9 August 2017
Today we announce the Government has accepted all recommendations of the Parliamentary Joint Committee on Intelligence and Security in its advisory report of 30 June on the Telecommunications and Other Legislation Amendment Bill 2016.
Extensive industry consultation has contributed to the development of this legislation. The Bill establishes a framework to better manage national security threats to the telecommunications sector, recognising the shared responsibility between Government and the telecommunications industry.
The proposed reforms create an obligation on carriers and carriage service providers to do their best to protect their networks from unauthorised access and interference. This includes providing early advice to Government of any changes to their network that may be of security concern, so that agencies can assess risks and cooperate with industry on mitigation strategies.
Telecommunications networks are a fundamental component of other critical sectors such as health, finance, transport, water and power. With the increasing threat of interference from malicious actors, including through cyber intrusions, protecting these networks is a priority of this Government.
The bipartisan Committee has recommended that the Bill be passed. The Government thanks the Committee for its hard work and careful consideration of the Bill.
The Bill will soon be debated in the Senate.
Recommendations of the PJCIS and the Government’s response:
Committee recommendation |
Response |
|
1 |
The Committee recommends that the administrative guidelines to the Telecommunications and Other Legislation Amendment Bill 2016 be revised to provide comprehensive information, clarity and certainty to industry in a greater range of circumstances. In particular, the revised administrative guidelines should provide further clarity regarding a company’s security obligation in circumstances where: § a company is providing or reselling an over‑the‑top service, § telecommunications infrastructure is used (but not necessarily owned or operated) by the company, § a company’s infrastructure is located in a foreign country, and used to provide services and carry and/or store information from Australian customers, and § a company provides cloud computing and cloud storage solutions. The Committee considers that inclusion of this additional information should be finalised prior to the conclusion of the 12 month implementation period. |
Accepted The Attorney-General’s Department will review and revise administrative guidance on the Telecommunications and Other Legislation Amendment Bill 2016, in consultation with industry to provide further information regarding a company’s obligation, in circumstances where: § a company is providing or reselling an over‑the‑top service § telecommunications infrastructure is used (but not necessarily owned or operated) by the company § a company’s infrastructure is located in a foreign country, and used to provide services and carry and/or store information from Australian customers, and § a company provides cloud computing and cloud storage solutions. Revised guidance will be developed within the 12 month implementation period. Such guidance will be kept under review noting that it will be most useful to industry if guidance is regularly updated in response to identified risks or trends in the security environment and ongoing feedback from industry and other stakeholders. |
2 |
The Committee recommends the Telecommunications and Other Legislation Amendment Bill 2016 be amended to clarify that, in circumstances where a broadcaster is exempt from being treated as a carriage service provider under the Telecommunications Act 1997, they are also not intended to be subject to the obligations set out in the Bill. |
Accepted The Government will amend the Telecommunications and Other Legislation Amendment Bill 2016 to clarify that its provisions do not apply in circumstances where a broadcaster is exempt from being treated as a carriage service provider under the Telecommunications Act 1997. |
3 |
The Committee recommends that the Attorney-General’s Department works collaboratively with industry to ensure effective and regular information‑sharing, in particular sharing threat information with industry, leveraging existing mechanisms where possible. These information-sharing mechanisms should ensure industry receives timely and tailored threat information to aid industry compliance. The Committee considers that these processes should be finalised prior to the conclusion of the 12 month implementation period. |
Accepted The Government will work collaboratively with industry to ensure effective and regular information-sharing (particularly in relation to threat information). It will identify relevant information-sharing mechanisms prior to the conclusion of the 12 month implementation period. Existing information sharing mechanisms may be utilised to facilitate or support effective information sharing. |
4 |
The Committee recommends that the administrative guidelines to the Telecommunications and Other Legislation Amendment Bill 2016 be expanded to provide greater detail about the existing list of notifiable items. This could be achieved, for example, by listing the sorts of changes that are envisaged to not require notification to the Communications Access Co-ordinator (CAC), as well as providing more detailed information about the sorts of changes that do require notification to the CAC. The Committee considers that inclusion of this additional information should be finalised prior to the conclusion of the 12 month implementation period. |
Accepted The Attorney-General’s Department will produce further guidance on notifiable items within the 12 month implementation period, noting that it will be most useful to industry if guidance is regularly updated in response to identified risks or trends in the security environment and ongoing feedback from industry and other stakeholders. The Government will also amend the Telecommunications and Other Legislation Amendment Bill 2016 to enable the Communications Access Co-ordinator to issue ‘class exemptions’ to specify changes that will not be subject to the notification requirements in section 314A of the Bill. |
5 |
The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to outline the application process for exemptions from notification requirements. The Bill should clarify that: § carriers and nominated carriage service providers may request the Communications Access Co-ordinator (CAC) to provide either a partial or complete exemption from the notification requirement in relation to certain types of changes, and § the CAC may vary or revoke exemptions. |
Accepted The Government will amend the Telecommunications and Other Legislation Amendment Bill 2016 to outline the application process for exemptions from notification requirements.
