4 September, 2015
Telecommunications and Other Legislation Amendment Bill 2015 (Cth)
What you need to know
- The proposed Bill would amend the Telecommunications Act 1997 (Cth) to require carriage service providers to 'do their best' to protect networks and facilities from unauthorised access and interference, give information to security agencies about network changes and comply with directions given by the federal Attorney-General's Secretary, who will be the regulator under the new framework.
- The industry body, the Communications Alliance, has come out to publicly reject the proposed Bill, describing it as draconian and giving government unjustifiably significant additional and intrusive powers.
- If enacted, the Bill will introduce another layer of regulation with a national security flavour on telcos, in an already densely regulated environment. Together with the recent data retention laws (discussed in the previous article), the Bill clearly establishes the government's focus on telcos playing a crucial role in protecting the national security.
What you need to do
- Public comment on the Bill closed on 31 July 2015. The Bill is due to be introduced into the Federal parliament before the end of 2015.
- Telcos should keep up to date on the progress of the Bill and, if necessary, ensure internal systems and processes are in place that would allow them to comply with the new obligations.
On 26 June 2015, the Federal Government released an exposure draft of legislation to amend the Telecommunications Act 1997 (Act) and related legislation in the wake of recommendations by the Parliamentary Joint Committee on Intelligence and Security to establish a new security framework to manage national security risks to Australia's telecommunications networks.
The Telecommunications and Other Legislation Amendment Bill 2015 (Cth) (Bill) would broaden the current security obligations under the Act, create notification obligations for carriers, carriage service providers and carriage service intermediaries (CSPs) and provide the Secretary of the Attorney-General's Department (Secretary) with broad regulatory powers.
High level overview
The proposed Bill will introduce three key changes:
- Firstly, the proposed Bill would broaden the current security obligations under the Act and oblige CSPs to 'do their best' (ie take all reasonable steps) to protect their networks and facilities from unauthorised access and interference, in addition to the existing obligation to do so to prevent offences. According to the explanatory memorandum for the Bill, this is intended to require CSPs to actively manage national security risks, by maintaining 'effective control' (ie direct authority and contractual control) and 'competent supervision' (ie technically proficient oversight) of its networks and systems.
- Secondly, the proposed Bill would require CSPs to notify ASIO and the Attorney-General's Department of any key changes to networks that could affect their ability to comply with the new national security obligation (ie providing a new telecommunication service, changing the location of certain network facilities or entering into arrangements to outsource services).
- Finally, the proposed Bill would confer on the Secretary broad intervention and information-gathering powers, including the power to request information relevant to potential breaches. The proposed Bill would also enable the Secretary to give a written direction to CSPs to do or not do certain things where there is a risk to national security, to the extent required to directly reduce or eliminate the risk. The Secretary will enforce compliance by using civil penalties.
To date, the proposed Bill has not received a favourable response from industry.
On 22 July 2015, the telecommunications industry body, the Communications Alliance, criticised the proposed Bill in a number of respects, including describing the direction and information-gathering powers as draconian and giving government unjustifiably significant additional and intrusive powers.
Communications Alliance CEO, John Stanton, said 'the telecommunications industry is feeling a little punch drunk at the moment with the number of national security initiatives that have been impacting their business and costing them additional money in compliance'. The Regulatory Impact Statement for the proposed Bill estimates the total cost to industry at $558.4m, with costs for each telco estimated to be at least $184,000 per year.
In response, Federal Communications Minister, Malcolm Turnbull said on the same day that, 'we're extremely sympathetic to their [the telcos'] concerns … that [the proposed Bill] is too heavy handed … we will work very constructively with the telco sector to ensure we get an outcome that is workable and practical'.
Public comment on the Bill closed on 31 July 2015. The Bill is due to be introduced into the Federal Parliament before the end of 2015, but is expected to be first subject to parliamentary committee inquiry before introduction.
It remains to be seen what changes may come from the public consultation on the proposed Bill. It is clear that the Federal
Government has its eyes firmly set on increasing protection of national security and that it sees telcos playing a crucial role in doing so. But at what cost? In the meantime, telcos should monitor the progress of the proposed Bill given its likely far-reaching impact.
For further information, please contact:
Robert Todd, Partner, Ashurst