Global tech giants have stepped up their opposition to the Australian government’s proposed overhaul of cyber security laws, warning the bill will allow authorities to forcibly access their networks without due process.
The industry bodies representing some of the world’s biggest technology companies, including Google, Microsoft, Intel, Twitter, eBay, Amazon and Adobe, said the new laws would create an “unworkable set of obligations and set a troubling global precedent”.
The laws would give Australian authorities access to the networks of companies that operate critical infrastructure. Credit:Bloomberg
Prime Minister Scott Morrison last year revealed a wave of sophisticated cyber attacks on all levels of government, industry and critical infrastructure including hospitals, local councils and state-owned utilities.
The bill would allow the government to declare an emergency to give agencies such as the Australian Signals Directorate the power to plug into the networks of companies operating critical infrastructure to fend off major cyber attacks. It would also set a range of reporting obligations on those operators once they were hacked.
Federal Parliament’s security and intelligence committee last month recommended the government split the bill in half to allow urgent measures to pass while giving more time for the government and industry to consult on the other issues.
But in a letter to Home Affairs Minister Karen Andrews on Thursday, the Information Technology Industry Council, Australian Information Industry Association and the Cybersecurity Coalition said the elements of the bill that caused the most concern were the ones that would be fast-tracked.
The three industry bodies said the bill remained “highly problematic and largely unchanged despite extensive feedback from our organisations”.
While the government asserts that the power to forcibly enter networks would be used only as a last resort, the tech groups said the bill gave authorities “unprecedented and far-reaching powers, which can impact the networks, systems and customers of domestic and international entities, and should be subject to a statutorily prescribed mechanism for judicial review and oversight”.
“We are also concerned by the global impact that such a bill will have and how it undermines the values that Australia promotes internationally,” they said.
“This undermines the government’s good work internationally on these issues and sets a disturbing precedent for other governments facing similar national security challenges.”
The industry bodies also said the reporting deadline to report a cyber attack should be extended from “within 12 hours” to “at least 72 hours” or “without undue delay”.
Ms Andrews said the government was committed to “benefiting, not burdening Australian businesses” and she would always listen to industry and give their recommendations “due weight”.
“At the same time, we’re facing a clear threat, and we need to be resolute in tackling it. Cybercrime, ransomware and attacks on critical infrastructure are already occurring – both in Australia and overseas,” she said. “If we don’t act now, we risk our cyber security falling further behind.”
Business groups and unions were scathing of the government’s consultation with industry and stakeholders during the parliamentary inquiry into the bill.
But the inquiry also heard a major Australian company that had been the subject of a cyber attack refused to comply with the ASD for weeks. Transport and logistics giant Toll Group later conceded it might have been the company that failed to adequately engage with the ASD.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.
Most Viewed in Politics
From our partners
Source: Read Full Article