Australian Senate votes to replace systemic weakness and vulnerability definitions in encryption laws


The first of Labor’s dumped amendments when it waved through Australia’s encryption laws in December has succeeded, and will see the contentious definitions of systemic weaknesses and systemic vulnerability replaced.

As the current one stands, the definition for systemic vulnerability is read as:

systemic vulnerability means a vulnerability that affects a whole class of technology, but does not include a vulnerability that is selectively introduced to one or more target technologies that are connected with a particular person. For this purpose, it is immaterial whether the person can be identified.

The definition for systemic weakness is identical, except the word vulnerability is substituted by weakness.

According to Labor’s amendment agreed to by the Senate on Thursday morning, the pair of systemic terms are used in a new Section 317ZG that will prohibit:

  • The implementation or creation of decryption capabilities;
  • An action that would render authentication or encryption less effective; and
  • An act or thing that could create a material risk to otherwise secure information or could be accessed, used, or compromised by a third party

Other clauses in the amendment clarify that technical assistance requests, technical assistance notices, and technical capability notices cannot be used to access the information of people who are not the subject of, or communicating directly with those who are the subject of, an investigation to which the request or notice applies.

The amendment was passed 37-28, with government Senators having voted against the amendments.

Must read: Australia’s encryption laws will fall foul of differing definitions 

Senator Jordan Steele-John said the Australian Greens would back the Labor amendments because they made a bad Bill “slightly better”.

The committee process was suspended at 11:45am AEDT, with three more Labor amendments set to be voted upon.

Any amendments made by the Senate will need to get back to the lower house to become law.

On Tuesday night in the House of Representatives, Labor Shadow Attorney-General Mark Dreyfus said the government’s amendments that were agreed to and passed by Labor last year were inadequate.

“It is not tenable to argue, as the government continues to argue, that its amendments largely implemented the committee’s 17 recommendations. No reasonable person accepts that,” Dreyfus said.

“The Inspector-General of Intelligence and Security, who has made a public submission to the committee, doesn’t accept it. Industry doesn’t accept it. Lawyers and other civil society groups don’t accept it. The Commonwealth Ombudsman has even told the committee that the government’s amendments are inconsistent with the Ombudsman’s role as an independent and impartial office.

“This fiasco of lawmaking is what a job well done looks like to this chaotic government.”

The government Bill before the Senate allowed Australia’s anti-corruption agencies to use the encryption laws.

Related Coverage

Australian anti-corruption bodies should get encryption-busting powers: PJCIS

Exclusion of anti-corruption agencies was an interim measure, Andrew Hastie has said.

Canberra ignoring ‘overwhelming empirical evidence’ on encryption busting

Associate professor Vanessa Teague believes Canberra is ignoring efforts from experts to explain why the encryption-busting laws are the wrong approach.

NSW police corruption body wants access to encrypted communications

Excluding the Law Enforcement Conduct Commission from accessing encrypted communications may encourage police corruption more broadly, it has argued.

Home Affairs reveals Australian authorities already using new encryption powers

The Department of Home Affairs has been told law enforcement and national security agencies are already using the Act as the department continues to ‘support’ its implementation.

AFP concerned about approving state police usage of Australia’s encryption laws

Concerns over a federal body overseeing the operations of state and territory authorities.

Australian industry groups issue wish list of encryption law changes

Some old, some new, some borrowed from the Labor party.