Context of the review
1.1
Section 315K of the Telecommunications Act 1997 requires the Parliamentary Joint Committee on Intelligence and Security (the PJCIS) to commence a statutory review of the operation of Part 14 of that Act, to the extent that the Part was amended by the Telecommunications and Other Legislation Amendment Act 2017.
1.2
The review must be commenced on or before the second anniversary (18 September 2020) of the commencement of those reforms, known as the telecommunications sector security reforms (TSSR).
1.3
The review is required to be completed within a year, with the Committee to then report to the Parliament and the Minister for Home Affairs once the Committee’s consideration of the evidence gathered as part of the review is completed.
1.4
The review provisions are as a result of recommendation 12 of the PJCIS Advisory report on the Telecommunications and Other Legislation Amendment Bill 2016.
1.5
A further explanation of the genesis of the TSSR is outlined in Chapter 2 of this report.
Conduct of the review
1.6
The Committee commenced the review on 7 September 2020 and announced the review by media release on the same day. The Committee invited submissions from interested members of the public, government and interested stakeholders by 27 November 2020.
1.7
The Committee received eleven submissions, one attachment, one confidential attachment to a submission, and three supplementary submissions from industry, government and other stakeholders. A list of submissions received by the Committee is at Appendix A.
1.8
The Committee held one public hearing on 20 May 2021. The Committee also received one private briefing from relevant agencies. Details of the hearing and witnesses who appeared before the Committee in a public capacity is included at Appendix B.
1.9
Copies of submissions received and the transcript of the public hearing can be accessed on the Committee’s website.
1.10
The conduct of the review, its content and timing were affected by the concurrent conduct of the Committee’s Review of the Security Legislation Amendment (Critical Infrastructure) Bill 2020 and Statutory Review of the Security of Critical Infrastructure Act 2018. More commentary on this is included below and will be made at the relevant sections of this report.
Summary of the reforms under review
1.11
The TSSR changes under review can be summarised in four main elements:
1
Obligations to secure and protect telecommunications networks and facilities from unauthorised access and interference.
2
Obligations to notify relevant government agencies of intended changes to systems and/or services that could compromise their obligations under the first security requirement.
3
Powers granted to the relevant Secretary (Home Affairs) to compel telecommunications carriers, service providers and service intermediaries to provide information and documents to enable the assessing of monitoring and investigation of those entities with their security obligations.
4
Powers granted to the relevant Minister (Home Affairs) to direct the same entities to do, or not do, a specified thing that is assessed as reasonably necessary to protect telecommunication networks and facilities for national security risks or other activities assessed as prejudicial to security.
Report structure
1.12
This report consists of three chapters:
This chapter outlines the context of the review and its conduct;
Chapter 2 provides background to the history of TSSR and the inquiries and reviews already undertaken, as well as a brief summary of the operation of the TSSR to date.
Chapter 3 briefly outlines the evidence received for the review, the impact of the Security Legislation Amendment (Critical Infrastructure) Bill 2020, and the Committee’s observations and recommendations.
Crossover with Security of Critical Infrastructure Bill and statutory reviews
1.13
As submissions were received for this review, the Committee noted that a number of submitters identified that they had been involved in a consultation process for an exposure draft of the Security Legislation Amendment (Critical Infrastructure) Bill 2020. That Bill was introduced into the House of Representatives by the then Minister for Home Affairs, the Hon Peter Dutton MP, on 10 December 2020, and referred to the Committee for review by the then Attorney-General, the Hon Christian Porter MP, on 11 December 2020.
1.14
Additionally, the Committee was required by section 60A of the Security of Critical Infrastructure Act 2018 (SOCI Act) to review the operation, effectiveness and implications of the regime established under that Act. As the Bill mentioned above amended that Act, the Committee chose to agree with a suggestion from the then Attorney-General that the review be established early to coincide with the Bill analysis.
1.15
As the statutory review for the TSSR regime progressed, it became evident that it had significant crossovers with the SOCI Bill review, many of which affected the evidence base available for this review. This report may reference the evidence received for those inquiries, however this will be kept to a minimum where possible. As mentioned, the final format of this report has been affected by the subject of that Bill and its effect on the Committee’s ability to conduct an isolated statutory review of the TSSR regime.
1.16
The Committee presented its advisory report on the SOCI Bill, and the related statutory review, on 29 September 2021. Relevant commentary regarding this review can be found in that report.