Cisco raises "grave concerns" over Assistance and Access Bill

Cisco has raised "grave concerns" over the Assistance and Access Bill stating it is essential to "avoid the false dilemma of trade-offs" between privacy and security.

The Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 (the Bill) which is now under parliamentary review, proposes access to encrypted communications, designed to allow law enforcement agencies to access data necessary to conduct investigations and gather evidence.

In a submission to parliament, the networking giant expressed "serious reservations" regarding provisions within the Bill that "threaten to undercut sustained efforts by Cisco and others to develop, deploy and maintain technologies that are secure, trustworthy, transparent and accountable".

Described as "more disconcerting" is the notion that a communications provider will be prevented under the Bill from publicly reporting the development of a new surveillance capability.

According to Cisco, Section 317E of the Bill notes that it cannot be used to force a provider to make misleading statements or to engage in dishonest behaviour, these could easily be the result of forcing the unauthorised creation of surveillance capabilities.

Cisco argued that by requiring the creation of a capability - while preventing a provider to document its existence - would result in the creation of backdoors.

"Cisco has clearly declared to the public that we do not have backdoors in our technologies," Cisco stated in the submission.

The vendor also said that while the minister for Home Affairs Peter Dutton had stated the goal is to promote international cooperation, the Bill as it stands now would have the opposite effect.

"The language of the Bill is so broad that it could have the impact of fueling cross-border application of statuses in ways to create untenable conflicts of laws for multinational companies," it said.

The parliament should pursue, in Cisco's views, avenues that limit the application of Australia's laws to technologies in a manner that avoids adversely impacting their design, development and use globally.

Furthermore, Cisco states that by adopting country-specific mandates, Australia undermines access to strong encryption and could lead to harming the global competitiveness of Australian enterprises and slow their access to innovations in technology.

In its long list of recommendations, Cisco suggested the Australian Government clearly articulate that, as a matter of policy, the Government will not meet requests that it knows will violate restrictions on surveillance in the requesting country and that Australian Authorities will not request assistance from other national governments that would violate laws restricting surveillance authorities in Australia.

Among the changes recommended by Cisco it recommends checks and balances for the two proposed authorities as neither involves a court in the decision make process. 

The vendor also proposes transparency around the use of TAN and TCN, especially regarding the reporting of the nature, number and scope of TAN requests by the designated communications provider

The Bill proposed the creation of two new: Technical Assistance Notices (TAN), the mechanism through which government can request assistance and Technical Capability Notices (TCN), a pathway for the government to demand the development of new surveillance capabilities.

"While strong encryption poses new challenges to those who bear the task of protecting Australia, its people, and institutions against crime and terror, we must not lose sight of the fact that secure communications are vital to both economic competitiveness as well as to defending against threats of cyber attack," stated the submission.

"Cisco fully supports developing a better understanding about the nature of the challenges about which the government is concerned.

"However, in the course of pursuing new creative solutions, we must avoid the trap of assuming that privacy versus security is a zero-sum game."