Andrew Wilkie (Denison, Independent) Share this | Hansard source

It goes without saying that everyone in this House is focused on national security and everyone in this House is doing everything they humanly can to enhance our national security. Yes, we all approach it from different places and look at it through different coloured glasses. But I would just like to say, quite clearly, that the member for Eden-Monaro's comments were justified. The member for Hume's comment was a deeply offensive comment. There have been other deeply offensive comments made over time, when it comes to some people criticising other people in this place when it comes to national security. In fact, although I haven't done the numbers exactly, I think there would be as many, or more, former members of the military and the intelligence and security services serving in the current opposition and on the crossbench than there are in the government. That's not a criticism of the government. It's just to give a sense of balance. We all have our heart in it, and we should keep the discussion about policy issues respectful. Some people see me as a bit of a dud, but I did more than 20 years in the military and intelligence services as well. Even though I am not supportive of the Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018, let's all just respect each other's position and where we're coming from, please.

I share the concern of many people—not so much in this place, but many people in the community—and agree that it is a bad idea to be building a known vulnerability into encryption software. That is not necessarily because we have concerns about that access into encrypted communications for government—although there are legitimate concerns about that to be had. But there is the broader concern that to design a weakness, a vulnerability, a back door—some way to access encrypted communications in all communications—is such an invitation to wrongdoers to find the key to that door and to eavesdrop, effectively, or to see in plain text what people thought was a secure communication.

So I think that's the first point to make: that it's a bad idea to, by law, require all the encrypted communications in this country to have a vulnerability by design that can be exploited by wrongdoers. Of course, having that within our own country might be something we accept. Clearly the government and the opposition accept it, and I suspect they're going to vote together on this bill shortly. But it does raise a question: what will our security partners and our business partners think of that? I think it is a reasonable conclusion to draw that there will be concern in other countries and in multinational businesses that have operations in Australia that they will then be partners with a country that has this vulnerability within our ICT. That's another thing that needs to be considered. So I think this bill is ill considered, and I'll be one of I suspect a small number of people who will oppose it.

There is a broader issue, and that is about the power of the state. I've spoken about this on many occasions, and I have expressed the concern of a great many Australians that the power of the state has now grown and been extended so far in this country that it is unacceptable. In fact, since the 9/11 terrorist attacks in 2001, well over 60 security reforms have gone through this place. I understand that when security reforms at the state level are included there have been literally hundreds, many hundreds, of changes to our security legislation—principally, it is said, to deal with the threat of terrorism. I acknowledge that some of those reforms have been sensible, and we should be always reviewing our security arrangements and always looking to improve them where they need to be improved. But there is a widespread concern in the community that some or many of those reforms have not been well considered and have not been justified. In fact, you could even go back to the very start of those shocking events in 2001, the terrorist attacks in the US. I think the whole response was wrong. At the end of the day, that was a shocking criminal act of mass murder, and really that should have been our response way back then. We shouldn't have been racing around the world invading countries; we should have been treating it as a terrible criminal matter. If we need to enhance our legislation to help the crime busters, then let's do that, but let's not overextend; let's not unnecessarily extend the power of the state.

I'm pleased that some people have reminded us of the issue of mandatory metadata retention. I'll take this opportunity to make the point again: that was a bad idea. That is bad policy—the fact that every piece of metadata collected by an Australian telco must be kept for two years and can be accessed without merit. There's no comfort in that. I personally would probably have had a different response to mandatory metadata retention if I had known at least that it could be accessed only with a warrant—and no, it's not. So, there is that issue that the power of the state has already been extended greatly. In the minds of many people it has been extended way beyond what has been necessary. When I wrap that context around what's going on here today, I think this is another case of an excessive extension of the power of the state, and it's another case of the government and the alternative government being in lock step.

I think one of the characteristics of a healthy democracy is that we have a strong, ethical, confident government and that we have a tough opposition that holds the government to account. It doesn't oppose for opposition's sake, which has been the case far too often in this country in recent years, but holds the government to account when it needs to be held to account. And when it comes to issues of national security—and the response to irregular immigration, I would add—far too often, in fact almost always, whoever's in opposition, whether it be the coalition or the Labor Party, will just say, 'Yes, where's the blank cheque? We'll sign it for you.' Far too often, it's out of a fear of being wedged.

