innovation is legal, is held up as better than what Brandis's minions have managed.
The Telecommunications (Interception Capability and Security) Act 2013 at least limits what the industry needs to give the Government Communications Security Bureau, the submission says.
Speaking to the Australian Broadcasting Corporation, Greens senator Scott Ludlam pointed out that carriers probably have a better grasp of the technical requirements of national security than governments.
“I think the last thing we would want to see is Commonwealth bureaucrats telling computer security experts who run these big telecommunications companies how to run their networks and their data centres”, he said.
Ludlam also told the ABC he would like communications minister Malcolm Turnbull to intervene in the legislation. ®
Sponsored: Becoming a Pragmatic Security Leader