|
6 |
The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to make clear that the Bill does not affect the operation of existing legislated privacy obligations. |
Accepted The Government will amend the Telecommunications and Other Legislation Amendment Bill 2016 to clarify that its provisions do not affect the operation of the Privacy Act 1988. |
7 |
The Committee recommends that section 315J of the Telecommunications and Other Legislation Amendment Bill 2016 be amended to specify that the annual report presented to Parliament must include: § the number of occasions the information-gathering powers have been exercised, § the number of notifications and security capability plans received, § regulatory performance measures, including the average response timeframes of the Communications Access Co-ordinator to notifications and the proportion of responses made within the statutory timeframes, § details of the Government’s information-sharing arrangements with industry, § a summary of any feedback or complaints received from stakeholders, and § the number of occasions the directions-powers have been exercised. The annual report should indicate if trends or issues have emerged in relation to any of the above. |
Accepted The Government will amend proposed section 315J of the Telecommunications and Other Legislation Amendment Bill 2016 to specify the recommended annual reporting requirements.
|
8 |
The Committee recommends the Explanatory Memorandum for the Telecommunications and Other Legislation Amendment Bill 2016 be amended to clarify that negotiating in ‘good faith’, as set out in proposed subsection 315B(5), includes whether the Communications Access Co‑ordinator has complied with the applicable statutory timeframes. This would make it clear that the Attorney-General will take into account whether the Communications Access Co-ordinator responded to any relevant notifications or security capability plans received from industry within the applicable statutory timeframe, prior to issuing a direction. |
Accepted The Government will amend the Explanatory Memorandum to clarify that negotiating in ‘good faith’ includes consideration of whether the Communications Access Co-ordinator has complied with the applicable statutory timeframes.
|
9 |
The Committee recommends that the Explanatory Memorandum to the Telecommunications and Other Legislation Amendment Bill 2016 be amended to outline the avenues available for industry to recover reasonable costs in circumstances where: § the Communications Access Co-ordinator has not responded within the statutory timeframe to the carrier or nominated carriage service provider (C/NCSP)’s notification of a proposed change, and § the C/NCSP has proceeded with the proposed change on the basis of no response having been received, and the Attorney-General has subsequently issued a direction relating to the change. |
Accepted The Government will clarify in the Explanatory Memorandum that the Scheme for Compensation for Detriment caused by Defective Administration (the CDDA Scheme) will apply where actions, or inactions, amount to defective administration. |
10 |
The Committee recommends that, at the time of the review required to be undertaken by the Parliamentary Joint Committee on Intelligence and Security under section 187N of the Telecommunications (Interception and Access) Act 1979, the scope of the review be expanded to include consideration of the security of off-shored telecommunications data that is retained by a service provider for the purpose of the data retention regime.
|
Accepted
|
11 |
The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to include, in relation to data retained under Part 5-1A of the Telecommunications (Interception and Access) Act 1979, a specific obligation within the notification requirement in proposed section 314A to require C/NCSPs to notify the CAC of any new or amended offshoring arrangements. |
Accepted The Government agrees to amend the Bill to include a specific obligation within the notification requirement in proposed section 314A to require C/NCSPs to notify the Communications Access Coordinator if they enter into any arrangements to have information or documents to which subsection 187A(1) of the Telecommunications (Interception and Access) Act 1979 applies kept outside Australia. |
12 |
The Committee recommends that the Telecommunications and Other Legislation Amendment Bill 2016 be amended to require the Parliamentary Joint Committee on Intelligence and Security to review the operation, effectiveness and implications of the reforms, commencing within three years of the Bill receiving Royal Assent. The scope of the review should include: § the security of critical and sensitive data, § the adequacy of information-sharing arrangements between government and industry, and § the adequacy and effectiveness of the administrative guidelines in providing clarity to industry on how it can demonstrate compliance with the requirements set out in the Bill. |
Accepted The Government agrees to amend the Bill to require the Parliamentary Joint Committee on Intelligence and Security to review the operation, effectiveness and implications of the reforms, commencing within three years of the Bill receiving Royal Assent, as proposed by the Committee. |
13 |
The Committee recommends that, subject to the above recommendations being accepted, the Telecommunications and Other Legislation Amendment Bill 2016 be passed. |
Accepted
|