I do wonder, in fact, about bringing the encryption bill on at this point in time, after 18 months of it wallowing around the parliament in the lead-up to a federal election. I do wonder: why the haste? To what degree is bringing it on right now a political move? Was it done in the hope of wedging the Labor Party? Well, you know what? I wish the Labor Party had been wedged on it, because they shouldn't be supporting it. I think the Labor Party are letting down many of their supporters by getting behind this bill.

I'd also make the observation that, yes, when you're in government, you do need to be responsive to the needs of the security services. You should ask them: 'What tools, how much money, what resources and what legislative freedom to manoeuvre do you need? What do you need to do your job?' That's good. We asked them and we listened to them. But we should never just say yes to every request, because it's in the nature of the security services to ask for every possible tool they can get their hands on, to the point where they would have way more than is in the public interest if you gave them everything they wanted. So sometimes, in this place, we've got to be prepared to say no.

If the security services were able to access any and all encrypted communications, I agree that that would help the security services. But at what point do you rein them in and say: 'You're asking for too much. You are asking us to extend the power of the state beyond what is reasonable'? If you were to give the security services everything they want, they'd probably have rockets and missiles and be able to do who knows what. You've got to rein them in. That's our job. Our job is just as much to be a check on the power of our security services as it is to give them the tools they need. And I do worry that, in this country nowadays, governments, supported by oppositions, are too quick to give the security services everything they want.

It's telling that several years ago now I gave a speech in here lamenting that Australia had entered a stage of being almost in a prepolice state, with excessive powers of the state and excessive legislation that had gone too far. For example, mandatory metadata can be accessed without a warrant. I was genuinely alarmed a little bit earlier in this debate to hear that councils—local government—in Australia are now accessing, or at least seeking to access, that metadata. What we were promised, only several years ago now, was that it would be used only to go after terrorists and that the list of agencies that would be allowed to use that information would be very small. In fact, the list of organisations was being reduced in size, because I remember that at the time, years ago, before it was mandatory, we were wondering, 'Why does the RSPCA have access to metadata?' We were having, I think, a healthy debate about who should access this sort of stuff and we were absolutely promised that it would only be used to go after terrorists. Then, after a while, the debate morphed into: 'Oh, yes, but also paedophiles and other things.'

The problem with these sorts of reforms is incrementalism. Things are rolled out with lots of promises and grand speeches, but over time the security services want just a bit more, other agencies want just a bit more and ministers give out a bit more, and you end up in a bad place. I do worry about this access to encrypted material. I think the government's saying it's only to assist in the fight against terrorism and the most serious of crimes, like child exploitation, paedophilia and so on. And, yes, they are heinous crimes. But next year it will also be for this and that, and the year after it will be for that and that and that. And before we know it, family law lawyers will be wanting access to information, whether it be metadata or access to what we thought were secure communications between two parties. Then local governments will be wanting access to it and all these other agencies will be wanting access to it. People in civil law courts will be wanting access to it. The idea of a slippery slope isn't just a cliche; it is real.

As the Attorney-General is leaving I will say through you, Deputy Speaker, to him, and I have said it before and I will say it again, that I think the Attorney-General is a decent man and he is not prone to acting recklessly—except in the problem case of Witness K and Bernard Collaery, and I still don't know why we are going after those two. But what happens when in a future government we have a really nasty piece of work or a real fool in a position like that? We need laws to be really tight to protect us from people in the future. Laws should never be rolled out on the assumption that they will never be misused. Any opportunity to misuse, any hole in it, should be closed before we bring it into law.

Why the rush? These ideas have been, as I said earlier, washing around parliament for about 18 months, and all of a sudden we have to get it through the parliament today. We have to have it in place before Christmas. Why the rush? If nothing else, why can't we just delay this, look at it further, consult more broadly and put in place more safeguards? That would keep some members of the community happy.

I come back to my original concern and that is that it's just fundamentally a bad idea to build a back door into encrypted systems, because it is an inherent vulnerability and, mark my words, people will search for that back door. And some very clever people will find it and they will access it. Then once they've found the key they will sell it to someone else. It will become a very valuable commodity. Before we know it, what is being said for the wrongdoers—perhaps the criminals and perhaps the terrorists—will be no secret and it will be used against us. It will make us less safe. It will be because of a government—this government, this opposition—seeking to extend the power of the state just that bit further, and, frankly, to take us that bit closer to a police state, because in so many ways we have already reached a prepolice state—too many laws, too much power for the state and too much power for the security services. I will be opposing this bill today. Thank you.

See this speech in context